24-port 10/100 ethernet switch: poe cisco small business managed switches (7 pages)
Summary of Contents for Cisco SD2008T-NA
Page 1
Cisco Wireless LAN Controller Configuration Guide Software Release 4.0 January 2007 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-9141-03...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco...
Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information...
Page 4
Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection Network Connections to Cisco Wireless LAN Controllers Cisco 2000 and 2100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Rogue Access Points Rogue Access Point Location, Tagging, and Containment...
Page 5
Using the CLI to Enable Link Aggregation Verifying LAG Settings Using the CLI Configuring Neighbor Devices to Support LAG Configuring a 4400 Series Controller to Support More Than 48 Access Points Using Link Aggregation Using Multiple AP-Manager Interfaces Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 6
Enabling Dynamic Transmit Power Control Configuring Multicast Mode Understanding Multicast Mode Guidelines for Using Multicast Mode Enabling Multicast Mode Configuring Client Roaming Intra-Controller Roaming Inter-Controller Roaming Inter-Subnet Roaming Voice-over-IP Telephone Roaming CCX Layer 2 Client Roaming Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 7
Using the CLI to Enable Management over Wireless Configuring DHCP Option 82 Configuring Access Control Lists Using the GUI to Configure Access Control Lists Using the CLI to Configure Access Control Lists Configuring Management Frame Protection Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 8
Using the CLI to Specify the Maximum Number of Local Database Entries Configuring WLANsWireless Device Access C H A P T E R WLAN Overview Configuring WLANs Displaying, Creating, Disabling, and Deleting WLANs Activating WLANs Configuring DHCP Internal DHCP Server External DHCP Servers Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 9
Addition to the Controller CLI Configuring Conditional Web Redirect with 802.1X Authentication Configuring the RADIUS Server Using the GUI to Configure Conditional Web Redirect Using the CLI to Configure Conditional Web Redirect Disabling Accounting Servers per WLAN Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 10
Cisco 1000 Series Lightweight Access Points Cisco 1030 Remote Edge Lightweight Access Points Cisco 1000 Series Lightweight Access Point Models Cisco 1000 Series Lightweight Access Point External and Internal Antennas External Antenna Connectors Antenna Sectorization Cisco 1000 Series Lightweight Access Point LEDs...
Page 11
Choosing the Web Authentication Login Window Choosing the Default Web Authentication Login Window Using the GUI to Choose the Default Web Authentication Login Window Using the CLI to Choose the Default Web Authentication Login Window Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 12
Statically Assigning Channel and Transmit Power Settings to Access Point Radios Using the GUI to Statically Assign Channel and Transmit Power Settings Using the CLI to Statically Assign Channel and Transmit Power Settings Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 13
Configuring an Access Point for Hybrid REAP Using the GUI to Configure an Access Point for Hybrid REAP Using the CLI to Configure an Access Point for Hybrid REAP Connecting Client Devices to the WLANs Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 14
Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Access Points in Japan Administrative Rules for Cisco Aironet Access Points in Taiwan Access Points with IEEE 802.11a Radios...
Page 15
Interpreting Lightweight Access Point LEDs Logical Connectivity Diagrams A P P E N D I X Cisco WiSM Cisco 28/37/38xx Integrated Services Router Catalyst 3750G Integrated Wireless LAN Controller Switch N D E X Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 16
Contents Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Preface This preface provides an overview of the Cisco Wireless LAN Controller Configuration Guide, Release 4.0, references related publications, and explains how to obtain other documentation and technical assistance, if necessary. It contains these sections: Audience, page 18 • •...
Audience Audience This guide describes Cisco Wireless LAN Controllers and Cisco Lightweight Access Points. This guide is for the networking professional who installs and manages these devices. To use this guide, you should be familiar with the concepts and terminology of wireless LANs.
Conventions Appendix A, “Safety Considerations and Translated Safety Warnings,” lists safety considerations and translations of the safety warnings that apply to the Cisco Unified Wireless Network Solution products. Appendix B, “Declarations of Conformity and Regulatory Information,” provides declarations of conformity and regulatory information for the products in the Cisco Unified Wireless Network Solution.
Page 20
(Para ver as traduções dos avisos que constam desta publicação, consulte o apêndice “Translated Safety Warnings” - “Traduções dos Avisos de Segurança”). Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 23
C H A P T E R Overview This chapter describes the controller components and features. Its contains these sections: Cisco Unified Wireless Network Solution Overview, page 1-2 • Operating System Software, page 1-5 • Operating System Security, page 1-6 •...
A full-featured command-line interface (CLI) can be used to configure and monitor individual Cisco Wireless LAN Controllers. See Chapter The Cisco Wireless Control System (WCS), which you use to configure and monitor one or more • Cisco Wireless LAN Controllers and associated access points. WCS has tools to facilitate large-system monitoring and control.
Autodetecting and autoconfiguring lightweight access points as they are added to the network. Full control of lightweight access points. • Full control of up to 16 wireless LAN (SSID) policies for Cisco 1000 series access points. • LWAPP-enabled access points support up to 8 wireless LAN (SSID) policies.
Multiple-Controller Deployments Each controller can support lightweight access points across multiple floors and buildings simultaneously. However, full functionality of the Cisco Wireless LAN Solution is realized when it includes multiple controllers. A multiple-controller system has the following additional features: Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.
Figure 1-3 Typical Multi-Controller Deployment Operating System Software The operating system software controls Cisco Wireless LAN Controllers and Cisco 1000 Series Lightweight Access Points. It includes full operating system security and Radio Resource Management (RRM) features. Cisco Wireless LAN Controller Configuration Guide...
X.509 certificate. These signed certificates are used to verify downloaded code before it is loaded, ensuring that hackers do not download malicious code into any Cisco Wireless LAN Controller or Cisco 1000 series lightweight access point.
DHCP server. Note that all Cisco Wireless LAN Controllers in a mobility group must use the same LWAPP Layer 2 or Layer 3 mode, or you will defeat the Mobility software algorithm.
ID (RFID) tag location and store the locations in the Cisco WCS database. For more information on location solutions, refer to the Cisco Wireless Control System Configuration Guide and the Cisco Location Appliance Configuration Guide at...
Cisco switch and router products. Cisco 2000 and 2100 Series Controllers The Cisco 2000 and 2100 series (2106) Wireless LAN Controllers work in conjunction with Cisco lightweight access points and the Cisco Wireless Control System (WCS) to provide system-wide wireless LAN functions.
VPN/Enhanced Security Module can also be installed in the field. The 4400 series controller can be equipped with one or two Cisco 4400 series power supplies. When the controller is equipped with two Cisco 4400 series power supplies, the power supplies are redundant, and either power supply can continue to power the controller if the other power supply fails.
The Catalyst 3750G Integrated Wireless LAN Controller Switch is an integrated Catalyst 3750 switch and Cisco 4400 series controller that supports up to 25 or 50 lightweight access points. The switch has two internal gigabit Ethernet ports that connect the switch and the controller. The switch and the internal controller run separate software versions, which must be upgraded separately.
The lightweight access points broadcast all active Cisco UWN Solution WLAN SSIDs and enforce the policies defined for each WLAN. Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers operate with optimum performance and ease of management.
IETF 65 (Tunnel Medium Type): 802 • IETF 81 (Tunnel Private Group ID): VLAN # or VLAN Name String This enables Cisco Secure ACS to communicate a VLAN change that may be a result of a posture analysis. Benefits of this new feature include: •...
Ethernet (PoE) devices, which can reduce the cost of discrete power supplies, additional wiring, conduits, outlets, and installer time. PoE also frees installers from having to mount Cisco 1000 series lightweight access points or other powered equipment near AC outlets, providing greater flexibility in positioning Cisco 1000 series lightweight access points for maximum coverage.
• Adds an Administrative username and password, each up to 24 characters. Ensures that the controller can communicate with the GUI, CLI, or Cisco WCS (either directly or • indirectly) through the service port by accepting a valid IP configuration protocol (none or DHCP), and if none, IP Address and netmask.
During installation, Cisco recommends that you connect all lightweight access points to a dedicated controller, and configure each lightweight access point for final operation. This step configures each lightweight access point for a primary, secondary, and tertiary controller and allows it to store the configured mobility group information.
Cisco 2000 and 2100 Series Wireless LAN Controllers Cisco 2000 and 2100 series controllers can communicate with the network through any one of their physical data ports, as the logical management interface can be assigned to one of the ports. The physical...
Physical Network Connections to the 2000 Series Controller Cisco 4400 Series Wireless LAN Controllers Cisco 4400 series controllers can communicate with the network through one or two pairs of physical data ports, and the logical management interface can be assigned to the ports. The physical port...
Rather than using a person with a scanner to manually detect rogue access point, the Cisco UWN Solution automatically collects information on rogue access point detected by its managed access points, by MAC and IP Address, and allows the system operator to locate, tag and monitor them.
Page 42
To facilitate automated rogue access point detection in a crowded RF space, lightweight access points can be configured to operate in monitor mode, allowing monitoring without creating unnecessary interference. Cisco Wireless LAN Controller Configuration Guide 1-20 OL-9141-03...
Page 43
• Enabling Web and Secure Web Modes, page 2-3 • Using the CLI, page 2-5 • Enabling Wireless Connections to the Web-Browser and CLI Interfaces, page 2-9 • Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL--9141-03...
Microsoft Internet Explorer version 6.0 SP1 or higher is required for using Web Authentication. You can use either the service port interface or the management interface to open the GUI. Cisco • recommends that you use the service-port interface. Refer to Chapter 3, “Using the CLI to...
Configuration Saved! Reboot the controller: Step 5 >reset system Are you sure you would like to reset the system? (y/n) y System will now restart! The controller reboots. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
However, if you load the certificate through the distribution system (DS) network port, the TFTP server can be on any subnet. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS •...
Using the CLI The Cisco UWN Solution command line interface (CLI) is built into each controller. The CLI allows operators to use a VT-100 emulator to locally or remotely configure, monitor and control individual controllers, and to access extensive debugging capabilities.
Page 48
Chapter 2 Using the Web-Browser and CLI Interfaces Using the CLI Refer to the Cisco Wireless LAN Controller Command Reference for information on specific commands. Note Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-6415-01OL-9141-03...
A terminal emulation program or a DOS shell for the Telnet session By default, controllers block Telnet sessions. You must use a local connection to the serial port to enable Note Telnet sessions. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
At the root level, save configuration changes from active working RAM to non-volatile RAM (NVRAM) so they are retained after reboot reset system At the root level, reset the controller without logging out Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-6415-01OL-9141-03...
To use the controller GUI to enable wireless connections, browse to the Management Via Wireless page and select the Enable Controller Management to be accessible from Wireless Clients check box. Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide OL-9141-03...
Page 52
Chapter 2 Using the Web-Browser and CLI Interfaces Enabling Wireless Connections to the Web-Browser and CLI Interfaces Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide 2-10 OL-6415-01OL-9141-03...
Page 53
• Configuring Dynamic Interfaces, page 3-15 • Configuring Ports, page 3-19 • • Enabling Link Aggregation, page 3-29 Configuring a 4400 Series Controller to Support More Than 48 Access Points, page 3-36 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Note The controller in a Cisco Integrated Services Router and the controllers on the Cisco WiSM do not have external physical ports. They connect to the network through ports on the router or switch, respectively. Figure 3-1...
A distribution system port connects the controller to a neighbor switch and serves as the data path between these two devices. Cisco 2000 series controllers have four 10/100 copper Ethernet distribution system ports through • which the controller can support up to six access points.
Page 56
Cisco 4402 controllers have two gigabit Ethernet distribution system ports, each of which is capable • of managing up to 48 access points. However, Cisco recommend no more than 25 access points per port due to bandwidth constraints. The 4402-25 and 4402-50 models allow a total of 25 or 50 access points to join the controller.
Ethernet port on the switch. Fiber adapters might also be required for the switch if it has fiber ports. For smaller systems needing only 6 access points, the Cisco 2006 or 2106 controllers can be used. A Note Cisco CAT6k with a service module or a Cisco 2800 router can also support 6 access points.
For Cisco 4404 and WiSM controllers, configure the AP-manager interface on all distribution system ports (1, 2, 3, and 4). For Cisco 4402 controllers, configure the AP-manager interface on distribution system ports 1 and 2. In both cases, the static (or permanent) AP-manager interface is always assigned to distribution system port 1 and given a unique IP address.
All controllers within a mobility group must be configured with the same virtual interface IP address. Note Otherwise, inter-controller roaming may appear to work, but the hand-off does not complete, and the client loses connectivity for a period of time. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Only Cisco 4400 series controllers have a service-port interface. Note You must configure an IP address on the service-port interface of both Cisco WiSM controllers. Note Otherwise, the neighbor switch is unable to check the status of each controller.
Page 61
3-4, each controller port connection is an 802.1Q trunk and should be configured as such on the neighbor switch. On Cisco switches, the native VLAN of an 802.1Q trunk is an untagged VLAN. Therefore, if you configure an interface to use the native VLAN on a neighboring Cisco switch, make sure you configure the interface on the controller to be untagged.
VLANs should be disallowed or pruned in the switch port trunk configuration. This practice is extremely important for optimal performance of the controller. Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers properly route VLAN traffic.
Page 63
The management interface uses the controller’s factory-set distribution system MAC address. Note VLAN identifier • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. Fixed IP address, IP netmask, and default gateway •...
The AP-manager interface’s IP address must be different from the management interface’s Note IP address and may or may not be on the same subnet as the management interface. However, Cisco recommends that both interfaces be on the same subnet for optimum access point association. Physical port assignment •...
• config interface vlan management {vlan-id | 0} • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. config interface port management physical-ds-port-number •...
• config interface vlan ap-manager {vlan-id | 0} • Enter 0 for an untagged VLAN or a non-zero value for a tagged VLAN. Cisco recommends Note that only tagged VLANs be used on the controller. config interface port ap-manager physical-ds-port-number •...
To modify the settings of an existing dynamic interface, click the interface’s Edit link. The • Interfaces > Edit page for that interface appears (see Figure 3-7). Go to Step To delete an existing dynamic interface, click the interface’s Remove link. • Cisco Wireless LAN Controller Configuration Guide 3-15 OL-9141-03...
Page 68
Enter a non-zero value for the VLAN identifier. Tagged VLANs must be used for dynamic Note interfaces. Step 4 Click Apply to commit your changes. The Interfaces > Edit page appears (see Figure 3-7). Figure 3-7 Interfaces > Edit Page Cisco Wireless LAN Controller Configuration Guide 3-16 OL-9141-03...
To view the details of a specific dynamic interface, enter show interface detailed Step 2 operator-defined-interface-name. Enter config wlan disable wlan-number to disable each WLAN that uses the dynamic interface for Step 3 distribution system communication. Cisco Wireless LAN Controller Configuration Guide 3-17 OL-9141-03...
Enter show interface detailed operator-defined-interface-name and show interface summary to verify Step 6 that your changes have been saved. If desired, you can enter config interface delete operator-defined-interface-name to delete a dynamic Note interface. Cisco Wireless LAN Controller Configuration Guide 3-18 OL-9141-03...
The number of parameters available on the Port > Configure page depends on your controller Note type. For instance, 2000 and 2100 series controllers and the controller in a Cisco Integrated Services Router have fewer configurable parameters than a 4400 series controller, which is...
Page 72
1000 Mbps full duplex Catalyst 3750G Integrated 1000 Mbps full duplex Wireless LAN Controller Switch WLAN controller module 100 Mbps full duplex Link Status The port’s link status. Values: Link Up or Link Down Cisco Wireless LAN Controller Configuration Guide 3-20 OL-9141-03...
Page 73
Determines if the connecting device is equipped to receive power through the Ethernet cable and if so provides -48 VDC. Values: Enable or Disable Some older Cisco access points do not draw PoE even if it is Note enabled on the controller port. In such cases, contact the Cisco Technical Assistance Center (TAC).
Note Port mirroring is not supported when link aggregation (LAG) is enabled on the controller. Cisco recommends that you do not mirror traffic from one controller port to another as this setup could Note cause network problems. Follow these steps to enable port mirroring.
The port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents media speed. Cisco Wireless LAN Controller Configuration Guide 3-23 OL-9141-03...
STP Port Designated Cost The path cost of the designated port. STP Port Designated Bridge The identifier of the bridge that the port considers to be the designated bridge for this port. Cisco Wireless LAN Controller Configuration Guide 3-24 OL-9141-03...
Page 77
Determines whether the STP port path cost is set automatically or specified by the user. If you choose User Configured, you also need to set a value for the STP Port Path Cost parameter. Range: Auto or User Configured Default: Auto Cisco Wireless LAN Controller Configuration Guide 3-25 OL-9141-03...
Page 78
This page allows you to enable or disable the spanning tree algorithm for the controller, modify its characteristics, and view the STP status.Table 3-6 interprets the current STP status for the controller. Cisco Wireless LAN Controller Configuration Guide 3-26 OL-9141-03...
Page 79
At most, one configuration BPDU can be transmitted in any hold time period. Step 9 Table 3-7 lists and describes the controller’s configurable STP parameters. Follow the instructions in the table to make any desired changes. Cisco Wireless LAN Controller Configuration Guide 3-27 OL-9141-03...
Enter one of these commands to configure the STP port administrative mode: • config spanningtree port mode 802.1d {port-number | all} • config spanningtree port mode fast {port-number | all} config spanningtree port mode off {port-number | all} • Cisco Wireless LAN Controller Configuration Guide 3-28 OL-9141-03...
With LAG enabled, a 4402 controller’s logical port supports up to 50 access points, a 4404 controller’s logical port supports up to 100 access points, and the logical port on each Cisco WiSM controller supports up to 150 access points.
Page 82
(slots 2 and 3) within the Catalyst 6500. The controller’s port 1 is connected to gigabit interface 3/1, and the controller’s port 2 is connected to gigabit interface 2/1 on the Catalyst 6500. Both switch ports are assigned to the same channel group. Cisco Wireless LAN Controller Configuration Guide 3-30 OL-9141-03...
Page 83
Once the etherchannel is configured as “on,” at both ends of the link, it does not matter if the Catalyst • switch is configured with either Link Aggregation Control Protocol (LACP) or Cisco proprietary Port Aggregation Protocol (PAgP) because no channel negotiation is done between the controller and the switch.
Page 84
Chapter 3 Configuring Ports and Interfaces Enabling Link Aggregation Figure 3-12 Link Aggregation with Catalyst 6500 Neighbor Switch Cisco Wireless LAN Controller Configuration Guide 3-32 OL-9141-03...
1. This may not be the case if you disable LAG. • Cisco 4400 series controllers support a single static link aggregation bundle. • LAG is typically configured using the Startup Wizard, but you can enable or disable it at any time through either the GUI or CLI.
Set the LAG Mode on Next Reboot parameter to Enabled. Step 2 Choose Disabled if you want to disable LAG. LAG is disabled by default on the Cisco 4400 Note series controllers but enabled by default on the Cisco WiSM.
“Enabling Link Aggregation” section on page 3-29 for more information and instructions on enabling link aggregation. Link aggregation is the only method that can be used for the Cisco WiSM and Catalyst 3750G Integrated Note Wireless LAN Controller Switch controllers.
Page 89
AP-manager interfaces need not be on the same VLAN or IP subnet, and they may or may not be on the Note same VLAN or IP subnet as the management interface. However, Cisco recommends that you configure all AP-manager interfaces on the same VLAN or IP subnet.
Page 90
The controller no longer includes the failed AP-manager interface in the LWAPP discovery responses. The access points then rejoin the controller and are load-balanced among the available AP-manager interfaces. Figure 3-15 Three AP-Manager Interfaces Cisco Wireless LAN Controller Configuration Guide 3-38 OL-9141-03...
Page 91
Follow these steps to create multiple AP-manager interfaces. Click Controller > Interfaces to access the Interfaces page. Step 1 Click New. The Interfaces > New page appears (see Figure 3-18). Step 2 Cisco Wireless LAN Controller Configuration Guide 3-39 OL-9141-03...
Page 92
Enter an AP-manager interface name and a VLAN identifier, as shown above. Step 4 Click Apply to commit your changes. The Interfaces > Edit page appears (see Figure 3-18). Figure 3-18 Interfaces > Edit Page Cisco Wireless LAN Controller Configuration Guide 3-40 OL-9141-03...
VLAN 250 to ports 2, 3, and 4. Port 1 still remains connected to VLAN 250 as the management network interface but transports data only from wireless clients proxied by the controller. Cisco Wireless LAN Controller Configuration Guide 3-41 OL-9141-03...
Page 94
Chapter 3 Configuring Ports and Interfaces Configuring a 4400 Series Controller to Support More Than 48 Access Points Cisco Wireless LAN Controller Configuration Guide 3-42 OL-9141-03...
Page 95
Configuring Client Roaming, page 4-17 • Configuring Voice and Video Parameters, page 4-22 • Configuring the Supervisor 720 to Support the WiSM, page 4-34 • Using the Wireless LAN Controller Network Module, page 4-35 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
NTP server settings (the wizard prompts you for NTP server settings only when you run the wizard • on a wireless controller network module installed in a Cisco Integrated Services router) Other port and parameter settings: service port, Radio Resource Management (RRM), third-party •...
When you are prompted for a username, enter recover-config to restore the factory default configuration. The controller reboots and displays this message: Welcome to the Cisco WLAN Solution Wizard Configuration Tool Use the configuration wizard to enter configuration settings. Step 3 Resetting to Default Settings Using the GUI Follow these steps to return to default settings using the GUI.
CLI. Note To configure the controller in the Catalyst 3750G Integrated Wireless LAN Controller Switch, Cisco recommends that you use the GUI configuration wizard that launches from the 3750 Device Manager. Refer to the Catalyst 3750G Integrated Wireless LAN Controller Switch Getting Started Guide for instructions.
Enter a country code for the unit. Enter help to list the supported countries. Step 18 When you run the wizard on a wireless controller network module installed in a Cisco Integrated Note Services Router, the wizard prompts you for NTP server settings. The controller network module does not have a battery and cannot save a time setting.
(used for legacy 802.11a interface cards that do not support 802.11a high band) Australia 802.11b, 802.11g, and 802.11a Austria 802.11b, 802.11g, and 802.11a Belgium 802.11b, 802.11g, and 802.11a Canada 802.11b and 802.11g Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
If you do not have the default admin account or another user account with which you can log in, your only option is to default the controller to factory settings and reconfigure it from scratch or to reload the previously saved configuration. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
RADIUS settings are correctly configured. Configuring SNMP Cisco recommends that you use the GUI to configure SNMP settings on the controller. To use the CLI, follow these steps: Enter config snmp community create name to create an SNMP community name.
The controller has commonly known default values of “public” and “private” for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values. Using the GUI to Change the SNMP Community String Default Values Follow these steps to change the SNMP community string default values through the controller GUI.
Page 104
Step 8 Click Save Configuration to save your settings. Step 9 Repeat this procedure if a “public” or “private” community still appears on the SNMP v1 / v2c Step 10 Community page. Cisco Wireless LAN Controller Configuration Guide 4-10 OL-9141-03...
Changing the Default Values for SNMP v3 Users The controller uses a default value of “default” for the username, authentication password, and privacy password for SNMP v3 users. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values.
In the next two fields, choose the authentication and privacy protocols to be used, and enter a password Step 6 for each. Click Apply to commit your changes. Step 7 Click Save Configuration to save your settings. Step 8 Cisco Wireless LAN Controller Configuration Guide 4-12 OL-9141-03...
Using the GUI to Enable System Logging Follow these steps to enable system logging through the controller GUI. Click Management and then Config under Logs. The Syslog Configuration page appears (Figure 4-5). Step 1 Cisco Wireless LAN Controller Configuration Guide 4-13 Ol-9141-03...
Page 108
Click Apply to commit your changes. Step 5 Click Save Configuration to save your changes. Step 6 To view the message logs, click Management and then Message Logs under Logs (see Figure 4-6). Step 7 Cisco Wireless LAN Controller Configuration Guide 4-14 OL-9141-03...
• warning—Unexpected software events • verbose—Significant system events • To view the current syslog status, enter show syslog. To view the message logs, enter show msglog. Step 3 Cisco Wireless LAN Controller Configuration Guide 4-15 Ol-9141-03...
When you enable Dynamic Transmit Power Control (DTPC), access points add channel and transmit power information to beacons. (On access points that run Cisco IOS software, this feature is called world mode.) Client devices using DTPC receive the information and adjust their settings automatically. For example, a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there.
Access points subscribe to the LWAPP multicast group using IGMP. • Cisco 1100, 1130, 1200, 1230, and 1240 access points use IGMP versions 1, 2, and 3. However, Cisco 1000 series access points use only IGMP v1 to join the multicast group.
DHCP Discover with a 0.0.0.0 client IP address or a 169.254.*.* client auto-IP address or when the operator-set session timeout is exceeded. Cisco 1030 remote edge lightweight access points at a remote location must be on the same subnet to Note support roaming.
The access point provides its associated client information about its neighbors using a neighbor-list update unicast message. Enhanced neighbor list request (E2E)—The End-2-End specification is a Cisco and Intel joint • program that defines new protocols and interfaces to improve the overall voice and roaming experience.
This parameter is intended to reduce the amount of “ping-ponging” between access points if the client is physically located on or near the border between two access points. Range: 2 to 4 dB Default: 2 dB Cisco Wireless LAN Controller Configuration Guide 4-20 OL-9141-03...
– The number of roam reason reports received – The number of neighbor list requests received The number of neighbor list reports sent – The number of broadcast neighbor updates sent – Cisco Wireless LAN Controller Configuration Guide 4-21 Ol-9141-03...
Unscheduled automatic power save delivery • You can also configure the traffic stream metrics parameter to monitor voice and video quality. Each of these parameters is supported in Cisco Compatible Extensions (CCX) v4. See the “Configuring Cisco Client Extensions” section on page 6-22 for more information on CCX.
Step 2 the 802.11a (or 802.11b/g) Network Status check box, and click Apply. Click Voice under 802.11a or 802.11b/g. The 802.11a (or 802.11b) > Voice Parameters page appears (see Step 3 Figure 4-8). Cisco Wireless LAN Controller Configuration Guide 4-23 Ol-9141-03...
Page 118
802.11b/g) Network Status check box, and click Apply. Click Save Configuration to save your changes. Step 10 Repeat this procedure if you want to configure voice parameters for another radio band (802.11a or Step 11 802.11b/g). Cisco Wireless LAN Controller Configuration Guide 4-24 OL-9141-03...
In the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth Step 6 reserved for roaming video clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming video clients. Range: 0 to 25% Default: 0% Cisco Wireless LAN Controller Configuration Guide 4-25 Ol-9141-03...
Click Wireless > Clients to access the Clients page (see Figure 4-10). Step 1 Figure 4-10 Clients Page Step 2 Click the Detail link for the desired client to access the Clients > Detail page (see Figure 4-11). Cisco Wireless LAN Controller Configuration Guide 4-26 OL-9141-03...
Page 121
Follow these steps to see the TSM statistics for a particular client and the access point to which this client Step 4 is associated: Click the 802.11aTSM or 802.11b/gTSM link for the desired client. The Clients > AP page appears (see Figure 4-12). Cisco Wireless LAN Controller Configuration Guide 4-27 Ol-9141-03...
Page 122
Click the Detail link for the desired access point to access the Clients > AP > Traffic Stream Metrics page (see Figure 4-13). Figure 4-13 Clients > AP > Traffic Stream Metrics Page Cisco Wireless LAN Controller Configuration Guide 4-28 OL-9141-03...
Page 123
4-14). Figure 4-14 802.11a Radios Page Click the 802.11aTSM or 802.11b/gTSM link for the desired access point. The AP > Clients page appears (see Figure 4-15). Figure 4-15 AP > Clients Page Cisco Wireless LAN Controller Configuration Guide 4-29 Ol-9141-03...
“Configuring Quality of Service” section on page 6-17 for instructions. Step 2 To disable the radio network, enter this command: config {802.11a | 802.11b} disable network To save your settings, enter this command: Step 3 save config Cisco Wireless LAN Controller Configuration Guide 4-30 OL-9141-03...
The bandwidth range is 0 to 100%, and the default value is 0%. However, the maximum RF bandwidth cannot exceed 100% for voice + video. Once the client reaches the value specified, the access point rejects new calls on this network. Cisco Wireless LAN Controller Configuration Guide 4-31 Ol-9141-03...
Num of calls rejected due to PHY rate..0 Num of calls rejected due to QoS policy..0 To see the U-APSD status for a particular client, enter this command: show client detail client_mac Cisco Wireless LAN Controller Configuration Guide 4-32 OL-9141-03...
Page 127
Average Delay (5sec intervals)......35 Delay less than 10 ms........20 Delay bet 10 - 20 ms........20 Delay bet 20 - 40 ms........20 Delay greater than 40 ms........20 Total packet Count.........80 Total packet lost count (5sec)......10 Cisco Wireless LAN Controller Configuration Guide 4-33 Ol-9141-03...
Configuring the Supervisor 720 to Support the WiSM When you install a WiSM in a Cisco Catalyst 6500 switch, you must configure the Supervisor 720 to support the WiSM. When the supervisor detects the WiSM, the supervisor creates 10 GigabitEthernet interfaces, ranging from Gigslot/1 to Gigslot/8.
Using the Wireless LAN Controller Network Module Keep these guidelines in mind when using a wireless LAN controller network module (CNM) installed in a Cisco Integrated Services Router: • The controller network module does not support IPSec. To use IPSec with the CNM, configure IPSec on the router in which the CNM is installed.
Page 130
Configuring Controller SettingsWireless Device Access Using the Wireless LAN Controller Network Module To access the CNM bootloader, Cisco recommends that you reset the CNM from the router. If you • reset the CNM from a CNM user interface the router might reset the CNM while you are using the bootloader.
Page 131
C H A P T E R Configuring Security Solutions This chapter describes security solutions for wireless LANs. It contains these sections: Cisco UWN Solution Security, page 5-2 • Configuring the System for SpectraLink NetLink Telephones, page 5-4 • Using Management over Wireless, page 5-6 •...
• Security Overview The Cisco UWN security solution bundles potentially complicated Layer 1, Layer 2, and Layer 3 802.11 Access Point security components into a simple policy manager that customizes system-wide security policies on a per-WLAN basis. The Cisco UWN security solution provides simple, unified, and systematic security management tools.
When the Cisco UWN Solution is monitored using a GUI or a CLI, the interface displays the known rogue access points by MAC address. The operator then has the option of marking them as Known or...
Integrated Security Solutions • Cisco UWN Solution operating system security is built around a robust 802.1X AAA (authorization, authentication and accounting) engine, which allows operators to rapidly configure and enforce a variety of security policies across the Cisco UWN Solution.
Click Apply to update the controller configuration. Step 4 If you do not already have an active CLI session to the controller, Cisco recommends that you Note start a CLI session to reboot the controller and watch the reboot process. A CLI session is also useful because the GUI loses its connection when the controller reboots.
802.11b/g network after entering this command. Using Management over Wireless The Cisco UWN Solution Management over Wireless feature allows operators to monitor and configure local controllers using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the controller.
Note Any DHCP packets that already include a relay agent option are dropped at the controller. DHCP option 82 is not supported for use with auto-anchor mobility, which is described in Chapter Note Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
When a packet matches all of the parameters for a rule, the action set for that rule is applied to the packet. You can configure ACLs through either the GUI or the CLI. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
In the Access Control List Name field, enter a name for the new ACL. You can enter up to 32 Step 3 alphanumeric characters. Click Apply. When the Access Control Lists page reappears, click the Edit link for the new ACL. Step 4 Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 140
From the Protocol drop-down box, choose the protocol to be used for this ACL. These are the protocol options: Any—All protocol (This is the default value.) • TCP—Transmission Control Protocol • UDP—User Datagram Protocol • ICMP—Internet Control Message Protocol • ESP—IP Encapsulating Security Payload • Cisco Wireless LAN Controller Configuration Guide 5-10 OL-9141-03...
Page 141
This page also enables you to edit or remove any of the rules. Repeat this procedure to add any additional rules for this ACL. Click Save Configuration to save your changes. Step 7 Cisco Wireless LAN Controller Configuration Guide 5-11 OL-9141-03...
| source port range acl_name rule_index start_port end_port | swap index acl_name index_1 index_2} Refer to Step 6 in the previous section for explanations of the rule parameters. Cisco Wireless LAN Controller Configuration Guide 5-12 OL-9141-03...
BSSID belonging to an access point that is configured to transmit MFP frames, it reports the discrepancy to the network management system. In order for the timestamps to operate properly, all controllers must be Network Transfer Protocol (NTP) synchronized. Cisco Wireless LAN Controller Configuration Guide 5-13 OL-9141-03...
Figure 5-6 AP Authentication Policy Page To enable MFP globally for the controller, choose Management Frame Protection from the Protection Step 2 Type drop-down box. Click Apply to commit your changes. Step 3 Cisco Wireless LAN Controller Configuration Guide 5-14 OL-9141-03...
Follow these steps to view MFP settings using the controller GUI. To see the controller’s current global MFP settings, click Security and then Management Frame Step 1 Protection under Wireless Protection Policies. The Management Frame Protection Settings page appears (see Figure 5-7). Cisco Wireless LAN Controller Configuration Guide 5-15 OL-9141-03...
Page 146
To see the current MFP state for a particular access point, click Wireless, 802.11a Radios or 802.11b/g Radios under Access Points, and the Configure link of the desired access point. The 802.11a (or 802.11b/g) Cisco APs > Configure page appears (see Figure 5-8).
Configuring Security Solutions Configuring Management Frame Protection Figure 5-8 802.11a Cisco APs > Configure Page Under Management Frame Protection, this page shows the level of MFP protection and validation. Using the CLI to Configure MFP Use these commands to configure MFP using the controller CLI.
Enabled Enabled Operational MFP Capability AP Name Validation Slot Radio State Protection Validation -------------------- ---------- ---- ----- -------------- ---------- ---------- tester-1000 Enabled Full Full Full Full tester-1000b Enabled Full Full Full Full Cisco Wireless LAN Controller Configuration Guide 5-18 OL-9141-03...
Page 149
Administrative State ......ADMIN_ENABLED Operation State ......... REGISTERED Mirroring Mode ........Disabled AP Mode ......... Local Remote AP Debug ......... Disabled Version ........4.0.2.0 Boot Version ........2.1.78.0 Mini IOS Version ........ Cisco Wireless LAN Controller Configuration Guide 5-19 OL-9141-03...
These sections explain the identity networking feature, how it is configured, and the expected behavior for various security policies: Identity Networking Overview, page 5-21 • RADIUS Attributes Used in Identity Networking, page 5-22 • Configuring AAA Override, page 5-25 • Cisco Wireless LAN Controller Configuration Guide 5-20 OL-9141-03...
SSIDs to inherit different QoS and security policies. However, the Cisco Wireless LAN Solution supports identity networking, which allows the network to advertise a single SSID but allows specific users to inherit different QoS or security policies based on their user profiles.
VLANID, the tag field should be set to zero (0x00) in all tunnel attributes. Where alternative tunnel types are to be provided, tag values between 0x01 and 0x1F should be chosen. Cisco Wireless LAN Controller Configuration Guide 5-24 OL-9141-03...
Step 1 Click the Edit link for the WLAN you want to configure. Step 2 Check the Allow AAA Override check box (see Figure 5-9). Step 3 Figure 5-9 WLANs > Edit Page Cisco Wireless LAN Controller Configuration Guide 5-25 OL-9141-03...
For wlan-id, enter an ID from 1 to 16. Configuring IDS The Cisco intrusion detection system/intrusion prevention system (CIDS/IPS) instructs controllers to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3 through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse.
Page 157
(between 1 and 5) to determine the sequence in which the controller consults the IPS sensors. For example, if you choose 1, the controller consults this IPS sensor first. In the Server Address field, enter the IP address of your IDS server. Step 4 Cisco Wireless LAN Controller Configuration Guide 5-27 OL-9141-03...
The Port field contains the number of the HTTPS port through which the controller is to communicate Step 5 with the IDS sensor. Cisco recommends that you set this parameter to 443 because the sensor uses this value to communicate by default.
For the port-number parameter, you can enter a value between 1 and 65535. The default value is 443. This step is optional because Cisco recommends that you use the default value of 443. The sensor uses this value to communicate by default.
802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller. Cisco Wireless LAN Controller Configuration Guide 5-30 OL-9141-03...
• same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS • built-in TFTP server and the third-party TFTP server require the same communication port.
Page 162
Follow these steps to enable or disable IDS signatures using the controller GUI. Click Security and then Standard Signatures or Custom Signatures under Wireless Protection Step 1 Policies. The Standard Signatures page (see Figure 5-14) or the Custom Signatures page appears. Cisco Wireless LAN Controller Configuration Guide 5-32 OL-9141-03...
Page 163
Configuring IDS Figure 5-14 Standard Signatures Page The Standard Signatures page shows the list of Cisco-supplied signatures that are currently on the controller. The Custom Signatures page shows the list of customer-supplied signatures that are currently on the controller. This page shows the following information for each signature: The order, or precedence, in which the controller performs the signature checks.
Page 164
The quiet time, or the length of time (in seconds) after which no attacks have been detected at the • individual access point level and the alarm can stop The pattern that is being used to detect a security attack • Cisco Wireless LAN Controller Configuration Guide 5-34 OL-9141-03...
Page 165
This page shows the number of attacks detected by the enabled signatures. Step 2 To see more information on the attacks detected by a particular signature, click the Detail link for that signature. The Signature Events Detail page appears (see Figure 5-17). Cisco Wireless LAN Controller Configuration Guide 5-35 OL-9141-03...
Page 166
The MAC address of the access point that detected the attack • The name of the access point that detected the attack • The type of radio (802.11a or 802.11b/g) used by the access point to detect the attack • Cisco Wireless LAN Controller Configuration Guide 5-36 OL-9141-03...
To enable or disable individual signatures, enter this command: Step 10 config wps signature {standard | custom} state precedence# {enable | disable} To save your changes, enter this command: Step 11 save config Cisco Wireless LAN Controller Configuration Guide 5-37 OL-9141-03...
Signature Name........Bcast deauth Type..........Standard Track..........Per Mac Frequency........6 Reported By AP 1 MAC Address......00:0b:85:01:4d:80 Name........Test_AP_1 Radio Type....... 802.11bg Channel........4 Last reported by this AP....Tue Dec 6 00:17:49 2005 Cisco Wireless LAN Controller Configuration Guide 5-38 OL-9141-03...
Key Encryption Key (KEK) and Message Authentication Code Key (MACK). Step 8 Enter the 16-byte KEK in the Key Encryption Key (KEK) field. Step 9 Enter the 20-byte KEK in the Message Authentication Code Key (MACK) field. Cisco Wireless LAN Controller Configuration Guide 5-39 OL-9141-03...
To configure AES key wrap attributes, enter this command: Step 2 config radius auth keywrap add {ascii | hex} index The index attribute specifies the index of the RADIUS authentication server on which to configure AES key wrap. Cisco Wireless LAN Controller Configuration Guide 5-40 OL-9141-03...
Step 4 Using the CLI to Specify the Maximum Number of Local Database Entries To configure the maximum number of local database entries using the CLI, enter this command: config database size max_entries Cisco Wireless LAN Controller Configuration Guide 5-41 OL-9141-03...
Page 172
Chapter 5 Configuring Security Solutions Configuring Maximum Local Database Entries Cisco Wireless LAN Controller Configuration Guide 5-42 OL-9141-03...
C H A P T E R Configuring WLANsWireless Device Access This chapter describes how to configure up to 16 WLANs for your Cisco UWN Solution. It contains these sections: WLAN Overview, page 6-2 • Configuring WLANs, page 6-2 •...
Lightweight access points broadcast all active Cisco UWN Solution WLAN SSIDs and enforce the policies that you define for each WLAN. Note Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic. Configuring WLANs These sections describe how to configure WLANs: •...
IP subnet as the controller. The internal server provides DHCP addresses to wireless clients, direct-connect access points, appliance-mode access points on the management interface, and DHCP requests that are relayed from access points. Only lightweight access points are supported. Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
Note Security Considerations For enhanced security, Cisco recommends that operators require all clients to obtain their IP addresses from a DHCP server. To enforce this requirement, all WLANs can be configured with a DHCP Required setting and a valid DHCP server IP address, which disallows client static IP addresses. If DHCP Required is selected, clients must obtain an IP address via DHCP.
Enter show wlan to verify that you have a DHCP server assigned to the WLAN. Step 3 Enter ping dhcp-ip-address to verify that the WLAN can communicate with the DHCP server. Step 4 Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
Use the vlan-id, controller-vlan-ip-address, vlan-netmask, and vlan-gateway options to assign – the WLAN to a specific VLAN and to specify the controller VLAN IP address, the local IP netmask for the VLAN, and the local IP gateway for the VLAN. Cisco Wireless LAN Controller Configuration Guide OL-1926-06OL-9141-03...
Configuring WLANs Enter show wlan to verify VLAN assignment status. • Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Note management interfaces to ensure that controllers properly route VLAN traffic.
– Use the 128 option to specify 128/152-bit encryption. – If you want to configure Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and • PI21AG) running PEAP-GTC to authenticate to a controller through a one-time password to a token server, use these commands: –...
Page 181
(or a passphrase). This key is used as the pairwise master key (PMK) between the clients and the authentication server. CCKM—Cisco Centralized Key Management (CCKM) uses a fast rekeying technique that enables • clients to roam from one access point to another without going through the controller, typically in under 150 milliseconds (ms).
Page 182
WPA1, WPA2, or both. The default values are TKIP for WPA1 and AES for WPA2. Step 6 Choose one of the following key management methods from the Auth Key Mgmt drop-down box: 802.1X, CCKM, PSK, or 802.1X+CCKM. Cisco Wireless LAN Controller Configuration Guide 6-10 OL-1926-06OL-9141-03...
Page 183
WPA pre-shared keys must contain 8 to 63 ASCII text characters or 64 hexadecimal characters. Enter this command to enable the WLAN: Step 8 config wlan enable wlan_id Enter this command to save your settings: Step 9 save config Cisco Wireless LAN Controller Configuration Guide 6-11 OL-1926-06OL-9141-03...
You can configure CKIP through either the GUI or the CLI. Using the GUI to Configure CKIP Follow these steps to configure a WLAN for CKIP using the controller GUI. To enable Aironet IEs for this WLAN, check the Aironet IE check box under Cisco Client Extension Step 1 (CCX).
Page 185
Choose ASCII or HEX from the Key Format drop-down box and then enter an encryption key in the Step 8 Encryption Key field. 40-bit keys must contain 5 ASCII text characters or 10 hexadecimal characters. 104-bit keys must contain 13 ASCII text characters or 26 hexadecimal characters. Cisco Wireless LAN Controller Configuration Guide 6-13 OL-1926-06OL-9141-03...
This section explains how to configure Layer 3 security settings for a wireless LAN on the controller. VPN termination (IPSec) and Layer 2 Tunnel Protocol (L2TP) are not supported on controllers with Note software release 4.0x or greater. Cisco Wireless LAN Controller Configuration Guide 6-14 OL-1926-06OL-9141-03...
Scroll to the bottom of the WLAN > Edit window to enter the VPN Gateway Address (Figure 6-4). This Step 5 IP address is that of the gateway router that is terminating the VPN tunnels initiated by the client and passed through the controller. Cisco Wireless LAN Controller Configuration Guide 6-15 OL-1926-06OL-9141-03...
Enter these commands to create a list of usernames and passwords allowed access to the WLAN: Enter show netuser to display client names assigned to WLANs. • Enter config netuser add username password wlan-id to add a user to a WLAN. • Cisco Wireless LAN Controller Configuration Guide 6-16 OL-1926-06OL-9141-03...
Configuring Quality of Service Cisco UWN Solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic WLAN to use Platinum QoS, assign the low-bandwidth WLAN to use Bronze QoS, and assign all other traffic between the remaining QoS levels.
The required option requires client devices to use WMM; devices that do not support WMM cannot join the WLAN. Note Do not enable WMM mode if Cisco 7920 phones are used on your network. Cisco Wireless LAN Controller Configuration Guide 6-18...
7920-support ap-cac-limit {enabled | disabled} wlan-id QBSS Information Elements Sometimes Degrade 7920 Phone Performance If your WLAN contains both 1000 series access points and Cisco 7920 wireless phones, do not enable the WMM or AP-CAC-LIMIT QBSS information elements. Do not enter either of these commands:...
Page 192
50% of available RF bandwidth. Actual throughput could be less than 50%, but it will never be more than 50%. Step 10 In the Queue Depth field, enter the number packets that access points keep in their queues. Any additional packets are dropped. Cisco Wireless LAN Controller Configuration Guide 6-20 OL-1926-06OL-9141-03...
Page 193
To define the maximum value for the priority tag (0–7) associated with packets that fall within the profile, enter this commands: config qos protocol-type {bronze | silver | gold | platinum} dot1p config qos dot1p-tag {bronze | silver | gold | platinum} tag Cisco Wireless LAN Controller Configuration Guide 6-21 OL-1926-06OL-9141-03...
The CCX code resident on these clients enables them to communicate wirelessly with Cisco access points and to support Cisco features that other client devices do not, including those related to increased security, enhanced performance, fast roaming, and superior power management.
Page 195
Check the Aironet IE check box if you want to enable support for Aironet IEs for this WLAN. Step 3 Otherwise, uncheck this check box. The default value is enabled (or checked). Click Apply to commit your changes. Step 4 Click Save Configuration to save your changes. Step 5 Cisco Wireless LAN Controller Configuration Guide 6-23 OL-1926-06OL-9141-03...
Using the CLI to Configure CCX Aironet IEs To enable or disable support for Aironet IEs for a particular WLAN, enter this command: config wlan ccx aironet-ie {enable | disable} wlan_id The default value is enabled. Cisco Wireless LAN Controller Configuration Guide 6-24 OL-1926-06OL-9141-03...
Step 4 available WLANs (see Figure 6-8). Figure 6-8 802.11a Cisco APs > Configure Page Check the check boxes for the WLANs you want this access point to broadcast. Step 5 Click Apply to commit your changes. Step 6 Click Save Configuration to save your changes.
The required access control list (ACL) must be defined on the router that serves the VLAN or subnet. Note Multicast traffic is not supported when access point group VLANs are configured. Note Figure 6-9 Access Point Groups Cisco Wireless LAN Controller Configuration Guide 6-26 OL-1926-06OL-9141-03...
Enter the group’s description in the AP Group Description field. Click Create New AP Group to create the group. The newly created access point group appears on the Step 6 AP Groups VLAN page (see Figure 6-10). Cisco Wireless LAN Controller Configuration Guide 6-27 OL-1926-06OL-9141-03...
Page 200
When you are done adding your interface mappings, click Apply. Step 11 Repeat Steps 4 through 11 to add more access point groups. Step 12 Click Save Configuration to save your changes. Step 13 Cisco Wireless LAN Controller Configuration Guide 6-28 OL-1926-06OL-9141-03...
Click Save Configuration to save your changes. Step 5 Using the CLI to Assign Access Points to Access Point Groups To assign an access point to an access point group, enter this command: config ap group-name group_name ap_name Cisco Wireless LAN Controller Configuration Guide 6-29 OL-1926-06OL-9141-03...
The WLANs page, which lists all WLANs configured on the controller. Figure 6-13 shows two SSIDs named “abc” but with different profile names (abc1 and abc2). Notice that their security policies are also different. Figure 6-13 WLANs Page Cisco Wireless LAN Controller Configuration Guide 6-30 OL-1926-06OL-9141-03...
If you do not specify an ssid, the profile_name parameter is used for both the profile name and Note the SSID. For releases earlier than 4.0.206.0, the CLI command for creating a WLAN remains as config Note wlan create wlan_id ssid. Cisco Wireless LAN Controller Configuration Guide 6-31 OL-1926-06OL-9141-03...
RADIUS server. If the RADIUS server returns the Cisco AV-pair “url-redirect,” then the user is redirected to the specified URL upon opening a browser. If the server also returns the Cisco AV-pair “url-redirect-acl,” the specified access control list (ACL) is installed as a preauthentication ACL for this client.
Page 205
Step 4 Check the [009\001] cisco-av-pair check box. Enter the following Cisco AV-pairs in the [009\001] cisco-av-pair edit box to specify the URL to which Step 5 the user is redirected and the conditions under which the redirect takes place, respectively:...
Follow these steps to configure conditional web redirect using the controller CLI. To enable or disable conditional web redirect, enter this command: Step 1 config wlan security cond-web-redir {enable | disable} wlan_id To save your settings, enter this command: Step 2 save config Cisco Wireless LAN Controller Configuration Guide 6-34 OL-1926-06OL-9141-03...
The WLANs > Edit page appears. Scroll down to the RADIUS servers section of the page (see Figure 6-18). Step 3 Uncheck the Enabled box for the Accounting Servers. Step 4 Figure 6-18 WLANs > Edit Page Cisco Wireless LAN Controller Configuration Guide 6-35 OL-1926-06OL-9141-03...
Page 209
C H A P T E R Controlling Lightweight Access Points This chapter describes the Cisco lightweight access points and explains how to connect them to the controller and manage access point settings. It contains these sections: The Controller Discovery Process, page 7-2 •...
The 1120 and 1310 access points were not supported prior to software release 4.0.155.0. The Cisco controllers cannot edit or query any access point information using the CLI if the name of the Note access point contains a space.
Step 3 Once all the access points have joined the new controller, configure the controller not to be a master Step 4 controller by entering this command in the CLI: config network master-base disable Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Management (RRM) control via a WAN link, and which include connectors for external antennas. The Cisco 1000 series lightweight access point is manufactured in a neutral color so it blends into most environments (but can be painted), contains pairs of high-gain internal antennas for unidirectional (180-degree) or omnidirectional (360-degree) coverage, and is plenum-rated for installations in hanging ceiling spaces.
(Cisco 1030 remote edge lightweight access point). The Cisco 1030 remote edge lightweight access point is intended to be located at a remote site, initially configured by a Cisco Wireless LAN Controller, and normally controlled by a Cisco Wireless LAN Controller.
Note that the Cisco 1030 remote edge lightweight access point must have a DHCP server available on its local subnet, so it can obtain an IP address upon reboot. Also note that the Cisco 1030 remote edge lightweight access points at each remote location must be on the same subnet to allow client roaming.
CAT-5 (Category 5) or higher 10/100 Mbps twisted pair cable with RJ-45 connectors. Plug the CAT-5 cable into the RJ-45 jack on the side of the Cisco 1000 series lightweight access point. Note that the Cisco 1000 series lightweight access point can receive power over the CAT-5 cable from network equipment.
AC-to-48 VDC power adapter. If you are powering the Cisco 1000 series lightweight access point using an external adapter, plug the adapter into the 48 VDC power jack on the side of the Cisco 1000 series lightweight access point.
Monitor mode should be enabled for individual Cisco 1000 series lightweight access points. The Monitor function is set for all 802.11 Cisco Radios on a per-access point basis using any of the Cisco Wireless LAN Controller user interfaces.
A bridge group name can be used to logically group access points into sectors. Each sector has a • unique bridge group name. Cisco recommends that you use bridge group names whenever multiple sectors are proximate. An access point that is unable to connect to a sector with its bridge group name temporarily connects to the sector with the best RF characteristics so that its bridge group name can be configured.
MAP 8 MAP 7 MAP 9 Configuring and Deploying the AP1510 For information on planning and initially configuring your Cisco mesh network, refer to the Cisco Mesh Note Networking Solution Deployment Guide. You can find this document at this URL: http://www.cisco.com/en/US/products/ps6548/prod_technical_reference_list.html...
You can also download the list of access point MAC addresses and push them to the controller using the Note Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide for instructions. Using the GUI to Add the MAC Address of the Access Point to the Controller Filter List Follow these steps to add a MAC filter entry for the access point on the controller using the controller GUI.
Page 221
Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Click New. The MAC Filters > New page appears (see Figure 7-5). Step 2 Figure 7-5 MAC Filters > New Page In the MAC Address field, enter the MAC address of the access point.
Range: 150 to 132,000 feet Default: 12,000 feet Cisco recommends that you set all controllers in the mesh network to the same value. Note Check the Enable Zero Touch Configuration check box to enable the access points to get the shared Step 3 secret key from the controller.
Page 223
Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points If you change the shared secret key while the access point is not associated to the controller, an Note “Invalid bridge key hash” error message appears. To clear this error, set the shared secret back to the default value “youshouldsetme.”...
Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Configuring the Mesh Security Timer Beginning with controller software release 4.0.206.0, you can configure a security timer for the mesh access point (MAP) with regard to the bridge shared secret. Once the timer is configured, the MAP will only attempt to join a network with the same bridge shared secret for a specified period of time (for example, 10 hours).
Page 225
Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points Figure 7-7 All APs > Details Page On this page, the AP Mode under General is automatically set to Bridge for access points that have bridge functionality, such as the AP1510.
Page 226
Chapter 7 Controlling Lightweight Access Points Cisco Aironet 1510 Series Lightweight Outdoor Mesh Access Points You must enable bridging on all access points for which you want to allow bridging, including Note the RAP. Therefore, if you want to allow an Ethernet on a MAP to bridge to the RAP’s Ethernet, you must enable bridging on the RAP as well as the MAP.
7-8). Then, using the second controller’s GUI, open the same page and paste the key-hash into the SHA1 Key Hash field under Add AP to Authorization List. If you have more than one Cisco WiSM, use WCS to push the SSC key-hash to all the other controllers.
(Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP. In either method, the access point must be able to access a TFTP server that contains the Cisco IOS release to be loaded.
X.509 certificates on both the access point and controller. LWAPP relies on a priori provisioning of the X.509 certificates. Cisco Aironet access points shipped before July 18, 2005 do not have a MIC, so these access points create an SSC when upgraded to operate in lightweight mode.
Autonomous Access Points Converted to Lightweight Mode Using DHCP Option 43 Cisco 1000 series access points use a string format for DHCP option 43, whereas Cisco Aironet access points use the type-length-value (TLV) format for DHCP option 43. DHCP servers must be programmed to return the option based on the access point’s DHCP Vendor Class Identifier (VCI) string (DHCP...
On the AP Detail page, the controller lists the BSS MAC addresses and Ethernet MAC addresses of • converted access points. On the Radio Summary page, the controller lists converted access points by radio MAC address. • Cisco Wireless LAN Controller Configuration Guide 7-23 OL-9141-03...
Dynamic Frequency Selection The Cisco UWN Solution complies with regulations that require radio devices to use Dynamic Frequency Selection (DFS) to detect radar signals and avoid interfering with them. When a lightweight access point with a 5-GHz radio operates on one of the 15 channels listed in...
The unique device identifier (UDI) standard uniquely identifies products across all Cisco hardware product families, enabling customers to identify and track Cisco products throughout their business and network operations and to automate their asset management systems. The standard is consistent across all electronic, physical, and standard business communications.
This page shows the five data elements of the controller UDI. Step 2 Click Wireless to access the All APs page. Click the Detail link for the desired access point. The All APs > Details page appears (see Figure 7-10). Step 3 Cisco Wireless LAN Controller Configuration Guide 7-26 OL-9141-03...
With the ping link test, the controller can test link quality only in the client-to-access point direction. The RF parameters of the ping reply packets received by the access point are polled by the controller to determine the client-to-access point link quality. Cisco Wireless LAN Controller Configuration Guide 7-27 OL-9141-03...
Page 236
6-19 for more information on CCX. Note CCX is not supported on the AP1030. Follow the instructions in this section to perform a link test using either the GUI or the CLI. Cisco Wireless LAN Controller Configuration Guide 7-28 OL-9141-03...
Note You can also access this screen by clicking the Detail link for the desired client and then clicking the Link Test button on the top of the Clients > Detail page. Cisco Wireless LAN Controller Configuration Guide 7-29 OL-9141-03...
2000, 2100 and 4400 series controllers • Note CDP is not supported on the controllers that are integrated into Cisco switches and routers, including those in the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM and the Cisco 28/37/38xx Series Integrated Services Router.
Page 240
CDP on individual access points. To enable or disable CDP on a specific access point, enter this command: config ap cdp {enable | disable} Cisco_AP To save your settings, enter this command: save config Cisco Wireless LAN Controller Configuration Guide 7-32 OL-9141-03...
When an LWAPP-enabled access point (such as an AP1131 or AP1242) is powered by a power injector that is connected to a Cisco pre-Intelligent Power Management (pre-IPM) switch, you need to configure power over Ethernet (PoE), also known as inline power. You can configure PoE through either the GUI or the CLI.
Page 242
Check the Pre-Standard State check box if the access point is being powered by a high-power • Cisco switch. These switches provide more than the traditional 6 Watts of power but do not support the intelligent power management (IPM) feature. These switches include: WS-C3550, WS-C3560, WS-C3750, –...
This command removes the safety checks and allows the access point to be connected to any switch port. It is acceptable to use this command if your network does not contain any older Cisco 6-Watt switches that could be overloaded if connected directly to a 12-Watt access point. The access point assumes that a power injector is always connected.
RADIUS server. Using MIC provides strong authentication. If you use the MAC address as the username and password for access point authentication on a RADIUS Note AAA server, do not use the same AAA server for client authentication. Cisco Wireless LAN Controller Configuration Guide 7-36 OL-9141-03...
Page 245
Transferring Files to and from a Controller, page 8-2 • Upgrading Controller Software, page 8-2 • Saving Configurations, page 8-4 • Clearing the Controller Configuration, page 8-5 • Erasing the Controller Configuration, page 8-5 • Resetting the Controller, page 8-5 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
4.0.206.0, the upgrade time should be significantly reduced. The access points must remain powered, and the controller must not be reset during this time. Cisco recommends the following sequence when performing an upgrade: Upload your controller configuration files to a server to back them up.
If you are downloading through the distribution system network port, the TFTP server can be on the same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS •...
Step 8 The controller now has the code update in active volatile RAM, but you must enter reset system to save the code update to non-volatile NVRAM and reboot the Cisco Wireless LAN Controller: reset system The system has unsaved changes.
When the controller reboots, the CLI console displays the following reboot information: Initializing the system. • Verifying the hardware configuration. • Loading microcode into memory. • Verifying the Operating System software load. • Initializing with its stored configurations. • Displaying the login prompt. • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 250
Chapter 8 Managing Controller Software and Configurations Resetting the Controller Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
It contains these sections: Creating Guest User Accounts, page 9-2 • • Web Authentication Process, page 9-7 Choosing the Web Authentication Login Window, page 9-9 • Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Follow these steps to create a lobby ambassador account using the controller GUI. Click Management > Local Management Users to access the Local Management Users page (see Step 1 Figure 9-1). Figure 9-1 Local Management Users Page Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 253
Click Apply to commit your changes. The new lobby ambassador account appears in the list of local Step 6 management users. Click Save Configuration to save your changes. Step 7 Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Click New to create a guest user account. The Lobby Ambassador Guest Management > Guest Users List > New page appears (see Figure 9-4). Figure 9-4 Lobby Ambassador Guest Management > Guest Users List > New Page Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 255
WLANs that are listed are those for which Layer 3 web authentication has been configured (under WLAN Security Policies). Cisco recommends that the system administrator create a specific guest WLAN to prevent any Note potential conflicts. If a guest account expires and it has a name conflict with an account on the RADIUS server and both are on the same WLAN, the users associated with both accounts are disassociated before the guest account is deleted.
When you remove a guest user account, all of the clients that are using the guest WLAN and are logged in using that account’s username are deleted. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
After the user clicks Yes to proceed (or if the client’s browser does not display a security alert), the web authentication system redirects the client to a login window. Figure 9-8 shows the default web authentication login window. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 258
Web Authentication Process Figure 9-8 Default Web Authentication Login Window The default login window contains a Cisco logo and Cisco-specific text. You can choose to have the web authentication system display one of the following: The default login window •...
Step 2 If you want to use the default web authentication login window as is, go to Step 8. If you want to modify Step 3 the default login window, go to Step Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Managing User Accounts Choosing the Web Authentication Login Window If you want to hide the Cisco logo that appears in the top right corner of the default window, choose the Step 4 Cisco Logo Hide option. Otherwise, click the Show option.
Page 261
If you are downloading through the distribution system network port, the TFTP server can be on the same or a different subnet because the distribution system port is routable. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS –...
Image installed. config custom-web redirecturl http://www.AcompanyBC.com show custom-web Cisco Logo....Disabled CustomLogo....00_logo.gif Custom Title....Welcome to the AcompanyBC Wireless LAN! Custom Message ..... Contact the System Administrator for a Username and Password. Cisco Wireless LAN Controller Configuration Guide 9-12 OL-9141-03...
In the Web Server IP Address field, enter the IP address of your web server. Your web server should be Step 4 on a different network from the controller service port network. Cisco Wireless LAN Controller Configuration Guide 9-13 OL-9141-03...
Extract and set the action URL in the page from the original URL. • Include scripts to decode the return status code. • Make sure that all paths used in the main page (to refer to images, for example) are of relative type. • Cisco Wireless LAN Controller Configuration Guide 9-14 OL-9141-03...
Choosing the Web Authentication Login Window You can download a sample login page from Cisco WCS and use it as a starting point for your customized login page. Refer to the “Downloading a Customized Web Auth Page” section in the Using Templates chapter of the Cisco Wireless Control System Configuration Guide, Release 4.0 for...
Enter save config to save your settings. Step 11 Follow the instructions in the “Using the CLI to Verify the Web Authentication Login Window Settings” section on page 9-17 to verify your settings. Cisco Wireless LAN Controller Configuration Guide 9-16 OL-9141-03...
CustomLogo........00_logo.gif Custom Title........Welcome to the AcompanyBC Wireless LAN! Custom Message......... Contact the System Administrator for a Username and Password. Custom Redirect URL......http://www.AcompanyBC.com Web Authentication Mode......Internal Web Authentication URL......Disabled Cisco Wireless LAN Controller Configuration Guide 9-17 OL-9141-03...
Page 268
Chapter 9 Managing User Accounts Choosing the Web Authentication Login Window Cisco Wireless LAN Controller Configuration Guide 9-18 OL-9141-03...
Page 269
Enabling Rogue Access Point Detection, page 10-12 • Configuring Dynamic RRM, page 10-15 • Overriding Dynamic RRM, page 10-23 • Viewing Additional RRM Settings Using the CLI, page 10-28 • Configuring CCX Radio Management Features, page 10-29 • Cisco Wireless LAN Controller Configuration Guide 10-1 OL-9141-03...
LAN performance. In this way, administrators gain the perspective of every access point, thereby increasing network visibility. Cisco Wireless LAN Controller Configuration Guide 10-2 OL-1926-06OL-9141-03...
LAN. This metric keeps track of every access point’s transmitted and received packet counts to determine how busy the access points are. New clients avoid an overloaded access point and associate to a new access point. Cisco Wireless LAN Controller Configuration Guide 10-3 OL-1926-06OL-9141-03...
LAN performance. The result is an even distribution of capacity across an entire wireless network. Client load balancing works only for a single controller. It is not operate in a multi-controller Note environment. Cisco Wireless LAN Controller Configuration Guide 10-4 OL-1926-06OL-9141-03...
Finally, RRM ensures that clients enjoy a seamless, trouble-free connection throughout the Cisco unified wireless network. RRM uses separate monitoring and control for each deployed network: 802.11a and 802.11b/g. That is, the RRM algorithms run separately for each radio type (802.11a and 802.11b/g).
The RF group name is generally set at deployment time through the Startup Wizard. However, you can change it as necessary. Note You can also configure RF groups using the Cisco Wireless Control System (WCS). Refer to the Cisco Wireless Control System Configuration Guide for instructions. Cisco Wireless LAN Controller Configuration Guide...
Click Apply to commit your changes. Step 4 Click Save Configuration to save your changes. Step 5 Repeat this procedure for each controller that you want to include in the RF group. Cisco Wireless LAN Controller Configuration Guide 10-7 OL-1926-06OL-9141-03...
This section provides instructions for viewing the status of the RF group through either the GUI or the CLI. You can also view the status of RF groups using the Cisco Wireless Control System (WCS). Refer to the Note Cisco Wireless Control System Configuration Guide for instructions.
Page 277
Step 2 page (see Figure 10-3). Figure 10-3 802.11a Global Parameters Page Click Auto RF to access the 802.11a (or 802.11b/g) Global Parameters > Auto RF page (see Step 3 Figure 10-4). Cisco Wireless LAN Controller Configuration Guide 10-9 OL-1926-06OL-9141-03...
Page 278
Chapter 10 Configuring Radio Resource ManagementWireless Device Access Viewing RF Group Status Figure 10-4 802.11a Global Parameters > Auto RF Page Cisco Wireless LAN Controller Configuration Guide 10-10 OL-1926-06OL-9141-03...
If the MAC addresses of the group leader and the group member are identical, this controller is Note currently the group leader. Step 2 Enter show advanced 802.11b group to see which controller is the RF group leader for the 802.11b/g RF network. Cisco Wireless LAN Controller Configuration Guide 10-11 OL-1926-06OL-9141-03...
The name is used to verify the authentication IE in all beacon frames. If the controllers have Note different names, false alarms will occur. Step 2 Click Wireless to access the All APs page (see Figure 10-5). Figure 10-5 All APs Page Cisco Wireless LAN Controller Configuration Guide 10-12 OL-1926-06OL-9141-03...
Page 281
Click Security > AP Authentication/MFP (under Wireless Protection Policies) to access the AP Authentication Policy page (see Figure 10-7). Figure 10-7 AP Authentication Policy Page The name of the RF group to which this controller belongs appears at the top of the page. Cisco Wireless LAN Controller Configuration Guide 10-13 OL-1926-06OL-9141-03...
IE) is met or exceeded within the detection period. The valid threshold range is from1 to 255, and the default threshold value is 1. To avoid false Note alarms, you may want to set the threshold to a higher value. Cisco Wireless LAN Controller Configuration Guide 10-14 OL-1926-06OL-9141-03...
Access the 802.11a (or 802.11b/g) Global Parameters > Auto RF page (see Figure 10-4). Click Set to Factory Default at the bottom of the page if you want to return all of the controller’s Note RRM parameters to their factory default values. Cisco Wireless LAN Controller Configuration Guide 10-15 OL-1926-06OL-9141-03...
Rather, it optimizes its own access point parameters. Note Cisco recommends that controllers participate in automatic RF grouping. However, you can disable this feature if necessary by unchecking the check box. Note also, however, that you override dynamic RRM settings without disabling automatic RF group participation.
Page 285
(default is 600 seconds). Prevents the controller from evaluating and, if necessary, updating the channel assignment for joined access points. For optimal performance, Cisco recommends that you use the Note Automatic setting. Refer to the “Disabling Dynamic Channel and Power Assignment Globally for a Controller” section on...
Page 286
Avoid Cisco AP Load Causes the controller’s RRM algorithms to consider 802.11 traffic from Cisco lightweight access points in your wireless network when assigning channels. For example, RRM can assign better reuse patterns to access points that carry a heavier traffic load.
Page 287
See Step 5 on page 10-25 for information on available transmit power levels. For optimal performance, Cisco recommends that you use the Note Automatic setting. Refer to the “Disabling Dynamic Channel and Power Assignment Globally for a Controller” section on...
Page 288
Coverage threshold and the Client Min Exception Level threshold. Default: 25% Data Rate (1 to 1000 The rate at which a single access point transmits or receives data Kbps) packets. Default: 1000 Kbps Cisco Wireless LAN Controller Configuration Guide 10-20 OL-1926-06OL-9141-03...
Page 289
How frequently the access point measures noise and interference. Range: 60 to 3600 seconds Default: 180 seconds Load Measurement How frequently the access point measures 802.11 traffic. Range: 60 to 3600 seconds Default: 60 seconds Cisco Wireless LAN Controller Configuration Guide 10-21 OL-1926-06OL-9141-03...
You can enter only one channel number per command. This command is helpful when you know that the clients do not support certain channels because they are legacy devices or they have certain regulatory restrictions. Cisco Wireless LAN Controller Configuration Guide 10-22 OL-1926-06OL-9141-03...
In some deployments, it is desirable to statically assign channel and transmit power settings to the access points instead of relying on the dynamic RRM algorithms provided by Cisco. Typically, this is true in challenging RF environments and non-standard deployments but not the more typical carpeted offices.
The nonoverlapping channels in the U.S. are 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, and 161 in an 802.11a network and 1, 6, and 11 in an 802.11b/g network. Cisco recommends that you do not assign all access points that are within close proximity to each other Note to the maximum power level.
Page 293
Overriding Dynamic RRM Click Configure for the access point for which you want to modify the radio configuration. The 802.11a Step 3 (or 802.11b/g) Cisco APs > Configure page appears (see Figure 10-9). Figure 10-9 802.11a Cisco APs > Configure Page...
{802.11a | 802.11b} enable To enable the 802.11g network, enter config 802.11b 11gSupport enable after the config Note 802.11b enable command. Enter this command to save your settings: Step 7 save config Cisco Wireless LAN Controller Configuration Guide 10-26 OL-1926-06OL-9141-03...
Enter this command to enable the 802.11a or 802.11b/g network: Step 3 config {802.11a | 802.11b} enable To enable the 802.11g network, enter config 802.11b 11gSupport enable after the config Note 802.11b enable command. Cisco Wireless LAN Controller Configuration Guide 10-27 OL-1926-06OL-9141-03...
802.11a or 802.11b/g access points txpower—Shows the transmit power assignment configuration and statistics. To troubleshoot RRM-related issues, refer to the Cisco Wireless LAN Controller Command Reference, Note Release 3.2 for RRM (airewave-director) debug commands.
• Location calibration • These parameters are supported in Cisco Client Extensions (CCX) v2 and higher and are designed to enhance location accuracy and timeliness for participating CCX clients. See the “Configuring Quality of Service Profiles” section on page 6-19 for more information on CCX.
Range: 60 to 32400 seconds Default: 60 seconds Click Apply to commit your changes. Step 4 Step 5 Click Save Configuration to save your settings. Cisco Wireless LAN Controller Configuration Guide 10-30 OL-1926-06OL-9141-03...
{enable | disable} client _mac interval_seconds You can configure up to five clients per controller for location calibration. Note Enter this command to save your settings: Step 4 save config Cisco Wireless LAN Controller Configuration Guide 10-31 OL-1926-06OL-9141-03...
[all | error | warning | message | packet | detail {enable | disable}] To debug the output for forwarded probes and their included RSSI for both antennas, enter this command: debug dot11 load-balancing Cisco Wireless LAN Controller Configuration Guide 10-32 OL-1926-06OL-9141-03...
When the wireless client moves its association from one access point to another, the controller simply updates the client database with the newly associated access point. If necessary, new security context and associations are established as well. Cisco Wireless LAN Controller Configuration Guide 11-2 OL-9141-03...
Page 303
All clients configured with 802.1x/Wi-Fi Protected Access (WPA) security complete a full Note authentication in order to comply with the IEEE standard. Figure 11-3 illustrates inter-subnet roaming, which occurs when the controllers’ wireless LAN interfaces are on different IP subnets. Cisco Wireless LAN Controller Configuration Guide 11-3 OL-9141-03...
Page 304
Currently, multicast traffic cannot be passed during inter-subnet roaming. With this in mind, you would Note not want to design an inter-subnet network for SpectraLink phones that need to send multicast traffic while using push to talk. Cisco Wireless LAN Controller Configuration Guide 11-4 OL-9141-03...
With this information, the network can support inter-controller wireless LAN roaming and controller redundancy. Note Clients do not roam across mobility groups. Figure 11-4 shows an example of a mobility group. Figure 11-4 A Single Mobility Group Cisco Wireless LAN Controller Configuration Guide 11-5 OL-9141-03...
Page 306
XYZ controllers, which are in a different mobility group. Likewise, the controllers in the XYZ mobility group do not recognize or communicate with the controllers in the ABC mobility group. This feature ensures mobility group isolation across the network. Cisco Wireless LAN Controller Configuration Guide 11-6 OL-9141-03...
This section provides instructions for configuring controller mobility groups through either the GUI or the CLI. You can also configure mobility groups using the Cisco Wireless Control System (WCS). Refer to the Note Cisco Wireless Control System Configuration Guide for instructions.
CLI. Step 1 Click Controller > Mobility Groups to access the Static Mobility Group Members page (see Figure 11-6). Figure 11-6 Static Mobility Group Members Page Cisco Wireless LAN Controller Configuration Guide 11-8 OL-9141-03...
Page 309
The mobility group name is case sensitive. Note Click Apply to commit your changes. The new controller is added to the list of mobility group members on the Static Mobility Group Members page. Cisco Wireless LAN Controller Configuration Guide 11-9 OL-9141-03...
Page 310
Highlight and copy the complete list of entries in the edit box. Click Apply to commit your changes. The new controllers are added to the list of mobility group members on the Static Mobility Group Members page. Cisco Wireless LAN Controller Configuration Guide 11-10 OL-9141-03...
WLAN. Instead of being anchored to the first controller that they happen to contact, mobile clients can be anchored to controllers that control access points in a particular vicinity. Cisco Wireless LAN Controller Configuration Guide 11-11 OL-9141-03...
On the anchor controller, configure the anchor controller itself as a mobility anchor. On the foreign controller, configure the anchor as a mobility anchor. Auto-anchor mobility is not supported for use with DHCP option 82. • Cisco Wireless LAN Controller Configuration Guide 11-12 OL-9141-03...
Click Mobility Anchor Create. The selected controller becomes an anchor for this WLAN. Step 4 Note To delete a mobility anchor for a WLAN, click Remove to the right of the controller’s IP address. Cisco Wireless LAN Controller Configuration Guide 11-13 OL-9141-03...
The wlan-id is optional and constrains the list to the anchors in a particular WLAN. To see Note all of the mobility anchors on your system, enter show mobility anchor. To save your settings, enter this command: save config Cisco Wireless LAN Controller Configuration Guide 11-14 OL-9141-03...
To troubleshoot your controller for mobility ping over UDP, enter this command to display the mobility control packet: debug mobility handoff enable Cisco recommends using an ethereal trace capture when troubleshooting. Note Cisco Wireless LAN Controller Configuration Guide 11-15...
This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains these sections: Overview of Hybrid REAP, page 12-2 • Configuring Hybrid REAP, page 12-5 • Cisco Wireless LAN Controller Configuration Guide 12-1 OL-9141-03...
Hybrid REAP is supported only on the 1130AG and 1240AG access points and on the 2000 and 4400 series controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM, and the Controller Network Module for Integrated Services Routers.
Page 319
LWAPP discovery process methods except DHCP option 43. If the access point cannot discover a controller through Layer 3 broadcast or OTAP, Cisco recommends DNS resolution. With DNS, any access point with a static IP address that knows of a DNS server can find at least one controller.
Unicast option. VPN, PPTP, Fortress authentication, and Cranite authentication are supported for locally switched • traffic, provided that these security types are accessible locally at the access point. Cisco Wireless LAN Controller Configuration Guide 12-4 OL-9141-03...
Follow these steps to create a centrally switched WLAN. In our example, this is the first WLAN Step 1 (employee). Click WLANs to access the WLANs page. Click Next to access the WLANs > New page (see Figure 12-2). Cisco Wireless LAN Controller Configuration Guide 12-6 OL-9141-03...
Page 323
Enter a name for the WLAN in the WLAN SSID field. Click Apply to commit your changes. The WLANs > Edit page appears (see Figure 12-3). Figure 12-3 WLANs > Edit Page (Centrally Switched WLAN) Cisco Wireless LAN Controller Configuration Guide 12-7 OL-9141-03...
Page 324
This can be easily changed per SSID, per hybrid-REAP access point. Non-hybrid-REAP access points tunnel all traffic back to the controller, and VLAN tagging is dictated by each WLAN’s interface mapping. Cisco Wireless LAN Controller Configuration Guide 12-8 OL-9141-03...
Page 325
In our example, this is the third WLAN (guest-central). You might want to tunnel guest traffic to the controller so you can exercise your corporate data policies for unprotected guest traffic from a central site. Chapter 9 provides additional information on creating guest user accounts. Note Cisco Wireless LAN Controller Configuration Guide 12-9 OL-9141-03...
Page 326
Make sure to enable this WLAN by checking the Admin Status check box under General Note Policies. Figure 12-5 WLANs > Edit Page (Centrally Switched Guest Access WLAN) Click Apply to commit your changes. Click Save Configuration to save your changes. Cisco Wireless LAN Controller Configuration Guide 12-10 OL-9141-03...
Page 327
Click Save Configuration to save your changes. Go to the “Configuring an Access Point for Hybrid REAP” section on page 12-12 to configure two or Step 4 three access points for hybrid REAP. Cisco Wireless LAN Controller Configuration Guide 12-11 OL-9141-03...
Follow these steps to configure an access point for hybrid REAP using the controller GUI. Make sure that the access point has been physically added to your network. Step 1 Click Wireless to access the All APs page (see Figure 12-7). Step 2 Cisco Wireless LAN Controller Configuration Guide 12-12 OL-9141-03...
Page 329
The last parameter under Inventory Information indicates whether this access point can be configured for hybrid REAP. Only the 1130AG and 1240AG access points support hybrid REAP. Choose H-REAP from the AP Mode drop-down box to enable hybrid REAP for this access point. Step 4 Cisco Wireless LAN Controller Configuration Guide 12-13 OL-9141-03...
Page 330
Click Apply to commit your changes. Click Save Configuration to save your changes. Step 11 Repeat this procedure for any additional access points that need to be configured for hybrid REAP at the Step 12 remote site. Cisco Wireless LAN Controller Configuration Guide 12-14 OL-9141-03...
To see if a client’s data traffic is being locally or centrally switched, click Monitor > Clients on the controller GUI, click the Detail link for the desired client, and look at the Data Switching parameter under AP Properties. Cisco Wireless LAN Controller Configuration Guide 12-16 OL-9141-03...
A P P E N D I X Safety Considerations and Translated Safety Warnings This appendix lists safety considerations and translations of the safety warnings that apply to the Cisco UWN Solution products. The following safety considerations and safety warnings appear in this appendix: Safety Considerations, page A-2 •...
Safety Considerations Keep these guidelines in mind when installing Cisco UWN Solution products: The Cisco 1000 Series lightweight access points with or without external antenna ports are only • intended for installation in Environment A as defined in IEEE 802.3af. All interconnected equipment must be contained within the same building including the interconnected equipment's associated LAN connections.
Page 335
å forhindre ulykker. Bruk nummeret i slutten av hver advarsel for å finne oversettelsen i de oversatte sikkerhetsadvarslene som fulgte med denne enheten. TA VARE PÅ DISSE INSTRUKSJONENE Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
Page 336
Använd det nummer som finns i slutet av varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna anordning. SPARA DESSA ANVISNINGAR Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Produit laser de classe 1. Warnung Laserprodukt der Klasse 1. Avvertenza Prodotto laser di Classe 1. Advarsel Laserprodukt av klasse 1. Aviso Produto laser de classe 1. ¡Advertencia! Producto láser Clase I. Varning! Laserprodukt av klass 1. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
Page 338
Appendix A Safety Considerations and Translated Safety Warnings Class 1 Laser Product Warning Aviso Produto a laser de classe 1. Advarsel Klasse 1 laserprodukt. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
En cas de doute sur la mise à la masse appropriée disponible, s'adresser à l'organisme responsable de la sécurité électrique ou à un électricien. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
Page 340
Denna utrustning måste jordas. Koppla aldrig från jordledningen och använd aldrig utrustningen utan en på lämpligt sätt installerad jordledning. Om det föreligger osäkerhet huruvida lämplig jordning finns skall elektrisk besiktningsauktoritet eller elektriker kontaktas. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
• Als het rek voorzien is van stabiliseringshulpmiddelen, dient u de stabilisatoren te monteren voordat u het toestel in het rek monteert of het daar een servicebeurt geeft. Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
Page 342
Ved montering av denne enheten i et kabinett som er delvis fylt, skal kabinettet lastes fra bunnen og opp med den tyngste komponenten nederst i kabinettet. • Hvis kabinettet er utstyrt med stabiliseringsutstyr, skal stabilisatorene installeres før montering eller utføring av reparasjonsarbeid på enheten i kabinettet. Cisco Wireless LAN Controller Configuration Guide A-10 OL-9141-03...
Page 343
Om denna enhet installeras på en delvis fylld ställning skall ställningen fyllas nedifrån och upp, med de tyngsta enheterna längst ned på ställningen. • Om ställningen är försedd med stabiliseringsdon skall dessa monteras fast innan enheten installeras eller underhålls på ställningen. • • • • • • Cisco Wireless LAN Controller Configuration Guide A-11 Ol-9141-03...
Page 344
Ved montering af denne enhed i et delvist fyldt rack, skal enhederne installeres fra bunden og opad med den tungeste enhed nederst. • Hvis racket leveres med stabiliseringsenheder, skal disse installeres for enheden monteres eller serviceres i racket. Cisco Wireless LAN Controller Configuration Guide A-12 OL-9141-03...
Page 345
Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-13 Ol-9141-03...
Page 346
Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-14 OL-9141-03...
Page 347
Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing • • • • • • • • • Cisco Wireless LAN Controller Configuration Guide A-15 Ol-9141-03...
Page 348
Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-16 OL-9141-03...
Page 349
Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide A-17 Ol-9141-03...
Battery Handling Warning for 4400 Series Controllers Battery Handling Warning for 4400 Series Controllers There is the danger of explosion if the Cisco 4400 Series Wireless LAN Controller battery is replaced Warning incorrectly. Replace the battery only with the same or equivalent type recommended by the manufacturer.
Page 351
Varning! Explosionsfara vid felaktigt batteribyte. Ersätt endast batteriet med samma batterityp som rekommenderas av tillverkaren eller motsvarande. Följ tillverkarens anvisningar vid kassering av använda batterier. Cisco Wireless LAN Controller Configuration Guide A-19 Ol-9141-03...
Bare opplært og kvalifisert personell skal foreta installasjoner, utskiftninger eller service på dette utstyret. Aviso Apenas pessoal treinado e qualificado deve ser autorizado a instalar, substituir ou fazer a revisão deste equipamento. Cisco Wireless LAN Controller Configuration Guide A-20 OL-9141-03...
Page 353
Aviso Somente uma equipe treinada e qualificada tem permissão para instalar, substituir ou dar manutenção a este equipamento. Advarsel Kun uddannede personer må installere, udskifte komponenter i eller servicere dette udstyr. Cisco Wireless LAN Controller Configuration Guide A-21 Ol-9141-03...
Page 354
Appendix A Safety Considerations and Translated Safety Warnings Equipment Installation Warning Cisco Wireless LAN Controller Configuration Guide A-22 OL-9141-03...
More Than One Power Supply Warning for 4400 Series Controllers Warning The Cisco 4400 Series Wireless LAN Controller might have more than one power supply connection. All connections must be removed to de-energize the unit. Statement 1028 Waarschuwing Deze eenheid kan meer dan één stroomtoevoeraansluiting bevatten. Alle aansluitingen dienen ontkoppeld te worden om de eenheid te ontkrachten.
Page 356
Esta unidade pode ter mais de uma conexão de fonte de alimentação. Todas as conexões devem ser removidas para interromper a alimentação da unidade. Advarsel Denne enhed har muligvis mere end en strømforsyningstilslutning. Alle tilslutninger skal fjernes for at aflade strømmen fra enheden. Cisco Wireless LAN Controller Configuration Guide A-24 OL-9141-03...
Page 357
Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide A-25 Ol-9141-03...
Page 358
Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide A-26 OL-9141-03...
Cisco UWN Solution. This appendix contains these sections: Regulatory Information for 1000 Series Access Points, page B-2 • FCC Statement for Cisco 2000 Series Wireless LAN Controllers, page B-8 • FCC Statement for Cisco 4400 Series Wireless LAN Controllers, page B-9 •...
This device must accept any interference received, including interference that may cause undesired operation. Cisco Aironet 2.4-GHz Access Points are certified to the requirements of RSS-210 for 2.4-GHz spread spectrum devices, and Cisco Aironet 54-Mbps, 5-GHz Access Points are certified to the requirements of RSS-210 for 5-GHz spread spectrum devices.The use of this device in a system operating either partially...
Denna utrustning är i överensstämmelse med de väsentliga kraven och andra relevanta bestämmelser i Direktiv 1999/5/EC. For 2.4 GHz radios, the following standards were applied: Radio: EN 300.328-1, EN 300.328-2 • EMC: EN 301.489-1, EN 301.489-17 • Safety: EN 60950 • Cisco Wireless LAN Controller Configuration Guide Ol-9141-03...
This equipment is intended to be used in all EU and EFTA countries. Outdoor use may be restricted to Note certain frequencies and/or may require a license for operation. For more details, contact Cisco Corporate Compliance. For 54 Mbps, 5 GHz access points, the following standards were applied: •...
Regulatory Information for 1000 Series Access Points Guidelines for Operating Cisco Aironet Access Points in Japan This section provides guidelines for avoiding interference when operating Cisco Aironet access points in Japan. These guidelines are provided in both Japanese and English.
Regulatory Information for 1000 Series Access Points Administrative Rules for Cisco Aironet Access Points in Taiwan This section provides administrative rules for operating Cisco Aironet access points in Taiwan. The rules are provided in both Chinese and English. Access Points with IEEE 802.11a Radios...
Appendix B Declarations of Conformity and Regulatory Information FCC Statement for Cisco 2000 Series Wireless LAN Controllers English Translation Administrative Rules for Low-power Radio-Frequency Devices Article 12 For those low-power radio-frequency devices that have already received a type-approval, companies, business units or users should not change its frequencies, increase its power or change its original features and functions.
FCC Statement for Cisco 4400 Series Wireless LAN Controllers The Cisco 4400 Series Wireless LAN Controller equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Page 368
Appendix B Declarations of Conformity and Regulatory Information FCC Statement for Cisco 4400 Series Wireless LAN Controllers Cisco Wireless LAN Controller Configuration Guide B-10 Ol-9141-03...
A P P E N D I X End User License and Warranty This appendix describes the end user license and warranty that apply to the Cisco UWN Solution products: Cisco 1000 Series Lightweight Access Points • Cisco 2000 Series Wireless LAN Controllers •...
License. Conditioned upon compliance with the terms and conditions of this Agreement, Cisco Systems, Inc. or its subsidiary licensing the Software instead of Cisco Systems, Inc. (“Cisco”), grants to Customer a nonexclusive and nontransferable license to use for Customer’s internal business purposes the Software and the Documentation for which Customer has paid the required license fees.
Page 371
(v) disclose, provide, or otherwise make available trade secrets contained within the Software and Documentation in any form to any third party without the prior written consent of Cisco. Customer shall implement reasonable security measures to protect such trade secrets; or (vi) use the Software to develop any software application intended for resale which employs the Software.
Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of one (1) year, the Hardware will be free from defects in material and workmanship under normal use. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped.
Page 373
Software if reported (or, upon request, returned) to Cisco or the party supplying the Software to Customer. In no event does Cisco warrant that the Software is error free or that Customer will be able to operate the Software without problems or interruptions. In addition, due to the continual development...
Customer has accepted the Software or any other product or service delivered by Cisco. Customer acknowledges and agrees that Cisco has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same...
Free Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307. Source code governed by the GNU General Public License version 2 is available upon written request to the Cisco Legal Department, 300 E. Tasman Drive, San Jose, California 95134.
Page 376
Appendix C End User License and Warranty Additional Open Source Terms Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
A P P E N D I X System Messages and LED Patterns This appendix lists system messages that can appear on the Cisco UWN Solution interfaces and describes the LED patterns on controllers and lightweight access points. It contains these sections: System Messages, page D-2 •...
STATION_AUTHENTICATION_FAIL Check disable, key mismatch or other configuration issues. STATION_ASSOCIATE_FAIL Check load on the Cisco Radio or signal quality issues. LRAD_ASSOCIATED The associated Cisco 1000 Series lightweight access point is now managed by this Cisco Wireless LAN Controller.
Page 379
-- check channel assignments. LRADIF_COVERAGE_PROFILE_FAILED Possible coverage hole detected - check Cisco 1000 Series lightweight access point history to see if common problem - add Cisco 1000 Series lightweight access points if necessary. LRADIF_LOAD_PROFILE_PASSED Load is now within threshold limits.
Page 380
FAN_FAILURE Monitor Cisco Wireless LAN Controller temperature to avoid overheating. POWER_SUPPLY_CHANGE Check for power-supply malfunction. COLD_START Cisco Wireless LAN Controller may have been rebooted. WARM_START Cisco Wireless LAN Controller may have been rebooted. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Interpreting Lightweight Access Point LEDs Refer to the hardware installation guide for your specific access point for a description of the LED patterns. You can find the guides at this URL: http://www.cisco.com/en/US/products/hw/wireless/index.html Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 382
Appendix D System Messages and LED Patterns Interpreting LEDs Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Appendix E Logical Connectivity Diagrams This section provides logical connectivity diagrams for the controllers integrated into other Cisco products, specifically the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM and the Cisco 28/37/38xx Series Integrated Services Router. These diagrams show the internal connections between the switch or router and the controller.
Appendix E Logical Connectivity Diagrams Cisco WiSM Cisco WiSM Figure E-1 Logical Connectivity Diagram for the Cisco WiSM Supervisor 720 Switch or Router Motherboard Memory Boot Flash Flash File System Flash File System on CF Card Disk 0 Disk 1...
Page 386
Logical Connectivity Diagrams Cisco WiSM The commands used for communication between the Cisco WiSM, the Supervisor 720, and the 4404 controllers will be added to this section in a future release of the document. Refer to the Catalyst 6500 Series Switch Wireless Services Module Installation and Configuration Note Note for more information.
• test HW-module wlan-controller slot/unit reset {enable | disable} Note Refer to the Cisco Wireless LAN Controller Module Feature Guide for more information. You can find this document at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124limit/124x/124xa2/bo xernm.htm#wp2033271 Cisco Wireless LAN Controller Configuration Guide...
These commands are used to view the status of the internal controller. They are initiated from the switch. show platform wireless-controller switch_number summary • Information similar to the following appears: Switch Status State operational operational Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 389
7 23:31:11 2006: Sent WCP_MSG_TYPE_RESPONSE,of type WCP_TLV_KEEP_ALIVE This command is initiated from the switch. • debug platform wireless-controller switch_number ? where ? is one of the following: all—All errors—Errors packets—WCP packets sm—State machine wcp—WCP protocol Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 390
• A direct console connection to the controller does not operate when hardware flow control is enabled on Note the PC. However, the switch console port operates with hardware flow control enabled. Cisco Wireless LAN Controller Configuration Guide OL-9141-03...
Page 391
5-8, 5-10, 5-12 802.11a (or 802.11b) > Voice Parameters page 4-23 Access Control Lists > Edit page 5-11 802.11a (or 802.11b/g) Cisco APs > Configure page 5-17, Access Control Lists > New page 10-25 Access Control Lists > Rules > New page 5-10 802.11a (or 802.11b/g) Global Parameters >...
Page 392
Alarm Trigger Threshold parameter 10-14 guidelines 11-12 All APs > Details page 7-17, 7-27, 7-34, 10-13, 12-13 overview 11-11 to 11-12 All APs page 10-9, 10-12, 12-13 autonomous access points converted to lightweight mode Cisco Wireless LAN Controller Configuration Guide IN-2 OL-9141-02...
Page 393
1-11 ciphers logical connectivity diagram and associated software configuring 6-10, 6-11 commands E-6 to E-8 described ports 3-3, 3-4 Cisco.com, obtaining documentation 1-22 caution, defined 1-19 Cisco 2000 Series Wireless LAN Controllers Cisco Wireless LAN Controller Configuration Guide IN-3 OL-9141-02...
Page 394
1-18 to ?? client roaming, configuring 4-17 to 4-22 ports 3-2, 3-3 clients Cisco Aironet 1510 Series Lightweight Outdoor Mesh viewing CCX version using the CLI 6-25 Access Point viewing CCX version using the GUI 6-24 See AP1510 Clients > AP > Traffic Stream Metrics page...
Page 395
Data Rate threshold parameter 10-20 ordering 1-22 date, configuring domain name server (DNS) discovery daylight saving time, configuring Download button 5-32, 9-15 DCA channels 10-21 Download File to Controller page 5-31, 9-15 Cisco Wireless LAN Controller Configuration Guide IN-5 OL-9141-02...
Page 396
7-17 configuring for HTTPS Ethernet connection disabling European declaration of conformity B-4 to B-5 enabling wireless connections Extensible Authentication Protocol (EAP), configuring guidelines opening using factory default settings resetting using the CLI Cisco Wireless LAN Controller Configuration Guide IN-6 OL-9141-02...
Page 397
CLI described 5-38 to 5-39 4-18 viewing using the GUI illustrated 11-2 5-35 to 5-37 IDS signatures Inventory page 7-26 configuring Invoke Channel Update Now button 10-17 Cisco Wireless LAN Controller Configuration Guide IN-7 OL-9141-02...
Page 398
Local Management Users > New page described Local Management Users page LEDs local netusers, configuring 6-16 configuring 7-36 Local Net Users > New page 12-11 for access points Local Net Users page Cisco Wireless LAN Controller Configuration Guide IN-8 OL-9141-02...
Page 399
MAC Address parameter 7-13 configuring using the GUI 7-14 to 7-15 MAC filtering, configuring on WLANs mesh access points (MAPs) MAC Filtering page 7-12 described 7-10 MAC filter list, described 7-10 selecting 7-17 Cisco Wireless LAN Controller Configuration Guide IN-9 OL-9141-02...
Page 400
11-7 to 11-8 port mirroring, configuring 3-22 to 3-23 mobility ping tests, running 11-15 Port Number parameter 3-20 mode button Port parameter 5-28 See reset button ports Mode parameter 4-20, 10-30 Cisco Wireless LAN Controller Configuration Guide IN-10 OL-9141-02...
Page 401
1-26 to 1-27 on 4400 series controllers 3-2, 3-3 purpose of document 1-18 on Catalyst 3750G Integrated Wireless LAN Controller Switch 3-3, 3-4 on Cisco 28/37/38xx Series Integrated Services Router 3-3, 3-4 on Cisco WiSM QBSS 3-3, 3-4 configuring overview...
Page 402
(SSC), LWAPP-enabled access RF groups points sending to controller 7-21 configuring Sequence parameter 5-10 using the CLI 10-8 serial port using the configuration wizard baudrate setting using the GUI 10-7 Cisco Wireless LAN Controller Configuration Guide IN-12 OL-9141-02...
Page 403
4-34 SNMP v3 users SX/LC/T small form-factor plug-in (SFP) modules changing default values using the CLI syslog 4-13 4-13 changing default values using the GUI system logging 4-11 to 4-12 4-13 Cisco Wireless LAN Controller Configuration Guide IN-13 OL-9141-02...
Page 404
10-25 configuring tunnel attributes, and identity networking 5-24 using the CLI 3-14 Tx Power Level Assignment parameter 10-27 using the configuration wizard using the GUI 3-10 to 3-12 described VLAN Identifier parameter Cisco Wireless LAN Controller Configuration Guide IN-14 OL-9141-02...
Page 405
Web Authentication Login window WLANs > Edit page (locally switched WLAN) 12-9 choosing 9-9 to 9-17 WLANs > New page 12-7 choosing the default WLANs page 11-13 using the CLI 9-10 to 9-11 Cisco Wireless LAN Controller Configuration Guide IN-15 OL-9141-02...
Page 406
WLAN SSID parameter configuring 6-18 described 6-18 with CAC 4-22 world mode 4-16 WPA1+WPA2 configuring using the CLI 6-11 using the GUI 6-9 to 6-11 described WPA1 Policy parameter 6-10 WPA2 Policy parameter 6-10 Cisco Wireless LAN Controller Configuration Guide IN-16 OL-9141-02...