Cisco WAP581 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. Wap581
  6. Administration manual

Cisco WAP581 Administration Manual

Wireless-ac/n dual radio access point with 2.5gbe lan
Hide thumbs Also See for WAP581:
Table of Contents

Advertisement

Quick Links

Download this manual
Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE
LAN Administration Guide
First Published: 2016-11-23
Last Modified: 2019-07-09
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco WAP581

Summary of Contents for Cisco WAP581

  • Page 1 Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide First Published: 2016-11-23 Last Modified: 2019-07-09 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com...
  • Page 3 The Java logo is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. or other countries. © 2019 Cisco Systems, Inc. All rights reserved.

  • Page 5: Table Of Contents

    TFTP Upgrade Reboot Schedule Reboot Configuration Management Backup Configuration Files Download Configuration Files Copying Configuration Files Clearing Configuration Files C H A P T E R 3 System Configuration Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 6 Management System Settings Connect Session Settings/HTTP/HTTPS Service SSL Certificate File Status SNMP / SNMPv2c Settings SNMPv3 Views SNMPv3 Groups SNMPv3 Users SNMPv3 Targets Plug and Play (PnP) Security Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 7 Configuring WDS Bridge WPA/PSK on WDS Links WorkGroup Bridge C H A P T E R 6 Fast Roaming Fast Roaming Configuring Fast Roaming Configuring Remote Key Holder List Profiles Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 8 QoS Association Guest Access Guest Access Instance Table Guest Group Table Guest User Account Web Portal Customization C H A P T E R 9 Cisco Umbrella Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide viii...
  • Page 9 DeAuthentication Message Reason Codes Deauthentication Message Reason Codes Deauthentication Reason Code Table A P P E N D I X B Where to Go from Here Where to Go from Here Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 10 Contents Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 11: Getting Started

    The IP address can also be specified as the subnet IP address so that all subnet addresses, are added to the local intranet zone. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 12: Using The Access Point Setup Wizard

    2. Locate the IP address of the WAP device. 1. The WAP device can be accessed and managed by using the Cisco FindIT Network Discovery Utility. This utility enables you to automatically discover all supported Cisco devices in the same local network segment as your computer.
  • Page 13 Time, on page Step 11 Click Next. The Configure Device - Set Password window appears. Step 12 Enter a New Password and enter it again in the Confirm Password field. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 14: Using The Access Point Setup Wizard With Mobile

    Access Point Setup Wizard with mobile style appears. This helps you perform the initial configurations. To configure the Access Point using the wizard, complete the following steps: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 15 Point with this SSID and the pre-shared key, cisco123. Launch a browser and enter an arbitrary IP address or a domain name. A web page with login fields is displayed. Enter the default user name and password: cisco. Click Log In. The Access Point Setup Wizard is displayed.

  • Page 16: Changing Password

    • Remote IP Address — The IP address of a remote host using this service. All indicates that the service is available to all remote hosts that access the system. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 17: System Status

    Ethernet (PoE) which includes two power supply modes of 802.3.af and 802.3at from a Power Sourcing Equipment (PSE). When power source is insufficient (802.3af), the WAP device retains the following configuration information. • The Radio1(5GHZ) is disabled. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 18: Quick Start Configuration

    View System Log, on page 27 Traffic Statistics Traffic Statistics, on page 108 For additional information on the device, you can access the product support page or the Cisco Support Community by: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 19: Window Navigation

    The following table describes the commonly used buttons that appear on various pages in the system: Button Description Name Adds a new entry to a table or database. Cancel Cancels a change made to the page. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 20 Edits an existing entry. Refresh Refreshes the current page with the latest data. Apply Applies/Saves the settings or configuration. Update Updates the new information to the startup configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 21: Administration

    Select Administration > Firmware. The product ID (PID VID), active and inactive firmware version are displayed. Step 2 Click Swap Images. A dialog box appears confirming the firmware image switch and subsequent reboot. Step 3 Click Yes to proceed. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 22: Http/Https Upgrade

    Step 4 To verify that the firmware upgrade completed successfully, log into the configuration utility, open the Upgrade Firmware page, and view the active firmware version. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 23: Reboot

    Startup Configuration. The Mirror Configuration is preserved across factory resets, so it can be used to recover a system configuration after a factory reset by copying the Mirror Configuration to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 24: Backup Configuration Files

    For a TFTP backup, enter the Configuration Filename with an.xml extension. Also include the path where the file is to be stored on the server and then enter the TFTP Server IPv4 Address. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 25: Copying Configuration Files

    To delete the Startup Configuration or Backup Configuration file: Step 1 Select Administration > Configuration Management> Clear. Step 2 Select Startup Configuration or Backup Configuration. Step 3 Click Clear Files. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 26 Administration Clearing Configuration Files Step 4 Click Yes. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 27: Lan

    • Static IP—Manually configure the IPv4 address. The IPv4 address should be in a form similar to xxx.xxx.xxx.xxx (192.168.1.100). • Static IP Address, Subnet Mask, and Default Gateway—Enter the static IP address, subnet mask and default gateway. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 28: Dhcp Auto Configuration Settings

    DHCP Server for DHCP requests. Note Configuration upload operation by User/Cisco overrides the Auto Configuration so that the chosen configuration file is given preference. In any other cases of rebooting the AP such as firmware upgrade or reboot operations, existing Auto Configuration settings will be effective.

  • Page 29: Ipv6 Configuration

    • Default IPv6 Gateway —The statically configured default IPv6 gateway. • IPv6 Domain Name Servers — Select one of the following options: • Dynamic — The DNS servers are recognized dynamically through the DHCPv6. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 30: Port Settings

    This is the default mode. Note WAP581 supports static LAG and does not support the LACP. Ensure that the LAG works with WAP581 device. This helps the user to switch the LAG from the default mode to the others. The Port Settings Table includes the following status and configurations for an Interface (LAN): •...

  • Page 31: Spanning Tree Protocol

    Spanning Tree Protocol In the Spanning Tree Protocol mode, the Enable checkbox is checked by default to enable the STP mode on the Cisco WAP device. When enabled, STP helps prevent switching loops. STP is recommended if you configure the WDS links.

  • Page 32: Lldp

    The system administrator can view the Bonjour enabled WAP’s using the latest Internet Explorer plug-in (Cisco FindIT tool). All WAP devices present in a cluster, are shown under the cluster name after the Bonjour discovery process. The administrator should ensure that the name of the cluster is unique within a network.

  • Page 33: Time

    The current system time appears at the top of the page, along with the System Clock Source option. Automatically Acquiring the Time Settings through NTP To automatically acquire the time settings from a NTP server, follow these steps: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 34: Manually Configuring The Time Settings

    • Ends — Select the week, day, month, and time when daylight savings time ends. • Daylight Saving Offset — Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 35: Notification

    Only enable persistent logging to debug a problem. Make sure that you disable persistent logging after you finish debugging the problem. Configuring the Persistent Log Step 1 Select Notification > Log Settings. Step 2 Configure these parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 36: Remote Log Server Table

    Using the default port is recommended. If you reconfigure the log port, make sure that the port number that you assign to syslog is available for use. Step 3 Click Apply. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 37: View System Log

    Select Notification > Email Alert. Step 2 In the Email Alert area, configure the following parameters: • Administrative Mode — Check Enable to enable the email alert feature. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 38: Email Alert Examples

    • Email Subject — Enter the text to appear in the email subject line. This can be up to a 255-character alphanumeric string. Step 5 Click Apply. Email Alert Examples The following example shows how to fill in the Mail Server Configuration parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 39: User Accounts

    Step 1 Select System Configuration > User Accounts. The User Account Table shows the currently configured users. The user cisco is preconfigured in the system and has Read/Write privileges. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 40: Changing A User Password

    Step 1 Select System Configuration > User Accounts. The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. The password for the user cisco can be changed. Step 2 Select the user to configure and click Edit.

  • Page 41: System Settings

    • HTTP Service — Enable or disable access through HTTP. By default, HTTP access is disabled. If you disable it, any current connections using that protocol are disconnected. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 42: Ssl Certificate File Status

    In the Transfer SSL Certificate from (Device to PC) area, select HTTP/HTTPS or TFTP as the download option and click Transfer. • If you select HTTP/HTTPS, confirm the download and then browse to the location to save the file on your network. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 43: Snmp / Snmpv2C Settings

    • User Defined — The set of user defined SNMP requests that are permitted. • NMS IPv4 Address/Name — Enter the IPv4 IP address, DNS host name, or subnet of the network management system (NMS). Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 44: Snmpv3 Views

    This section summarizes the critical guidelines for the SNMPv3 view configuration. Please read all the notes before proceeding. Note A MIB view called all is created by default in the system. This view contains all management objects supported by the system. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 45: Snmpv3 Groups

    • RW — A read/write group using authentication and data encryption. Users in this group use the MD5 key or password for authentication and a DES key or AES128 for encryption. The SHA, DES and AES128 Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 46: Snmpv3 Users

    To delete a group, check the group in the list and click Delete. To edit a group, check the group in the list and click Edit. SNMPv3 Users Use the SNMP Users table to define users, associate a security level to each user, and configure the security keys per user. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 47: Snmpv3 Targets

    Informs are sent, not traps. For SNMP versions 1 and 2, the traps are sent. Each target is defined with a target IP address, UDP port, and SNMPv3 user name. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 48: Plug And Play (Pnp)

    Edit. Plug and Play (PnP) Cisco Open Plug-n-Play (PnP) agent is a software application running on a Cisco SMB device. When a device is powered on, the Open Plug-n-Play agent discovery process, which is embedded in the device, attempts to discover the address of the Open Plug-n-Play server which helps automate the process of deploying and provisioning new devices into the network.

  • Page 49: Security

    1 to 64 standard alphanumeric and special characters. The key is case sensitive and must match the key configured on the RADIUS server. The text that you enter appears as asterisks. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 50: 802.1X Supplicant

    If you selected TFTP, enter the Filename and the TFTP Server IPv4 Address. d) Click Upload. A confirmation window appears, followed by a progress bar to indicate the status of the upload. Step 5 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 51: Rogue Ap Detection

    • SSID — The Service Set Identifier (SSID) for the WAP device. • Privacy — Indicates whether there is any security on the rogue device. The options are: • Off — Security mode is off (no security). Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 52: Saving The Trusted Ap List

    The list contains the MAC addresses of all APs that have been added to the Trusted AP List. By default, the filename is Rogue1.cfg. You can use a text editor or web browser to open the file and view its contents. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 53: Importing A Trusted Ap List

    • Maximum Password Length — The maximum password character length is a range from 64 to 127. The default is 64. • Minimum Password Length — The minimum password character length is a range from 0 to 32. The default is 8. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 54: Configure Wap-Psk Complexity

    • Minimum WPA-PSK Length — Enter a key length value. The minimum key length in number of characters is from 8 to 16. The default is 8. Step 4 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 55: Wireless

    • 802.11a — 802.11a clients can connect to the WAP device. • 802.11a/n/ac — 802.11a clients, 802.11n, and 802.11ac clients operating in the 5-GHz frequency can connect to the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 56 For radios in the 5 GHz band, when DFS support is on and the regulatory domain requires radar detection on the channel, the Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) features of 802.11h are activated. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 57 WAP device awaiting pickup. The DTIM period indicates how often the clients served by this WAP device should check for buffered data awaiting pickup. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 58 • Fixed Multicast Rate — The transmission rate in Mbps for broadcast and multicast packets. This setting can be useful in an environment where the wireless multicast video streaming occurs, provided the wireless clients are capable of handling the configured rate. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 59 • On — The WAP device handles TSPEC requests according to the TSPEC settings that you configure on the Radio page. • Off — The WAP device ignores TSPEC requests from client stations. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 60: Networks

    Each VAP is identified by a user-configured Service Set Identifier (SSID). Multiple VAPs cannot have the same SSID name. SSID broadcasts can be enabled or disabled independently on each VAP. SSID broadcast is enabled by default. SSID Naming Conventions Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 61: Configuring Vaps

    Each VAP is associated with a VLAN, and is identified by a VLAN ID (VID). A VID can be any value from 1 to 4094, inclusive. The WAP581 device supports 33 active VLANs (32 for WLAN plus one management VLAN).
  • Page 62 • It is configured on a per-VAP basis and needs to be enabled on both the radios. • It is not encouraged on the VAPs with time-sensitive voice or video traffic. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 63: Configuring Security Settings

    • WPA-TKIP — This network has client stations that only support the original WPA and TKIP security protocol. Note that selecting the WPA-TKIP only is not allowed as per the latest Wi-Fi Alliance requirements. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 64 The WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes CCMP (AES), and TKIP encryption. The Enterprise mode requires the use of a RADIUS server to authenticate the users. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 65 Check this option to use the global RADIUS server settings, or uncheck this option to use a separate RADIUS server for the VAP and enter the RADIUS server IP address and key in the appropriate fields. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 66: Client Filter

    MAC addresses on the list, or to deny access only to addresses on the list. Up to 512 Client addresses can be added to the filter list. To configure the Client filter follow these steps: Step 1 Select Wireless > Client Filter. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 67: Configuring Mac Authentication On The Radius Server

    The WAP device supports up to 16 profiles. Only valid rules are added to the profile. Up to 16 rules are grouped together to form a scheduling profile. Periodic time entries belonging to the same profile cannot overlap. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 68: Scheduler Profile Configuration

    • Start Time (24hh:mm)— Set the time when the radio or VAP is enabled. The time is in hh:mm 24-hour format. The range is <00-23>:<00-59>. The default is 00:00. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 69: Qos

    • Data 1 (Video) — High priority queue, with minimum delay. Time-sensitive video data is automatically sent to this queue. • Data 2 (Best Effort) — Medium priority queue, with medium throughput and delay. Most traditional IP data is sent to this queue. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 70 Configure the following additional settings: • No Acknowledgement — Check Enable to specify that the WAP device should not acknowledge frames with QosNoAck as the service class value. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 71 • Unscheduled Automatic Power Save Delivery — Check Enable to enable APSD. The APSD is recommended if VoIP phones access the network through the WAP device. Step 7 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 72 Wireless Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 73: Wireless Bridge

    The wireless clients can still connect to an WAP device that is operating as a repeater. Before you configure WDS on the WAP device, note these guidelines: • All Cisco WAP devices participating in a WDS link must have the following identical settings: • Radio •...

  • Page 74: Configuring Wds Bridge

    You can verify if the bridge link is up by accessing the Monitor > Dashboard > Wireless page. In the Interface Note Status table, the WDS(x) status should state Up. WPA/PSK on WDS Links These additional fields appear when you select WPA/PSK as the encryption type: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 75: Workgroup Bridge

    WAP device. WDS is a better solution and is preferred over the Work Group Bridge solution. Use WDS if you are bridging the Cisco WAP150 and Cisco WAP361 devices. If you are not, then consider the Work Group Bridge. When the Work Group Bridge feature is enabled, the VAP configurations are not applied;...
  • Page 76 • None • None • WPA Personal • WPA Personal • WPA Enterprise Connection Status Indicates whether the WAP is connected to the Not Applicable (N/A) upstream WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 77 Client Filter, on page 56 for instructions on creating the Client filter Note list. Step 5 Click Apply. The associated downstream clients now have connectivity to the upstream network. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 78 Wireless Bridge WorkGroup Bridge Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 79: Fast Roaming

    These steps give a general description of how to configure fast roaming: Step 1 Select Fast Roaming > Roaming Table. Step 2 Click ✚ to add a new row to the roaming table. Step 3 Configure the following parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 80: Configuring Remote Key Holder List Profiles

    AP MAC address to fetch the PMKR1 key. This MAC address must be unique across all the VAPs. • NAS ID — NAS ID configured on the destination FBT enabled VAP. • RRB Key — Key used to encrypt RRM protocol messages. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 81 Click Apply after copying or deleting a profile. Caution Clicking Export for selected profile/s will export only those profiles. Clicking Export with no profiles selected will Export all the profiles. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 82 Fast Roaming Configuring Remote Key Holder List Profiles Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 83: Single Point Setup

    Single Point Setup creates a dynamic, configuration-aware cluster, or group, of WAP devices in the same subnet of a network. A cluster supports a group of up to 16 configured WAP581 devices, but no other non-WAP581 models in the same cluster.

  • Page 84: Single Point Setup Negotiation

    Plan your Single Point Setup cluster. Be sure that two or more WAP devices that you want to cluster are the same model. For example, Cisco WAP581 devices can only cluster with other Cisco WAP581 devices. It is strongly recommended to run the same firmware version on all clustered WAP devices. Firmware can be Note upgraded from the Dominant AP (Cluster Controller).

  • Page 85: Operation Of A Device Dropped From A Single Point Setup

    Email Alert HTTP/HTTPs Service (Except SSL Certificate Radio Settings Including TSPEC Settings (Some Configuration) exceptions) Log Settings Rogue AP Detection Client Filter Scheduler Management Access Control SNMP and SNMPv3 Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 86 Other Configuration Settings and Parameters that are Not Propagated in Single Point Setup Utilization Threshold Port Settings Bonjour VLAN and IPv4 IPv6 Address Bridge IPv6 Tunnel Packet Capture Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 87: Access Points

    IP address and the MAC-address is established in the subnet. The Cluster IP address configuration is shared among all the clustered APs. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 88: Firmware Management

    The filename cannot contain the following items: spaces, <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. 3. Enter the TFTP Server IPv4 Address and click Start-Upgrade. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 89: Channel Management

    For example, if the channel interference must be reduced by 75 percent and the proposed channel assignments will only reduce the interference by 30 percent, then the channels will not be reassigned. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 90: Channel Assignment Table

    The WAP devices that are not locked may be assigned to different channels than what they were previously using, depending on the results of the plan. Refresh the page to see the new channel assignment table. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 91: Access Control

    WAP device inspects the frame and checks the ACL rules against the content of the frame. If any of the rules match the content, a permit or deny action is taken on the frame. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 92: Workflow To Configure Acls

    Because there is an implicit deny all rule at the end of every ACL, traffic that is not explicitly permitted is dropped. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 93 A wild card mask is basically the inverse of a subnet mask. For example, to match the criteria to a single host address, use a wild card mask of 0.0.0.0. To match the criteria to a 24-bit subnet (for example, 192.168.10.0/24), use a wild card mask of 0.0.0.255. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 94: Configure Ipv6 Acls

    To delete or modify a rule, select the rule in the Details Of Rule(s) area and click Delete or Edit. Step 8 Click Apply. Configure IPv6 ACLs To configure an IPv6 ACL: Step 1 Select Access Control > ACL. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 95 • Select From List — Choose the keyword associated with the source port to match: ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these keywords translates into its equivalent port number. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 96 • Select From List — Select a DSCP value from the drop down list. • Custom — Enter a custom DSCP value, from 0 to 63. Step 7 Click OK. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 97: Configure Mac Acls

    • Single Address — Enter the source MAC address to compare against an Ethernet frame. • Address/ Mask — Enter the source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 98: Client Qos

    During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 99: Configuring Ipv4 Traffic Classes

    Next Header field in IPv6 packets. Choose the protocol to match by keyword or enter a protocol ID: • All Traffic — Allows all traffic from any protocol. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 100 • IP ToS Mask — Enter an IP ToS Mask value to identify the bit positions in the IP ToS Bits value that are used for comparison against the IP ToS field in a packet. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 101: Configuring Ipv6 Traffic Classes

    Next Header field in IPv6 packets. Choose the protocol to match by keyword or enter a protocol ID: • All Traffic — Allows all traffic from any protocol. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 102 • IP DSCP Match to Value — Enter a custom DSCP value from 0 to 63 Step 7 Click OK. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 103: Configuring Mac Traffic Classes

    • Custom — Matches the Ethertype in the datagram header with a custom protocol identifier that is specified. The value can be a four-digit hexadecimal number in the range of 0600 to FFFF. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 104: Qos Policy

    • Action — Select from one of the following options: • Send — Specifies that all packets for the associated traffic stream are to be forwarded if the traffic class criteria is met. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 105: Qos Association

    (bps). The valid range is from 0 to 1733Mbps. Step 5 Click Apply. Note An interface can be bound with either a QoS policy or an ACL, but not both. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 106: Guest Access

    Captive Portal. This setting limits the bandwidth used to send data into the network. The range is from 0 to 1733Mbps. The default value is 0. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 107 • Active Directory Service — The WAP device uses a database on a remote ADS server to authenticate the users. Configure the following if using the Active Directory Service authentication setting. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 108 External Capture Portal (EXCAP) interface on the WAP. Note Make sure that your Purple WiFi account is configured right before on-boarding the Cisco AP. This ensures an appropriate functioning of the Purple WiFi redirection service.

  • Page 109: Guest Group Table

    On the device, each local user is assigned to a user group and the group is assigned to a CP instance. The group facilitates managing the assignment of users to CP instances. The user group named Default is built-in and cannot be deleted. To configure a local user: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 110: Guest User Account

    You can click Back button link to view the Guest Access page. To delete or modify a guest user, you need to select it and then click Delete or Edit. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 111: Web Portal Customization

    The range is from 2 to 32 characters. The default is Connect. • Browser Head Prompting — The text that appears in the browser title bar. The range is from 1 to 128 characters. The default is Captive Portal. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 112 Clicking Preview will show the text and the images that have already been saved to the Startup Configuration. If you make a change, click Apply before clicking Preview to see your changes. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 113: Cisco Umbrella

    Cisco Umbrella Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet. It acts as a gateway between the internet and your systems and data to block malware, botnets and phishing over any port, protocol or app.
  • Page 114 Step 6 Click Apply to apply these configurations. The status of the registration is indicated in the Registration Status field. The status can be Successful, Registering or Failed. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 115: Monitor

    • Red round — No wired connection. • Green round — Wired connection. Click the LAN link to view the LAN Status page. • Wireless • Red round — All radios are disabled. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 116 Quick Access To simplify the device configuration through quick navigation, the Getting Started page provides links for performing common tasks. For more details, see Quick Start Configuration, on page Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 117: Lan Status

    Click Edit to change any of these settings. You will be redirected to the Radio page. Click Refresh to refresh the screen and show the most current information. Click Back to return to the Dashboard page. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 118: Traffic Statistics

    Transmit Traffic Statistics table and the Receive Traffic Statistics table respectively. • Errors—The total number of errors related to sending and receiving data on the WAP device. Note You can click Refresh to view the updated information. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 119: Single Point Setup Status

    The Clients page displays the client stations associated with the device. Total Number of Associated Clients—The total number of clients on the WAP device. Client Summary Displays the client summary by 802.11 client type currently on the device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 120 You can filter clients the through Clients Details, Network (SSID), and so on. Single Point Setup Clients • Clients Details—The MAC address of the associated wireless client.IPv4 Address—The IP address of the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 121: Guests

    • RADIUS — The WAP device uses a database on a remote RADIUS server to authenticate the users. • FACEBOOK —The WAP device uses Facebook accounts to authenticate users. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 122 • Failure Time — The time at which the authentication failure occurred. A timestamp is included that shows the time of the failure. You can click Export to download the current Authenticated/Failed clients message. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 123: Troubleshoot

    The wireless packet capture feature enables capturing and storing the packets received and transmitted by the WAP device. The captured packets can then be analyzed by a network protocol analyzer for troubleshooting or performance optimization. There are two methods of packet capture: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 124: Local Packet Capture

    Click Enable Filters. There are three checkboxes available (Ignore Beacons, Filter on Client, Filter on SSID). • Ignore Beacons — Enables or disables the capturing of 802.11 beacons detected or transmitted by the radio. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 125: Remote Packet Capture

    To initiate a remote capture on a WAP device using Stream to a Remote Host option: Step 1 Select Troubleshoot > Packet Capture. Step 2 For the Packet Capture Method, click Stream to a Remote Host radio button. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 126: Stream To Cloudshark

    Filter on Client — Specifies the MAC address for WLAN Client Filter. Note The Client Filter is active only when a capture is performed on an 802.11 interface. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 127: Wireshark

    You can trace up to four interfaces on the WAP device simultaneously. However, you must start a separate Wireshark session for each interface. To initiate additional remote capture sessions, repeat the Wireshark configuration steps. No configuration required on the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 128 WAP device from forwarding the captured beacon packets to the Wireshark tool. To reduce the performance impact of capturing the 802.11 beacons, disable the capture beacons mode. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 129: Packet Capture File Download

    • The first line chart update data every 1 seconds. It will show the CPU/RAM activity in 60 seconds. • The second line chart update data every 5 seconds. It will show the CPU/RAM activity in 5 minutes. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 130: Download Cpu/Ram Data

    Click Download to generate the file based on the current system settings. After a short pause, a window appears to enable you to save the file to your computer. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 131: Appendix A Deauthentication Message Reason Codes

    Disassociated due to inactivity Disassociated because WAP device is unable to handle all currently associated STAs Class 2 frame received from nonauthenticated STA Class 3 frame received from nonassociated STA Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 132 Element in 4-Way Handshake different from (Re)Association Request/Probe Response/Beacon frame Invalid group cipher Invalid pairwise cipher Invalid AKMP Unsupported RSNE version Invalid RSNE capabilities IEEE 802.1X authentication failed Cipher suite rejected because of the security policy Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

  • Page 133: Appendix B Where To Go From Here

    18 digit reference number (for example: 7XEEX17D99-3X49X08 1) found in the product open source documentation. Cisco WAP581 Administration Guide http://www.cisco.com/go/500_wap_resources Cisco Power Adapters http://www.cisco.com/go/wap_accessories Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
  • Page 134 Where to Go from Here Where to Go from Here Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...

Table of Contents