Cisco WAP371 Administration Manual

Cisco wireless-ac/n dual radio access point with single point setup

Hide thumbs Also See for WAP371:

Quick start manual (38 pages)

Manual (5 pages)

Manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

page of 166

/ 166
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

ADMINISTRATION

GUIDE

Cisco Small Business

WAP371 Wireless-AC/N Dual Radio Access Point

with Single Point Setup

Table of Contents

Summary of Contents for Cisco WAP371

Page 1 ADMINISTRATION GUIDE Cisco Small Business WAP371 Wireless-AC/N Dual Radio Access Point with Single Point Setup...
Page 2: Table Of Contents
TSPEC AP Statistics Radio Statistics Email Alert Status Chapter 3: Administration System Settings User Accounts Time Settings Log Settings Email Alert LED Display HTTP/HTTPS Service Management Access Control Manage Firmware Download/Backup Configuration File Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 3: Cisco Small Business Wap371 Wireless Access Point Administration Guide
Chapter 5: Wireless Radio Rogue AP Detection Networks Scheduler Scheduler Association Bandwidth Utilization MAC Filtering WDS Bridge WorkGroup Bridge Quality of Service Chapter 6: System Security RADIUS Server 802.1X Supplicant Password Complexity Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 4: Cisco Small Business Wap371 Wireless Access Point Administration Guide
Local Groups Local Users Instance Configuration Instance Association Web Portal Customization Captive Portal Global Configuration Authenticated Clients Failed Authentication Clients Chapter 10: Single Point Setup Single Point Setup Overview Access Points Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 5 Contents Sessions Channel Management Wireless Neighborhood Appendix A: Deauthentication Message Reason Codes Deauthentication Reason Code Table Appendix B: Where to Go From Here Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 6: Chapter 1: Getting Started
Explorer. Select Tools > Internet Options and then select the Security tab. Select Local Intranet and select Sites. Select Advanced and then select Add. Add the intranet address of the AP (http://<ip-address>) to the local intranet zone. The IP Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 7: Using The Access Point Setup Wizard
To create a new Single Point Setup of WAP devices, select Create a New Cluster and specify a STEP 4 New Cluster Name. When you configure your devices with the same cluster name and enable Single Point Setup mode on other WAP devices, they automatically join the group. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 8 VLAN 1. Click Next. STEP 15 For the WAP371 device, the Network Name, Wireless Security, and VLAN ID pages show to STEP 16 enable configuring Radio 2. When finished with configuring Radio 2, click Next.
Page 9 If you click Yes, the Wizard displays the Enable Captive Portal - Name Your Guest Network window. Specify a Guest Network Name for Radio 1. For the WAP371 device, select whether the guest STEP 18 network uses Radio 1 or Radio 2.
Page 10: Getting Started
Configure Single Point Setup Single Point Setup Device Status System Summary System Summary Wireless Status Network Interfaces Quick Access Change Account Password User Accounts Upgrade Device Firmware Manage Firmware Backup/Restore Configuration Download/Backup Configuration File Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 11: Window Navigation
WAP devices. If a main menu item is preceded by an arrow, select to expand and display the submenu of each group. You can then select on the desired submenu item to open the associated page. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 12: Management Buttons
Edits or modifies an existing entry. Select an entry first. Refresh Redisplays the current page with the latest data. Save Saves the settings or configuration. Update Updates the new information to the startup configuration. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 13 Getting Started Window Navigation Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 14: Chapter 2: Status And Statistics
You can also select System Summary under Device Status on the Getting Started page. The System Summary page shows this information: • PID VID—The WAP hardware model and version. • Serial Number—The serial number of the Cisco WAP device. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 15 Time Wait—The closing sequence has been initiated and the WAP is waiting for a system-defined timeout period (typically 60 seconds) before closing the connection. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 16: Network Interfaces
(active or inactive). The state indicates whether the VAP is exchanging data with a client. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 17: Traffic Statistics
To show the WorkGroup Bridge Transmit/Receive page, select Status and Statistics > WorkGroup Bridge in the navigation pane. Each network interface that is configured as a WorkGroup Bridge interface shows these fields: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 18: Associated Clients
Station—The MAC address of the associated wireless client. • Status—The Authenticated and Associated Status shows the underlying IEEE 802.11 authentication and association status, which is present no matter which type of security Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 19: Tspec Client Associations
The tables on the TSPEC Client Associations page show voice and video packets transmitted and received since the association started, along with status information. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 20 Excess Usage Events—Number of times that the client has exceeded the medium time established for its TSPEC. Minor, infrequent violations are ignored. • VAP MAC Address—Virtual Access Point MAC address. Statistics: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 21: Tspec Status And Statistics
All of the transmit and receive statistics shown are totals since the WAP device was last started. If you reboot the WAP device, these figures indicate transmit and receive totals since the reboot. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 22 (in Received table) by this WAP device for this VAP. • Total Voice Bytes—Total TS voice bytes sent (in Transmit table) or received (in Received table) by this WAP device for this VAP. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 23: Tspec Ap Statistics
To view the Radio Statistics page, select Status and Statistics > Radio Statistics in the navigation pane. For the WAP371 device, select the Radio for which you want to view statistics. • Packets Received—Total packets received by the WAP device.
Page 24 Multiple Retry Count—Number of times an MSDU is successfully transmitted after more than one retry. • Frames Transmitted Count—Count of each successfully transmitted MSDU. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 25: Email Alert Status
Description—A description of the event. You can click Refresh to refresh the screen and show the most current information. You can click Clear All to clear all entries from the log. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 26: Chapter 3: Administration
Copy/Save Configuration • Reboot • Discovery—Bonjour • Packet Capture • Support Information System Settings The System Settings page enables you to configure information that identifies the WAP device within the network. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 27: User Accounts
Select Administration > User Accounts in the navigation pane. STEP 1 The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. All other users can have Read Only Access, but not Read/Write access.
Page 28 STEP 1 The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. The password for the user cisco can be changed. Select the user to configure and click Edit.
Page 29: Time Settings
Daylight Savings End—Select the week, day, month, and time when daylight savings time ends. • Daylight Savings Offset—Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 30: Log Settings
Configuring the Persistent Log If the system unexpectedly reboots, log messages can be useful to diagnose the cause. However, log messages are erased when the system reboots unless you enable persistent logging. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 31 Remote log server collection for WAP device syslog messages provides these features: • Allows aggregation of syslog messages from multiple APs • Stores a longer history of messages than is kept on a single WAP device Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 32: Email Alert
Use the email alert feature to send messages to the configured email addresses when particular system events occur. The feature supports mail server configuration, message severity configuration, and up to three email address configurations to send urgent and non-urgent email alerts. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 33 A hostname can consist of one or more labels, which are sets of up to 63 alphanumeric characters. If a hostname includes multiple labels, each is separated by a period (.). The entire series of labels and periods can be up to 253 characters long. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 34 To Email Address 1 = myemail@gmail.com Windows Live Hotmail Windows Live Hotmail recommends the following settings: Data Encryption: TLSv1 SMTP Server: smtp.live.com SMTP Port: 587 Username: Your full email address, such as myName@hotmail.com or myName@myDomain.com Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 35: Led Display
Select Administration > LED Display in the navigation pane. STEP 1 Click to enable the LEDs or clear Enable to disable the LEDs. STEP 2 Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 36: Http/Https Service
65535. The default port number for HTTP connections is the well-known IANA port number 443. • Redirect HTTP to HTTPS—Redirects management HTTP access attempts on the HTTP port to the HTTPS port. This field is available only when HTTP access is disabled. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 37 <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. A confirmation appears when the upload was successful. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 38: Management Access Control
After you upload new firmware and the system reboots, the newly added firmware becomes the primary image. If the upgrade fails, the original firmware remains as the primary image. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 39 The filename cannot contain the following items: spaces, <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. Enter the TFTP Server IPv4 Address and click Upgrade. STEP 4 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 40: Download/Backup Configuration File
Backup Configuration—An additional configuration file saved on the WAP device for use as a backup. • Mirror Configuration—If the Startup Configuration is not modified for at least 24 hours, it is automatically saved to a Mirror Configuration file. The Mirror Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 41 Downloading a Configuration File You can download a file to the AP to update the configuration or to restore the AP to a previously backed-up configuration. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 42: Configuration Files Properties
AP tries to apply the mirror configuration. If mirror configuration cannot be applied for some reason, then the AP tries the backup configuration. To delete the Startup Configuration or Backup Configuration file: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 43: Copy/Save Configuration
STEP 3 Click Save to begin the copy process. STEP 4 When complete, a window shows the message, Copy Operation Successful. Reboot You can use the Reboot page reboot the AP. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 44: Discovery-Bonjour
The AP advertises these service types: • Cisco-specific device description (csco-sb)—This service enables clients to discover Cisco WAP devices and other products deployed in small business networks. • Management user interfaces—This service identifies the management interfaces available on the WAP device (HTTP, HTTPS and SNMP).
Page 45: Packet Capture
View the current packet capture status. • Download a packet capture file. Packet Capture Configuration The Packet Capture Configuration area enables you to configure parameters and initiate a packet capture. To configure packet capture settings: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 46 Local Packet Capture To initiate a local packet capture: Ensure that Local File is selected for the Packet Capture Method. STEP 1 Configure these parameters: STEP 2 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 47 The Packet Capture Status area of the page shows the status of a packet capture, if one is active on the WAP device. • Current Capture Status—Whether packet capture is running or stopped. • Packet Capture Time—Elapsed capture time. • Packet Capture File Size—The current capture file size. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 48 To initiate the Wireshark network analyzer tool for Microsoft Windows: On the same computer, initiate the Wireshark tool. STEP 1 In the menu, select Capture > Options. A popup window appears. STEP 2 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 49 VAP0 traffic on radio 1 -- rpcap://[192.168.1.220]:2002/wlan0 802.11 traffic -- rpcap://[192.168.1.220]:2002/radio1 At WAP371, VAP1 ~ VAP7 traffic for radio 1 -- rpcap://[192.168.1.220]:2002/wlan0vap1 ~ wlan0vap7 At WAP371, VAP1 ~ VAP7 traffic for radio 2 -- rpcap://[192.168.1.220]:2002/wlan1vap1 ~ wlan1vap7 You can trace up to four interfaces on the WAP device at the same time. However, you must start a separate Wireshark session for each interface.
Page 50 You can download a capture file by TFTP to a configured TFTP server, or by HTTP(S) to a computer. The capture file is located in the RAM file system, it disappears if the WAP device is reset. To download a packet capture file using TFTP: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 51: Support Information
To show the Support Information page, select Administration > Support Information in the navigation pane. Click Download to generate the file based on current system settings. After a short pause, a window appears to enable you to save the file to your computer. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 52 Administration Support Information Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 53: Chapter 4: Lan
When disabled, you can manually configure the port speed and duplex mode. If autonegotiation is disabled, select a Port Speed (10/100 Mb/s) and the duplex mode (Half- STEP 3 or Full-duplex). Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 54: Vlan And Ipv4 Address Settings
Management VLAN ID—The VLAN associated with the IP address you use to access the WAP device. Provide a number between 1 and 4094 for the Management VLAN ID. The default is 1. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 55: Ipv6 Addresses
STEP 3 • Connection Type—By default, the DHCP client on the WAP371 automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
Page 56 IPv6 Neighbor Discovery process. • Default IPv6 Gateway—The statically configured default IPv6 gateway. • IPv6 DNS Nameservers—Select one of the following values: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 57: Ipv6 Tunnel
IPv6 Tunnel The WAP371 devices support the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP enables the WAP device to transmit IPv6 packets encapsulated within IPv4 packets over the LAN. The protocol enables the WAP device to communicate with remote IPv6- capable hosts even when the LAN that connects them does not support IPv6.
Page 58: Lldp
(PSE), such as a switch, determine which powered devices should be given priority in power allocation when the PSE doesn't have enough capacity to supply power to all connected devices. The PoE priority can be one of the following: Critical Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 59 LLDP High Unknown Click Save. The settings are saved to the system. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 60 LLDP Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 61: Chapter 5: Wireless
Radio settings directly control the behavior of the radio in the WAP device and its interaction with the physical medium; that is, how and what type of signal the WAP device emits. To configure radio settings: Select Wireless > Radio in the navigation pane. STEP 1 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 62 802.11b/g/n (default)—802.11b, 802.11g, and 802.11n clients operating in the 2.4- GHz frequency can connect to the WAP device. 802.11n 2.4 GHz—Only 802.11n clients operating in the 2.4-GHz frequency can connect to the WAP device. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 63 For radios in the 5 GHz band, when DFS support is on and the regulatory domain requires radar detection on the channel, the Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) features of 802.11h are activated. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 64 By default, protection is enabled (Auto). With protection enabled, protection is invoked if legacy devices are within range of the WAP device. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 65 However, fragmentation can help improve network performance and reliability if properly configured. Sending smaller frames (by using lower fragmentation threshold) might help with some interference problems; for example, with microwave ovens. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 66 Maximum Associated Clients—The maximum number of stations allowed to access each radio of this WAP device at any one time. You can enter an integer between 0 and 200. The default is 200 stations. The dual-radio WAP371 device can support up to 400 clients total.
Page 67 On—The WAP device handles TSPEC requests according to the TSPEC settings you configure on the Radio page. Use this setting if the WAP device handles traffic from QoS-capable devices, such as a Wi-Fi CERTIFIED phone. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 68 TSPEC Legacy WMM Queue Map Mode—Enables or disables the intermixing of legacy traffic on queues operating as ACM. By default, this mode is off. Click Save. The changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 69: Rogue Ap Detection
• Action—If the AP is in the Detected Rogue AP List, you can click Trust to move the AP to the Trusted AP List. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 70 WPA—Whether WPA security is on or off for the rogue AP. • Band—The IEEE 802.11 mode being used on the rogue AP. (For example, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g.) The number shown indicates the mode: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 71 In the Detected Rogue AP List, click Trust for APs that are known to you. The Trusted APs STEP 1 move to the Trusted AP List. In the Download/Backup Trusted AP List area, select Backup (AP to PC). STEP 2 Click Save. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 72: Networks
VAP0. VAP0 is the physical radio interface and remains enabled as long as the radio is enabled. To disable operation of VAP0, the radio itself must be disabled. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 73 Each VAP is associated with a VLAN, which is identified by a VLAN ID (VID). A VID can be any value from 1 to 4094, inclusive. The WAP371 device supports 17 active VLANs (16 for WLAN plus one management VLAN).
Page 74 • Security—The type of authentication required for access to the VAP: None Static WEP Dynamic WEP WPA Personal Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 75 It does not consider the n-bandwidth of the radio. Even if the 5-GHz radio happens to use 20 MHz bandwidth, it tries to steer clients to that radio. Click Save. The changes are saved to the Startup Configuration. STEP 5 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 76 1. The Transfer Key Index indicates which WEP key the WAP device uses to encrypt the data it transmits. • Key Length—The length of the key. Select one: 64 bits Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 77 Shared Key authentication requires the client station to have the correct WEP key in order to associate with the WAP device. When the authentication algorithm is set to Shared Key, a station with an incorrect WEP key cannot associate with the WAP device. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 78 RADIUS server that supports EAP, such as the Microsoft Internet Authentication Server. To work with Microsoft Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 79 You can use up to 63 standard alphanumeric and special characters. The key is case sensitive and must match the key configured on the RADIUS server. The text you enter is shown as asterisks. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 80 WiFi Alliance requirement. WPA2-AES—All client stations on the network support WPA2 version and AES- CCMP cipher/ security protocol. This WPA version provides the best security per Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 81 WP-TKIP—The network has some client stations that only support original WPA and TKIP security protocol. Note that selecting only WPA-TKIP for the access point is not allowed as per the latest WiFi Alliance requirement. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 82 2001:DB8:1234::abcd. • Server IP Address 2 to 4 or Server IPv6 Address 2 to 4—Up to three IPv4 and/or IPv6 addresses to use as the backup RADIUS servers for this VAP. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 83: Scheduler
You can also use the Scheduler to allow access to VAPs for wireless clients only during specific times of day. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 84 To configure a rule for a profile: Select the profile from the Select a Profile Name list. STEP 1 Click Add Rule. STEP 2 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 85 Create a “deny” or “disable” rule by setting the appropriate scope to be enabled only for 1 minute.To have the radio or VAP disabled all the time EXCEPT for explicitly allowed times would require a “Daily” Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 86: Scheduler Association
For the WLAN interface or a VAP, select the profile from the Profile Name list. STEP 2 The Interface Operational Status column shows whether the interface is currently enabled or disabled. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 87: Bandwidth Utilization
VAPs that are enabled to use the local list. The filter can be configured to grant access only to the MAC addresses on the list, or to deny access only to addresses on the list. Up to 512 MAC addresses can be added to the filter list. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 88 RADIUS Server Description Value Attribute User-Name (1) MAC address of the client station. Valid Ethernet MAC address. User-Password (2) A fixed global password used to look NOPASSWORD up a client MAC entry. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 89: Wds Bridge
For pure bridging mode that does not allow client associations, we recommend using obscure WPA key for VAP0 and/or disabling the SSID broadcast. • All Cisco WAP devices participating in a WDS link must have the following identical settings: Radio IEEE 802.11 Mode...
Page 90 Links or WPA/PSK on WDS Links following this procedure for more information about encryption options. Static WEP is applicable only when the radio is operating in legacy mode: 802.11a for 5 GHz NOTE radio and 802.11b/g for 2.4 GHz radio. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 91 WDS ID is also entered at the other end of the WDS link. If this WDS ID is not the same for both WAP devices on the WDS link, they will not be able to communicate and exchange data. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 92: Workgroup Bridge
WAP device. WDS is a better solution and is preferred over the WorkGroup Bridge solution. Use WDS if you are bridging Cisco WAP121, WAP321, WAP551, and WAP561 devices. If you are not, then consider WorkGroup Bridge. When the WorkGroup Bridge feature is enabled, the VAP configurations are not applied;...
Page 93 There is an arrow next to SSID for SSID Scanning; this feature is disabled by NOTE default, and is enabled only if AP Detection is enabled in Rogue AP Detection (which is also disabled by default). Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 94 MAC address list. Local—The set of clients in the APs BSS that can access the upstream network is restricted to the clients specified in a locally defined MAC address list. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 95: Quality Of Service
WFA Defaults—Populates the WAP device and Station EDCA parameters with WiFi Alliance default values, which are best for general, mixed traffic. • Optimized for Voice—Populates the WAP device and Station EDCA parameters with values that are best for voice traffic. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 96 Maximum Contention Window—The upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 97 Unscheduled Automatic Power Save Delivery—Select Enable to enable APSD, which is a power management method. APSD is recommended if VoIP phones access the network through the WAP device. Click Save. The changes are saved to the Startup Configuration. STEP 5 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 98 After new settings are saved, the corresponding processes may be stopped and restarted. When CAUTION this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 99 Wireless Quality of Service Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 100: Chapter 6: System Security
In addition to using the global RADIUS servers, you can also configure each VAP to use a NOTE specific set of RADIUS servers. See the Networks page. To configure global RADIUS servers: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 101 If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 102: 802.1X Supplicant
802.1X authenticator. The password can be 1 to 64 characters in length. ASCII- printable characters are allowed, which includes uppercase and lowercase alphabetic letters, numeric digits, and all special characters except quotation marks. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 103: Password Complexity
Complex passwords increase security. To configure password complexity requirements: Select System Security > Password Complexity in the navigation pane. STEP 1 For the Password Complexity setting, select Enable. STEP 2 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 104: Wpa-Psk Complexity
STEP 2 PSK keys against the criteria you configure. If you uncheck the box, none of these settings are used. WPA-PSK Complexity is disabled by default. Configure the parameters: STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 105 8 to 16. The default is 8. Check the box to make the field editable and to activate this requirement. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 106: Chapter 7: Client Quality Of Service
ACLs can block any unwarranted attempts to reach network resources. The AP supports up to 50 IPv4, IPv6, and MAC ACLs. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 107 Configure the match criteria for the rules. STEP 6 Use the Client QoS Association page to apply the ACL to one or more VAPs. STEP 7 These steps give a detailed description of how to configure ACLs: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 108 When you select Permit, the rule allows all traffic that meets the rule criteria to enter or exit the WAP device (depending on the ACL direction you select). Traffic that does not meet the criteria is dropped. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 109 If you select Source Port, choose the port name or enter the port number. Select From List—The keyword associated with the source port to match: ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 110 1024 to 49151—Registered Ports 49152 to 65535—Dynamic and/or Private Ports • IP DSCP—Matches packets based on their IP DSCP value. If you select IP DSCP, choose one of these options as the match criteria: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 111 • Destination IPv6 Address—Select this field to require a packet's destination IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate field to apply this criteria. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 112 MAC address, a MAC mask of 00:00:00:00:ff:ff is used. A MAC mask of 00:00:00:00:00:00 checks all address bits and is used to match a single MAC address. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 113 To delete an ACL, ensure that it is selected in the ACL Name-ACL Type list, select Delete ACL, NOTE and click Save. An ACL can only be deleted when it is not associated to any VAP. NOTE Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 114: Class Map
Use the fields in the Match Criteria Configuration area to match packets to a class. Select the check box for each field to be used as a criterion for a class and enter data in the related field. You can have multiple match criteria in a class. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 115 • Destination IP Address or Destination IPv6 Address—Requires a packet's destination IP address to match the address listed here. Enter an IP address in the appropriate field to apply this criteria. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 116 Select From List—Matches the destination port in the datagram header with the selected keyword: ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these keywords translates into its equivalent port number. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 117 MAC address, a MAC mask of ff:ff:ff:ff:00:00 is used. A MAC mask of ff:ff:ff:ff:ff:ff checks all address bits and is used to match a single MAC address. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 118: Policy Map
The WAP device supports up to 50 policy maps. A policy map can contain up to 10 class maps. To add and configure a policy map: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 119 Match to Value—A DSCP value that you specify. The value is an integer between 0 to 63. • Mark IP Precedence—Marks all packets for the associated traffic stream with the specified IP precedence value. The IP precedence value is an integer from 0 to 7. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 120: Client Qos Association
Select Enable for the Client QoS Global to enable this feature. STEP 4 Configure these parameters for the selected VAP: STEP 5 • Client QoS Mode—Select Enable to enable client QoS functionality on the selected VAP. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 121 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. Click Save. The changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 122: Client Qos Status
IPv4: The ACL examines IPv4 packets for matches to ACL rules. IPv6: The ACL examines IPv6 packets for matches to ACL rules. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 123 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. • DiffServ Policy Down—The name of the DiffServ policy applied to traffic from the WAP device in the outbound (WAP-to-client) direction. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 124: Chapter 8: Simple Network Management Protocol
The valid range is from 1025 to 65535. Configure the SNMPv2 settings: STEP 4 • Read-only Community—A read-only community name for SNMPv2 access. The valid range is 1 to 256 alphanumeric and special characters. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 125 .0 in a subnetwork range is always reserved for the subnet address, and the address identified by .255 in the range is always reserved for the broadcast address.) Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 126 After new settings are saved, the corresponding processes may be stopped and restarted. When NOTE this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 127: Views
(.)... or xx:xx:xx..(:) and is 16 octets in length. Each octet is two hexadecimal characters separated by either a period (.) or a colon (:). Only hex characters are accepted in this field. For example, OID mask FA.80 is 11111010.10000000. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 128: Groups
MIB view. The default groups RO and RW cannot be deleted. NOTE The AP supports a maximum of eight groups. NOTE To add and configure an SNMP group: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 129 Click Save. The group is added to the SNMPv3 Groups list and your changes are saved to the STEP 5 Startup Configuration. To remove a group, select the group in the list and click Delete. NOTE Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 130: Users
Encryption Pass Phrase—(If you specify DES as the privacy type) A pass phrase to use to encrypt the SNMP requests. The pass phrase must be between 8 and 32 characters in length. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 131: Targets
Click Save. The user is added to the SNMPv3 Targets list and your changes are saved to the STEP 5 Startup Configuration. To remove an SMMP target, select the user in the list and click Delete. NOTE Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 132 Simple Network Management Protocol Targets Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 133: Chapter 9: Captive Portal
RADIUS server. Captive Portal consists of two CP instances. Each instance can be configured independently, with different verification methods for each VAP or SSID. Cisco WAP371 devices operate concurrently with some VAPs configured for CP authentication and other VAPs configured for normal wireless authentication methods, such as WPA or WPA Enterprise.
Page 134: Local Users
AP. If the time specified in this field expires before the client attempts to reauthenticate, the client entry is removed from the authenticated client list. The range is from 0 to 1440 minutes. The default value is 60. The timeout Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 135: Instance Configuration
Ensure that Create is selected from the Captive Portal Instances list. STEP 2 Enter an Instance Name and click Save. The instance name can include from 1 to 32 STEP 3 alphanumeric characters and the underscore. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 136 Session Timeout—The time remaining, in seconds, for the CP session to be valid. After the time reaches zero, the client is deauthenticated. The range is from 0 to 1440 minutes. The default value is 0. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 137 Server IP Address 2 to 4 or Server IPv6 Address 2 to 4—Up to three IPv4 or IPv6 backup RADIUS server addresses. If authentication fails with the primary server, each configured backup server is tried in sequence. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 138: Instance Association
Select the radio interface on which you want to configure an instance association. STEP 2 Select the instance name for each VAP you want to associate an instance to. STEP 3 Click Save. Your change are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 139: Web Portal Customization
WAP device, you can select it from the list. • Foreground color—The HTML code for the foreground color in 6-digit hexadecimal format. The range is from 1 to 32 characters. The default is #999999. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 140 The range is from 1 to 512 characters. The default is MS UI Gothic, Arial, sans-serif. • Browser Title—The text to show in the browser title bar. The range is from 1 to 128 characters. The default is Captive Portal. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 141 When users initiate access to a VAP that is associated with a captive portal instance, an authentication page appears. You can customize the authentication page with your own logo or other images. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 142 STEP 7 To delete an image, on the Web Portal Custom Image page, select it from the Delete Web NOTE Customization Image list and click Delete. You cannot delete the default images. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 143: Captive Portal Global Configuration
User Count—The number of CP users currently configured on the WAP device. Up to 128 users can be configured. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 144: Authenticated Clients
• VAP ID—The VAP that the user is associated with. • Radio ID—The ID of the radio. For the dual radio WAP371 device, this field shows Radio 1 or Radio 2. • Captive Portal ID—The ID of the Captive Portal instance to which the user is associated.
Page 145: Failed Authentication Clients
• VAP ID—The VAP that the user is associated with. • Radio ID—The ID of the radio. For the dual radio WAP371 device, this field shows Radio 1 or Radio 2. • Captive Portal ID—The ID of the Captive Portal instance to which the user is associated.
Page 146: Chapter 10: Single Point Setup
Single Point Setup creates a dynamic, configuration-aware cluster, or group, of WAP devices in the same subnet of a network. A cluster supports a group of up to 16 configured WAP371 devices, but no other non-WAP371 models in the same cluster.
Page 147 Plan your Single Point Setup cluster. Be sure the two or more WAP devices you want to cluster STEP 1 are compatible with each other. For example, Cisco WAP371 devices can only cluster with other Cisco WAP371 devices. It is strongly recommended to run the latest firmware version on all clustered NOTE WAP devices.
Page 148 If the loss of contact with the cluster is due to a physical or logical disconnect with the LAN infrastructure, network services out to the wireless clients may be impacted depending on the nature of the failure. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 149 Radio Configuration Settings and Parameters that are Propagated in Single Point Setup Mode Fragmentation Threshold RTS Threshold Rate Sets Primary Channel Protection Fixed Multicast Rate Broadcast or Multicast Rate Limiting Channel Bandwidth Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 150: Access Points
IP address of a member to configure and view data on that device. Configuring the WAP Device for Single Point Setup To configure the location and name of an individual Single Point Setup cluster member: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 151 Single Point Setup works only with devices using the same type of IP addressing. It does not work with a group of WAP devices where some have IPv4 addresses and some have IPv6 addresses. Click Enable Single Point Setup. STEP 3 Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 152 (Optional) In the Location field, enter a description of where the access point is physically STEP 4 located, for example, Reception. Click Enable Single Point Setup. STEP 5 The access point automatically joins the Single Point Setup. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 153: Sessions
The Sessions page shows information on WLAN clients that are associated with the WAP devices in the Single Point Setup cluster. Each WLAN client is identified by its MAC address, along with the device location where it is currently connected. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 154 AP sends a broadcast frame to a STA using the default rates, then the field will report 1 Mbit/sec for 2.4Ghz radios and 6 Mbit/sec for 5 Ghz radios. Clients that are idle are most likely to report the low default rates. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 155: Channel Management
A syslog message is generated as well indicating the sender device and the new and old channel assignments. To configure and view the channel assignments for the Single Point Setup members: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 156 The table provides the following details on the current channel assignments. • Location—The physical location of the device. • IP Address—The IP address for the access point. • Wireless Radio—The MAC address of the radio. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 157 The default is 75 percent. Use the drop-down menu to choose percentages ranging from 5 percent to 75 percent. Using this setting lets you set a threshold gain in efficiency for channel Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 158: Wireless Neighborhood
Wireless > Rogue AP Detection in the navigation pane. For each neighbor access point, the following information is shown: • Display Neighboring APs—Select one of the following radio buttons to change the view: Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 159 Light Gray Bar—A light gray bar and no signal strength number indicates that no signal has been detected from the neighbor, but the neighbor may have been detected by other members of the cluster. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 160 Signal—The strength of the radio signal detected from the access point, measured in decibels (dB). • Beacon Interval—The beacon interval used by the access point. • Beacon Age—The date and time of the last beacon received from this access point. Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 161 Single Point Setup Wireless Neighborhood Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 162: Appendix A: Deauthentication Message Reason Codes
Disassociated because WAP device is unable to handle all currently associated STAs Class 2 frame received from nonauthenticated STA Class 3 frame received from nonassociated STA Disassociated because sending STA is leaving or has left Basic Service Set (BSS) Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 163 Element in 4-Way Handshake different from (Re)Association Request/ Probe Response/Beacon frame Invalid group cipher Invalid pairwise cipher Invalid AKMP Unsupported RSNE version Invalid RSNE capabilities IEEE 802.1X authentication failed Cipher suite rejected because of the security policy Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 164: Appendix B: Where To Go From Here
Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the WAP371. Support Cisco Small Business www.cisco.com/go/smallbizsupport Support Community Small Business Support www.cisco.com/go/sbsc Center (SBSC) Phone Support Contacts Cisco Small Business www.cisco.com/go/smallbizhelp...
Page 165 WAP371 Wireless-N Access www.cisco.com/go/300_wap_resources Point Quick Start Guide and Administration Guide Cisco Small Business Cisco Partner Central for www.cisco.com/web/partners/sell/smb Small Business (Partner Login Required) Cisco Small Business Home www.cisco.com/smb Cisco Small Business WAP371 Wireless Access Point Administration Guide...
Page 166 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Cisco WAP371 Administration Manual

Chapter 1: Getting Started

Chapter 2: Status and Statistics

Chapter 3: Administration

Chapter 4: LAN

Chapter 5: Wireless

Chapter 6: System Security

Chapter 7: Client Quality of Service

Chapter 8: Simple Network Management Protocol

Chapter 9: Captive Portal

Chapter 10: Single Point Setup

Appendix A: Deauthentication Message Reason Codes

Appendix B: Where to Go from here

Quick Links

Related Manuals for Cisco WAP371

Summary of Contents for Cisco WAP371

Table of Contents