Cisco ISR Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. ISR
  6. Configuration manual
Cisco ISR Configuration Manual

Cisco ISR Configuration Manual

Wireless isr and hwic access point
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Cisco Wireless ISR and HWIC Access Point
Configuration Guide
December 2006
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: 0L-6415-04

Advertisement

Table of Contents
loading

Related Manuals for Cisco ISR

Summary of Contents for Cisco ISR

  • Page 1 Cisco Wireless ISR and HWIC Access Point Configuration Guide December 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: 0L-6415-04...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...

  • Page 3: Table Of Contents

    Configuring Radio Settings C H A P T E R Enabling the Radio Interface Roles in Radio Network Configuring Network or Fallback Role Bridge Features Not Supported Sample Bridging Configuration Universal Client Mode Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...
  • Page 4 Performing a Carrier Busy Test Configuring Multiple SSIDs C H A P T E R Understanding Multiple SSIDs SSID Configuration Methods Supported by Cisco IOS Releases Configuring Multiple SSIDs Creating an SSID Globally Using a RADIUS Server to Restrict SSIDs...
  • Page 5 Matching Access Point and Client Device Authentication Types Configuring RADIUS Servers C H A P T E R Configuring and Enabling RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Displaying the RADIUS Configuration Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...

  • Page 6: Support

    A P P E N D I X MIB List Using FTP to Access the MIB Files Error and Event Messages A P P E N D I X How to Read System Messages Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...
  • Page 7 Contents Message Traceback Reports Association Management Messages 802.11 Subsystem Messages Local Authenticator Messages L O S S A R Y N D E X Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...
  • Page 8 Contents Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...

  • Page 9: Preface

    AP HWIC, Cisco 800 series and Cisco 1800 series routers. This guide provides procedures for using the Cisco IOS software commands that have been created or changed for use with the wireless device. It does not provide detailed information about these commands. For information about the standard Cisco IOS software commands, see the Cisco IOS software documentation set available from the Cisco.com home page at Service and Support >...

  • Page 10: Organization

    Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional • element. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 11 électriques et familiarisez-vous avec les procédures courantes de prévention des accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez consulter l’annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité). Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 12: Related Publications

    Cisco Interface Cards Installation Guide High-Speed WAN Interface Quick Start Guide: Interface Cards for Cisco Access Routers Card Installing, Replacing, and Upgrading Components in Cisco Modular Access Routers and Integrated Services Routers Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 13: Obtaining Documentation

    Products with 802.11a/b/g and 802.11b/g Radios Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

  • Page 14: Product Documentation Dvd

    Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.

  • Page 15: Cisco Product Security Overview

    Register to receive security information from Cisco. • A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html...

  • Page 16: Obtaining Technical Assistance

    Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting Note a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts &...

  • Page 17: Definitions Of Service Request Severity

    Obtaining Additional Publications and Information For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
  • Page 18 Preface Obtaining Additional Publications and Information iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies • learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions.
  • Page 19 Wireless Device Management You can use the wireless device management system through the following interfaces: The Cisco IOS command-line interface (CLI), that can be used through a console port or a Telnet • session. Use the interface dot11radio configuration command in global mode to place the wireless device into radio configuration mode.

  • Page 20: Chapter 1 Overview

    LAN. Figure 1-1 Access Points as Root Units on a Wired LAN Access Point (Root Unit) Wired LAN Access Point (Root Unit) Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...

  • Page 21: Multiple Ssids

    Root/Non-Root bridging mode is supported only on modular ISR platforms, such as Cisco Note 3800 series , Cisco 2800 and Cisco 1841 series. Fixed ISR platforms, such as the Cisco 800 and Cisco 1800 do not support this feature. QoS Basic Service Set (QBSS) support—This feature aligns Cisco QBSS implementation with the •...

  • Page 22: Wi-Fi Protected Access

    VLAN Assignment By Name—This feature allows the RADIUS server to assign a client to a virtual LAN (VLAN) identified by its VLAN name. In releases before Cisco IOS Release 12.4(5)T, the RADIUS server identified the VLAN by ID. This feature is important for deployments where VLAN IDs are not used consistently throughout the network.
  • Page 23 HTTP Web Server v1.1—This feature provides a consistent interface for users and applications by • implementing the HTTP 1.1 standard (see RFC 2616). In previous releases, Cisco software supported only a partial implementation of HTTP 1.0. The integrated HTTP Server API supports server application interfaces.
  • Page 24 Chapter 1 Overview Cisco Wireless Router and HWIC Configuration Guide OL-6415-04...

  • Page 25: Configuring Radio Settings

    Configuring Maximum Data Retries, page 2-27 Configuring Fragmentation Threshold, page 2-28 • • Enabling Short Slot Time for 802.11g Radios, page 2-28 Performing a Carrier Busy Test, page 2-29 • Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 26: Role In Radio Network

    Enabling the Radio Interface Enabling the Radio Interface The wireless device radios are disabled by default. In Cisco IOS Release 12.4 there is no default SSID. You must create a Radio Service Set Identifier Note (SSID) before you can enable the radio interface.

  • Page 27: Configuring Network Or Fallback Role

    Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 28: Bridge Features Not Supported

    Configuring Radio Settings Configuring Network or Fallback Role Bridge Features Not Supported The following features are not supported when a Cisco ISR series access point is configured as a bridge: Clear Channel Assessment (CCA) • Interoperability with 1400 series bridge •...

  • Page 29: Ssid

    0 0 line aux 0 line vty 0 4 webvpn context Default_context ssl authenticate verify all no inservice The following is a sample of Non-Root Bridge Configuration: no aaa new-model Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 30 1 bridge-group 1 spanning-disabled interface BVI1 ip address 20.0.0.5 255.0.0.0 ip route 0.0.0.0 0.0.0.0 20.0.0.1 ip http server no ip http secure-server control-plane bridge 1 route ip Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 31: Configuring Universal Client Mode

    Cisco root bridges or Cisco workgroup bridges. Configuring Universal Client Mode You can configure universal client mode in Cisco ISR series by setting the radio interface station-role to non-root. This is different from configuring the dot11radio interface to operate in non-root bridge mode, which requires specifying the word bridge at the end of the command, ex: "station-role non-root...
  • Page 32 NAT fails to translate with a DHCP address on the dot11 interface running in universal client mode. Note The following configuration is supported on NAT: ip nat inside source list 1 interface Virtual-Dot11Radio0 overload The following is an example of a NAT configuration on a Cisco 1803 ISR: C1803W_UC# C1803W_UC#sh run Building configuration...
  • Page 33 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root rts threshold 2312 no cdp enable interface Dot11Radio1 ip address dhcp ip nat outside ip virtual-reassembly Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 34: Configuring Radio Data Rates

    Step 2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-10 OL-6415-04...
  • Page 35 802.11g client devices to associate to the wireless device’s 802.11g radio. On the 5-GHz radio, the default option sets rates 6.0, 12.0, and 24.0 to basic, and rates 9.0, 18.0, 36.0, 48.0, and 54.0 to enabled. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-11 OL-6415-04...

  • Page 36: Configuring Radio Transmit Power

    To determine what transmit power is available for your access point and which regulatory domain it operates in, refer to the hardware installation guide for that device. hardware installation guides are available at cisco.com. Follow these steps to view and download them: Browse to http://www.cisco.com.

  • Page 37: Limiting The Power Level For Associated Client Devices

    Note Cisco AVVID documentation uses the term Dynamic Power Control (DTPC) to refer to limiting the power level on associated client devices. Beginning in privileged EXEC mode, follow these steps to specify a maximum allowed power setting on...

  • Page 38: Configuring Radio Channel Settings

    Too many access points in the same vicinity creates radio congestion that can reduce throughput. A careful site survey can determine the best placement of access points for maximum radio coverage and throughput. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-14 OL-6415-04...

  • Page 39: Regulatory Domains

    Identifier Frequency (MHz) – – – – 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 – – 2472 – – 2484 – – – – Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-15 OL-6415-04...
  • Page 40 – – Americas (–A) EMEA ( Japan ( Channel Frequency Identifier (MHz) OFDM OFDM OFDM 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 – – Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-16 OL-6415-04...
  • Page 41 Configuring Radio Channel Settings Regulatory Domains Center – – Americas (–A) EMEA ( Japan ( Channel Frequency Identifier (MHz) OFDM OFDM OFDM 2472 – – 2484 – – – – – Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-17 OL-6415-04...
  • Page 42 5785 – – – 5805 – – – 5825 – – – – – The frequencies allowed in your regulatory domain might differ from the frequencies listed here. Note Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-18 OL-6415-04...

  • Page 43: Dfs Automatically Enabled On Some 5-Ghz Radio Channels

    (IE) in beacons and probe responses. By default, however, the country code in the IE is blank. You use the world-mode command to populate the country code IE. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-19...

  • Page 44: Enabling And Disabling World Mode

    For example, a client device used primarily in Japan could rely on world mode to adjust its channel and power settings automatically when it travels to Italy and joins a network there. Cisco client devices running firmware version 5.30.17 or later detect whether the wireless device is using 802.11d or Cisco legacy world mode and automatically use world mode that matches the mode used by...

  • Page 45: Enabling And Disabling Short Radio Preambles

    Long—A long preamble ensures compatibility between the wireless device and all early models of • Cisco Access Point Wireless LAN Adapters (PC4800 and PC4800A). If these client devices do not associate to the wireless devices, you should use short preambles.

  • Page 46: Configuring Transmit And Receive Antennas

    For best performance, leave the transmit antenna setting at the default setting, diversity. Step 5 Return to privileged EXEC mode. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-22 OL-6415-04...

  • Page 47: Disabling And Enabling Access Point Extensions

    Disabling and Enabling Access Point Extensions Disabling and Enabling Access Point Extensions By default, the wireless device uses Cisco Access Point extensions to detect the capabilities of Cisco Access Point client devices and to support features that require specific interaction between the wireless device and associated client devices.

  • Page 48: Enabling And Disabling Reliable Multicast To Workgroup Bridges

    A Cisco Access Point Workgroup Bridge provides a wireless LAN connection for up to eight Ethernet-enabled devices.

  • Page 49: Enabling And Disabling Public Secure Packet Forwarding

    To enable and disable PSPF using CLI commands on the wireless device, you use bridge groups. You can find a detailed explanation of bridge groups and instructions for implementing them in this document: Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to • browse to the Configuring Transparent Bridging chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.

  • Page 50: Configuring Protected Ports

    Step 2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-26 OL-6415-04...

  • Page 51: Configuring Rts Threshold And Retries

    2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Step 3 packet retries value Set the maximum data retries. Enter a setting from 1 to 128. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-27 OL-6415-04...

  • Page 52: Configuring Fragmentation Threshold

    Step 1 router(config-if)# slot-time-short In radio interface mode, enter this command to enable short slot time. Step 2 no slot-time-short (optional) Enter no slot-time-short to disable short slot time. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-28 OL-6415-04...

  • Page 53: Performing A Carrier Busy Test

    For interface-number, enter dot11radio 0 to run the test on the 2.4-GHz radio, or enter dot11radio 1 to run the test on the 5-GHz radio. Use the show dot11 carrier busy command to re-display the carrier busy test results. Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-29 OL-6415-04...
  • Page 54 Chapter 2 Configuring Radio Settings Performing a Carrier Busy Test Cisco Wireless ISR and HWIC Access Point Configuration Guide 2-30 OL-6415-04...

  • Page 55: Configuring Multiple Ssids

    Understanding Multiple SSIDs, page 3-2 • Configuring Multiple SSIDs, page 3-3 • Configuring Multiple Basic SSIDs, page 3-6 • Enabling MBSSID and SSIDL at the same time, page 3-7 • Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 56: Understanding Multiple Ssids

    Cisco IOS Release 12.4(15)T. If you need to upgrade to a release later than 12.4(15)T, you should first upgrade to Cisco IOS Release 12.4(15)T, save the configuration file, upgrade to the target release, and load the saved configuration file.

  • Page 57: Configuring Multiple Ssids

    Creating an SSID Globally In Cisco IOS Releases 12.4 and later, you can configure SSIDs globally or for a specific radio interface. When you use the dot11 ssid global configuration command to create an SSID, you can use the ssid configuration interface command to assign the SSID to a specific interface.
  • Page 58 Assign the SSID to a radio interface router# configure terminal router(config)# dot11 ssid batman router(config-ssid)# accounting accounting-method-list router(config-ssid)# max-associations 15 router(config-ssid)# vlan 3762 router(config-ssid)# exit router(config)# interface dot11radio 0 router(config-if)# ssid batman Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 59: Using A Radius Server To Restrict Ssids

    Using Spaces in SSIDs In Cisco IOS Release 12.4(15)T, you can include spaces in an SSID, but trailing spaces (spaces at the end of an SSID) are invalid. However, any SSIDs created in previous versions having trailing spaces are recognized.

  • Page 60: Configuring Multiple Basic Ssids

    Configuring Multiple SSIDs Configuring Multiple Basic SSIDs The allowed list of SSIDs from the RADIUS server are in the form of Cisco VSAs. The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the access point and the RADIUS server by using the vendor-specific attribute (attribute 26).

  • Page 61: Enabling Mbssid And Ssidl At The Same Time

    Microsoft Wireless Provisioning Services (WPS). Use the advertisement option to include the SSID name and capabilities in the SSIDL IE. Use the wps option to set the WPS capability flag in the SSIDL IE. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 62: Sample Configuration For Enabling Mbssid And Ssidl

    6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 mbssid station-role root Below is a sample configuration for enabling SSIDL: dot11 ssid 1841-wep128 vlan 1 authentication open information-element ssidl advertisement Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 63 2 mode ciphers tkip encryption vlan 3 mode ciphers aes-ccm ssid 1841-wep128 ssid 1841-tkip-psk ssid 1841-aes-psk speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 64 Chapter 3 Configuring Multiple SSIDs Enabling MBSSID and SSIDL at the same time Cisco Wireless ISR and HWIC Access Point Configuration Guide 3-10 OL-6415-04...

  • Page 65: Chapter 4 Configuring An Access Point As A Local Authenticator

    LEAP, EAP-FAST, and MAC-based authentication for up to 1000 client devices. This chapter contains these sections: Understand Local Authentication, page 4-2 • • Configure a Local Authenticator, page 4-2 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 66: Understand Local Authentication

    Configuring Other Access Points to Use the Local Authenticator, page 4-8 • Configuring EAP-FAST Settings, page 4-9 • Unblocking Locked Usernames, page 4-11 • Viewing Local Authenticator Statistics, page 4-11 • Using Debug Messages, page 4-12 • Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 67: Configure A Local Authenticator

    Beginning in Privileged Exec mode, follow these steps to configure the access point as a local authenticator: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 68 See the “Unblocking Locked Usernames” section on page 4-11 for instructions on unblocking client devices. Step 10 exit Exit group configuration mode and return to authenticator configuration mode. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 69 00095125d02b password 00095125d02b group clerks mac-auth-only Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 70 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 71 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 72: Configuring Other Access Points To Use The Local Authenticator

    Cisco client devices to accommodate expected server timeouts. To remove the local authenticator from the access point configuration, use the no radius-server host hostname | ip-address global configuration command. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 73: Configuring Eap-Fast Settings

    PAC to expire in 10 days, and writes the PAC file to the TFTP server at 10.0.0.5: router# radius local-server pac-generate tftp://10.0.0.5 joe password bingo expiry 10 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 74: Configuring An Authority Id

    PACs generated by the local authenticator might not expire when they should. The access point clock is reset when the access point reboots, so the elapsed time on the clock would not reach the PAC expiration time. Cisco Wireless ISR and HWIC Access Point Configuration Guide 4-10 OL-6415-04...

  • Page 75: Limiting The Local Authenticator To One Authentication Type

    Router#sh radius local-server statistics Successes Unknown usernames Client blocks Invalid passwords Unknown NAS Invalid packet from NAS: 0 The first section of statistics lists cumulative statistics from the local authenticator. Cisco Wireless ISR and HWIC Access Point Configuration Guide 4-11 OL-6415-04...

  • Page 76: Using Debug Messages

    Use the error option to display error messages related to the local authenticator. Use the packets option to turn on display of the content of RADIUS packets sent and received. • Cisco Wireless ISR and HWIC Access Point Configuration Guide 4-12 OL-6415-04...

  • Page 77: Configuring Encryption Types

    Wired Equivalent Privacy (WEP), AES-CCM, Temporal Key Integrity Protocol (TKIP), and broadcast key rotation. This chapter contains these sections: Understand Encryption Types, page 5-2 • • Configure Encryption Types, page 5-3 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 78: Understand Encryption Types

    WEP while also allowing use of authenticated key management, Cisco recommends that you enable encryption by using the encryption mode cipher command in the CLI or by using the cipher drop-down menu in the web-browser interface. Cipher suites that contain AES-CCM provide the best security for your wireless LAN, and cipher suites that contain only WEP are the least secure.

  • Page 79: Configure Encryption Types

    Step 2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 80: Wep Key Restrictions

    Cannot configure a WEP key in key slot 4 Cipher suite with 40-bit WEP Cannot configure a 128-bit key Cipher suite with 128-bit WEP Cannot configure a 40-bit key Cipher suite with TKIP Cannot configure any WEP keys Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 81: Creating Cipher Suites

    Step 2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 82 If you configure your access point to use WPA authenticated key management, you must select a cipher suite compatible with the authenticated key management type. Table 5-3 lists the cipher suites that are compatible with WPA. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 83: Enabling And Disabling Broadcast Key Rotation

    Step 2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 84: Security Type In Universal Client Mode

    For example, if the access point is configured with AES and TKIP encryption, the universal client must also have AES+TKIP in order for the devices to associate properly. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 85 TKIP+AES (encryption mode ciphers aes-ccm tkip), you will get a system message stating the multicast suite was not found. %DOT11-4-CANT_ASSOC: Interface Dot11Radio0/1/0, cannot associate: WPAIE not found and required Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 86: Wmm

    Caveats When the Cisco dot11radio is in the universal client mode and associates to a 3rd party access point, there are some additional caveats. The first is on the "show dot11 association" output. The "Device" area shows a result of "unknown" when associated to a 3rd party access point (non-Cisco). In the example below, a Cisco 876W universal client is associated to a Symbol 4131 Access Point.
  • Page 87 : 16 Bytes Input : 46619 Bytes Output : 3495 Duplicates Rcvd Data Retries Decrypt Failed RTS Retries MIC Failed MIC Missing Packets Redirected: 0 Redirect Filtered: 0 c876# Cisco Wireless ISR and HWIC Access Point Configuration Guide 5-11 OL-6415-04...
  • Page 88 Chapter 5 Configuring Encryption Types Configure Encryption Types Cisco Wireless ISR and HWIC Access Point Configuration Guide 5-12 OL-6415-04...

  • Page 89: Chapter 6 Configuring Authentication Types

    This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understand Authentication Types, page 6-2 • Configure Authentication Types, page 6-9 • Matching Access Point and Client Device Authentication Types, page 6-16 • Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 90: Understand Authentication Types

    In this example, the device’s WEP key does not match the access point’s key, so it can authenticate but not pass data. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 91: Shared Key Authentication To Access Point

    6. Key mismatch, frame discarded Shared Key Authentication to Access Point Cisco provides shared key authentication to comply with the IEEE 802.11b standard. However, because of shared key’s security flaws, Cisco recommends that you avoid using it. During shared key authentication, the access point sends an unencrypted challenge text string to any device attempting to communicate with the access point.

  • Page 92: Eap Authentication To Network

    The client and access point activate WEP and use the session and broadcast WEP keys for all communications during the remainder of the session. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 93: Mac Address Authentication To The Network

    MAC-address cache without sending the request to your authentication server. See the “Configuring MAC Authentication Caching” section on page 6-14 instructions on enabling this feature. Figure 6-4 shows the authentication sequence for MAC-based authentication. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 94: Combining Mac-Based, Eap, And Open Authentication

    WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK. Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK. Cisco Wireless ISR and HWIC Access Point Configuration Guide...
  • Page 95 Confirm installation of all keys. Client and access point complete a two-way handshake to securely deliver the group transient key from the access point to the client. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 96: Software And Firmware Requirements For Wpa And Wpa-Tkip

    Understand Authentication Types Software and Firmware Requirements for WPA and WPA-TKIP Table 6-1 lists the firmware and software requirements required on access points and Cisco client devices to support WPA key management and WPA-TKIP encryption protocols. To support the security combinations in...

  • Page 97: Configure Authentication Types

    Step 2 dot11 ssid ssid-string Create an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 98 An access point configured for EAP authentication Note forces all client devices that associate to perform EAP authentication. Client devices that do not use EAP cannot use the access point. Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-10 OL-6415-04...

  • Page 99: With Eap

    WPA. If you enable WPA with a pre-shared key, the key management type is WPA-PSK. See the “Configuring Additional WPA Settings” section on page 6-13 for instructions on configuring a pre-shared key. Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-11 OL-6415-04...

  • Page 100: Configuring Wpa Migration Mode

    3 size 128 12345678901234567890123456 transmit-key router(config-if)# ssid migrate router(config-ssid)# authentication open router(config-ssid)# authentication network-eap adam router(config-ssid)# authentication key-management wpa optional router(config-ssid)# wpa-psk ascii batmobile65 router(config-ssid)# exit Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-12 OL-6415-04...
  • Page 101 8 letters, numbers, or symbols, and the access point expands the key for you. You can enter a maximum of 63 ASCII characters. Step 5 Return to privileged EXEC mode. Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-13 OL-6415-04...

  • Page 102: Configuring Mac Authentication Caching

    [address] clear specific clients from the cache. Step 6 Return to privileged EXEC mode. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-14 OL-6415-04...

  • Page 103: Configuring Authentication Holdoffs, Timeouts, And Intervals

    Session-Timeout value for the EAP authentication. To avoid confusion on which Session-Timeout attribute is used, configure the same Session-Timeout value on your authentication server for both MAC and EAP authentication. Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-15 OL-6415-04...

  • Page 104: Matching Access Point And Client Device Authentication Types

    Open authentication with EAP. To allow both the Cisco access point clients using LEAP and non-Cisco clients using LEAP to associate using the same SSID, you might need to configure the SSID for both Network EAP authentication and Open authentication with EAP.
  • Page 105 Set up and enable WEP and enable to configure card control using IEEE 802.1X and EAP and Open Authentication for Smart Card or other Certificate as the SSID the EAP Type Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-17 OL-6415-04...
  • Page 106 Set up and enable WEP with full to configure card control using IEEE 802.1X and encryption and enable Require EAP SIM Authentication as the EAP and Open Authentication for the Type SSID Cisco Wireless ISR and HWIC Access Point Configuration Guide 6-18 OL-6415-04...

  • Page 107: Chapter 7 Configuring Radius Servers

    Chapter 6, “Configuring Authentication Types,” for detailed instructions on configuring your access point as a local authenticator. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Security Command Reference for Release 12.2.

  • Page 108: Configuring And Enabling Radius

    • Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.

  • Page 109: Radius Operation

    RADIUS server to the wireless client device. See the “Assigning Authentication Types to an SSID” section on page 6-9 for instructions on setting up client authentication using a RADIUS server. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 110: Configuring Radius

    RADIUS and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the access point through the CLI. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 111: Chapter

    Beginning in privileged EXEC mode, follow these steps to configure per-server RADIUS server communication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 112: Chapter

    To enable accounting for an SSID, you must include the Note accounting command in the SSID configuration. Click this URL to browse to a detailed description of the SSID configuration mode accounting command: http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod ucts_command_reference_chapter09186a008041757f.html#wp2 449819 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 113: Configuring Radius Login Authentication

    Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 114 {default | list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 115: Defining Aaa Server Groups

    Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a particular RADIUS server with it: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 116 Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Step 9 Enable RADIUS login authentication. See the “Configuring RADIUS Login Authentication” section on page 7-7. Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-10 OL-6415-04...
  • Page 117 Use the local database if authentication was not performed by using RADIUS. • Authorization is bypassed for authenticated users who log in through the CLI even if authorization has Note been configured. Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-11 OL-6415-04...
  • Page 118 Access Point” section on page 7-18 for a complete list of attributes sent and honored by the access point. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
  • Page 119 Step 5 radius-server deadtime minutes Use this command to cause the Cisco IOS software to mark as “dead” any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the request to time out before trying the next configured server.
  • Page 120 The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco’s vendor ID is 9, and the supported option has vendor type 1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization.
  • Page 121 Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the access point and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.

  • Page 122: Configuring Wispr Radius Attributes

    You can find a list of ISO and ITU country and area codes at the ISO and ITU websites. Cisco IOS software does not check the validity of the country and area codes that you configure on the access point.

  • Page 123: Displaying The Radius Configuration

    To display the RADIUS configuration, use the show running-config privileged EXEC command. Note When DNS is configured on the access point, the show running-config command sometimes displays a server’s IP address instead of its name. Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-17 OL-6415-04...

  • Page 124: Radius Attributes Sent By The Access Point

    Attribute ID Description Class Session-Timeout Tunnel-Type Tunnel-Medium-Type EAP-Message Message-Authenticator Tunnel-Private-Group-ID VSA (attribute 26) LEAP session-key VSA (attribute 26) Auth-Algo-Type VSA (attribute 26) SSID 1. RFC2868; defines a VLAN override number. Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-18 OL-6415-04...
  • Page 125 Acct-Session-Id Acct-Session-Time Acct-Input-Packets Acct-Output-Packets NAS-Port-Type VSA (attribute 26) SSID VSA (attribute 26) NAS-Location VSA (attribute 26) VLAN-ID VSA (attribute 26) Connect-Progress VSA (attribute 26) Cisco-NAS-Port VSA (attribute 26) Interface Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-19 OL-6415-04...

  • Page 126: Service-Type Attribute

    Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa authentication attributes service-type login-only global configuration command to set the service-type attribute in reauthentication requests to login-only. Cisco Wireless ISR and HWIC Access Point Configuration Guide 7-20 OL-6415-04...

  • Page 127: Chapter 8 Configuring Vlans

    LAN. These sections describe how to configure your access point to support VLANs: Understanding VLANs, page 8-2 • Configuring VLANs, page 8-4 • VLAN Configuration Example, page 8-9 • Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 128: Understanding Vlans

    VLAN are 802.11Q tagged before they are forwarded onto the wired network. Figure 8-1 shows the difference between traditional physical LAN segmentation and logical VLAN segmentation with wireless devices connected. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 129: Related Documents

    SSID 3 = VLAN 3 Related Documents These documents provide more detailed information pertaining to VLAN design and configuration: Cisco IOS Switching Services Configuration Guide. Click this link to browse to this document: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/index.htm Cisco Internetwork Design Guide. Click this link to browse to this document: •...

  • Page 130: Incorporating Wireless Devices Into Vlans

    • Assigning Names to VLANs, page 8-7 • • Using a RADIUS Server to Assign Users to VLANs, page 8-7 • Viewing VLANs Configured on the Access Point, page 8-8 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 131: Configuring A Vlan

    Step 5 exit Return to interface configuration mode for the radio interface. Step 6 interface dot11radio 0.x | 1.x Enter interface configuration mode for the radio VLAN sub interface. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 132 1 router(config-ssid)# exit router(config)# interface dot11radio0.1 router(config-subif)# encapsulation dot1q 1 native router(config-subif)# exit router(config)# interface fastEthernet0.1 router(config-subif)# encapsulation dot1q 1 native router(config-subif)# exit router(config)# end Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 133: Assigning Names To Vlans

    VLAN name to a different VLAN ID. Note If clients on your wireless LAN require seamless roaming, Cisco recommends that you assign the same VLAN name to the same VLAN ID across all access points, or that you use only VLAN IDs without names.

  • Page 134: Viewing Vlans Configured On The Access Point

    Bridge Group 1 201688 Bridging Bridge Group 1 201688 Bridging Bridge Group 1 201688 Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interfaces: Dot11Radio0.2 FastEthernet0.2 Virtual-Dot11Radio0.2 Protocols Configured: Address: Received: Transmitted: Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 135: Vlan Configuration Example

    Faculty access—Medium level of access; users can access school’s Intranet and Internet, access internal files, access student databases, and view internal information such as human resources, payroll, and other faculty-related material. Faculty users are required to authenticate using Cisco LEAP.
  • Page 136 1 bridge-group 2 bridge-group 3 no bridge-group 1 source-learning no bridge-group 2 source-learning no bridge-group 3 source-learning bridge-group 1 spanning-disabled bridge-group 2 spanning-disabled bridge-group 3 spanning-disabled Cisco Wireless ISR and HWIC Access Point Configuration Guide 8-10 OL-6415-04...
  • Page 137 2 unicast-flooding bridge-group 2 spanning-disabled When you configure a bridge group on the FastEthernet interface, these commands are set automatically: no bridge-group 2 source-learning bridge-group 2 spanning-disabled Cisco Wireless ISR and HWIC Access Point Configuration Guide 8-11 OL-6415-04...
  • Page 138 Chapter 8 Configuring VLANs VLAN Configuration Example Cisco Wireless ISR and HWIC Access Point Configuration Guide 8-12 OL-6415-04...

  • Page 139: Chapter 9 Configuring Qos

    It sends the packets without any assurance of reliability, delay bounds, or throughput. This chapter consists of these sections: Understanding QoS for Wireless LANs, page 9-2 • • Configuring QoS, page 9-4 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 140: Understanding Qos For Wireless Lans

    They support Spectralink phones using the class-map IP protocol clause with the protocol value set • to 119. To contrast the wireless LAN QoS implementation with the QoS implementation on other Cisco network devices, see the Cisco IOS Quality of Service Solutions Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/index.htm Impact of QoS on a Wireless LAN Wireless LAN QoS features are a subset of the proposed 802.11e draft.

  • Page 141: Precedence Of Qos Settings

    You can use the Cisco IOS command dot11 phone dot11e command to enable the future upgrade of the 7920 Wireless Phone firmware to support the standard QBSS Load IE. The new 7920 Wireless Phone firmware will be announced at a later date.

  • Page 142: Using Wi-Fi Multimedia Mode

    QoS is disabled by default (however, the radio interface always honors tagged 802.1P packets even when you have not configured a QoS policy). This section describes how to configure QoS on your access point. It contains this configuration information: Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 143: Configuration Guidelines

    IEEE Draft Standard 802.11e. For detailed information on these values, consult that standard. Cisco strongly recommends that you use the default settings on the Radio Access Categories page. Changing these values can lead to unexpected blockages of traffic on your wireless LAN, and the blockages might be difficult to diagnose.

  • Page 144: Disabling Igmp Snooping Helper

    _class_WMM2 set cos 2 class _class_WMM3 set cos 3 class _class_WMM4 set cos 4 class _class_WMM5 set cos 5 class _class_WMM6 set cos 6 class _class_WMM7 set cos 7 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 145: Appendix

    A P P E N D I X Channel Settings This appendix lists the radio channels supported by Cisco access products in the regulatory domains of the world. IEEE 802.11b (2.4-GHz Band) The channel identifiers, channel center frequencies, and regulatory domains of each IEEE 802.11b...

  • Page 146: Ieee 802.11G (2.4-Ghz Band)

    The channel identifiers, channel center frequencies, and regulatory domains of each IEEE 802.11a 20-MHz-wide channel are shown in Table A-3. Table A-3 5-GHz Radio Band Regulatory Domains Center Channel Frequency North America Identifier (MHz) (-A) ETSI Japan (-P) China 5180 5200 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 147 All channel sets are restricted to indoor usage except the Americas ( – A), which allows for indoor and outdoor use on channels 52 through 64 in the United States. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 148 Appendix A Channel Settings IEEE 802.11a (5-GHz Band) Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 149: Appendix

    In each table, the Protocol column lists the protocol name, the Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 150 Novell IPX (old) — 0x8137 Novell IPX (new) 0x8138 EAPOL (old) — 0x8180 EAPOL (new) — 0x888E Telxon TXP 0x8729 Aironet DDP 0x872D Enet Config Test — 0x9000 NetBUI — 0xF0F0 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 151 Internet Group Management Protocol IGMP Transmission Control Protocol Exterior Gateway Protocol — CHAOS — User Datagram Protocol XNS-IDP ISO-TP4 ISO-CNLP CNLP Banyan VINES VINES Encapsulation Header encap_hdr Spectralink Voice Protocol Spectralink — Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 152 Domain Name Server domain — BOOTP Server — BOOTP Client — TFTP — gopher — netrjs finger — Hypertext Transport Protocol HTTP ttylink link Kerberos v5 Kerberos krb5 supdup — hostname hostnames Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 153 ISO CMIP Management Over IP CMIP Management Over IP cmip-man CMOT ISO CMIP Agent Over IP cmip-agent X Display Manager Control xdmcp Protocol NeXTStep Window Server NeXTStep Border Gateway Protocol Prospero — Internet Relay Chap Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 154: Radius

    SAMBA swat SUP debugging supfiledbg 1127 ingreslock — 1524 Prospero non-priveleged prospero-np 1525 RADIUS — 1812 Concurrent Versions System 2401 Cisco IAPP — 2887 Radio Free Ethernet 5002 Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 155: Appendix

    Supported MIBs This appendix lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the access point supports for this software release. The Cisco IOS SNMP agent supports both SNMPv1 and SNMPv2. This appendix contains these sections: MIB List, page C-1 •...

  • Page 156: Using Ftp To Access The Mib Files

    Use the get MIB_filename command to obtain a copy of the MIB file. Step 5 Note You can also access information about MIBs on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 157: Appendix

    FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the message refers. A facility can be a hardware device, a protocol, or a module of the system software. You can see a complete list of mainline facility codes for Cisco IOS Release 12.3 on Cisco.com. Go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123sup/123sems/123semv1/emgove...

  • Page 158: Message Traceback Reports

    A station disassociated from an access point. Explanation Recommended Action None. Error Message DOT11-6-ROAMED: Station [mac-address] Roamed to [mac-address] The indicated station roamed to the indicated new access point. Explanation None. Recommended Action Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...

  • Page 159: 802.11 Subsystem Messages

    Error Message DOT11-2-VERSION_INVALID: Interface [interface], unable to find required radio version [hex].[hex] [number] When trying to re-flash the radio firmware on the indicated interface, the access point Explanation recognized that the indicated radio firmware packaged with the Cisco IOS software had the incorrect version. None. Recommended Action...
  • Page 160 Error Message DOT11-6-FREQ_SCAN: Interface [interface] Scanning frequencies for [number] seconds Explanation Starting a scan for a least congested frequency on the interface indicated for a the time period indicated. None. Recommended Action Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 161 No SSID was configured for a VLAN. The indicated interface was not started. Explanation At least one SSID must be configured per VLAN. Add at least one SSID for Recommended Action the VLAN on the indicated interface. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 162 The connection to the parent access point failed for the displayed reason. The uplink Explanation will stop its connection attempts. Try resetting the uplink interface. Contact Technical Support if the problem Recommended Action persists. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 163 Error Message DOT11-4-RM_INCORRECT_INTERFACE: Invalid interface, either not existing or non-radio A radio management request discovered that the interface either does not exist or is not Explanation a radio interface. None. Recommended Action Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 164 The indicated interface radio has been stopped to load the indicated new firmware. None. Recommended Action Error Message DOT11-4-LOADING_RADIO: Interface [interface], loading the radio firmware [characters] Explanation The indicated interface radio has been stopped to load new indicated firmware. None. Recommended Action Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 165 The unit could not establish a connection to a parent access point for the displayed Explanation reason. Recommended Action Verify that the basic configuration settings (SSID, WEP, and others) of the parent access point and this unit match. Cisco Wireless ISR and HWIC Access Point Configuration Guide OL-6415-04...
  • Page 166 A failure of the Michael MIC in a packet usually indicates an active attack on Recommended Action your network. Search for and remove potential rogue devices from your wireless LAN. Cisco Wireless ISR and HWIC Access Point Configuration Guide D-10 OL-6415-04...
  • Page 167 Error Message IF-4-MISPLACED_VLAN_TAG: Detected a misplaced VLAN tag on source [interface]. Dropping packet Received an 802.1Q VLAN tag which could not be parsed correctly. The received Explanation packet was encapsulated or de encapsulated incorrectly. Recommended Action Cisco Wireless ISR and HWIC Access Point Configuration Guide D-11 OL-6415-04...

  • Page 168: Local Authenticator Messages

    Recommended Action Use the clear radius local-server user username privileged EXEC command to unblock the user, or allow the block on the user to expire by the configured lockout time. Cisco Wireless ISR and HWIC Access Point Configuration Guide D-12 OL-6415-04...

  • Page 169: G L O S S A R Y

    The random length of time that a station waits before sending a packet on the backoff time LAN. Backoff time is a multiple of slot time, so a decrease in slot time ultimately decreases the backoff time, which increases throughput. Cisco Wireless ISR and HWIC Access Point Configuration Guide GL-1 OL-6415-04...
  • Page 170 The text name that refers to a grouping of networks or network resources based domain name on organization-type or geography; for example: name.com—commercial; name.edu—educational; name.gov—government; ISPname.net—network provider (such as an ISP); name.ar—Argentina; name.au—Australia; and so on. Cisco Wireless ISR and HWIC Access Point Configuration Guide GL-2 OL-6415-04...

  • Page 171: Remote Authentication Dial-In User Service

    LAN or if it must be reached through a gateway. This number is expressed in a form similar to an IP address; for example: 255.255.255.0. An antenna that radiates its signal in a spherical pattern. isotropic Cisco Wireless ISR and HWIC Access Point Configuration Guide GL-3 OL-6415-04...
  • Page 172 A linear measure of the distance that a transmitter can send a signal. range A measurement of the weakest signal a receiver can receive and still correctly receiver sensitivity translate it into data. Radio frequency. A generic term for radio-based technology. Cisco Wireless ISR and HWIC Access Point Configuration Guide GL-4 OL-6415-04...
  • Page 173 RP-TNC rules covering spread spectrum devices limits the types of antennas that may be used with transmission equipment. In compliance with this rule, Cisco, like all other wireless LAN providers, equips its radios and antennas with a unique connector to prevent attachment of non-approved antennas to radios.
  • Page 174 LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management. Cisco Wireless ISR and HWIC Access Point Configuration Guide GL-6 OL-6415-04...

  • Page 175: I N D E X

    CCK modulation authentication server Cisco IOS software, locating documentation configuring access point as local server client communication, blocking described client power level, limiting Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-1 OL-6415-04...
  • Page 176 EAP-TLS authentication commands station role setting on client and access point Complementary Code Keying (CCK) encapsulation dot1q command See CCK encapsulation method countermeasure tkip hold-time command Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-2 OL-6415-04...
  • Page 177 1, 2 Microsoft IAS servers IOS software, locating documentation migration mode, WPA ISO designators for protocols mode (role) multicast messages multiple basic SSIDs Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-3 OL-6415-04...
  • Page 178 QBSS overview dot11e parameter SSID suggested network environments configuration guidelines tracking services accessed by user described RADIUS accounting overview reauthentication requests Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-4 OL-6415-04...
  • Page 179 Wi-Fi Protected Access speed command See WPA SSID Wi-Fi Protected Access (WPA) guest mode WISPr RADIUS attributes multiple SSIDs support workgroup bridge using spaces in world mode 3, 20, 23 VLAN Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-5 OL-6415-04...

  • Page 180: World Mode

    Index world-mode command WPA migration mode wpa-psk command Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-6 OL-6415-04...
  • Page 181 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-7 OL-6415-04...
  • Page 182 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-8 OL-6415-04...
  • Page 183 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-9 OL-6415-04...
  • Page 184 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-10 OL-6415-04...
  • Page 185 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-11 OL-6415-04...
  • Page 186 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-12 OL-6415-04...
  • Page 187 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-13 OL-6415-04...
  • Page 188 Index Cisco Wireless ISR and HWIC Access Point Configuration Guide IN-14 OL-6415-04...

This manual is also suitable for:

Hwic

Table of Contents