Download  Print this page

Cisco SD2008T-NA Configuration Manual

4400 series wireless lan controller.
Hide thumbs
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406

Advertisement

Cisco Wireless LAN Controller
Configuration Guide
Software Release 4.0
January 2007
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-9141-03

Advertisement

Table of Contents

   Also See for Cisco SD2008T-NA

   Related Manuals for Cisco SD2008T-NA

   Summary of Contents for Cisco SD2008T-NA

  • Page 1 Cisco Wireless LAN Controller Configuration Guide Software Release 4.0 January 2007 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-9141-03...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco...
  • Page 3: Table Of Contents

    Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information...
  • Page 4 Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection Network Connections to Cisco Wireless LAN Controllers Cisco 2000 and 2100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Rogue Access Points Rogue Access Point Location, Tagging, and Containment...
  • Page 5 Using the CLI to Enable Link Aggregation Verifying LAG Settings Using the CLI Configuring Neighbor Devices to Support LAG Configuring a 4400 Series Controller to Support More Than 48 Access Points Using Link Aggregation Using Multiple AP-Manager Interfaces Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 6 Enabling Dynamic Transmit Power Control Configuring Multicast Mode Understanding Multicast Mode Guidelines for Using Multicast Mode Enabling Multicast Mode Configuring Client Roaming Intra-Controller Roaming Inter-Controller Roaming Inter-Subnet Roaming Voice-over-IP Telephone Roaming CCX Layer 2 Client Roaming Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 7 Using the CLI to Enable Management over Wireless Configuring DHCP Option 82 Configuring Access Control Lists Using the GUI to Configure Access Control Lists Using the CLI to Configure Access Control Lists Configuring Management Frame Protection Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 8 Using the CLI to Specify the Maximum Number of Local Database Entries Configuring WLANsWireless Device Access C H A P T E R WLAN Overview Configuring WLANs Displaying, Creating, Disabling, and Deleting WLANs Activating WLANs Configuring DHCP Internal DHCP Server External DHCP Servers Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 9 Addition to the Controller CLI Configuring Conditional Web Redirect with 802.1X Authentication Configuring the RADIUS Server Using the GUI to Configure Conditional Web Redirect Using the CLI to Configure Conditional Web Redirect Disabling Accounting Servers per WLAN Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 10 Cisco 1000 Series Lightweight Access Points Cisco 1030 Remote Edge Lightweight Access Points Cisco 1000 Series Lightweight Access Point Models Cisco 1000 Series Lightweight Access Point External and Internal Antennas External Antenna Connectors Antenna Sectorization Cisco 1000 Series Lightweight Access Point LEDs...
  • Page 11 Choosing the Web Authentication Login Window Choosing the Default Web Authentication Login Window Using the GUI to Choose the Default Web Authentication Login Window Using the CLI to Choose the Default Web Authentication Login Window Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 12 Statically Assigning Channel and Transmit Power Settings to Access Point Radios Using the GUI to Statically Assign Channel and Transmit Power Settings Using the CLI to Statically Assign Channel and Transmit Power Settings Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 13 Configuring an Access Point for Hybrid REAP Using the GUI to Configure an Access Point for Hybrid REAP Using the CLI to Configure an Access Point for Hybrid REAP Connecting Client Devices to the WLANs Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 14 Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Access Points in Japan Administrative Rules for Cisco Aironet Access Points in Taiwan Access Points with IEEE 802.11a Radios...
  • Page 15 Interpreting Lightweight Access Point LEDs Logical Connectivity Diagrams A P P E N D I X Cisco WiSM Cisco 28/37/38xx Integrated Services Router Catalyst 3750G Integrated Wireless LAN Controller Switch N D E X Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 16 Contents Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 17: Preface

    Preface This preface provides an overview of the Cisco Wireless LAN Controller Configuration Guide, Release 4.0, references related publications, and explains how to obtain other documentation and technical assistance, if necessary. It contains these sections: Audience, page 18 • •...
  • Page 18: Audience

    Audience Audience This guide describes Cisco Wireless LAN Controllers and Cisco Lightweight Access Points. This guide is for the networking professional who installs and manages these devices. To use this guide, you should be familiar with the concepts and terminology of wireless LANs.
  • Page 19: Conventions

    Conventions Appendix A, “Safety Considerations and Translated Safety Warnings,” lists safety considerations and translations of the safety warnings that apply to the Cisco Unified Wireless Network Solution products. Appendix B, “Declarations of Conformity and Regulatory Information,” provides declarations of conformity and regulatory information for the products in the Cisco Unified Wireless Network Solution.
  • Page 20 (Para ver as traduções dos avisos que constam desta publicação, consulte o apêndice “Translated Safety Warnings” - “Traduções dos Avisos de Segurança”). Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 21: Related Publications

    • Cisco Aironet High Gain Omnidirectional Ceiling Mount Antenna (AIR-ANT1728) • • Mounting Instructions for the Cisco Aironet 6.5 dBi Diversity Patch Wall Mount Antenna • Cisco Aironet 2 dBi Diversity Omnidirectional Ceiling Mount Antenna (AIR-ANT5959) • Cisco Multiband 2.4/5GHz Articulated Dipole Antenna (AIR-ANT1841) Cisco Multiband 2.4/5G Diversity Omnidirectional Ceiling Mount Antenna (AIR-ANT1828)
  • Page 22: Obtaining Documentation

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 23 C H A P T E R Overview This chapter describes the controller components and features. Its contains these sections: Cisco Unified Wireless Network Solution Overview, page 1-2 • Operating System Software, page 1-5 • Operating System Security, page 1-6 •...
  • Page 24: Chapter 1 Overview

    A full-featured command-line interface (CLI) can be used to configure and monitor individual Cisco Wireless LAN Controllers. See Chapter The Cisco Wireless Control System (WCS), which you use to configure and monitor one or more • Cisco Wireless LAN Controllers and associated access points. WCS has tools to facilitate large-system monitoring and control.
  • Page 25: Cisco Unified Wireless Network Solution Overview

    Autodetecting and autoconfiguring lightweight access points as they are added to the network. Full control of lightweight access points. • Full control of up to 16 wireless LAN (SSID) policies for Cisco 1000 series access points. • LWAPP-enabled access points support up to 8 wireless LAN (SSID) policies.
  • Page 26: Single-controller Deployments

    Multiple-Controller Deployments Each controller can support lightweight access points across multiple floors and buildings simultaneously. However, full functionality of the Cisco Wireless LAN Solution is realized when it includes multiple controllers. A multiple-controller system has the following additional features: Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.
  • Page 27: Multiple-controller Deployments

    Figure 1-3 Typical Multi-Controller Deployment Operating System Software The operating system software controls Cisco Wireless LAN Controllers and Cisco 1000 Series Lightweight Access Points. It includes full operating system security and Radio Resource Management (RRM) features. Cisco Wireless LAN Controller Configuration Guide...
  • Page 28: Operating System Software

    X.509 certificate. These signed certificates are used to verify downloaded code before it is loaded, ensuring that hackers do not download malicious code into any Cisco Wireless LAN Controller or Cisco 1000 series lightweight access point.
  • Page 29: Layer 2 And Layer 3 Lwapp Operation

    DHCP server. Note that all Cisco Wireless LAN Controllers in a mobility group must use the same LWAPP Layer 2 or Layer 3 mode, or you will defeat the Mobility software algorithm.
  • Page 30: Primary, Secondary, And Tertiary Controllers

    ID (RFID) tag location and store the locations in the Cisco WCS database. For more information on location solutions, refer to the Cisco Wireless Control System Configuration Guide and the Cisco Location Appliance Configuration Guide at...
  • Page 31: Controller Platforms

    Cisco switch and router products. Cisco 2000 and 2100 Series Controllers The Cisco 2000 and 2100 series (2106) Wireless LAN Controllers work in conjunction with Cisco lightweight access points and the Cisco Wireless Control System (WCS) to provide system-wide wireless LAN functions.
  • Page 32: Cisco 4400 Series Controllers

    VPN/Enhanced Security Module can also be installed in the field. The 4400 series controller can be equipped with one or two Cisco 4400 series power supplies. When the controller is equipped with two Cisco 4400 series power supplies, the power supplies are redundant, and either power supply can continue to power the controller if the other power supply fails.
  • Page 33: Cisco 28/37/38xx Series Integrated Services Router

    The Catalyst 3750G Integrated Wireless LAN Controller Switch is an integrated Catalyst 3750 switch and Cisco 4400 series controller that supports up to 25 or 50 lightweight access points. The switch has two internal gigabit Ethernet ports that connect the switch and the controller. The switch and the internal controller run separate software versions, which must be upgraded separately.
  • Page 34: Cisco Uwn Solution Wlans

    The lightweight access points broadcast all active Cisco UWN Solution WLAN SSIDs and enforce the policies defined for each WLAN. Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers operate with optimum performance and ease of management.
  • Page 35: Enhanced Integration With Cisco Secure Acs

    IETF 65 (Tunnel Medium Type): 802 • IETF 81 (Tunnel Private Group ID): VLAN # or VLAN Name String This enables Cisco Secure ACS to communicate a VLAN change that may be a result of a posture analysis. Benefits of this new feature include: •...
  • Page 36: File Transfers

    Ethernet (PoE) devices, which can reduce the cost of discrete power supplies, additional wiring, conduits, outlets, and installer time. PoE also frees installers from having to mount Cisco 1000 series lightweight access points or other powered equipment near AC outlets, providing greater flexibility in positioning Cisco 1000 series lightweight access points for maximum coverage.
  • Page 37: Startup Wizard

    • Adds an Administrative username and password, each up to 24 characters. Ensures that the controller can communicate with the GUI, CLI, or Cisco WCS (either directly or • indirectly) through the service port by accepting a valid IP configuration protocol (none or DHCP), and if none, IP Address and netmask.
  • Page 38: Cisco Wireless Lan Controller Memory

    During installation, Cisco recommends that you connect all lightweight access points to a dedicated controller, and configure each lightweight access point for final operation. This step configures each lightweight access point for a primary, secondary, and tertiary controller and allows it to store the configured mobility group information.
  • Page 39: Network Connections To Cisco Wireless Lan Controllers

    Cisco 2000 and 2100 Series Wireless LAN Controllers Cisco 2000 and 2100 series controllers can communicate with the network through any one of their physical data ports, as the logical management interface can be assigned to one of the ports. The physical...
  • Page 40: Cisco 4400 Series Wireless Lan Controllers

    Physical Network Connections to the 2000 Series Controller Cisco 4400 Series Wireless LAN Controllers Cisco 4400 series controllers can communicate with the network through one or two pairs of physical data ports, and the logical management interface can be assigned to the ports. The physical port...
  • Page 41: Rogue Access Points

    Rather than using a person with a scanner to manually detect rogue access point, the Cisco UWN Solution automatically collects information on rogue access point detected by its managed access points, by MAC and IP Address, and allows the system operator to locate, tag and monitor them.
  • Page 42 To facilitate automated rogue access point detection in a crowded RF space, lightweight access points can be configured to operate in monitor mode, allowing monitoring without creating unnecessary interference. Cisco Wireless LAN Controller Configuration Guide 1-20 OL-9141-03...
  • Page 43 • Enabling Web and Secure Web Modes, page 2-3 • Using the CLI, page 2-5 • Enabling Wireless Connections to the Web-Browser and CLI Interfaces, page 2-9 • Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL--9141-03...
  • Page 44: Using The Web-browser Interface

    Microsoft Internet Explorer version 6.0 SP1 or higher is required for using Web Authentication. You can use either the service port interface or the management interface to open the GUI. Cisco • recommends that you use the service-port interface. Refer to Chapter 3, “Using the CLI to...
  • Page 45: Enabling Web And Secure Web Modes

    Configuration Saved! Reboot the controller: Step 5 >reset system Are you sure you would like to reset the system? (y/n) y System will now restart! The controller reboots. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
  • Page 46: Loading An Externally Generated Https Certificate

    However, if you load the certificate through the distribution system (DS) network port, the TFTP server can be on any subnet. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS •...
  • Page 47: Disabling The Gui

    Using the CLI The Cisco UWN Solution command line interface (CLI) is built into each controller. The CLI allows operators to use a VT-100 emulator to locally or remotely configure, monitor and control individual controllers, and to access extensive debugging capabilities.
  • Page 48 Chapter 2 Using the Web-Browser and CLI Interfaces Using the CLI Refer to the Cisco Wireless LAN Controller Command Reference for information on specific commands. Note Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-6415-01OL-9141-03...
  • Page 49: Logging Into The Cli

    A terminal emulation program or a DOS shell for the Telnet session By default, controllers block Telnet sessions. You must use a local connection to the serial port to enable Note Telnet sessions. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
  • Page 50: Logging Out Of The Cli

    At the root level, save configuration changes from active working RAM to non-volatile RAM (NVRAM) so they are retained after reboot reset system At the root level, reset the controller without logging out Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-6415-01OL-9141-03...
  • Page 51: Enabling Wireless Connections To The Web-browser And Cli Interfaces

    To use the controller GUI to enable wireless connections, browse to the Management Via Wireless page and select the Enable Controller Management to be accessible from Wireless Clients check box. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
  • Page 52 Chapter 2 Using the Web-Browser and CLI Interfaces Enabling Wireless Connections to the Web-Browser and CLI Interfaces Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide 2-10 OL-6415-01OL-9141-03...
  • Page 53 • Configuring Dynamic Interfaces, page 3-15 • Configuring Ports, page 3-19 • • Enabling Link Aggregation, page 3-29 Configuring a 4400 Series Controller to Support More Than 48 Access Points, page 3-36 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 54: Overview Of Ports And Interfaces

    Note The controller in a Cisco Integrated Services Router and the controllers on the Cisco WiSM do not have external physical ports. They connect to the network through ports on the router or switch, respectively. Figure 3-1...
  • Page 55: Distribution System Ports

    A distribution system port connects the controller to a neighbor switch and serves as the data path between these two devices. Cisco 2000 series controllers have four 10/100 copper Ethernet distribution system ports through • which the controller can support up to six access points.
  • Page 56 Cisco 4402 controllers have two gigabit Ethernet distribution system ports, each of which is capable • of managing up to 48 access points. However, Cisco recommend no more than 25 access points per port due to bandwidth constraints. The 4402-25 and 4402-50 models allow a total of 25 or 50 access points to join the controller.
  • Page 57: Service Port

    Ethernet port on the switch. Fiber adapters might also be required for the switch if it has fiber ports. For smaller systems needing only 6 access points, the Cisco 2006 or 2106 controllers can be used. A Note Cisco CAT6k with a service module or a Cisco 2800 router can also support 6 access points.
  • Page 58: Management Interface

    For Cisco 4404 and WiSM controllers, configure the AP-manager interface on all distribution system ports (1, 2, 3, and 4). For Cisco 4402 controllers, configure the AP-manager interface on distribution system ports 1 and 2. In both cases, the static (or permanent) AP-manager interface is always assigned to distribution system port 1 and given a unique IP address.
  • Page 59: Virtual Interface

    All controllers within a mobility group must be configured with the same virtual interface IP address. Note Otherwise, inter-controller roaming may appear to work, but the hand-off does not complete, and the client loses connectivity for a period of time. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 60: Service-port Interface

    Only Cisco 4400 series controllers have a service-port interface. Note You must configure an IP address on the service-port interface of both Cisco WiSM controllers. Note Otherwise, the neighbor switch is unable to check the status of each controller.
  • Page 61 3-4, each controller port connection is an 802.1Q trunk and should be configured as such on the neighbor switch. On Cisco switches, the native VLAN of an 802.1Q trunk is an untagged VLAN. Therefore, if you configure an interface to use the native VLAN on a neighboring Cisco switch, make sure you configure the interface on the controller to be untagged.
  • Page 62: Configuring The Management, Ap-manager, Virtual, And Service-port Interfaces

    VLANs should be disallowed or pruned in the switch port trunk configuration. This practice is extremely important for optimal performance of the controller. Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers properly route VLAN traffic.
  • Page 63 The management interface uses the controller’s factory-set distribution system MAC address. Note VLAN identifier • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. Fixed IP address, IP netmask, and default gateway •...
  • Page 64: Using The Cli To Configure The Management, Ap-manager, Virtual, And Service-port Interfaces

    The AP-manager interface’s IP address must be different from the management interface’s Note IP address and may or may not be on the same subnet as the management interface. However, Cisco recommends that both interfaces be on the same subnet for optimum access point association. Physical port assignment •...
  • Page 65: Using The Cli To Configure The Ap-manager Interface

    • config interface vlan management {vlan-id | 0} • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. config interface port management physical-ds-port-number •...
  • Page 66: Using The Cli To Configure The Virtual Interface

    • config interface vlan ap-manager {vlan-id | 0} • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. config interface port ap-manager physical-ds-port-number •...
  • Page 67: Using The Cli To Configure The Service-port Interface

    To modify the settings of an existing dynamic interface, click the interface’s Edit link. The • Interfaces > Edit page for that interface appears (see Figure 3-7). Go to Step To delete an existing dynamic interface, click the interface’s Remove link. • Cisco Wireless LAN Controller Configuration Guide 3-15 OL-9141-03...
  • Page 68 Enter a non-zero value for the VLAN identifier. Tagged VLANs must be used for dynamic Note interfaces. Step 4 Click Apply to commit your changes. The Interfaces > Edit page appears (see Figure 3-7). Figure 3-7 Interfaces > Edit Page Cisco Wireless LAN Controller Configuration Guide 3-16 OL-9141-03...
  • Page 69: Using The Cli To Configure Dynamic Interfaces

    To view the details of a specific dynamic interface, enter show interface detailed Step 2 operator-defined-interface-name. Enter config wlan disable wlan-number to disable each WLAN that uses the dynamic interface for Step 3 distribution system communication. Cisco Wireless LAN Controller Configuration Guide 3-17 OL-9141-03...
  • Page 70: Configuring Ports

    Enter show interface detailed operator-defined-interface-name and show interface summary to verify Step 6 that your changes have been saved. If desired, you can enter config interface delete operator-defined-interface-name to delete a dynamic Note interface. Cisco Wireless LAN Controller Configuration Guide 3-18 OL-9141-03...
  • Page 71: Configuring Ports

    The number of parameters available on the Port > Configure page depends on your controller Note type. For instance, 2000 and 2100 series controllers and the controller in a Cisco Integrated Services Router have fewer configurable parameters than a 4400 series controller, which is...
  • Page 72 1000 Mbps full duplex Catalyst 3750G Integrated 1000 Mbps full duplex Wireless LAN Controller Switch WLAN controller module 100 Mbps full duplex Link Status The port’s link status. Values: Link Up or Link Down Cisco Wireless LAN Controller Configuration Guide 3-20 OL-9141-03...
  • Page 73 Determines if the connecting device is equipped to receive power through the Ethernet cable and if so provides -48 VDC. Values: Enable or Disable Some older Cisco access points do not draw PoE even if it is Note enabled on the controller port. In such cases, contact the Cisco Technical Assistance Center (TAC).
  • Page 74: Configuring Port Mirroring

    Note Port mirroring is not supported when link aggregation (LAG) is enabled on the controller. Cisco recommends that you do not mirror traffic from one controller port to another as this setup could Note cause network problems. Follow these steps to enable port mirroring.
  • Page 75: Configuring Spanning Tree Protocol

    The port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents media speed. Cisco Wireless LAN Controller Configuration Guide 3-23 OL-9141-03...
  • Page 76: Using The Gui To Configure Spanning Tree Protocol

    STP Port Designated Cost The path cost of the designated port. STP Port Designated Bridge The identifier of the bridge that the port considers to be the designated bridge for this port. Cisco Wireless LAN Controller Configuration Guide 3-24 OL-9141-03...
  • Page 77 Determines whether the STP port path cost is set automatically or specified by the user. If you choose User Configured, you also need to set a value for the STP Port Path Cost parameter. Range: Auto or User Configured Default: Auto Cisco Wireless LAN Controller Configuration Guide 3-25 OL-9141-03...
  • Page 78 This page allows you to enable or disable the spanning tree algorithm for the controller, modify its characteristics, and view the STP status.Table 3-6 interprets the current STP status for the controller. Cisco Wireless LAN Controller Configuration Guide 3-26 OL-9141-03...
  • Page 79 At most, one configuration BPDU can be transmitted in any hold time period. Step 9 Table 3-7 lists and describes the controller’s configurable STP parameters. Follow the instructions in the table to make any desired changes. Cisco Wireless LAN Controller Configuration Guide 3-27 OL-9141-03...
  • Page 80: Using The Cli To Configure Spanning Tree Protocol

    Enter one of these commands to configure the STP port administrative mode: • config spanningtree port mode 802.1d {port-number | all} • config spanningtree port mode fast {port-number | all} config spanningtree port mode off {port-number | all} • Cisco Wireless LAN Controller Configuration Guide 3-28 OL-9141-03...
  • Page 81: Enabling Link Aggregation

    With LAG enabled, a 4402 controller’s logical port supports up to 50 access points, a 4404 controller’s logical port supports up to 100 access points, and the logical port on each Cisco WiSM controller supports up to 150 access points.
  • Page 82 (slots 2 and 3) within the Catalyst 6500. The controller’s port 1 is connected to gigabit interface 3/1, and the controller’s port 2 is connected to gigabit interface 2/1 on the Catalyst 6500. Both switch ports are assigned to the same channel group. Cisco Wireless LAN Controller Configuration Guide 3-30 OL-9141-03...
  • Page 83 Once the etherchannel is configured as “on,” at both ends of the link, it does not matter if the Catalyst • switch is configured with either Link Aggregation Control Protocol (LACP) or Cisco proprietary Port Aggregation Protocol (PAgP) because no channel negotiation is done between the controller and the switch.
  • Page 84 Chapter 3 Configuring Ports and Interfaces Enabling Link Aggregation Figure 3-12 Link Aggregation with Catalyst 6500 Neighbor Switch Cisco Wireless LAN Controller Configuration Guide 3-32 OL-9141-03...
  • Page 85: Link Aggregation Guidelines

    1. This may not be the case if you disable LAG. • Cisco 4400 series controllers support a single static link aggregation bundle. • LAG is typically configured using the Startup Wizard, but you can enable or disable it at any time through either the GUI or CLI.
  • Page 86: Using The Gui To Enable Link Aggregation

    Set the LAG Mode on Next Reboot parameter to Enabled. Step 2 Choose Disabled if you want to disable LAG. LAG is disabled by default on the Cisco 4400 Note series controllers but enabled by default on the Cisco WiSM.
  • Page 87: Using The Cli To Enable Link Aggregation

    The port channel on the neighbor switch should be configured as follows: interface port-channel <id> switchport switchport trunk encapsulation dot1q switchport trunk native vlan <native vlan id> switchport trunk allowed vlan <allowed vlans> switchport mode trunk no shutdown Cisco Wireless LAN Controller Configuration Guide 3-35 OL-9141-03...
  • Page 88: Configuring A 4400 Series Controller To Support More Than 48 Access Points

    “Enabling Link Aggregation” section on page 3-29 for more information and instructions on enabling link aggregation. Link aggregation is the only method that can be used for the Cisco WiSM and Catalyst 3750G Integrated Note Wireless LAN Controller Switch controllers.
  • Page 89 AP-manager interfaces need not be on the same VLAN or IP subnet, and they may or may not be on the Note same VLAN or IP subnet as the management interface. However, Cisco recommends that you configure all AP-manager interfaces on the same VLAN or IP subnet.
  • Page 90 The controller no longer includes the failed AP-manager interface in the LWAPP discovery responses. The access points then rejoin the controller and are load-balanced among the available AP-manager interfaces. Figure 3-15 Three AP-Manager Interfaces Cisco Wireless LAN Controller Configuration Guide 3-38 OL-9141-03...
  • Page 91 Follow these steps to create multiple AP-manager interfaces. Click Controller > Interfaces to access the Interfaces page. Step 1 Click New. The Interfaces > New page appears (see Figure 3-18). Step 2 Cisco Wireless LAN Controller Configuration Guide 3-39 OL-9141-03...
  • Page 92 Enter an AP-manager interface name and a VLAN identifier, as shown above. Step 4 Click Apply to commit your changes. The Interfaces > Edit page appears (see Figure 3-18). Figure 3-18 Interfaces > Edit Page Cisco Wireless LAN Controller Configuration Guide 3-40 OL-9141-03...
  • Page 93: Connecting Additional Ports

    VLAN 250 to ports 2, 3, and 4. Port 1 still remains connected to VLAN 250 as the management network interface but transports data only from wireless clients proxied by the controller. Cisco Wireless LAN Controller Configuration Guide 3-41 OL-9141-03...
  • Page 94 Chapter 3 Configuring Ports and Interfaces Configuring a 4400 Series Controller to Support More Than 48 Access Points Cisco Wireless LAN Controller Configuration Guide 3-42 OL-9141-03...
  • Page 95 Configuring Client Roaming, page 4-17 • Configuring Voice and Video Parameters, page 4-22 • Configuring the Supervisor 720 to Support the WiSM, page 4-34 • Using the Wireless LAN Controller Network Module, page 4-35 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 96: Using The Configuration Wizard

    NTP server settings (the wizard prompts you for NTP server settings only when you run the wizard • on a wireless controller network module installed in a Cisco Integrated Services router) Other port and parameter settings: service port, Radio Resource Management (RRM), third-party •...
  • Page 97: Resetting The Device To Default Settings

    When you are prompted for a username, enter recover-config to restore the factory default configuration. The controller reboots and displays this message: Welcome to the Cisco WLAN Solution Wizard Configuration Tool Use the configuration wizard to enter configuration settings. Step 3 Resetting to Default Settings Using the GUI Follow these steps to return to default settings using the GUI.
  • Page 98: Running The Configuration Wizard On The Cli

    CLI. Note To configure the controller in the Catalyst 3750G Integrated Wireless LAN Controller Switch, Cisco recommends that you use the GUI configuration wizard that launches from the 3750 Device Manager. Refer to the Catalyst 3750G Integrated Wireless LAN Controller Switch Getting Started Guide for instructions.
  • Page 99: Managing The System Time And Date

    Enter a country code for the unit. Enter help to list the supported countries. Step 18 When you run the wizard on a wireless controller network module installed in a Cisco Integrated Note Services Router, the wizard prompts you for NTP server settings. The controller network module does not have a battery and cannot save a time setting.
  • Page 100: Configuring A Country Code

    (used for legacy 802.11a interface cards that do not support 802.11a high band) Australia 802.11b, 802.11g, and 802.11a Austria 802.11b, 802.11g, and 802.11a Belgium 802.11b, 802.11g, and 802.11a Canada 802.11b and 802.11g Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 101: Enabling And Disabling 802.11 Bands

    If you do not have the default admin account or another user account with which you can log in, your only option is to default the controller to factory settings and reconfigure it from scratch or to reload the previously saved configuration. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 102: Configuring Radius Settings

    RADIUS settings are correctly configured. Configuring SNMP Cisco recommends that you use the GUI to configure SNMP settings on the controller. To use the CLI, follow these steps: Enter config snmp community create name to create an SNMP community name.
  • Page 103: Changing The Default Values Of Snmp Community Strings

    The controller has commonly known default values of “public” and “private” for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values. Using the GUI to Change the SNMP Community String Default Values Follow these steps to change the SNMP community string default values through the controller GUI.
  • Page 104 Step 8 Click Save Configuration to save your settings. Step 9 Repeat this procedure if a “public” or “private” community still appears on the SNMP v1 / v2c Step 10 Community page. Cisco Wireless LAN Controller Configuration Guide 4-10 OL-9141-03...
  • Page 105: Using The Cli To Change The Snmp Community String Default Values

    Changing the Default Values for SNMP v3 Users The controller uses a default value of “default” for the username, authentication password, and privacy password for SNMP v3 users. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values.
  • Page 106: Using The Gui To Change The Snmp V3 User Default Values

    In the next two fields, choose the authentication and privacy protocols to be used, and enter a password Step 6 for each. Click Apply to commit your changes. Step 7 Click Save Configuration to save your settings. Step 8 Cisco Wireless LAN Controller Configuration Guide 4-12 OL-9141-03...
  • Page 107: Using The Cli To Change The Snmp V3 User Default Values

    Using the GUI to Enable System Logging Follow these steps to enable system logging through the controller GUI. Click Management and then Config under Logs. The Syslog Configuration page appears (Figure 4-5). Step 1 Cisco Wireless LAN Controller Configuration Guide 4-13 Ol-9141-03...
  • Page 108 Click Apply to commit your changes. Step 5 Click Save Configuration to save your changes. Step 6 To view the message logs, click Management and then Message Logs under Logs (see Figure 4-6). Step 7 Cisco Wireless LAN Controller Configuration Guide 4-14 OL-9141-03...
  • Page 109: Using The Cli To Enable System Logging

    • warning—Unexpected software events • verbose—Significant system events • To view the current syslog status, enter show syslog. To view the message logs, enter show msglog. Step 3 Cisco Wireless LAN Controller Configuration Guide 4-15 Ol-9141-03...
  • Page 110: Enabling Dynamic Transmit Power Control

    When you enable Dynamic Transmit Power Control (DTPC), access points add channel and transmit power information to beacons. (On access points that run Cisco IOS software, this feature is called world mode.) Client devices using DTPC receive the information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there.
  • Page 111: Enabling Multicast Mode

    Access points subscribe to the LWAPP multicast group using IGMP. • Cisco 1100, 1130, 1200, 1230, and 1240 access points use IGMP versions 1, 2, and 3. However, Cisco 1000 series access points use only IGMP v1 to join the multicast group.
  • Page 112: Intra-controller Roaming

    DHCP Discover with a 0.0.0.0 client IP address or a 169.254.*.* client auto-IP address or when the operator-set session timeout is exceeded. Cisco 1030 remote edge lightweight access points at a remote location must be on the same subnet to Note support roaming.
  • Page 113: Ccx Layer 2 Client Roaming

    The access point provides its associated client information about its neighbors using a neighbor-list update unicast message. Enhanced neighbor list request (E2E)—The End-2-End specification is a Cisco and Intel joint • program that defines new protocols and interfaces to improve the overall voice and roaming experience.
  • Page 114: Using The Gui To Configure Ccx Client Roaming Parameters

    This parameter is intended to reduce the amount of “ping-ponging” between access points if the client is physically located on or near the border between two access points. Range: 2 to 4 dB Default: 2 dB Cisco Wireless LAN Controller Configuration Guide 4-20 OL-9141-03...
  • Page 115: Using The Cli To Configure Ccx Client Roaming Parameters

    – The number of roam reason reports received – The number of neighbor list requests received The number of neighbor list reports sent – The number of broadcast neighbor updates sent – Cisco Wireless LAN Controller Configuration Guide 4-21 Ol-9141-03...
  • Page 116: Configuring Voice And Video Parameters

    Unscheduled automatic power save delivery • You can also configure the traffic stream metrics parameter to monitor voice and video quality. Each of these parameters is supported in Cisco Compatible Extensions (CCX) v4. See the “Configuring Cisco Client Extensions” section on page 6-22 for more information on CCX.
  • Page 117: U-apsd

    Step 2 the 802.11a (or 802.11b/g) Network Status check box, and click Apply. Click Voice under 802.11a or 802.11b/g. The 802.11a (or 802.11b) > Voice Parameters page appears (see Step 3 Figure 4-8). Cisco Wireless LAN Controller Configuration Guide 4-23 Ol-9141-03...
  • Page 118 802.11b/g) Network Status check box, and click Apply. Click Save Configuration to save your changes. Step 10 Repeat this procedure if you want to configure voice parameters for another radio band (802.11a or Step 11 802.11b/g). Cisco Wireless LAN Controller Configuration Guide 4-24 OL-9141-03...
  • Page 119: Using The Gui To Configure Video Parameters

    In the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth Step 6 reserved for roaming video clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming video clients. Range: 0 to 25% Default: 0% Cisco Wireless LAN Controller Configuration Guide 4-25 Ol-9141-03...
  • Page 120: Using The Gui To View Voice And Video Settings

    Click Wireless > Clients to access the Clients page (see Figure 4-10). Step 1 Figure 4-10 Clients Page Step 2 Click the Detail link for the desired client to access the Clients > Detail page (see Figure 4-11). Cisco Wireless LAN Controller Configuration Guide 4-26 OL-9141-03...
  • Page 121 Follow these steps to see the TSM statistics for a particular client and the access point to which this client Step 4 is associated: Click the 802.11aTSM or 802.11b/gTSM link for the desired client. The Clients > AP page appears (see Figure 4-12). Cisco Wireless LAN Controller Configuration Guide 4-27 Ol-9141-03...
  • Page 122 Click the Detail link for the desired access point to access the Clients > AP > Traffic Stream Metrics page (see Figure 4-13). Figure 4-13 Clients > AP > Traffic Stream Metrics Page Cisco Wireless LAN Controller Configuration Guide 4-28 OL-9141-03...
  • Page 123 4-14). Figure 4-14 802.11a Radios Page Click the 802.11aTSM or 802.11b/gTSM link for the desired access point. The AP > Clients page appears (see Figure 4-15). Figure 4-15 AP > Clients Page Cisco Wireless LAN Controller Configuration Guide 4-29 Ol-9141-03...
  • Page 124: Using The Cli To Configure Voice Parameters

    “Configuring Quality of Service” section on page 6-17 for instructions. Step 2 To disable the radio network, enter this command: config {802.11a | 802.11b} disable network To save your settings, enter this command: Step 3 save config Cisco Wireless LAN Controller Configuration Guide 4-30 OL-9141-03...
  • Page 125: Using The Cli To Configure Video Parameters

    The bandwidth range is 0 to 100%, and the default value is 0%. However, the maximum RF bandwidth cannot exceed 100% for voice + video. Once the client reaches the value specified, the access point rejects new calls on this network. Cisco Wireless LAN Controller Configuration Guide 4-31 Ol-9141-03...
  • Page 126: Using The Cli To View Voice And Video Settings

    Num of calls rejected due to PHY rate..0 Num of calls rejected due to QoS policy..0 To see the U-APSD status for a particular client, enter this command: show client detail client_mac Cisco Wireless LAN Controller Configuration Guide 4-32 OL-9141-03...
  • Page 127 Average Delay (5sec intervals)......35 Delay less than 10 ms........20 Delay bet 10 - 20 ms........20 Delay bet 20 - 40 ms........20 Delay greater than 40 ms........20 Total packet Count.........80 Total packet lost count (5sec)......10 Cisco Wireless LAN Controller Configuration Guide 4-33 Ol-9141-03...
  • Page 128: Configuring The Supervisor 720 To Support The Wism

    Configuring the Supervisor 720 to Support the WiSM When you install a WiSM in a Cisco Catalyst 6500 switch, you must configure the Supervisor 720 to support the WiSM. When the supervisor detects the WiSM, the supervisor creates 10 GigabitEthernet interfaces, ranging from Gigslot/1 to Gigslot/8.
  • Page 129: Configuring The Supervisor

    Using the Wireless LAN Controller Network Module Keep these guidelines in mind when using a wireless LAN controller network module (CNM) installed in a Cisco Integrated Services Router: • The controller network module does not support IPSec. To use IPSec with the CNM, configure IPSec on the router in which the CNM is installed.
  • Page 130 Configuring Controller SettingsWireless Device Access Using the Wireless LAN Controller Network Module To access the CNM bootloader, Cisco recommends that you reset the CNM from the router. If you • reset the CNM from a CNM user interface the router might reset the CNM while you are using the bootloader.
  • Page 131 C H A P T E R Configuring Security Solutions This chapter describes security solutions for wireless LANs. It contains these sections: Cisco UWN Solution Security, page 5-2 • Configuring the System for SpectraLink NetLink Telephones, page 5-4 • Using Management over Wireless, page 5-6 •...
  • Page 132: Cisco Uwn Solution Security

    • Security Overview The Cisco UWN security solution bundles potentially complicated Layer 1, Layer 2, and Layer 3 802.11 Access Point security components into a simple policy manager that customizes system-wide security policies on a per-WLAN basis. The Cisco UWN security solution provides simple, unified, and systematic security management tools.
  • Page 133: Layer 3 Solutions

    When the Cisco UWN Solution is monitored using a GUI or a CLI, the interface displays the known rogue access points by MAC address. The operator then has the option of marking them as Known or...
  • Page 134: Integrated Security Solutions

    Integrated Security Solutions • Cisco UWN Solution operating system security is built around a robust 802.1X AAA (authorization, authentication and accounting) engine, which allows operators to rapidly configure and enforce a variety of security policies across the Cisco UWN Solution.
  • Page 135: Using The Cli To Enable Long Preambles

    Click Apply to update the controller configuration. Step 4 If you do not already have an active CLI session to the controller, Cisco recommends that you Note start a CLI session to reboot the controller and watch the reboot process. A CLI session is also useful because the GUI loses its connection when the controller reboots.
  • Page 136: Using The Cli To Configure Enhanced Distributed Channel Access

    802.11b/g network after entering this command. Using Management over Wireless The Cisco UWN Solution Management over Wireless feature allows operators to monitor and configure local controllers using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the controller.
  • Page 137: Using The Cli To Enable Management Over Wireless

    Note Any DHCP packets that already include a relay agent option are dropped at the controller. DHCP option 82 is not supported for use with auto-anchor mobility, which is described in Chapter Note Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 138: Configuring Access Control Lists

    When a packet matches all of the parameters for a rule, the action set for that rule is applied to the packet. You can configure ACLs through either the GUI or the CLI. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 139: Using The Gui To Configure Access Control Lists

    In the Access Control List Name field, enter a name for the new ACL. You can enter up to 32 Step 3 alphanumeric characters. Click Apply. When the Access Control Lists page reappears, click the Edit link for the new ACL. Step 4 Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 140 From the Protocol drop-down box, choose the protocol to be used for this ACL. These are the protocol options: Any—All protocol (This is the default value.) • TCP—Transmission Control Protocol • UDP—User Datagram Protocol • ICMP—Internet Control Message Protocol • ESP—IP Encapsulating Security Payload • Cisco Wireless LAN Controller Configuration Guide 5-10 OL-9141-03...
  • Page 141 This page also enables you to edit or remove any of the rules. Repeat this procedure to add any additional rules for this ACL. Click Save Configuration to save your changes. Step 7 Cisco Wireless LAN Controller Configuration Guide 5-11 OL-9141-03...
  • Page 142: Using The Cli To Configure Access Control Lists

    | source port range acl_name rule_index start_port end_port | swap index acl_name index_1 index_2} Refer to Step 6 in the previous section for explanations of the rule parameters. Cisco Wireless LAN Controller Configuration Guide 5-12 OL-9141-03...
  • Page 143: Configuring Management Frame Protection

    BSSID belonging to an access point that is configured to transmit MFP frames, it reports the discrepancy to the network management system. In order for the timestamps to operate properly, all controllers must be Network Transfer Protocol (NTP) synchronized. Cisco Wireless LAN Controller Configuration Guide 5-13 OL-9141-03...
  • Page 144: Using The Gui To Configure Mfp

    Figure 5-6 AP Authentication Policy Page To enable MFP globally for the controller, choose Management Frame Protection from the Protection Step 2 Type drop-down box. Click Apply to commit your changes. Step 3 Cisco Wireless LAN Controller Configuration Guide 5-14 OL-9141-03...
  • Page 145: Using The Gui To View Mfp Settings

    Follow these steps to view MFP settings using the controller GUI. To see the controller’s current global MFP settings, click Security and then Management Frame Step 1 Protection under Wireless Protection Policies. The Management Frame Protection Settings page appears (see Figure 5-7). Cisco Wireless LAN Controller Configuration Guide 5-15 OL-9141-03...
  • Page 146 To see the current MFP state for a particular access point, click Wireless, 802.11a Radios or 802.11b/g Radios under Access Points, and the Configure link of the desired access point. The 802.11a (or 802.11b/g) Cisco APs > Configure page appears (see Figure 5-8).
  • Page 147: Using The Cli To Configure Mfp

    Configuring Security Solutions Configuring Management Frame Protection Figure 5-8 802.11a Cisco APs > Configure Page Under Management Frame Protection, this page shows the level of MFP protection and validation. Using the CLI to Configure MFP Use these commands to configure MFP using the controller CLI.
  • Page 148: Using The Cli To View Mfp Settings

    Enabled Enabled Operational MFP Capability AP Name Validation Slot Radio State Protection Validation -------------------- ---------- ---- ----- -------------- ---------- ---------- tester-1000 Enabled Full Full Full Full tester-1000b Enabled Full Full Full Full Cisco Wireless LAN Controller Configuration Guide 5-18 OL-9141-03...
  • Page 149 Administrative State ......ADMIN_ENABLED Operation State ......... REGISTERED Mirroring Mode ........Disabled AP Mode ......... Local Remote AP Debug ......... Disabled Version ........4.0.2.0 Boot Version ........2.1.78.0 Mini IOS Version ........ Cisco Wireless LAN Controller Configuration Guide 5-19 OL-9141-03...
  • Page 150: Configuring Identity Networking

    These sections explain the identity networking feature, how it is configured, and the expected behavior for various security policies: Identity Networking Overview, page 5-21 • RADIUS Attributes Used in Identity Networking, page 5-22 • Configuring AAA Override, page 5-25 • Cisco Wireless LAN Controller Configuration Guide 5-20 OL-9141-03...
  • Page 151: Identity Networking Overview

    SSIDs to inherit different QoS and security policies. However, the Cisco Wireless LAN Solution supports identity networking, which allows the network to advertise a single SSID but allows specific users to inherit different QoS or security policies based on their user profiles.
  • Page 152: Radius Attributes Used In Identity Networking

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length Vendor-Id +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Vendor-Id (cont.) | Vendor type | Vendor length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ACL Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+- • Type – 26 for Vendor-Specific Length – >7 • Vendor-Id – 14179 • Cisco Wireless LAN Controller Configuration Guide 5-22 OL-9141-03...
  • Page 153: Interface-name

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type – 81 for Tunnel-Private-Group-ID. • Length – >= 3 • Cisco Wireless LAN Controller Configuration Guide 5-23 OL-9141-03...
  • Page 154: Tunnel Attributes

    VLANID, the tag field should be set to zero (0x00) in all tunnel attributes. Where alternative tunnel types are to be provided, tag values between 0x01 and 0x1F should be chosen. Cisco Wireless LAN Controller Configuration Guide 5-24 OL-9141-03...
  • Page 155: Configuring Aaa Override

    Step 1 Click the Edit link for the WLAN you want to configure. Step 2 Check the Allow AAA Override check box (see Figure 5-9). Step 3 Figure 5-9 WLANs > Edit Page Cisco Wireless LAN Controller Configuration Guide 5-25 OL-9141-03...
  • Page 156: Using The Cli To Configure Aaa Override

    For wlan-id, enter an ID from 1 to 16. Configuring IDS The Cisco intrusion detection system/intrusion prevention system (CIDS/IPS) instructs controllers to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3 through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse.
  • Page 157 (between 1 and 5) to determine the sequence in which the controller consults the IPS sensors. For example, if you choose 1, the controller consults this IPS sensor first. In the Server Address field, enter the IP address of your IDS server. Step 4 Cisco Wireless LAN Controller Configuration Guide 5-27 OL-9141-03...
  • Page 158: Using The Cli To Configure Ids Sensors

    The Port field contains the number of the HTTPS port through which the controller is to communicate Step 5 with the IDS sensor. Cisco recommends that you set this parameter to 443 because the sensor uses this value to communicate by default.
  • Page 159: Viewing Shunned Clients

    For the port-number parameter, you can enter a value between 1 and 65535. The default value is 443. This step is optional because Cisco recommends that you use the default value of 443. The sensor uses this value to communicate by default.
  • Page 160: Configuring Ids Signatures

    802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller. Cisco Wireless LAN Controller Configuration Guide 5-30 OL-9141-03...
  • Page 161: Using The Gui To Configure Ids Signatures

    • same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS • built-in TFTP server and the third-party TFTP server require the same communication port.
  • Page 162 Follow these steps to enable or disable IDS signatures using the controller GUI. Click Security and then Standard Signatures or Custom Signatures under Wireless Protection Step 1 Policies. The Standard Signatures page (see Figure 5-14) or the Custom Signatures page appears. Cisco Wireless LAN Controller Configuration Guide 5-32 OL-9141-03...
  • Page 163 Configuring IDS Figure 5-14 Standard Signatures Page The Standard Signatures page shows the list of Cisco-supplied signatures that are currently on the controller. The Custom Signatures page shows the list of customer-supplied signatures that are currently on the controller. This page shows the following information for each signature: The order, or precedence, in which the controller performs the signature checks.
  • Page 164 The quiet time, or the length of time (in seconds) after which no attacks have been detected at the • individual access point level and the alarm can stop The pattern that is being used to detect a security attack • Cisco Wireless LAN Controller Configuration Guide 5-34 OL-9141-03...
  • Page 165 This page shows the number of attacks detected by the enabled signatures. Step 2 To see more information on the attacks detected by a particular signature, click the Detail link for that signature. The Signature Events Detail page appears (see Figure 5-17). Cisco Wireless LAN Controller Configuration Guide 5-35 OL-9141-03...
  • Page 166 The MAC address of the access point that detected the attack • The name of the access point that detected the attack • The type of radio (802.11a or 802.11b/g) used by the access point to detect the attack • Cisco Wireless LAN Controller Configuration Guide 5-36 OL-9141-03...
  • Page 167: Using The Cli To Configure Ids Signatures

    To enable or disable individual signatures, enter this command: Step 10 config wps signature {standard | custom} state precedence# {enable | disable} To save your changes, enter this command: Step 11 save config Cisco Wireless LAN Controller Configuration Guide 5-37 OL-9141-03...
  • Page 168: Using The Cli To View Ids Signature Events

    Signature Name........Bcast deauth Type..........Standard Track..........Per Mac Frequency........6 Reported By AP 1 MAC Address......00:0b:85:01:4d:80 Name........Test_AP_1 Radio Type....... 802.11bg Channel........4 Last reported by this AP....Tue Dec 6 00:17:49 2005 Cisco Wireless LAN Controller Configuration Guide 5-38 OL-9141-03...
  • Page 169: Configuring Aes Key Wrap

    Key Encryption Key (KEK) and Message Authentication Code Key (MACK). Step 8 Enter the 16-byte KEK in the Key Encryption Key (KEK) field. Step 9 Enter the 20-byte KEK in the Message Authentication Code Key (MACK) field. Cisco Wireless LAN Controller Configuration Guide 5-39 OL-9141-03...
  • Page 170: Using The Cli To Configure Aes Key Wrap

    To configure AES key wrap attributes, enter this command: Step 2 config radius auth keywrap add {ascii | hex} index The index attribute specifies the index of the RADIUS authentication server on which to configure AES key wrap. Cisco Wireless LAN Controller Configuration Guide 5-40 OL-9141-03...
  • Page 171: Configuring Maximum Local Database Entries

    Step 4 Using the CLI to Specify the Maximum Number of Local Database Entries To configure the maximum number of local database entries using the CLI, enter this command: config database size max_entries Cisco Wireless LAN Controller Configuration Guide 5-41 OL-9141-03...
  • Page 172 Chapter 5 Configuring Security Solutions Configuring Maximum Local Database Entries Cisco Wireless LAN Controller Configuration Guide 5-42 OL-9141-03...
  • Page 173: Chapter 6 Configuring Wlanswireless Device Access

    C H A P T E R Configuring WLANsWireless Device Access This chapter describes how to configure up to 16 WLANs for your Cisco UWN Solution. It contains these sections: WLAN Overview, page 6-2 • Configuring WLANs, page 6-2 •...
  • Page 174: Wlan Overview

    Lightweight access points broadcast all active Cisco UWN Solution WLAN SSIDs and enforce the policies that you define for each WLAN. Note Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic. Configuring WLANs These sections describe how to configure WLANs: •...
  • Page 175: Configuring Wlans

    IP subnet as the controller. The internal server provides DHCP addresses to wireless clients, direct-connect access points, appliance-mode access points on the management interface, and DHCP requests that are relayed from access points. Only lightweight access points are supported. Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
  • Page 176: External Dhcp Servers

    Note Security Considerations For enhanced security, Cisco recommends that operators require all clients to obtain their IP addresses from a DHCP server. To enforce this requirement, all WLANs can be configured with a DHCP Required setting and a valid DHCP server IP address, which disallows client static IP addresses. If DHCP Required is selected, clients must obtain an IP address via DHCP.
  • Page 177: Using The Gui To Configure Dhcp

    Enter show wlan to verify that you have a DHCP server assigned to the WLAN. Step 3 Enter ping dhcp-ip-address to verify that the WLAN can communicate with the DHCP server. Step 4 Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
  • Page 178: Configuring Mac Filtering For Wlans

    Use the vlan-id, controller-vlan-ip-address, vlan-netmask, and vlan-gateway options to assign – the WLAN to a specific VLAN and to specify the controller VLAN IP address, the local IP netmask for the VLAN, and the local IP gateway for the VLAN. Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
  • Page 179: Configuring Layer 2 Security

    Configuring WLANs Enter show wlan to verify VLAN assignment status. • Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers properly route VLAN traffic.
  • Page 180: Configuring A Wlan For Both Static And Dynamic Wep

    – Use the 128 option to specify 128/152-bit encryption. – If you want to configure Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and • PI21AG) running PEAP-GTC to authenticate to a controller through a one-time password to a token server, use these commands: –...
  • Page 181 (or a passphrase). This key is used as the pairwise master key (PMK) between the clients and the authentication server. CCKM—Cisco Centralized Key Management (CCKM) uses a fast rekeying technique that enables • clients to roam from one access point to another without going through the controller, typically in under 150 milliseconds (ms).
  • Page 182 WPA1, WPA2, or both. The default values are TKIP for WPA1 and AES for WPA2. Step 6 Choose one of the following key management methods from the Auth Key Mgmt drop-down box: 802.1X, CCKM, PSK, or 802.1X+CCKM. Cisco Wireless LAN Controller Configuration Guide 6-10 OL-1926-06OL-9141-03...
  • Page 183 WPA pre-shared keys must contain 8 to 63 ASCII text characters or 64 hexadecimal characters. Enter this command to enable the WLAN: Step 8 config wlan enable wlan_id Enter this command to save your settings: Step 9 save config Cisco Wireless LAN Controller Configuration Guide 6-11 OL-1926-06OL-9141-03...
  • Page 184: Ckip

    You can configure CKIP through either the GUI or the CLI. Using the GUI to Configure CKIP Follow these steps to configure a WLAN for CKIP using the controller GUI. To enable Aironet IEs for this WLAN, check the Aironet IE check box under Cisco Client Extension Step 1 (CCX).
  • Page 185 Choose ASCII or HEX from the Key Format drop-down box and then enter an encryption key in the Step 8 Encryption Key field. 40-bit keys must contain 5 ASCII text characters or 10 hexadecimal characters. 104-bit keys must contain 13 ASCII text characters or 26 hexadecimal characters. Cisco Wireless LAN Controller Configuration Guide 6-13 OL-1926-06OL-9141-03...
  • Page 186: Configuring Layer 3 Security

    This section explains how to configure Layer 3 security settings for a wireless LAN on the controller. VPN termination (IPSec) and Layer 2 Tunnel Protocol (L2TP) are not supported on controllers with Note software release 4.0x or greater. Cisco Wireless LAN Controller Configuration Guide 6-14 OL-1926-06OL-9141-03...
  • Page 187: Vpn Passthrough

    Scroll to the bottom of the WLAN > Edit window to enter the VPN Gateway Address (Figure 6-4). This Step 5 IP address is that of the gateway router that is terminating the VPN tunnels initiated by the client and passed through the controller. Cisco Wireless LAN Controller Configuration Guide 6-15 OL-1926-06OL-9141-03...
  • Page 188: Web-based Authentication

    Enter these commands to create a list of usernames and passwords allowed access to the WLAN: Enter show netuser to display client names assigned to WLANs. • Enter config netuser add username password wlan-id to add a user to a WLAN. • Cisco Wireless LAN Controller Configuration Guide 6-16 OL-1926-06OL-9141-03...
  • Page 189: Configuring 802.3 Bridging

    Configuring Quality of Service Cisco UWN Solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic WLAN to use Platinum QoS, assign the low-bandwidth WLAN to use Bronze QoS, and assign all other traffic between the remaining QoS levels.
  • Page 190: Configuring Qos Enhanced Bss (qbss)

    The required option requires client devices to use WMM; devices that do not support WMM cannot join the WLAN. Note Do not enable WMM mode if Cisco 7920 phones are used on your network. Cisco Wireless LAN Controller Configuration Guide 6-18...
  • Page 191: Configuring Quality Of Service Profiles

    7920-support ap-cac-limit {enabled | disabled} wlan-id QBSS Information Elements Sometimes Degrade 7920 Phone Performance If your WLAN contains both 1000 series access points and Cisco 7920 wireless phones, do not enable the WMM or AP-CAC-LIMIT QBSS information elements. Do not enter either of these commands:...
  • Page 192 50% of available RF bandwidth. Actual throughput could be less than 50%, but it will never be more than 50%. Step 10 In the Queue Depth field, enter the number packets that access points keep in their queues. Any additional packets are dropped. Cisco Wireless LAN Controller Configuration Guide 6-20 OL-1926-06OL-9141-03...
  • Page 193 To define the maximum value for the priority tag (0–7) associated with packets that fall within the profile, enter this commands: config qos protocol-type {bronze | silver | gold | platinum} dot1p config qos dot1p-tag {bronze | silver | gold | platinum} tag Cisco Wireless LAN Controller Configuration Guide 6-21 OL-1926-06OL-9141-03...
  • Page 194: Configuring Cisco Client Extensions

    The CCX code resident on these clients enables them to communicate wirelessly with Cisco access points and to support Cisco features that other client devices do not, including those related to increased security, enhanced performance, fast roaming, and superior power management.
  • Page 195 Check the Aironet IE check box if you want to enable support for Aironet IEs for this WLAN. Step 3 Otherwise, uncheck this check box. The default value is enabled (or checked). Click Apply to commit your changes. Step 4 Click Save Configuration to save your changes. Step 5 Cisco Wireless LAN Controller Configuration Guide 6-23 OL-1926-06OL-9141-03...
  • Page 196: Using The Gui To View A Client's Ccx Version

    Using the CLI to Configure CCX Aironet IEs To enable or disable support for Aironet IEs for a particular WLAN, enter this command: config wlan ccx aironet-ie {enable | disable} wlan_id The default value is enabled. Cisco Wireless LAN Controller Configuration Guide 6-24 OL-1926-06OL-9141-03...
  • Page 197: Using The Cli To View A Client's Ccx Version

    Step 4 available WLANs (see Figure 6-8). Figure 6-8 802.11a Cisco APs > Configure Page Check the check boxes for the WLANs you want this access point to broadcast. Step 5 Click Apply to commit your changes. Step 6 Click Save Configuration to save your changes.
  • Page 198: Configuring Access Point Groups

    The required access control list (ACL) must be defined on the router that serves the VLAN or subnet. Note Multicast traffic is not supported when access point group VLANs are configured. Note Figure 6-9 Access Point Groups Cisco Wireless LAN Controller Configuration Guide 6-26 OL-1926-06OL-9141-03...
  • Page 199: Creating Access Point Groups

    Enter the group’s description in the AP Group Description field. Click Create New AP Group to create the group. The newly created access point group appears on the Step 6 AP Groups VLAN page (see Figure 6-10). Cisco Wireless LAN Controller Configuration Guide 6-27 OL-1926-06OL-9141-03...
  • Page 200 When you are done adding your interface mappings, click Apply. Step 11 Repeat Steps 4 through 11 to add more access point groups. Step 12 Click Save Configuration to save your changes. Step 13 Cisco Wireless LAN Controller Configuration Guide 6-28 OL-1926-06OL-9141-03...
  • Page 201: Assigning Access Points To Access Point Groups

    Click Save Configuration to save your changes. Step 5 Using the CLI to Assign Access Points to Access Point Groups To assign an access point to an access point group, enter this command: config ap group-name group_name ap_name Cisco Wireless LAN Controller Configuration Guide 6-29 OL-1926-06OL-9141-03...
  • Page 202: Configuring Multiple Wlans With The Same Ssid

    The WLANs page, which lists all WLANs configured on the controller. Figure 6-13 shows two SSIDs named “abc” but with different profile names (abc1 and abc2). Notice that their security policies are also different. Figure 6-13 WLANs Page Cisco Wireless LAN Controller Configuration Guide 6-30 OL-1926-06OL-9141-03...
  • Page 203: Addition To The Controller Cli

    If you do not specify an ssid, the profile_name parameter is used for both the profile name and Note the SSID. For releases earlier than 4.0.206.0, the CLI command for creating a WLAN remains as config Note wlan create wlan_id ssid. Cisco Wireless LAN Controller Configuration Guide 6-31 OL-1926-06OL-9141-03...
  • Page 204: Configuring Conditional Web Redirect With 802.1x Authentication

    RADIUS server. If the RADIUS server returns the Cisco AV-pair “url-redirect,” then the user is redirected to the specified URL upon opening a browser. If the server also returns the Cisco AV-pair “url-redirect-acl,” the specified access control list (ACL) is installed as a preauthentication ACL for this client.
  • Page 205 Step 4 Check the [009\001] cisco-av-pair check box. Enter the following Cisco AV-pairs in the [009\001] cisco-av-pair edit box to specify the URL to which Step 5 the user is redirected and the conditions under which the redirect takes place, respectively:...
  • Page 206: Using The Gui To Configure Conditional Web Redirect

    Follow these steps to configure conditional web redirect using the controller CLI. To enable or disable conditional web redirect, enter this command: Step 1 config wlan security cond-web-redir {enable | disable} wlan_id To save your settings, enter this command: Step 2 save config Cisco Wireless LAN Controller Configuration Guide 6-34 OL-1926-06OL-9141-03...
  • Page 207: Disabling Accounting Servers Per Wlan

    The WLANs > Edit page appears. Scroll down to the RADIUS servers section of the page (see Figure 6-18). Step 3 Uncheck the Enabled box for the Accounting Servers. Step 4 Figure 6-18 WLANs > Edit Page Cisco Wireless LAN Controller Configuration Guide 6-35 OL-1926-06OL-9141-03...
  • Page 208 Chapter 6 Configuring WLANsWireless Device Access Configuring WLANs Cisco Wireless LAN Controller Configuration Guide 6-36 OL-1926-06OL-9141-03...
  • Page 209 C H A P T E R Controlling Lightweight Access Points This chapter describes the Cisco lightweight access points and explains how to connect them to the controller and manage access point settings. It contains these sections: The Controller Discovery Process, page 7-2 •...
  • Page 210: The Controller Discovery Process

    The 1120 and 1310 access points were not supported prior to software release 4.0.155.0. The Cisco controllers cannot edit or query any access point information using the CLI if the name of the Note access point contains a space.
  • Page 211: Verifying That Access Points Join The Controller

    Step 3 Once all the access points have joined the new controller, configure the controller not to be a master Step 4 controller by entering this command in the CLI: config network master-base disable Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 212: Cisco 1000 Series Lightweight Access Points

    Management (RRM) control via a WAN link, and which include connectors for external antennas. The Cisco 1000 series lightweight access point is manufactured in a neutral color so it blends into most environments (but can be painted), contains pairs of high-gain internal antennas for unidirectional (180-degree) or omnidirectional (360-degree) coverage, and is plenum-rated for installations in hanging ceiling spaces.
  • Page 213: Cisco 1030 Remote Edge Lightweight Access Points

    (Cisco 1030 remote edge lightweight access point). The Cisco 1030 remote edge lightweight access point is intended to be located at a remote site, initially configured by a Cisco Wireless LAN Controller, and normally controlled by a Cisco Wireless LAN Controller.
  • Page 214: Cisco 1000 Series Lightweight Access Point Models

    Note that the Cisco 1030 remote edge lightweight access point must have a DHCP server available on its local subnet, so it can obtain an IP address upon reboot. Also note that the Cisco 1030 remote edge lightweight access points at each remote location must be on the same subnet to allow client roaming.
  • Page 215: Antenna Sectorization

    CAT-5 (Category 5) or higher 10/100 Mbps twisted pair cable with RJ-45 connectors. Plug the CAT-5 cable into the RJ-45 jack on the side of the Cisco 1000 series lightweight access point. Note that the Cisco 1000 series lightweight access point can receive power over the CAT-5 cable from network equipment.
  • Page 216: Cisco 1000 Series Lightweight Access Point Power Requirements

    AC-to-48 VDC power adapter. If you are powering the Cisco 1000 series lightweight access point using an external adapter, plug the adapter into the 48 VDC power jack on the side of the Cisco 1000 series lightweight access point.
  • Page 217: Cisco 1000 Series Lightweight Access Point Physical Security

    Monitor mode should be enabled for individual Cisco 1000 series lightweight access points. The Monitor function is set for all 802.11 Cisco Radios on a per-access point basis using any of the Cisco Wireless LAN Controller user interfaces.
  • Page 218: Wireless Mesh

    A bridge group name can be used to logically group access points into sectors. Each sector has a • unique bridge group name. Cisco recommends that you use bridge group names whenever multiple sectors are proximate. An access point that is unable to connect to a sector with its bridge group name temporarily connects to the sector with the best RF characteristics so that its bridge group name can be configured.
  • Page 219: Configuring And Deploying The Ap1510

    MAP 8 MAP 7 MAP 9 Configuring and Deploying the AP1510 For information on planning and initially configuring your Cisco mesh network, refer to the Cisco Mesh Note Networking Solution Deployment Guide. You can find this document at this URL: http://www.cisco.com/en/US/products/ps6548/prod_technical_reference_list.html...
  • Page 220: Adding The Mac Address Of The Access Point To The Controller Filter List

    You can also download the list of access point MAC addresses and push them to the controller using the Note Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide for instructions. Using the GUI to Add the MAC Address of the Access Point to the Controller Filter List Follow these steps to add a MAC filter entry for the access point on the controller using the controller GUI.
  • Page 221 Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Click New. The MAC Filters > New page appears (see Figure 7-5). Step 2 Figure 7-5 MAC Filters > New Page In the MAC Address field, enter the MAC address of the access point.
  • Page 222: Configuring Mesh Parameters

    Range: 150 to 132,000 feet Default: 12,000 feet Cisco recommends that you set all controllers in the mesh network to the same value. Note Check the Enable Zero Touch Configuration check box to enable the access points to get the shared Step 3 secret key from the controller.
  • Page 223 Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points If you change the shared secret key while the access point is not associated to the controller, an Note “Invalid bridge key hash” error message appears. To clear this error, set the shared secret back to the default value “youshouldsetme.”...
  • Page 224: Configuring The Mesh Security Timer

    Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Configuring the Mesh Security Timer Beginning with controller software release 4.0.206.0, you can configure a security timer for the mesh access point (MAP) with regard to the bridge shared secret. Once the timer is configured, the MAP will only attempt to join a network with the same bridge shared secret for a specified period of time (for example, 10 hours).
  • Page 225 Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Figure 7-7 All APs > Details Page On this page, the AP Mode under General is automatically set to Bridge for access points that have bridge functionality, such as the AP1510.
  • Page 226 Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points You must enable bridging on all access points for which you want to allow bridging, including Note the RAP. Therefore, if you want to allow an Ethernet on a MAP to bridge to the RAP’s Ethernet, you must enable bridging on the RAP as well as the MAP.
  • Page 227: Autonomous Access Points Converted To Lightweight Mode

    7-8). Then, using the second controller’s GUI, open the same page and paste the key-hash into the SHA1 Key Hash field under Add AP to Authorization List. If you have more than one Cisco WiSM, use WCS to push the SSC key-hash to all the other controllers.
  • Page 228: Guidelines For Using Access Points Converted To Lightweight Mode

    (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP. In either method, the access point must be able to access a TFTP server that contains the Cisco IOS release to be loaded.
  • Page 229: Using The Mode Button And A Tftp Server To Return To A Previous Release

    X.509 certificates on both the access point and controller. LWAPP relies on a priori provisioning of the X.509 certificates. Cisco Aironet access points shipped before July 18, 2005 do not have a MIC, so these access points create an SSC when upgraded to operate in lightweight mode.
  • Page 230: Using Dhcp Option 43

    Autonomous Access Points Converted to Lightweight Mode Using DHCP Option 43 Cisco 1000 series access points use a string format for DHCP option 43, whereas Cisco Aironet access points use the type-length-value (TLV) format for DHCP option 43. DHCP servers must be programmed to return the option based on the access point’s DHCP Vendor Class Identifier (VCI) string (DHCP...
  • Page 231: Converted Access Points Send Radio Core Dumps To Controller

    On the AP Detail page, the controller lists the BSS MAC addresses and Ethernet MAC addresses of • converted access points. On the Radio Summary page, the controller lists converted access points by radio MAC address. • Cisco Wireless LAN Controller Configuration Guide 7-23 OL-9141-03...
  • Page 232: Disabling The Reset Button On Access Points Converted To Lightweight Mode

    Dynamic Frequency Selection The Cisco UWN Solution complies with regulations that require radio devices to use Dynamic Frequency Selection (DFS) to detect radar signals and avoid interfering with them. When a lightweight access point with a 5-GHz radio operates on one of the 15 channels listed in...
  • Page 233: Retrieving The Unique Device Identifier On Controllers And Access Points

    The unique device identifier (UDI) standard uniquely identifies products across all Cisco hardware product families, enabling customers to identify and track Cisco products throughout their business and network operations and to automate their asset management systems. The standard is consistent across all electronic, physical, and standard business communications.
  • Page 234: Using The Gui To Retrieve The Unique Device Identifier On Controllers And Access Points

    This page shows the five data elements of the controller UDI. Step 2 Click Wireless to access the All APs page. Click the Detail link for the desired access point. The All APs > Details page appears (see Figure 7-10). Step 3 Cisco Wireless LAN Controller Configuration Guide 7-26 OL-9141-03...
  • Page 235: Using The Cli To Retrieve The Unique Device Identifier On Controllers And Access Points

    With the ping link test, the controller can test link quality only in the client-to-access point direction. The RF parameters of the ping reply packets received by the access point are polled by the controller to determine the client-to-access point link quality. Cisco Wireless LAN Controller Configuration Guide 7-27 OL-9141-03...
  • Page 236 6-19 for more information on CCX. Note CCX is not supported on the AP1030. Follow the instructions in this section to perform a link test using either the GUI or the CLI. Cisco Wireless LAN Controller Configuration Guide 7-28 OL-9141-03...
  • Page 237: Using The Gui To Perform A Link Test

    Note You can also access this screen by clicking the Detail link for the desired client and then clicking the Link Test button on the top of the Clients > Detail page. Cisco Wireless LAN Controller Configuration Guide 7-29 OL-9141-03...
  • Page 238: Using The Cli To Perform A Link Test

    SNR at Client (min/max/average)......40dB/30dB/35dB Transmit Retries at AP (Total/Maximum)...... 5/3 Transmit Retries at Client (Total/Maximum)....4/2 Transmit rate: 5.5M 11M 12M 18M 108M Packet Count: Transmit rate: 5.5M 11M 12M 18M 108M Packet Count: Cisco Wireless LAN Controller Configuration Guide 7-30 OL-9141-03...
  • Page 239: Configuring Cisco Discovery Protocol

    2000, 2100 and 4400 series controllers • Note CDP is not supported on the controllers that are integrated into Cisco switches and routers, including those in the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM and the Cisco 28/37/38xx Series Integrated Services Router.
  • Page 240 CDP on individual access points. To enable or disable CDP on a specific access point, enter this command: config ap cdp {enable | disable} Cisco_AP To save your settings, enter this command: save config Cisco Wireless LAN Controller Configuration Guide 7-32 OL-9141-03...
  • Page 241: Configuring Power Over Ethernet

    When an LWAPP-enabled access point (such as an AP1131 or AP1242) is powered by a power injector that is connected to a Cisco pre-Intelligent Power Management (pre-IPM) switch, you need to configure power over Ethernet (PoE), also known as inline power. You can configure PoE through either the GUI or the CLI.
  • Page 242 Check the Pre-Standard State check box if the access point is being powered by a high-power • Cisco switch. These switches provide more than the traditional 6 Watts of power but do not support the intelligent power management (IPM) feature. These switches include: WS-C3550, WS-C3560, WS-C3750, –...
  • Page 243: Using The Cli To Configure Power Over Ethernet

    This command removes the safety checks and allows the access point to be connected to any switch port. It is acceptable to use this command if your network does not contain any older Cisco 6-Watt switches that could be overloaded if connected directly to a 12-Watt access point. The access point assumes that a power injector is always connected.
  • Page 244: Configuring Flashing Leds

    RADIUS server. Using MIC provides strong authentication. If you use the MAC address as the username and password for access point authentication on a RADIUS Note AAA server, do not use the same AAA server for client authentication. Cisco Wireless LAN Controller Configuration Guide 7-36 OL-9141-03...
  • Page 245 Transferring Files to and from a Controller, page 8-2 • Upgrading Controller Software, page 8-2 • Saving Configurations, page 8-4 • Clearing the Controller Configuration, page 8-5 • Erasing the Controller Configuration, page 8-5 • Resetting the Controller, page 8-5 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 246: Transferring Files To And From A Controller

    4.0.206.0, the upgrade time should be significantly reduced. The access points must remain powered, and the controller must not be reset during this time. Cisco recommends the following sequence when performing an upgrade: Upload your controller configuration files to a server to back them up.
  • Page 247: Updating Controller Software

    If you are downloading through the distribution system network port, the TFTP server can be on the same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS •...
  • Page 248: Saving Configurations

    Step 8 The controller now has the code update in active volatile RAM, but you must enter reset system to save the code update to non-volatile NVRAM and reboot the Cisco Wireless LAN Controller: reset system The system has unsaved changes.
  • Page 249: Clearing The Controller Configuration

    When the controller reboots, the CLI console displays the following reboot information: Initializing the system. • Verifying the hardware configuration. • Loading microcode into memory. • Verifying the Operating System software load. • Initializing with its stored configurations. • Displaying the login prompt. • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 250 Chapter 8 Managing Controller Software and Configurations Resetting the Controller Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 251: Chapter 9 Managing User Accounts

    It contains these sections: Creating Guest User Accounts, page 9-2 • • Web Authentication Process, page 9-7 Choosing the Web Authentication Login Window, page 9-9 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 252: Creating Guest User Accounts

    Follow these steps to create a lobby ambassador account using the controller GUI. Click Management > Local Management Users to access the Local Management Users page (see Step 1 Figure 9-1). Figure 9-1 Local Management Users Page Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 253 Click Apply to commit your changes. The new lobby ambassador account appears in the list of local Step 6 management users. Click Save Configuration to save your changes. Step 7 Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 254: Using The Cli To Create A Lobby Ambassador Account

    Click New to create a guest user account. The Lobby Ambassador Guest Management > Guest Users List > New page appears (see Figure 9-4). Figure 9-4 Lobby Ambassador Guest Management > Guest Users List > New Page Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 255 WLANs that are listed are those for which Layer 3 web authentication has been configured (under WLAN Security Policies). Cisco recommends that the system administrator create a specific guest WLAN to prevent any Note potential conflicts. If a guest account expires and it has a name conflict with an account on the RADIUS server and both are on the same WLAN, the users associated with both accounts are disassociated before the guest account is deleted.
  • Page 256: Viewing Guest User Accounts

    When you remove a guest user account, all of the clients that are using the guest WLAN and are logged in using that account’s username are deleted. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 257: Using The Cli To View Guest Accounts

    After the user clicks Yes to proceed (or if the client’s browser does not display a security alert), the web authentication system redirects the client to a login window. Figure 9-8 shows the default web authentication login window. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 258 Web Authentication Process Figure 9-8 Default Web Authentication Login Window The default login window contains a Cisco logo and Cisco-specific text. You can choose to have the web authentication system display one of the following: The default login window •...
  • Page 259: Choosing The Web Authentication Login Window

    Step 2 If you want to use the default web authentication login window as is, go to Step 8. If you want to modify Step 3 the default login window, go to Step Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 260: Using The Cli To Choose The Default Web Authentication Login Window

    Managing User Accounts Choosing the Web Authentication Login Window If you want to hide the Cisco logo that appears in the top right corner of the default window, choose the Step 4 Cisco Logo Hide option. Otherwise, click the Show option.
  • Page 261 If you are downloading through the distribution system network port, the TFTP server can be on the same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS –...
  • Page 262: Modified Default Web Authentication Login Window Example

    Image installed. config custom-web redirecturl http://www.AcompanyBC.com show custom-web Cisco Logo....Disabled CustomLogo....00_logo.gif Custom Title....Welcome to the AcompanyBC Wireless LAN! Custom Message ..... Contact the System Administrator for a Username and Password. Cisco Wireless LAN Controller Configuration Guide 9-12 OL-9141-03...
  • Page 263: Using A Customized Web Authentication Login Window From An External Web Server

    In the Web Server IP Address field, enter the IP address of your web server. Your web server should be Step 4 on a different network from the controller service port network. Cisco Wireless LAN Controller Configuration Guide 9-13 OL-9141-03...
  • Page 264: Server

    Extract and set the action URL in the page from the original URL. • Include scripts to decode the return status code. • Make sure that all paths used in the main page (to refer to images, for example) are of relative type. • Cisco Wireless LAN Controller Configuration Guide 9-14 OL-9141-03...
  • Page 265: Using The Gui To Download A Customized Web Authentication Login Window

    Choosing the Web Authentication Login Window You can download a sample login page from Cisco WCS and use it as a starting point for your customized login page. Refer to the “Downloading a Customized Web Auth Page” section in the Using Templates chapter of the Cisco Wireless Control System Configuration Guide, Release 4.0 for...
  • Page 266: Using The Cli To Download A Customized Web Authentication Login Window

    Enter save config to save your settings. Step 11 Follow the instructions in the “Using the CLI to Verify the Web Authentication Login Window Settings” section on page 9-17 to verify your settings. Cisco Wireless LAN Controller Configuration Guide 9-16 OL-9141-03...
  • Page 267: Customized Web Authentication Login Window Example

    CustomLogo........00_logo.gif Custom Title........Welcome to the AcompanyBC Wireless LAN! Custom Message......... Contact the System Administrator for a Username and Password. Custom Redirect URL......http://www.AcompanyBC.com Web Authentication Mode......Internal Web Authentication URL......Disabled Cisco Wireless LAN Controller Configuration Guide 9-17 OL-9141-03...
  • Page 268 Chapter 9 Managing User Accounts Choosing the Web Authentication Login Window Cisco Wireless LAN Controller Configuration Guide 9-18 OL-9141-03...
  • Page 269 Enabling Rogue Access Point Detection, page 10-12 • Configuring Dynamic RRM, page 10-15 • Overriding Dynamic RRM, page 10-23 • Viewing Additional RRM Settings Using the CLI, page 10-28 • Configuring CCX Radio Management Features, page 10-29 • Cisco Wireless LAN Controller Configuration Guide 10-1 OL-9141-03...
  • Page 270: Overview Of Radio Resource Management

    LAN performance. In this way, administrators gain the perspective of every access point, thereby increasing network visibility. Cisco Wireless LAN Controller Configuration Guide 10-2 OL-1926-06OL-9141-03...
  • Page 271: Dynamic Channel Assignment

    LAN. This metric keeps track of every access point’s transmitted and received packet counts to determine how busy the access points are. New clients avoid an overloaded access point and associate to a new access point. Cisco Wireless LAN Controller Configuration Guide 10-3 OL-1926-06OL-9141-03...
  • Page 272: Dynamic Transmit Power Control

    LAN performance. The result is an even distribution of capacity across an entire wireless network. Client load balancing works only for a single controller. It is not operate in a multi-controller Note environment. Cisco Wireless LAN Controller Configuration Guide 10-4 OL-1926-06OL-9141-03...
  • Page 273: Rrm Benefits

    Finally, RRM ensures that clients enjoy a seamless, trouble-free connection throughout the Cisco unified wireless network. RRM uses separate monitoring and control for each deployed network: 802.11a and 802.11b/g. That is, the RRM algorithms run separately for each radio type (802.11a and 802.11b/g).
  • Page 274: Rf Group Name

    The RF group name is generally set at deployment time through the Startup Wizard. However, you can change it as necessary. Note You can also configure RF groups using the Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide for instructions. Cisco Wireless LAN Controller Configuration Guide...
  • Page 275: Using The Gui To Configure An Rf Group

    Click Apply to commit your changes. Step 4 Click Save Configuration to save your changes. Step 5 Repeat this procedure for each controller that you want to include in the RF group. Cisco Wireless LAN Controller Configuration Guide 10-7 OL-1926-06OL-9141-03...
  • Page 276: Using The Cli To Configure Rf Groups

    This section provides instructions for viewing the status of the RF group through either the GUI or the CLI. You can also view the status of RF groups using the Cisco Wireless Control System (WCS). Refer to the Note Cisco Wireless Control System Configuration Guide for instructions.
  • Page 277 Step 2 page (see Figure 10-3). Figure 10-3 802.11a Global Parameters Page Click Auto RF to access the 802.11a (or 802.11b/g) Global Parameters > Auto RF page (see Step 3 Figure 10-4). Cisco Wireless LAN Controller Configuration Guide 10-9 OL-1926-06OL-9141-03...
  • Page 278 Chapter 10 Configuring Radio Resource ManagementWireless Device Access Viewing RF Group Status Figure 10-4 802.11a Global Parameters > Auto RF Page Cisco Wireless LAN Controller Configuration Guide 10-10 OL-1926-06OL-9141-03...
  • Page 279: Using The Cli To View Rf Group Status

    If the MAC addresses of the group leader and the group member are identical, this controller is Note currently the group leader. Step 2 Enter show advanced 802.11b group to see which controller is the RF group leader for the 802.11b/g RF network. Cisco Wireless LAN Controller Configuration Guide 10-11 OL-1926-06OL-9141-03...
  • Page 280: Enabling Rogue Access Point Detection

    The name is used to verify the authentication IE in all beacon frames. If the controllers have Note different names, false alarms will occur. Step 2 Click Wireless to access the All APs page (see Figure 10-5). Figure 10-5 All APs Page Cisco Wireless LAN Controller Configuration Guide 10-12 OL-1926-06OL-9141-03...
  • Page 281 Click Security > AP Authentication/MFP (under Wireless Protection Policies) to access the AP Authentication Policy page (see Figure 10-7). Figure 10-7 AP Authentication Policy Page The name of the RF group to which this controller belongs appears at the top of the page. Cisco Wireless LAN Controller Configuration Guide 10-13 OL-1926-06OL-9141-03...
  • Page 282: Using The Cli To Enable Rogue Access Point Detection

    IE) is met or exceeded within the detection period. The valid threshold range is from1 to 255, and the default threshold value is 1. To avoid false Note alarms, you may want to set the threshold to a higher value. Cisco Wireless LAN Controller Configuration Guide 10-14 OL-1926-06OL-9141-03...
  • Page 283: Configuring Dynamic Rrm

    Access the 802.11a (or 802.11b/g) Global Parameters > Auto RF page (see Figure 10-4). Click Set to Factory Default at the bottom of the page if you want to return all of the controller’s Note RRM parameters to their factory default values. Cisco Wireless LAN Controller Configuration Guide 10-15 OL-1926-06OL-9141-03...
  • Page 284: Overriding Dynamic Rrm

    Rather, it optimizes its own access point parameters. Note Cisco recommends that controllers participate in automatic RF grouping. However, you can disable this feature if necessary by unchecking the check box. Note also, however, that you override dynamic RRM settings without disabling automatic RF group participation.
  • Page 285 (default is 600 seconds). Prevents the controller from evaluating and, if necessary, updating the channel assignment for joined access points. For optimal performance, Cisco recommends that you use the Note Automatic setting. Refer to the “Disabling Dynamic Channel and Power Assignment Globally for a Controller” section on...
  • Page 286 Avoid Cisco AP Load Causes the controller’s RRM algorithms to consider 802.11 traffic from Cisco lightweight access points in your wireless network when assigning channels. For example, RRM can assign better reuse patterns to access points that carry a heavier traffic load.
  • Page 287 See Step 5 on page 10-25 for information on available transmit power levels. For optimal performance, Cisco recommends that you use the Note Automatic setting. Refer to the “Disabling Dynamic Channel and Power Assignment Globally for a Controller” section on...
  • Page 288 Coverage threshold and the Client Min Exception Level threshold. Default: 25% Data Rate (1 to 1000 The rate at which a single access point transmits or receives data Kbps) packets. Default: 1000 Kbps Cisco Wireless LAN Controller Configuration Guide 10-20 OL-1926-06OL-9141-03...
  • Page 289 How frequently the access point measures noise and interference. Range: 60 to 3600 seconds Default: 180 seconds Load Measurement How frequently the access point measures 802.11 traffic. Range: 60 to 3600 seconds Default: 60 seconds Cisco Wireless LAN Controller Configuration Guide 10-21 OL-1926-06OL-9141-03...
  • Page 290: Using The Cli To Configure Dynamic Rrm

    You can enter only one channel number per command. This command is helpful when you know that the clients do not support certain channels because they are legacy devices or they have certain regulatory restrictions. Cisco Wireless LAN Controller Configuration Guide 10-22 OL-1926-06OL-9141-03...
  • Page 291: Overriding Dynamic Rrm

    In some deployments, it is desirable to statically assign channel and transmit power settings to the access points instead of relying on the dynamic RRM algorithms provided by Cisco. Typically, this is true in challenging RF environments and non-standard deployments but not the more typical carpeted offices.
  • Page 292: Statically Assigning Channel And Transmit Power Settings To Access Point Radios

    The nonoverlapping channels in the U.S. are 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, and 161 in an 802.11a network and 1, 6, and 11 in an 802.11b/g network. Cisco recommends that you do not assign all access points that are within close proximity to each other Note to the maximum power level.
  • Page 293 Overriding Dynamic RRM Click Configure for the access point for which you want to modify the radio configuration. The 802.11a Step 3 (or 802.11b/g) Cisco APs > Configure page appears (see Figure 10-9). Figure 10-9 802.11a Cisco APs > Configure Page...
  • Page 294: Using The Cli To Statically Assign Channel And Transmit Power Settings

    {802.11a | 802.11b} enable To enable the 802.11g network, enter config 802.11b 11gSupport enable after the config Note 802.11b enable command. Enter this command to save your settings: Step 7 save config Cisco Wireless LAN Controller Configuration Guide 10-26 OL-1926-06OL-9141-03...
  • Page 295: Disabling Dynamic Channel And Power Assignment Globally For A Controller

    Enter this command to enable the 802.11a or 802.11b/g network: Step 3 config {802.11a | 802.11b} enable To enable the 802.11g network, enter config 802.11b 11gSupport enable after the config Note 802.11b enable command. Cisco Wireless LAN Controller Configuration Guide 10-27 OL-1926-06OL-9141-03...
  • Page 296: Viewing Additional Rrm Settings Using The Cli

    802.11a or 802.11b/g access points txpower—Shows the transmit power assignment configuration and statistics. To troubleshoot RRM-related issues, refer to the Cisco Wireless LAN Controller Command Reference, Note Release 3.2 for RRM (airewave-director) debug commands.
  • Page 297: Configuring Ccx Radio Management Features

    • Location calibration • These parameters are supported in Cisco Client Extensions (CCX) v2 and higher and are designed to enhance location accuracy and timeliness for participating CCX clients. See the “Configuring Quality of Service Profiles” section on page 6-19 for more information on CCX.
  • Page 298: Using The Gui To Configure Ccx Radio Management

    Range: 60 to 32400 seconds Default: 60 seconds Click Apply to commit your changes. Step 4 Step 5 Click Save Configuration to save your settings. Cisco Wireless LAN Controller Configuration Guide 10-30 OL-1926-06OL-9141-03...
  • Page 299: Using The Cli To Configure Ccx Radio Management

    {enable | disable} client _mac interval_seconds You can configure up to five clients per controller for location calibration. Note Enter this command to save your settings: Step 4 save config Cisco Wireless LAN Controller Configuration Guide 10-31 OL-1926-06OL-9141-03...
  • Page 300: Using The Cli To Obtain Ccx Radio Management Information

    [all | error | warning | message | packet | detail {enable | disable}] To debug the output for forwarded probes and their included RSSI for both antennas, enter this command: debug dot11 load-balancing Cisco Wireless LAN Controller Configuration Guide 10-32 OL-1926-06OL-9141-03...
  • Page 301 Overview of Mobility, page 11-2 • Overview of Mobility Groups, page 11-5 • Configuring Mobility Groups, page 11-7 • Configuring Auto-Anchor Mobility, page 11-11 • Running Mobility Ping Tests, page 11-15 • Cisco Wireless LAN Controller Configuration Guide 11-1 OL-1926-06OL-9141-03...
  • Page 302: Overview Of Mobility

    When the wireless client moves its association from one access point to another, the controller simply updates the client database with the newly associated access point. If necessary, new security context and associations are established as well. Cisco Wireless LAN Controller Configuration Guide 11-2 OL-9141-03...
  • Page 303 All clients configured with 802.1x/Wi-Fi Protected Access (WPA) security complete a full Note authentication in order to comply with the IEEE standard. Figure 11-3 illustrates inter-subnet roaming, which occurs when the controllers’ wireless LAN interfaces are on different IP subnets. Cisco Wireless LAN Controller Configuration Guide 11-3 OL-9141-03...
  • Page 304 Currently, multicast traffic cannot be passed during inter-subnet roaming. With this in mind, you would Note not want to design an inter-subnet network for SpectraLink phones that need to send multicast traffic while using push to talk. Cisco Wireless LAN Controller Configuration Guide 11-4 OL-9141-03...
  • Page 305: Overview Of Mobility Groups

    With this information, the network can support inter-controller wireless LAN roaming and controller redundancy. Note Clients do not roam across mobility groups. Figure 11-4 shows an example of a mobility group. Figure 11-4 A Single Mobility Group Cisco Wireless LAN Controller Configuration Guide 11-5 OL-9141-03...
  • Page 306 XYZ controllers, which are in a different mobility group. Likewise, the controllers in the XYZ mobility group do not recognize or communicate with the controllers in the ABC mobility group. This feature ensures mobility group isolation across the network. Cisco Wireless LAN Controller Configuration Guide 11-6 OL-9141-03...
  • Page 307: Determining When To Include Controllers In A Mobility Group

    This section provides instructions for configuring controller mobility groups through either the GUI or the CLI. You can also configure mobility groups using the Cisco Wireless Control System (WCS). Refer to the Note Cisco Wireless Control System Configuration Guide for instructions.
  • Page 308: Using The Gui To Configure Mobility Groups

    CLI. Step 1 Click Controller > Mobility Groups to access the Static Mobility Group Members page (see Figure 11-6). Figure 11-6 Static Mobility Group Members Page Cisco Wireless LAN Controller Configuration Guide 11-8 OL-9141-03...
  • Page 309 The mobility group name is case sensitive. Note Click Apply to commit your changes. The new controller is added to the list of mobility group members on the Static Mobility Group Members page. Cisco Wireless LAN Controller Configuration Guide 11-9 OL-9141-03...
  • Page 310 Highlight and copy the complete list of entries in the edit box. Click Apply to commit your changes. The new controllers are added to the list of mobility group members on the Static Mobility Group Members page. Cisco Wireless LAN Controller Configuration Guide 11-10 OL-9141-03...
  • Page 311: Using The Cli To Configure Mobility Groups

    WLAN. Instead of being anchored to the first controller that they happen to contact, mobile clients can be anchored to controllers that control access points in a particular vicinity. Cisco Wireless LAN Controller Configuration Guide 11-11 OL-9141-03...
  • Page 312: Guidelines For Using Auto-anchor Mobility

    On the anchor controller, configure the anchor controller itself as a mobility anchor. On the foreign controller, configure the anchor as a mobility anchor. Auto-anchor mobility is not supported for use with DHCP option 82. • Cisco Wireless LAN Controller Configuration Guide 11-12 OL-9141-03...
  • Page 313: Using The Gui To Configure Auto-anchor Mobility

    Click Mobility Anchor Create. The selected controller becomes an anchor for this WLAN. Step 4 Note To delete a mobility anchor for a WLAN, click Remove to the right of the controller’s IP address. Cisco Wireless LAN Controller Configuration Guide 11-13 OL-9141-03...
  • Page 314: Using The Cli To Configure Auto-anchor Mobility

    The wlan-id is optional and constrains the list to the anchors in a particular WLAN. To see Note all of the mobility anchors on your system, enter show mobility anchor. To save your settings, enter this command: save config Cisco Wireless LAN Controller Configuration Guide 11-14 OL-9141-03...
  • Page 315: Running Mobility Ping Tests

    To troubleshoot your controller for mobility ping over UDP, enter this command to display the mobility control packet: debug mobility handoff enable Cisco recommends using an ethereal trace capture when troubleshooting. Note Cisco Wireless LAN Controller Configuration Guide 11-15...
  • Page 316 Chapter 11 Configuring Mobility GroupsWireless Device Access Running Mobility Ping Tests Cisco Wireless LAN Controller Configuration Guide 11-16 OL-9141-03...
  • Page 317: Chapter 12 Configuring Hybrid Reapwireless Device Access

    This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains these sections: Overview of Hybrid REAP, page 12-2 • Configuring Hybrid REAP, page 12-5 • Cisco Wireless LAN Controller Configuration Guide 12-1 OL-9141-03...
  • Page 318: Overview Of Hybrid Reap

    Hybrid REAP is supported only on the 1130AG and 1240AG access points and on the 2000 and 4400 series controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM, and the Controller Network Module for Integrated Services Routers.
  • Page 319 LWAPP discovery process methods except DHCP option 43. If the access point cannot discover a controller through Layer 3 broadcast or OTAP, Cisco recommends DNS resolution. With DNS, any access point with a static IP address that knows of a DNS server can find at least one controller.
  • Page 320: Hybrid Reap Guidelines

    Unicast option. VPN, PPTP, Fortress authentication, and Cranite authentication are supported for locally switched • traffic, provided that these security types are accessible locally at the access point. Cisco Wireless LAN Controller Configuration Guide 12-4 OL-9141-03...
  • Page 321: Configuring Hybrid Reap

    Uplink port no switchport ip address 10.10.98.2 255.255.255.0 spanning-tree portfast interface FastEthernet1/0/2 description the Access Point port switchport trunk encapsulation dot1q switchport trunk native vlan 100 switchport trunk allowed vlan 100,101 Cisco Wireless LAN Controller Configuration Guide 12-5 OL-9141-03...
  • Page 322: Configuring The Controller For Hybrid Reap

    Follow these steps to create a centrally switched WLAN. In our example, this is the first WLAN Step 1 (employee). Click WLANs to access the WLANs page. Click Next to access the WLANs > New page (see Figure 12-2). Cisco Wireless LAN Controller Configuration Guide 12-6 OL-9141-03...
  • Page 323 Enter a name for the WLAN in the WLAN SSID field. Click Apply to commit your changes. The WLANs > Edit page appears (see Figure 12-3). Figure 12-3 WLANs > Edit Page (Centrally Switched WLAN) Cisco Wireless LAN Controller Configuration Guide 12-7 OL-9141-03...
  • Page 324 This can be easily changed per SSID, per hybrid-REAP access point. Non-hybrid-REAP access points tunnel all traffic back to the controller, and VLAN tagging is dictated by each WLAN’s interface mapping. Cisco Wireless LAN Controller Configuration Guide 12-8 OL-9141-03...
  • Page 325 In our example, this is the third WLAN (guest-central). You might want to tunnel guest traffic to the controller so you can exercise your corporate data policies for unprotected guest traffic from a central site. Chapter 9 provides additional information on creating guest user accounts. Note Cisco Wireless LAN Controller Configuration Guide 12-9 OL-9141-03...
  • Page 326 Make sure to enable this WLAN by checking the Admin Status check box under General Note Policies. Figure 12-5 WLANs > Edit Page (Centrally Switched Guest Access WLAN) Click Apply to commit your changes. Click Save Configuration to save your changes. Cisco Wireless LAN Controller Configuration Guide 12-10 OL-9141-03...
  • Page 327 Click Save Configuration to save your changes. Go to the “Configuring an Access Point for Hybrid REAP” section on page 12-12 to configure two or Step 4 three access points for hybrid REAP. Cisco Wireless LAN Controller Configuration Guide 12-11 OL-9141-03...
  • Page 328: Using The Cli To Configure The Controller For Hybrid Reap

    Follow these steps to configure an access point for hybrid REAP using the controller GUI. Make sure that the access point has been physically added to your network. Step 1 Click Wireless to access the All APs page (see Figure 12-7). Step 2 Cisco Wireless LAN Controller Configuration Guide 12-12 OL-9141-03...
  • Page 329 The last parameter under Inventory Information indicates whether this access point can be configured for hybrid REAP. Only the 1130AG and 1240AG access points support hybrid REAP. Choose H-REAP from the AP Mode drop-down box to enable hybrid REAP for this access point. Step 4 Cisco Wireless LAN Controller Configuration Guide 12-13 OL-9141-03...
  • Page 330 Click Apply to commit your changes. Click Save Configuration to save your changes. Step 11 Repeat this procedure for any additional access points that need to be configured for hybrid REAP at the Step 12 remote site. Cisco Wireless LAN Controller Configuration Guide 12-14 OL-9141-03...
  • Page 331: Using The Cli To Configure An Access Point For Hybrid Reap

    802.11 management messages. • debug dot11 mgmt ssid—Shows SSID management events. • debug dot11 mgmt state-machine—Shows the 802.11 state machine. • debug dot11 mgmt station—Shows client events. • Cisco Wireless LAN Controller Configuration Guide 12-15 OL-9141-03...
  • Page 332: Connecting Client Devices To The Wlans

    To see if a client’s data traffic is being locally or centrally switched, click Monitor > Clients on the controller GUI, click the Detail link for the desired client, and look at the Data Switching parameter under AP Properties. Cisco Wireless LAN Controller Configuration Guide 12-16 OL-9141-03...
  • Page 333: Appendix

    A P P E N D I X Safety Considerations and Translated Safety Warnings This appendix lists safety considerations and translations of the safety warnings that apply to the Cisco UWN Solution products. The following safety considerations and safety warnings appear in this appendix: Safety Considerations, page A-2 •...
  • Page 334: Safety Considerations And Translated Safety Warnings

    Safety Considerations Keep these guidelines in mind when installing Cisco UWN Solution products: The Cisco 1000 Series lightweight access points with or without external antenna ports are only • intended for installation in Environment A as defined in IEEE 802.3af. All interconnected equipment must be contained within the same building including the interconnected equipment's associated LAN connections.
  • Page 335 å forhindre ulykker. Bruk nummeret i slutten av hver advarsel for å finne oversettelsen i de oversatte sikkerhetsadvarslene som fulgte med denne enheten. TA VARE PÅ DISSE INSTRUKSJONENE Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 336 Använd det nummer som finns i slutet av varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna anordning. SPARA DESSA ANVISNINGAR Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 337: Class 1 Laser Product Warning

    Produit laser de classe 1. Warnung Laserprodukt der Klasse 1. Avvertenza Prodotto laser di Classe 1. Advarsel Laserprodukt av klasse 1. Aviso Produto laser de classe 1. ¡Advertencia! Producto láser Clase I. Varning! Laserprodukt av klass 1. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 338 Appendix A Safety Considerations and Translated Safety Warnings Class 1 Laser Product Warning Aviso Produto a laser de classe 1. Advarsel Klasse 1 laserprodukt. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 339: Ground Conductor Warning

    En cas de doute sur la mise à la masse appropriée disponible, s'adresser à l'organisme responsable de la sécurité électrique ou à un électricien. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 340 Denna utrustning måste jordas. Koppla aldrig från jordledningen och använd aldrig utrustningen utan en på lämpligt sätt installerad jordledning. Om det föreligger osäkerhet huruvida lämplig jordning finns skall elektrisk besiktningsauktoritet eller elektriker kontaktas. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 341: Chassis Warning For Rack-mounting And Servicing

    • Als het rek voorzien is van stabiliseringshulpmiddelen, dient u de stabilisatoren te monteren voordat u het toestel in het rek monteert of het daar een servicebeurt geeft. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 342 Ved montering av denne enheten i et kabinett som er delvis fylt, skal kabinettet lastes fra bunnen og opp med den tyngste komponenten nederst i kabinettet. • Hvis kabinettet er utstyrt med stabiliseringsutstyr, skal stabilisatorene installeres før montering eller utføring av reparasjonsarbeid på enheten i kabinettet. Cisco Wireless LAN Controller Configuration Guide A-10 OL-9141-03...
  • Page 343 Om denna enhet installeras på en delvis fylld ställning skall ställningen fyllas nedifrån och upp, med de tyngsta enheterna längst ned på ställningen. • Om ställningen är försedd med stabiliseringsdon skall dessa monteras fast innan enheten installeras eller underhålls på ställningen. • • • • • • Cisco Wireless LAN Controller Configuration Guide A-11 Ol-9141-03...
  • Page 344 Ved montering af denne enhed i et delvist fyldt rack, skal enhederne installeres fra bunden og opad med den tungeste enhed nederst. • Hvis racket leveres med stabiliseringsenheder, skal disse installeres for enheden monteres eller serviceres i racket. Cisco Wireless LAN Controller Configuration Guide A-12 OL-9141-03...
  • Page 345 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-13 Ol-9141-03...
  • Page 346 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-14 OL-9141-03...
  • Page 347 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing • • • • • • • • • Cisco Wireless LAN Controller Configuration Guide A-15 Ol-9141-03...
  • Page 348 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-16 OL-9141-03...
  • Page 349 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-17 Ol-9141-03...
  • Page 350: Battery Handling Warning For 4400 Series Controllers

    Battery Handling Warning for 4400 Series Controllers Battery Handling Warning for 4400 Series Controllers There is the danger of explosion if the Cisco 4400 Series Wireless LAN Controller battery is replaced Warning incorrectly. Replace the battery only with the same or equivalent type recommended by the manufacturer.
  • Page 351 Varning! Explosionsfara vid felaktigt batteribyte. Ersätt endast batteriet med samma batterityp som rekommenderas av tillverkaren eller motsvarande. Följ tillverkarens anvisningar vid kassering av använda batterier. Cisco Wireless LAN Controller Configuration Guide A-19 Ol-9141-03...
  • Page 352: Equipment Installation Warning

    Bare opplært og kvalifisert personell skal foreta installasjoner, utskiftninger eller service på dette utstyret. Aviso Apenas pessoal treinado e qualificado deve ser autorizado a instalar, substituir ou fazer a revisão deste equipamento. Cisco Wireless LAN Controller Configuration Guide A-20 OL-9141-03...
  • Page 353 Aviso Somente uma equipe treinada e qualificada tem permissão para instalar, substituir ou dar manutenção a este equipamento. Advarsel Kun uddannede personer må installere, udskifte komponenter i eller servicere dette udstyr. Cisco Wireless LAN Controller Configuration Guide A-21 Ol-9141-03...
  • Page 354 Appendix A Safety Considerations and Translated Safety Warnings Equipment Installation Warning Cisco Wireless LAN Controller Configuration Guide A-22 OL-9141-03...
  • Page 355: More Than One Power Supply Warning For 4400 Series Controllers

    More Than One Power Supply Warning for 4400 Series Controllers Warning The Cisco 4400 Series Wireless LAN Controller might have more than one power supply connection. All connections must be removed to de-energize the unit. Statement 1028 Waarschuwing Deze eenheid kan meer dan één stroomtoevoeraansluiting bevatten. Alle aansluitingen dienen ontkoppeld te worden om de eenheid te ontkrachten.
  • Page 356 Esta unidade pode ter mais de uma conexão de fonte de alimentação. Todas as conexões devem ser removidas para interromper a alimentação da unidade. Advarsel Denne enhed har muligvis mere end en strømforsyningstilslutning. Alle tilslutninger skal fjernes for at aflade strømmen fra enheden. Cisco Wireless LAN Controller Configuration Guide A-24 OL-9141-03...
  • Page 357 Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide A-25 Ol-9141-03...
  • Page 358 Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide A-26 OL-9141-03...
  • Page 359: Appendix

    Cisco UWN Solution. This appendix contains these sections: Regulatory Information for 1000 Series Access Points, page B-2 • FCC Statement for Cisco 2000 Series Wireless LAN Controllers, page B-8 • FCC Statement for Cisco 4400 Series Wireless LAN Controllers, page B-9 •...
  • Page 360: Regulatory Information For 1000 Series Access Points

    European Community, Switzerland, Norway, Iceland, and Liechtenstein, page B-4 • Declaration of Conformity for RF Exposure, page B-5 • Guidelines for Operating Cisco Aironet Access Points in Japan, page B-6 • Administrative Rules for Cisco Aironet Access Points in Taiwan, page B-7 •...
  • Page 361: Department Of Communications-canada

    This device must accept any interference received, including interference that may cause undesired operation. Cisco Aironet 2.4-GHz Access Points are certified to the requirements of RSS-210 for 2.4-GHz spread spectrum devices, and Cisco Aironet 54-Mbps, 5-GHz Access Points are certified to the requirements of RSS-210 for 5-GHz spread spectrum devices.The use of this device in a system operating either partially...
  • Page 362: European Community, Switzerland, Norway, Iceland, And Liechtenstein

    Denna utrustning är i överensstämmelse med de väsentliga kraven och andra relevanta bestämmelser i Direktiv 1999/5/EC. For 2.4 GHz radios, the following standards were applied: Radio: EN 300.328-1, EN 300.328-2 • EMC: EN 301.489-1, EN 301.489-17 • Safety: EN 60950 • Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
  • Page 363: Declaration Of Conformity For Rf Exposure

    This equipment is intended to be used in all EU and EFTA countries. Outdoor use may be restricted to Note certain frequencies and/or may require a license for operation. For more details, contact Cisco Corporate Compliance. For 54 Mbps, 5 GHz access points, the following standards were applied: •...
  • Page 364: Guidelines For Operating Cisco Aironet Access Points In Japan

    Regulatory Information for 1000 Series Access Points Guidelines for Operating Cisco Aironet Access Points in Japan This section provides guidelines for avoiding interference when operating Cisco Aironet access points in Japan. These guidelines are provided in both Japanese and English.
  • Page 365: Administrative Rules For Cisco Aironet Access Points In Taiwan

    Regulatory Information for 1000 Series Access Points Administrative Rules for Cisco Aironet Access Points in Taiwan This section provides administrative rules for operating Cisco Aironet access points in Taiwan. The rules are provided in both Chinese and English. Access Points with IEEE 802.11a Radios...
  • Page 366: Declaration Of Conformity Statements

    Appendix B Declarations of Conformity and Regulatory Information FCC Statement for Cisco 2000 Series Wireless LAN Controllers English Translation Administrative Rules for Low-power Radio-Frequency Devices Article 12 For those low-power radio-frequency devices that have already received a type-approval, companies, business units or users should not change its frequencies, increase its power or change its original features and functions.
  • Page 367: Fcc Statement For Cisco 4400 Series Wireless Lan Controllers

    FCC Statement for Cisco 4400 Series Wireless LAN Controllers The Cisco 4400 Series Wireless LAN Controller equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
  • Page 368 Appendix B Declarations of Conformity and Regulatory Information FCC Statement for Cisco 4400 Series Wireless LAN Controllers Cisco Wireless LAN Controller Configuration Guide B-10 Ol-9141-03...
  • Page 369: Appendix

    A P P E N D I X End User License and Warranty This appendix describes the end user license and warranty that apply to the Cisco UWN Solution products: Cisco 1000 Series Lightweight Access Points • Cisco 2000 Series Wireless LAN Controllers •...
  • Page 370: End User License Agreement

    License. Conditioned upon compliance with the terms and conditions of this Agreement, Cisco Systems, Inc. or its subsidiary licensing the Software instead of Cisco Systems, Inc. (“Cisco”), grants to Customer a nonexclusive and nontransferable license to use for Customer’s internal business purposes the Software and the Documentation for which Customer has paid the required license fees.
  • Page 371 (v) disclose, provide, or otherwise make available trade secrets contained within the Software and Documentation in any form to any third party without the prior written consent of Cisco. Customer shall implement reasonable security measures to protect such trade secrets; or (vi) use the Software to develop any software application intended for resale which employs the Software.
  • Page 372: Limited Warranty

    Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of one (1) year, the Hardware will be free from defects in material and workmanship under normal use. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped.
  • Page 373 Software if reported (or, upon request, returned) to Cisco or the party supplying the Software to Customer. In no event does Cisco warrant that the Software is error free or that Customer will be able to operate the Software without problems or interruptions. In addition, due to the continual development...
  • Page 374: Disclaimer Of Warranty

    Customer has accepted the Software or any other product or service delivered by Cisco. Customer acknowledges and agrees that Cisco has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same...
  • Page 375: Additional Open Source Terms

    Free Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307. Source code governed by the GNU General Public License version 2 is available upon written request to the Cisco Legal Department, 300 E. Tasman Drive, San Jose, California 95134.
  • Page 376 Appendix C End User License and Warranty Additional Open Source Terms Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 377: Appendix

    A P P E N D I X System Messages and LED Patterns This appendix lists system messages that can appear on the Cisco UWN Solution interfaces and describes the LED patterns on controllers and lightweight access points. It contains these sections: System Messages, page D-2 •...
  • Page 378: System Messages

    STATION_AUTHENTICATION_FAIL Check disable, key mismatch or other configuration issues. STATION_ASSOCIATE_FAIL Check load on the Cisco Radio or signal quality issues. LRAD_ASSOCIATED The associated Cisco 1000 Series lightweight access point is now managed by this Cisco Wireless LAN Controller.
  • Page 379 -- check channel assignments. LRADIF_COVERAGE_PROFILE_FAILED Possible coverage hole detected - check Cisco 1000 Series lightweight access point history to see if common problem - add Cisco 1000 Series lightweight access points if necessary. LRADIF_LOAD_PROFILE_PASSED Load is now within threshold limits.
  • Page 380 FAN_FAILURE Monitor Cisco Wireless LAN Controller temperature to avoid overheating. POWER_SUPPLY_CHANGE Check for power-supply malfunction. COLD_START Cisco Wireless LAN Controller may have been rebooted. WARM_START Cisco Wireless LAN Controller may have been rebooted. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 381: Interpreting Leds

    Interpreting Lightweight Access Point LEDs Refer to the hardware installation guide for your specific access point for a description of the LED patterns. You can find the guides at this URL: http://www.cisco.com/en/US/products/hw/wireless/index.html Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 382 Appendix D System Messages and LED Patterns Interpreting LEDs Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 383: Logical Connectivity Diagrams

    This appendix provides logical connectivity diagrams and related software commands for integrated controllers. It contains these sections: Cisco WiSM, page E-3 • Cisco 28/37/38xx Integrated Services Router, page E-5 • Catalyst 3750G Integrated Wireless LAN Controller Switch, page E-6 •...
  • Page 384: Appendix E Logical Connectivity Diagram

    Appendix E Logical Connectivity Diagrams This section provides logical connectivity diagrams for the controllers integrated into other Cisco products, specifically the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM and the Cisco 28/37/38xx Series Integrated Services Router. These diagrams show the internal connections between the switch or router and the controller.
  • Page 385: Cisco Wism

    Appendix E Logical Connectivity Diagrams Cisco WiSM Cisco WiSM Figure E-1 Logical Connectivity Diagram for the Cisco WiSM Supervisor 720 Switch or Router Motherboard Memory Boot Flash Flash File System Flash File System on CF Card Disk 0 Disk 1...
  • Page 386 Logical Connectivity Diagrams Cisco WiSM The commands used for communication between the Cisco WiSM, the Supervisor 720, and the 4404 controllers will be added to this section in a future release of the document. Refer to the Catalyst 6500 Series Switch Wireless Services Module Installation and Configuration Note Note for more information.
  • Page 387: Cisco 28/37/38xx Integrated Services Router

    • test HW-module wlan-controller slot/unit reset {enable | disable} Note Refer to the Cisco Wireless LAN Controller Module Feature Guide for more information. You can find this document at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124limit/124x/124xa2/bo xernm.htm#wp2033271 Cisco Wireless LAN Controller Configuration Guide...
  • Page 388: Catalyst 3750g Integrated Wireless Lan Controller Switch

    These commands are used to view the status of the internal controller. They are initiated from the switch. show platform wireless-controller switch_number summary • Information similar to the following appears: Switch Status State operational operational Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 389 7 23:31:11 2006: Sent WCP_MSG_TYPE_RESPONSE,of type WCP_TLV_KEEP_ALIVE This command is initiated from the switch. • debug platform wireless-controller switch_number ? where ? is one of the following: all—All errors—Errors packets—WCP packets sm—State machine wcp—WCP protocol Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 390 • A direct console connection to the controller does not operate when hardware flow control is enabled on Note the PC. However, the switch console port operates with hardware flow control enabled. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
  • Page 391 5-8, 5-10, 5-12 802.11a (or 802.11b) > Voice Parameters page 4-23 Access Control Lists > Edit page 5-11 802.11a (or 802.11b/g) Cisco APs > Configure page 5-17, Access Control Lists > New page 10-25 Access Control Lists > Rules > New page 5-10 802.11a (or 802.11b/g) Global Parameters >...
  • Page 392 Alarm Trigger Threshold parameter 10-14 guidelines 11-12 All APs > Details page 7-17, 7-27, 7-34, 10-13, 12-13 overview 11-11 to 11-12 All APs page 10-9, 10-12, 12-13 autonomous access points converted to lightweight mode Cisco Wireless LAN Controller Configuration Guide IN-2 OL-9141-02...
  • Page 393 1-11 ciphers logical connectivity diagram and associated software configuring 6-10, 6-11 commands E-6 to E-8 described ports 3-3, 3-4 Cisco.com, obtaining documentation 1-22 caution, defined 1-19 Cisco 2000 Series Wireless LAN Controllers Cisco Wireless LAN Controller Configuration Guide IN-3 OL-9141-02...
  • Page 394 1-18 to ?? client roaming, configuring 4-17 to 4-22 ports 3-2, 3-3 clients Cisco Aironet 1510 Series Lightweight Outdoor Mesh viewing CCX version using the CLI 6-25 Access Point viewing CCX version using the GUI 6-24 See AP1510 Clients > AP > Traffic Stream Metrics page...
  • Page 395 Data Rate threshold parameter 10-20 ordering 1-22 date, configuring domain name server (DNS) discovery daylight saving time, configuring Download button 5-32, 9-15 DCA channels 10-21 Download File to Controller page 5-31, 9-15 Cisco Wireless LAN Controller Configuration Guide IN-5 OL-9141-02...
  • Page 396 7-17 configuring for HTTPS Ethernet connection disabling European declaration of conformity B-4 to B-5 enabling wireless connections Extensible Authentication Protocol (EAP), configuring guidelines opening using factory default settings resetting using the CLI Cisco Wireless LAN Controller Configuration Guide IN-6 OL-9141-02...
  • Page 397 CLI described 5-38 to 5-39 4-18 viewing using the GUI illustrated 11-2 5-35 to 5-37 IDS signatures Inventory page 7-26 configuring Invoke Channel Update Now button 10-17 Cisco Wireless LAN Controller Configuration Guide IN-7 OL-9141-02...
  • Page 398 Local Management Users > New page described Local Management Users page LEDs local netusers, configuring 6-16 configuring 7-36 Local Net Users > New page 12-11 for access points Local Net Users page Cisco Wireless LAN Controller Configuration Guide IN-8 OL-9141-02...
  • Page 399 MAC Address parameter 7-13 configuring using the GUI 7-14 to 7-15 MAC filtering, configuring on WLANs mesh access points (MAPs) MAC Filtering page 7-12 described 7-10 MAC filter list, described 7-10 selecting 7-17 Cisco Wireless LAN Controller Configuration Guide IN-9 OL-9141-02...
  • Page 400 11-7 to 11-8 port mirroring, configuring 3-22 to 3-23 mobility ping tests, running 11-15 Port Number parameter 3-20 mode button Port parameter 5-28 See reset button ports Mode parameter 4-20, 10-30 Cisco Wireless LAN Controller Configuration Guide IN-10 OL-9141-02...
  • Page 401 1-26 to 1-27 on 4400 series controllers 3-2, 3-3 purpose of document 1-18 on Catalyst 3750G Integrated Wireless LAN Controller Switch 3-3, 3-4 on Cisco 28/37/38xx Series Integrated Services Router 3-3, 3-4 on Cisco WiSM QBSS 3-3, 3-4 configuring overview...
  • Page 402 (SSC), LWAPP-enabled access RF groups points sending to controller 7-21 configuring Sequence parameter 5-10 using the CLI 10-8 serial port using the configuration wizard baudrate setting using the GUI 10-7 Cisco Wireless LAN Controller Configuration Guide IN-12 OL-9141-02...
  • Page 403 4-34 SNMP v3 users SX/LC/T small form-factor plug-in (SFP) modules changing default values using the CLI syslog 4-13 4-13 changing default values using the GUI system logging 4-11 to 4-12 4-13 Cisco Wireless LAN Controller Configuration Guide IN-13 OL-9141-02...
  • Page 404 10-25 configuring tunnel attributes, and identity networking 5-24 using the CLI 3-14 Tx Power Level Assignment parameter 10-27 using the configuration wizard using the GUI 3-10 to 3-12 described VLAN Identifier parameter Cisco Wireless LAN Controller Configuration Guide IN-14 OL-9141-02...
  • Page 405 Web Authentication Login window WLANs > Edit page (locally switched WLAN) 12-9 choosing 9-9 to 9-17 WLANs > New page 12-7 choosing the default WLANs page 11-13 using the CLI 9-10 to 9-11 Cisco Wireless LAN Controller Configuration Guide IN-15 OL-9141-02...
  • Page 406 WLAN SSID parameter configuring 6-18 described 6-18 with CAC 4-22 world mode 4-16 WPA1+WPA2 configuring using the CLI 6-11 using the GUI 6-9 to 6-11 described WPA1 Policy parameter 6-10 WPA2 Policy parameter 6-10 Cisco Wireless LAN Controller Configuration Guide IN-16 OL-9141-02...

This manual is also suitable for:

Sfe2000p440244042000 series2100 series

Comments to this Manuals

Symbols: 0
Latest comments: