Cisco Systems 102057 User Manual
Welcome to the Product Guide!Product Guide
The Product Guide describes the Cisco SWAN products.
Refer to the OVERVIEWS section to see a big picture view of Cisco SWAN products and
features.
Cisco SWAN 2.2: Last Updated April 1, 2005
See the SOLUTIONS
specific solutions to real-world problems.
Go to the TASKS
and troubleshoot Cisco SWAN products and supported 802.11 networks.
Visit the REFERENCES
Supported Country Codes, CLI Reference, Web User Interface Online Help files, Cisco
WCS Online Help files, Cisco 1000 Series Lightweight Access Point Deployment Guide,
Hardware and Software Quick Start Guides, and pointers to the current Release Notes.
FCC Statements for Cisco 4100 Series Wireless LAN Controllers
FCC Statements for Cisco 2000 Series Wireless LAN Controllers
FCC Statements for Cisco 1000 Series Lightweight Access Points
Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
Legal Information
Obtaining Documentation
Documentation Feedback
Cisco Product Security Overview
Obtaining Technical Assistance
section to look through real-world network and application-
section to find detailed instructions on how to install, configure, use,
section to find technical information, such as the Glossary,
4/1/05 © 2005 All Rights Reserved.
OL-7426-02
Obtaining Additional Publications and Information
Cisco SWAN Release Notes
Cisco WCS Release Notes
4/1/05 Product Guide
OL-7426-02
Legal InformationLegal Information
This section includes the following legal information:
• Products
• End User License Agreement
• Limited Warranty
• General Terms Applicable to the Limited Warranty Statement and End User License Agreement
• Additional Open Source Terms
• Trademarks and Service Marks
The following describes the Cisco Systems, Inc. standard Product Warranty for End Customers.
ProductsProducts
• Cisco 2000 Series Wireless LAN Controllers
• Cisco 4100 Series Wireless LAN Controllers
• Cisco 1000 Series IEEE 802.11a/b/g lightweight access points
End User License AgreementEnd User License Agreement
IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY. DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE CONSTITUTES
ACCEPTANCE OF THIS AGREEMENT.
CISCO IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU
ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. BY DOWNLOADING OR
INSTALLING THE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE
BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT (COLLECTIVELY,
“CUSTOMER”) TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN CISCO IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND (A) DO NOT DOWNLOAD,
INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND,
OR, IF THE SOFTWARE IS SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE
PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER
PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE
ORIGINAL END USER PURCHASER.
The following terms of this End User License Agreement (“Agreement”) govern Customer’s access and
use of the Software, except to the extent (a) there is a separate signed agreement between Customer
and Cisco governing Customer’s use of the Software or (b) the Software includes a separate
“click-accept” license agreement as part of the installation and/or download process. To the extent of a
conflict between the provisions of the foregoing documents, the order of precedence shall be (1) the
signed agreement, (2) the click-accept agreement, and (3) this End User License Agreement.
License. Conditioned upon compliance with the terms and conditions of this Agreement, Cisco
Systems, Inc. or its subsidiary licensing the Software instead of Cisco Systems, Inc. (“Cisco”), grants to
Customer a nonexclusive and nontransferable license to use for Customer’s internal business purposes
the Software and the Documentation for which Customer has paid the required license fees. “Documentation” means written information (whether contained in user or technical manuals, training materials,
specifications or otherwise) specifically pertaining to the Software and made available by Cisco with the
Software in any manner (including on CD-ROM, or on-line).
Customer’s license to use the Software shall be limited to, and Customer shall not use the Software in
excess of, a single hardware chassis or card or that number of agent(s), concurrent users, sessions, IP
4/1/05 Legal Information
OL-7426-02
addresses, port(s), seat(s), server(s) or site(s), as set forth in the applicable Purchase Order which has
been accepted by Cisco and for which Customer has paid to Cisco the required license fee.
Unless otherwise expressly provided in the Documentation, Customer shall use the Software solely as
embedded in, for execution on, or (where the applicable documentation permits installation on
non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer and used
for Customer’s internal business purposes. NOTE: For evaluation or beta copies for which Cisco does
not charge a license fee, the above requirement to pay license fees does not apply.
General Limitations. This is a license, not a transfer of title, to the Software and Documentation, and
Cisco retains ownership of all copies of the Software and Documentation. Customer acknowledges that
the Software and Documentation contain trade secrets of Cisco, its suppliers or licensors, including but
not limited to the specific internal design and structure of individual programs and associated interface
information. Accordingly, except as otherwise expressly provided under this Agreement, Customer shall
have no right, and Customer specifically agrees not to:
(i) transfer, assign or sublicense its license rights to any other person or entity, or use the Software
on unauthorized or secondhand Cisco equipment, and Customer acknowledges that any attempted
transfer, assignment, sublicense or use shall be void;
(ii) make error corrections to or otherwise modify or adapt the Software or create derivative works
based upon the Software, or permit third parties to do the same;
(iii) reverse engineer or decompile, decrypt, disassemble or otherwise reduce the Software to
human-readable form, except to the extent otherwise expressly permitted under applicable law
notwithstanding this restriction;
(iv) use or permit the Software to be used to perform services for third parties, whether on a service
bureau or time sharing basis or otherwise, without the express written authorization of Cisco; or
(v) disclose, provide, or otherwise make available trade secrets contained within the Software and
Documentation in any form to any third party without the prior written consent of Cisco. Customer shall
implement reasonable security measures to protect such trade secrets; or
(vi) use the Software to develop any software application intended for resale which employs the
Software.
To the extent required by law, and at Customer's written request, Cisco shall provide Customer with the
interface information needed to achieve interoperability between the Software and another independently created program, on payment of Cisco's applicable fee, if any. Customer shall observe strict
obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Cisco makes such information available.
Customer is granted no implied licenses to any other intellectual property rights other than as specifically granted herein.
Software, Upgrades and Additional Copies. For purposes of this Agreement, “Software” shall
include (and the terms and conditions of this Agreement shall apply to) computer programs, including
firmware, as provided to Customer by Cisco or an authorized Cisco reseller, and any upgrades,
updates, bug fixes or modified versions thereto (collectively, “Upgrades”) or backup copies of the
Software licensed or provided to Customer by Cisco or an authorized Cisco reseller. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT
TO USE ANY ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING
SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS
PAID THE APPLICABLE FEE FOR THE UPGRADE OR ADDITIONAL COPIES; (2) USE OF UPGRADES IS
LIMITED TO CISCO EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR
LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING
UPGRADED; AND (3) THE MAKING AND USE OF ADDITIONAL COPIES IS LIMITED TO NECESSARY
BACKUP PURPOSES ONLY.
Proprietary Notices. Customer agrees to maintain and reproduce all copyright and other proprietary
notices on all copies, in any form, of the Software in the same form and manner that such copyright
4/1/05 Legal Information
OL-7426-02
and other proprietary notices are included on the Software. Except as expressly authorized in this
Agreement, Customer shall not make any copies or duplicates of any Software without the prior written
permission of Cisco.
Open Source Content. Customer acknowledges that the Software contains open source or publicly
available content under separate license and copyright requirements which are located either in an
attachment to this license, the Software README file or the Documentation. Customer agrees to
comply with such separate license and copyright requirements.
Third Party Beneficiaries. Certain Cisco or Cisco affiliate suppliers are intended third party beneficiaries of this Agreement. The terms and conditions herein are made expressly for the benefit of and are
enforceable by Cisco’s suppliers; provided, however, that suppliers are not in any contractual relationship with Customer. Cisco’s suppliers include without limitation: (a) Hifn, Inc., a Delaware corporation
with principal offices at 750 University Avenue, Los Gatos, California and (b) Wind River Systems, Inc.,
and its suppliers. Additional suppliers may be provided in subsequent updates of Documentation
supplied to Customer.
Term and Termination. This Agreement and the license granted herein shall remain effective until
terminated. Customer may terminate this Agreement and the license at any time by destroying all
copies of Software and any Documentation. Customer’s rights under this Agreement will terminate
immediately without notice from Cisco if Customer fails to comply with any provision of this Agreement.
Cisco and its suppliers are further entitled to obtain injunctive relief if Customer’s use of the Software is
in violation of any license restrictions. Upon termination, Customer shall destroy all copies of Software
and Documentation in its possession or control. All confidentiality obligations of Customer and all limitations of liability and disclaimers and restrictions of warranty shall survive termination of this
Agreement. In addition, the provisions of the sections titled “U.S. Government End User Purchasers”
and “General Terms Applicable to the Limited Warranty Statement and End User License” shall survive
termination of this Agreement.
Customer Records. Customer grants to Cisco and its independent accountants the right to examine
Customer’s books, records and accounts during Customer’s normal business hours to verify compliance
with this Agreement. In the event such audit discloses non-compliance with this Agreement, Customer
shall promptly pay to Cisco the appropriate license fees, plus the reasonable cost of conducting the
audit.
Export. Software and Documentation, including technical data, may be subject to U.S. export control
laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to
export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re-export, or import
Software and Documentation. Customer’s failure to comply with such restrictions shall constitute a
material breach of the Agreement.
U.S. Government End User Purchasers. The Software and Documentation qualify as “commercial
items,” as that term is defined at Federal Acquisition Regulation (“FAR”) (48 C.F.R.) 2.101, consisting of
“commercial computer software” and “commercial computer software documentation” as such terms
are used in FAR 12.212. Consistent with FAR 12.212 and DoD FAR Supp. 227.7202-1 through
227.7202-4, and notwithstanding any other FAR or other contractual clause to the contrary in any
agreement into which this End User License Agreement may be incorporated, Customer may provide to
Government end user or, if this Agreement is direct, Government end user will acquire, the Software
and Documentation with only those rights set forth in this End User License Agreement. Use of either
the Software or Documentation or both constitutes agreement by the Government that the Software
and Documentation are “commercial computer software” and “commercial computer software documentation,” and constitutes acceptance of the rights and restrictions herein.
Limited WarrantyLimited Warranty
Hardware for 1000 Series Access Points. Cisco Systems, Inc., or the Cisco Systems, Inc. subsidiary
selling the Product (“Cisco”) warrants that commencing from the date of shipment to Customer (and in
4/1/05 Legal Information
OL-7426-02
case of resale by a Cisco reseller, commencing not more than ninety (90) days after original shipment
by Cisco), and continuing for a period of one (1) year, the Hardware will be free from defects in
material and workmanship under normal use. The date of shipment of a Product by Cisco is set forth on
the packaging material in which the Product is shipped. This limited warranty extends only to the
original user of the Product. Customer's sole and exclusive remedy and the entire liability of Cisco and
its suppliers under this limited warranty will be, at Cisco's or its service center's option, shipment of a
replacement within the warranty period and according to the replacement process described in the
Warranty Card (if any), or if no Warranty Card, as described at www.cisco.com/en/US/products/
prod_warranties_listing.html or a refund of the purchase price if the Hardware is returned to the party
supplying it to Customer, freight and insurance prepaid. Cisco replacement parts used in Hardware
replacement may be new or equivalent to new. Cisco's obligations hereunder are conditioned upon the
return of affected Hardware in accordance with Cisco's or its service center's then-current Return
Material Authorization (RMA) procedures.
Hardware for 4100 Series Wireless LAN Co ntrollers. Cisco Systems, Inc., or the Cisco Systems,
Inc. subsidiary selling the Product (“Cisco”) warrants that commencing from the date of shipment to
Customer (and in case of resale by a Cisco reseller, commencing not more than ninety (90) days after
original shipment by Cisco), and continuing for a period of ninety (90) days, the Hardware will be free
from defects in material and workmanship under normal use. The date of shipment of a Product by
Cisco is set forth on the packaging material in which the Product is shipped. This limited warranty
extends only to the original user of the Product. Customer's sole and exclusive remedy and the entire
liability of Cisco and its suppliers under this limited warranty will be, at Cisco's or its service center's
option, shipment of a replacement within the warranty period and according to the replacement process
described in the Warranty Card (if any), or if no Warranty Card, as described at www.cisco.com/en/US/
products/prod_warranties_listing.html or a refund of the purchase price if the Hardware is returned to
the party supplying it to Customer, freight and insurance prepaid. Cisco replacement parts used in
Hardware replacement may be new or equivalent to new. Cisco's obligations hereunder are conditioned
upon the return of affected Hardware in accordance with Cisco's or its service center's then-current
Return Material Authorization (RMA) procedures.
Software. Cisco warrants that commencing from the date of shipment to Customer (but in case of
resale by an authorized Cisco reseller, commencing not more than ninety (90) days after original
shipment by Cisco), and continuing for a period of the longer of (a) ninety (90) days or (b) the software
warranty period (if any) set forth in the warranty card accompanying the Product (if any): (a) the
media on which the Software is furnished will be free of defects in materials and workmanship under
normal use; and (b) the Software substantially conforms to its published specifications. The date of
shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped.
Except for the foregoing, the Software is provided AS IS. This limited warranty extends only to the
Customer who is the original licensee. Customer's sole and exclusive remedy and the entire liability of
Cisco and its suppliers and licensors under this limited warranty will be, at Cisco's option, repair,
replacement, or refund of the Software if reported (or, upon request, returned) to Cisco or the party
supplying the Software to Customer. In no event does Cisco warrant that the Software is error free or
that Customer will be able to operate the Software without problems or interruptions. In addition, due
to the continual development of new techniques for intruding upon and attacking networks, Cisco does
not warrant that the Software or any equipment, system or network on which the Software is used will
be free of vulnerability to intrusion or attack.
Restrictions. This warranty does not apply if the Software, Product or any other equipment upon
which the Software is authorized to be used (a) has been altered, except by Cisco or its authorized
representative, (b) has not been installed, operated, repaired, or maintained in accordance with
instructions supplied by Cisco, (c) has been subjected to abnormal physical or electrical stress, misuse,
negligence, or accident; or (d) is licensed, for beta, evaluation, testing or demonstration purposes for
which Cisco does not charge a purchase price or license fee.
Disclaimer of Warranty DISCLAIMER OF WARRANTY
EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED
4/1/05 Legal Information
OL-7426-02
WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
NON-INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, ACCURACY OF INFORMATIONAL CONTENT, OR ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE
PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE
EXPRESSLY DISCLAIMED BY CISCO, ITS SUPPLIERS AND LICENSORS. TO THE EXTENT AN
IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION
TO THE EXPRESS WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT
ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY. THIS WARRANTY GIVES CUSTOMER SPECIFIC LEGAL RIGHTS, AND
CUSTOMER MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of
its essential purpose.
General Terms Applicable to the Limited Warranty Statement and End User License AgreementGeneral Terms Applicable to the Limited Warranty Statement and End User License Agreement
Disclaimer of Liabilities. REGARDLESS WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS
ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL CISCO OR ITS SUPPLIERS BE LIABLE FOR
ANY LOST REVENUE, PROFIT, OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF
CAPITAL, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES
HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF
THE USE OF OR INABILITY TO USE SOFTWARE OR OTHERWISE AND EVEN IF CISCO OR ITS SUPPLIERS
OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall
Cisco's or its suppliers' or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave
rise to the claim or if the Software is part of another Product, the price paid for such other Product.
BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Customer agrees that the limitations of liability and disclaimers set forth herein will apply regardless of
whether Customer has accepted the Software or any other product or service delivered by Cisco.
Customer acknowledges and agrees that Cisco has set its prices and entered into this Agreement in
reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same
reflect an allocation of risk between the parties (including the risk that a contract remedy may fail of its
essential purpose and cause consequential loss), and that the same form an essential basis of the
bargain between the parties.
The Warranty and the End User License shall be governed by and construed in accordance with the laws
of the State of California, without reference to or application of choice of law rules or principles. The
United Nations Convention on the International Sale of Goods shall not apply. If any portion hereof is
found to be void or unenforceable, the remaining provisions of the Agreement shall remain in full force
and effect. Except as expressly provided herein, this Agreement constitutes the entire agreement
between the parties with respect to the license of the Software and Documentation and supersedes any
conflicting or additional terms contained in any purchase order or elsewhere, all of which terms are
excluded. This Agreement has been written in the English language, and the parties agree that the
English version will govern. For warranty or license terms which may apply in particular countries and
for translations of the above information please contact the Cisco Legal Department, 300 E. Tasman
Drive, San Jose, California 95134.
Additional Open Source Terms Additional Open Source Terms
GNU General Public License. Certain portions of the Software are licensed under and Customer’s use
of such portions are subject to the GNU General Public License version 2. A copy of the license is
available at www.fsf.org or by writing to licensing@fsf.org or the Free Software Foundation, 59 Temple
Place, Suite 330, Boston, MA 02111-1307. Source code governed by the GNU General Public License
4/1/05 Legal Information
OL-7426-02
version 2 is available upon written request to the Cisco Legal Department, 300 E. Tasman Drive, San
Jose, California 95134.
SSH Source Code Statement. © 1995 - 2004 SAFENET, Inc. This software is protected by international copyright laws. All rights reserved. SafeNet is a registered trademark of SAFENET, Inc., in the
United States and in certain other jurisdictions. SAFENET and the SAFENET logo are trademarks of
SAFENET, Inc., and may be registered in certain jurisdictions. All other names and marks are property
of their respective owners.
Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights
reserved.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Components of the software are provided under a standard 2-term BSD license with the following
names as copyright holders:
• Markus Friedl
• Theo de Raadt
• Niels Provos
• Dug Song
• Aaron Campbell
• Damien Miller
• Kevin Steves
Trademarks and Service MarksTrademarks and Service Marks
CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way
We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST,
BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Syste ms logo, Cisco Unity, Empowering the Inte rne t Ge neration , Enterprise/Solver,
EtherChannel, EtherFast, EtherSwitch, Fast Ste p, Fo rmShare , Gig aDr ive , GigaStack, HomeL ink, Intern et Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCas t, SMARTnet, StrataView
Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, Tran sPath, and VCO are registered trad emarks of
Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (0501R)
4/1/05 Legal Information
OL-7426-02
Obtaining DocumentationObtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
Cisco.comCisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVDDocumentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which
may have shipped with your product. The Documentation DVD is updated regularly and may be more
current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product
number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering DocumentationOrdering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation
from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
• Nonregistered Cisco.com users can order documentation through a local account representative
by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or,
elsewhere in North America, by calling 1 800 553-NETS (6387).
4/1/05 Obtaining Documentation
OL-7426-02
Documentation FeedbackDocumentation Feedbac k
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security OverviewCisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
• From this site, you can perform these tasks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product
Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco ProductsReporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release
them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a
vulnerability in a Cisco product, contact PSIRT:
• Emergencies — security-alert@cisco.com
• Nonemergencies — psirt@cisco.com
Tip: We encourage you to use Pretty Good Privacy (PGP) or a compatible product to
encrypt any sensitive information that you send to Cisco. PSIRT can work from
encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
4/1/05 Documentation Feedback
OL-7426-02
Obtaining Technical AssistanceObtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco
Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical
Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical
Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service
contract, contact your reseller.
Cisco Technical Support WebsiteCisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and
resolving technical issues with Cisco products and technologies. The website is available 24 hours a
day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password.
If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note: Use the Cisco Product Identification (CPI) tool to locate your product serial
number before submitting a web or phone request for service. You can access the
CPI tool from the Cisco Technical Support Website by clicking the Tools &
Resources link under Documentation & Tools. Choose Cisco Product Identifica-
tion Tool from the Alphabetical Index drop-down list, or click the Cisco Product
Identification Tool link under Alerts & RMAs. The CPI tool offers three search
options: by product ID or model name; by tree view; or for certain products, by
copying and pasting show command output. Search results show an illustration of
your product with the serial number label location highlighted. Locate the serial
number label on your product and record the information before placing a service
call.
Submitting a Service RequestSubmitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request
is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely
degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep
your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
4/1/05 Obtaining Technical Assistance
OL-7426-02
Definitions of Service Request SeverityDefinitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
• Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business opera-
tions. You and Cisco will commit all necessary resources around the clock to resolve the
situation.
• Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects
of your business operation are negatively affected by inadequate performance of Cisco
products. You and Cisco will commit full-time resources during normal business hours to
resolve the situation.
• Severity 3 (S3)—Operational performance of your network is impaired, but most business
operations remain functional. You and Cisco will commit resources during normal business
hours to restore service to satisfactory levels.
• Severity 4 (S4)—You require information or assistance with Cisco product capabilities, instal-
lation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and InformationObtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise.
Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
• Cisco Press publishes a wide range of general networking, training and certification titles. Both
new and experienced users will benefit from these publications. For current Cisco Press titles
and other information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and
networking investments. Each quarter, Packet delivers coverage of the latest industry trends,
technology breakthroughs, and Cisco products and solutions, as well as network deployment
and troubleshooting tips, configuration examples, customer case studies, certification and
training information, and links to scores of in-depth online resources. You can access Packet
magazine at this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing
companies learn how they can use technology to increase revenue, streamline their business,
and expand services. The publication identifies the challenges facing these companies and the
technologies to help solve them, using real-world case studies and business strategies to help
readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html
4/1/05 Obtaining Additional Publications and Information
OL-7426-02
FCC Statements for Cisco 1000 Series Lightweight Access PointsFCC Statements for Cisco 1000
Series Lightweight Access Points
This section includes the following FCC statements for Cisco 1000 Series lightweight access points:
• Class A Statement
• RF Radiation Hazard Warning
• Non-Modification Statement
• Deployment Statement
Class A StatementClass A Statement
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense. [cfr reference 15.105]
RF Radiation Hazard WarningRF Radiation Hazard Warning
To ensure compliance with FCC RF exposure requirements, this device must be installed in a location
such that the antenna of the device will be greater than 20 cm (8 in.) from all persons. Using higher
gain antennas and types of antennas not covered under the FCC certification of this product is not
allowed.
Installers of the radio and end users of the Cisco Structured Wireless-Aware Network must adhere to
the installation instructions provided in this manual.
Non-Modification StatementNon-Modification Statement
Use only the supplied internal antenna, or external antennas supplied by the manufacturer. Unauthorized antennas, modifications, or attachments could damage the badge and could violate FCC
regulations and void the user’s authority to operate the equipment.
Note: Refer to the Cisco SWAN Release Notes for 802.11a external antenna informa-
tion. Contact Cisco for a list of FCC-approved 802.11a and 802.11b/g external
antennas.
Deployment StatementDeployment Statement
This product is certified for indoor deployment only. Do not install or use this product outdoors.
4/1/05 FCC Statements for Cisco 1000 Series Lightweight Access Points
OL-7426-02
Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
This device has been designed to operate with antennae having maximum gains of 7.8 dBi (2.4 GHz)
and 7.4 dBi (5 GHz).
Antennae having higher gains is strictly prohibited per regulations of Industry Canada. The required
antenna impedance is 50 ohms.
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen
that the equivalent isotropically radiated power (EIRP) is not more than that required for successful
communication.
Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
4/1/05 Industry Canada Required User Information for Cisco 1000 Series Lightweight
Access Points
OL-7426-02
FCC Statements for Cisco 4100 Series Wireless LAN ControllersFCC Statements for Cisco 4100 Se rie s
Wireless LAN Controllers
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense. [cfr reference 15.105]
4/1/05 FCC Statements for Cisco 4100 Series Wireless LAN Controllers
OL-7426-02
FCC Statements for Cisco 2000 Series Wireless LAN ControllersFCC Statements for Cisco 2000 Se rie s
Wireless LAN Controllers
This equipment has been tested and found to comply with the limits for a Class B digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instructions, may
cause harmful interference to radio communications. However, there is no guarantee that interference
will not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
• Consult the dealer or an experienced radio/TV technician for help. [cfr reference 15.105]
4/1/05 FCC Statements for Cisco 2000 Series Wireless LAN Controllers
OL-7426-02
Safety ConsiderationsSafety Considerations
• The AIR-WLC4112-K9, AIR-WLC4124-K9, and AIR-WLC4136-K9 Cisco 4100 Series Wireless
LAN Controllers contain Class 1 Lasers (Laser Klasse 1) according to EN 60825-1+A1+A2.
• The Cisco 1000 Series lightweight access points with or without external antenna ports are only
intended for installation in Environment A as defined in IEEE 802.3af. All interconnected
equipment must be contained within the same building including the interconnected
equipment's associated LAN connections.
• For Cisco 1000 Series lightweight access points provided with optional external antenna ports,
be sure that all external antennas and their associated wiring are located entirely indoors. Cisco
1000 Series lightweight access points and their optional external antennas are not suitable for
outdoor use.
• Be sure that plenum-mounted Cisco 1000 Series lightweight access points are powered using
Power over Ethernet (PoE) to comply with safety regulations.
• For Cisco Wireless LAN Controllers, verify that the ambient temperature remains between 0 to
40° C (32 to 104° F), taking into account the elevated temperatures when installed in a rack.
• When multiple Cisco Wireless LAN Controllers are mounted in an equipment rack, be sure that
the power source is sufficiently rated to safety run all of the equipment in the rack.
• Verify the integrity of the ground before installing Cisco Wireless LAN Controllers in an
equipment rack with other equipment.
• Suitable for use in environmental air space in accordance with Section 300.22.C of the National
Electrical Code, and Sections 2-128, 12-010(3) and 12-100 of the Canadian Electrical Code,
Part 1, C22.1.
4/1/05 Safety Considerations
OL-7426-02
Notes:Notes
4/1/05 Notes
OL-7426-02
Table of Contents
Table of Contents
Welcome to the Product Guide!
Legal Information
Products iii
End User License Agreement iii
Limited Warranty v
Disclaimer of Warranty vi
General Terms Applicable to the Limited Warranty S tatement and End User License Agreement vii
Additional Open Source Terms vii
Trademarks and Service Marks viii
Obtaining Documentation
Cisco.com ix
Documentation DVD ix
Ordering Documentation ix
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products x
Obtaining Technical Assistance
Cisco Technical Support Website xi
Submitting a Service Request xi
Definitions of Service Request Severity xii
Obtaining Additional Publications and Information
FCC Statements for Cisco 1000 Series Lightweight Access Points
Class A Statement xiii
RF Radiation Hazard Warning xiii
Non-Modification Statement xiii
Deployment Statement xiii
Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
FCC Statements for Cisco 4100 Series Wireless LAN Controllers
FCC Statements for Cisco 2000 Series Wireless LAN Controllers
Safety Considerations
OVERVIEWS
About the Cisco Structured Wireless-Aware Network
Single-Cisco Wireless LAN Controller Deployments 5
Multiple-Cisco Wireless LAN Controller Deployments 6
About the Operating System Software 7
About Operating System Security 7
About Cisco SWAN Wired Security 8
Layer 2 and Layer 3 LWAPP Operation 9
Operational Requirements 9
Configuration Requirements 9
About Radio Resource Management (RRM) 9
About the Master Cisco Wireless LAN Controller 10
About the Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers 11
About Client Roaming 11
Same-Cisco Wireless LAN Controller (Layer 2) Roaming 11
4/1/05 Table of Contents
OL-7426-02
Inter-Cisco Wireless LAN Controller (Layer 2) Roaming 11
Inter-Subnet (Layer 3) Roaming 12
Special Case: Voice Over IP Telephone Roaming 12
About Client Location 12
About External DHCP Servers 12
Per-WLAN Assignment 13
Per-Interface Assignment 13
Security Considerations 13
About Controller Mobility Groups 13
About Cisco SWAN Wired Connections 15
Between Cisco Wireless LAN Controllers and Cisco 1000 Series Lightweight Access Points 15
Between Cisco 4100 Series Wireless LAN Controllers and Other Network Devices 15
About Cisco SWAN WLANs 15
About Access Control Lists 16
About Identity Networking 16
About File Transfers 17
About Power Over Ethernet 17
Pico Cell Functionality 17
Intrusion Detection Service (IDS) 18
About Cisco Wireless LAN Controllers
About Cisco 2000 Series Wireless LAN Controllers 20
Cisco 4100 Series Wireless LAN Controllers 20
Cisco Wireless LAN Controller Features 20
Cisco 2000 Series Wireless LAN Controller Model Numbers 22
Cisco 4100 Series Wireless LAN Controller Model Numbers 22
Appliance Mode 23
About Distribution System Ports 23
About the Management Interface 24
About the AP-Manager Interface 25
About Operator-Defined Interfaces 25
About the Virtual Interface 26
About the Service Port 26
About the Service-Port Interface 26
About the Startup Wizard 27
About Cisco Wireless LAN Controller Memory 27
Cisco Wireless LAN Controller Failover Protection 28
Cisco Wireless LAN Controller Automatic Time Setting 29
Cisco Wireless LAN Controller Time Zones 29
Network Connection to Cisco Wireless LAN Controllers 29
Cisco 2000 Series Wireless LAN Controllers 29
Cisco 4100 Series Wireless LAN Controllers 30
VPN/Enhanced Security Module 31
About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points
About Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points 34
About Cisco 1000 Series Lightweight Access Point Models 36
About Cisco 1000 Series Lightweight Access Point External and Internal Antennas 36
External Antenna Connectors 37
Antenna Sectorization 37
802.11a Internal Antenna Patterns 37
802.11b/g Internal Antenna Patterns 40
About Cisco 1000 Series Lightweight Access Point LEDs 41
About Cisco 1000 Series Lightweight Access Point Connectors 42
4/1/05 Table of Contents
OL-7426-02
About Cisco 1000 Series Lightweight Access Point Power Requirements 43
About Cisco 1000 Series Lightweight Access Point External Power Supply 44
About Cisco 1000 Series Lightweight Access Point Mounting Options 44
About Cisco 1000 Series Lightweight Access Point Physical Security 44
About Cisco 1000 Series Lightweight Access Point Monitor Mode 45
About Rogue Access Points
Rogue AP Location, Tagging and Containment 46
About the Cisco Wireless Control System
About the Cisco Wireless Control System 49
About the Cisco Wireless Control System with Location Services 50
About the Cisco WCS User Interface 50
About Cisco Wireless LAN Controller Autodiscovery 50
About Cisco WCS Alarm Email Notification 51
About Cisco WCS Location Calibration 51
About the Web User Interface
About the Command Line Interface
SOLUTIONS
Operating System Security
Overview 56
Layer 1 Solutions 56
Layer 2 Solutions 56
Layer 3 Solutions 57
Single Point of Configuration Policy Manager Solutions 57
Rogue Access Point Solutions 57
Rogue Access Point Challenges 57
Tagging and Containing Rogue Access Po ints 57
Integrated Security Solutions 58
Simple, Cost-Effective Solutions 58
Converting a Cisco SWAN from Layer 2 to Layer 3 Mode
Using the Web User Interface 59
Using the Cisco WCS User Interface 61
Converting a Cisco SWAN from Layer 3 to Layer 2 Mode
Using the Web User Interface 64
Using the Cisco WCS User Interface 64
Configuring a Firewall for Cisco WCS
Configuring the System for SpectraLink NetLink Telephones
Using the Command Line Interface 67
Using the Web User Interface 67
Using the Cisco Wireless Control System 68
Using Management over Wireless
Using the Command Line Interface 70
Using the Web User Interface 70
Configuring a WLAN for a DHCP Server
Using the Command Line Interface 71
Using the Web User Interface 71
Customizing the Web Auth Login Screen
Default Web Auth Operation 72
Customizing Web Auth Operation 74
Clearing and Restoring the Cisco SWAN Logo 74
4/1/05 Table of Contents
OL-7426-02
Changing the Web Title 74
Changing the Web Message 75
Changing the Logo 75
Creating a Custom URL Redirect 76
Verifying your Web Auth Changes 77
Sample Customized Web Auth Login Page 77
Configuring Identity Networking for Operating System 2.2
RADIUS Attributes 79
TASKS
Using the Cisco SWAN CLI
Logging Into the CLI 85
Using a Local Serial Connection 85
Using a Remote Ethernet Connection 86
Logging Out of the CLI 87
CLI Tree Structure 88
Navigating the CLI 88
Viewing Network Status 89
Configuring Cisco Wireless LAN Controllers
Collecting Cisco Wireless LAN Controller Parameters 90
Configuring System Parameters 91
Time and Date 91
Country 91
Supported 802.11a and 802.11b/g Protocols 92
Users and Passwords 93
Configuring Cisco Wireless LAN Controller Interfaces 93
Verifying and Changing the Management Interface 94
Creating and Assigning the AP-Manager Interface 94
Creating, Assigning and Deleting Operator-Defined Interfaces 95
Verifying and Changing the Virtual Interface 96
Enabling Web and Secure Web Modes 97
Configuring Spanning Tree Protocol 97
Creating Access Control Lists 98
Configuring WLANs 98
WLANs 98
VLANs 100
Layer 2 Security 100
Layer 3 Security 102
Local Netuser 104
Quality of Service 104
Activating WLANs 105
Configuring Controller Mobility Groups 105
Configuring RADIUS 105
Configuring SNMP 106
Configuring Other Ports and Parameters 106
Service Port 107
Radio Resource Management (RRM) 107
Serial (CLI Console) Port 107
802.3x Flow Control 107
System Logging 107
Adding SSL to the Web User Interface 107
Locally Generated Certificate 108
Externally Generated Certificate 108
4/1/05 Table of Contents
OL-7426-02
Transferring Files To and From a Cisco Wireless LAN Controller 110
Updating the Operating System Software 111
Using the Startup Wizard 113
Adding SSL to the Web User Interface 114
Locally Generated Certificate 114
Externally Generated Certificate 115
Adding SSL to the 802.11 Interface 117
Locally Generated Certificate 117
Externally Generated Certificate 118
Saving Configurations 119
Clearing Configurations 120
Erasing the Cisco Wireless LAN Controller Configuration 120
Resetting the Cisco Wireless LAN Controller 121
Using the Cisco Wireless Control System
Starting and Stopping Windows Cisco WCS
Starting Cisco WCS as a Windows Application 124
Starting Cisco WCS as a Windows Service 124
Stopping the Cisco WCS Windows Application 126
Stopping the Cisco WCS Windows Service 126
Checking the Cisco WCS Windows Service Status 126
Starting and Stopping Linux Cisco WCS
Starting the Linux Cisco WCS Application 128
Stopping the Linux Cisco WCS Application 128
Checking the Linux Cisco WCS Status 128
Starting and Stopping the Cisco WCS Web Interface
Starting a Cisco WCS User Interface 130
Stopping a Cisco WCS User Interface 131
Manually Stopping the Cisco WCS User Interface 131
Cisco WCS Shutdown Stopping the Cisco WCS User Interface 131
Using Cisco WCS
Checking the Cisco SWAN Network Summary 132
Adding a Cisco Wireless LAN Controller to Cisco WCS 133
Creating an RF Calibration Model 137
Adding a Campus Map to the Cisco WCS Database 137
Adding a Building to a Campus 139
Adding a Standalone Building to the Cisco WCS Database 143
Adding an Outdoor Area to a Campus 145
Adding Floor Plans to a Campus Building 148
Adding Floor Plans to a Standalone Building 153
Adding APs to Floor Plan and Outdoor Area Maps 157
Monitoring Predicted Coverage (RSSI) 163
Monitoring Channels on Floor Map 164
Monitoring Transmit Power Levels on a Floor Map 164
Monitoring Coverage Holes on a Floor Map 165
Monitoring Users on a Floor Map 165
Monitoring Clients From a Floor Map 166
Troubleshooting with Cisco WCS
Detecting and Locating Rogue Access Points 167
Acknowledging Rogue APs 171
Locating Clients 171
Finding Coverage Holes 172
4/1/05 Table of Contents
OL-7426-02
Pinging a Network Device from a Cisco Wireless LAN Controller 173
Viewing Current Cisco Wireless LAN Controller Status and Configurations 173
Viewing Cisco WCS Statistics Reports 173
Updating OS Software from Cisco WCS 174
Managing Cisco WCS and Database 175
Installing Cisco WCS 176
Updating Windows Cisco WCS 176
Updating Linux Cisco WCS 178
Reinitializing the Windows Cisco WCS Database 180
Reinitializing the Linux Cisco WCS Database 180
Administering Cisco WCS Users and Passwords 180
Adding User Accounts 181
Changing Passwords 181
Deleting User Accounts 182
Using the Web User Interface
Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller 184
Adding CA Certificates to a Cisco Wireless LAN Controller 184
Adding ID Certificates to a Cisco Wireless LAN Controller 185
Troubleshooting Tips
Using Error Messages 186
Using Client Reason and Status Codes in the Trap Log 189
Client Reason Codes 189
Client Status Codes 190
Using Cisco 1000 Series Lightweight Access Point LEDs 190
REFERENCES
Glossary
Cisco SWAN Supported Country Codes
4/1/05
OL-7426-02
OVERVIEWSOVERVIEWS
Refer to the following for information about the Product Guide and other high-level subjects:
• About the Cisco Structured Wireless-Aware Network
- About the Cisco Structured Wireless-Aware Network
- Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments
- Multiple-Cisco Wireless LAN Controller Deployments
- Operating System Software
- Operating System Security
- Cisco SWAN Wired Security
- Layer 2 and Layer 3 LWAPP Operation
- Radio Resource Management (RRM)
- Master Cisco Wireless LAN Controller
- Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers
- Client Roaming
- Client Location
- External DHCP Servers
- Controller Mobility Group
- Cisco SWAN Wired Connections
- Cisco SWAN WLANs
- Identity Networking
- Transferring Files
- Power Over Ethernet
- Pico Cell Functionality
- Intrusion Detection Service (IDS)
• Cisco Wireless LAN Controllers
• Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points
• Rogue Access Points
• Cisco Wireless Control System
- Cisco Wireless Control System
- Cisco Wireless Control System with Location Services
- Cisco WCS User Interface
- Cisco Wireless LAN Controller Autodiscovery
- Cisco WCS Alarm Email Notification
- Cisco WCS Location Calibration
3/11/05 © 2005 All Rights Reserved.
OL-7426-02
• Web User Interface
• Command Line Interface
3/11/05 OVERVIEWS
OL-7426-02
About the Cisco Structured Wireless-Aware NetworkAbout the Cisco Structured Wireless-Aware Network
The Cisco Structured Wireless-Aware Network is designed to provide 802.11 wireless networking
solutions for enterprises and service providers. The Cisco SWAN simplifies deploying and managing
large-scale wireless LANs and enables a unique best-in-class security infrastructure. The Operating
System manages all data client, communications, and system administration functions, performs Radio
Resource Management (RRM) functions, manages system-wide mobility policies using the Operating
System Security solution, and coordinates all security functions using the Operating System Security
framework.
The Cisco SWAN consists of:
• Cisco Wireless LAN Controllers:
- Cisco 2000 Series Wireless LAN Controllers
- Cisco 4100 Series Wireless LAN Controllers
• Cisco 1000 Series IEEE 802.11a/b/g lightweight access points (Cisco 1000 Series IEEE
802.11a/b/g Lightweight Access Points) controlled by the Operating System, all managed by
any or all of the Operating System user interfaces.
• An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco Wireless LAN
Controllers, running on any workstation with a supported Web browser can be used to configure
and monitor individual Cisco Wireless LAN Controllers. See the Web User Interface section.
• A full-featured CLI (command line interface) can be used to configure and monitor individual
Cisco Wireless LAN Controllers. Refer to the Command Line Interface section.
• The Cisco Wireless Control System uses the Cisco WCS User Interface:
- Cisco Wireless Control System (Cisco Wireless Control System)
- Cisco Wireless Control System with Location Services (Cisco Wireless Control System
with Location Services)
is used to configure and monitor one or more Cisco Wireless LAN Controllers and associated
Cisco 1000 Series lightweight access points, and has tools to facilitate large-system monitoring
and control. The Cisco Wireless Control System runs on Windows 2000, Windows 2003, and
Red Hat Enterprise Linux ES Server workstations.
• An industry-standard SNMP V1, V2c, and V3 interface can be used with any SNMP-compliant
third-party network management system.
The Cisco SWAN supports client data services, client monitoring and control, and all Rogue AP detection, monitoring and containment functions. The Cisco SWAN uses Cisco 1000 Series lightweight access
points, and optional Cisco Wireless Control System or Cisco Wireless Control System with Location
Services to provide wireless services to enterprises and service providers.
The following figure shows the Cisco SWAN components, which can be simultaneously deployed across
multiple floors and buildings.
Note: This document refers to Cisco Wireless LAN Controllers throughout. Refer to
the Cisco 2000 Series Wireless LAN Controllers and Cisco Wireless LAN Controllers
sections for more information.
3/11/05 About the Cisco Structured Wireless-Aware Network
OL-7426-02
Figure - Cisco SWAN Components
The Product Guide uses unique software to provide WLAN access for wireless clients and to simultaneously provide an active wireless access control system that protects your wired and wireless
infrastructure from negligent and malicious wireless attacks. The Cisco SWAN uses the following
components:
• Cisco Wireless LAN Controllers:
- Cisco 2000 Series Wireless LAN Controllers
- Cisco 4100 Series Wireless LAN Controllers
• Cisco 1000 Series IEEE 802.11a/b/g lightweight access points, described in Cisco 1000 Series
IEEE 802.11a/b/g Lightweight Access Points.
• Cisco 1030 remote edge lightweight access points, described in Cisco 1030 IEEE 802.11a/b/g
Remote Edge Lightweight Access Points.
• Operating System Software Software which provides all the Data and intrusion detection
features and functions while operating the Cisco Wireless LAN Controllers and Cisco 1000 Series
lightweight access points.
• Cisco Wireless Control System, or which manages the Cisco SWAN, and which provides location
to the nearest Cisco 1000 Series lightweight access point.
• Cisco Wireless Control System with Location Services, which manages the Cisco SWAN, and
which provides location to within ten meters.
The Cisco SWAN provides wireless access services to data clients and provides intrusion protection. As
such, it supports the full suite of Cisco Structured Wireless-Aware Network features and functions.
Refer to the following for more information:
• Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments
• Multiple-Cisco Wireless LAN Controller Deployments
• Operating System Software
• Operating System Security
• Cisco SWAN Wired Security
3/11/05 About the Cisco Structured Wireless-Aware Network
OL-7426-02
• Layer 2 and Layer 3 LWAPP Operation
• Radio Resource Management (RRM)
- Master Cisco Wireless LAN Controller
- Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers
- Client Roaming
- External DHCP Servers
- Controller Mobility Group
- Cisco SWAN Wired Connections
- Cisco SWAN WLANs
- Transferring Files
- Power Over Ethernet
• Cisco Wireless LAN Controllers
• Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points
• Rogue Access Points
• Cisco Wireless Control System
- Cisco WCS User Interface
- Cisco Wireless LAN Controller Autodiscovery
• Web User Interface
• Command Line Interface
Single-Cisco Wireless LAN Controller DeploymentsSingle-Cisco Wireless LAN Controller Wireless LAN Controller Deployments
As described in About the Cisco Structured Wireless-Aware Network, a standalone Cisco Wireless LAN
Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings
simultaneously, and supports the following features:
• Autodetecting and autoconfiguring Cisco 1000 Series lightweight access points as they are
added to the network, as described in Radio Resource Management (RRM).
• Full control of Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points.
• Real-time control of system-wide WLAN Web, 802.1X, and IPSec security policies.
• Full control of up to 16 Cisco 1000 Series lightweight access point WLAN (SSID) policies, as
described in the Cisco 4100 Series Wireless LAN Controller Quick Start Guide
The following figures show a typical single Cisco Wireless LAN Controller deployed in Appliance Mode
• Cisco 1000 Series lightweight access points connect to Cisco Wireless LAN Controllers through
the network. The network equipment may or may not provide Power Over Ethernet to the
access points.
Note: Cisco Wireless LAN Controllers can connect through the Management Interface
to multiple subnets in the Network. This can be helpful, for instance, when Network
operators want to confine multiple VLANs to separate subnets using Oper-
ator-Defined Interfaces.
Note that the Cisco 4100 Series Wireless LAN Controller uses two redundant GigE connections
to bypass single network failures. At any given time one of the Cisco 4100 Series Wireless LAN
.
.
3/11/05 Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments
OL-7426-02
Controller GigE connections is active and the other is passive. Upon a network failure, the
active connection becomes passive, and the passive connection becomes active.
Figure - Typical Cisco Wireless LAN Controller Deployment
Multiple-Cisco Wireless LAN Controller DeploymentsMultiple-Cisco Wireless LAN Controller Deployments
Each Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across
multiple floors and buildings simultaneously. Similarly, each Cisco Wireless LAN Controller can support
Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously.
However, full functionality of the Cisco SWAN is realized when it includes multiple Cisco Wireless LAN
Controllers. That is, a multiple-Cisco Wireless LAN Controller system has the following additional
features over a single-Cisco Wireless LAN Controller deployment:
• Autodetecting and autoconfiguring Cisco Wireless LAN Controller RF parameters as the Cisco
Wireless LAN Controllers are added to the network, as described in Radio Resource
Management (RRM).
• Same-Cisco Wireless LAN Controller (Layer 2) Roaming and Inter-Subnet (Layer 3) Roaming.
• Automatic Cisco 1000 Series lightweight access point failover to any redundant Cisco Wireless
LAN Controller with unused ports (refer to Cisco Wireless LAN Controller Failover Protection
The following figure shows a typical multiple-Cisco Wireless LAN Controller deployment, with the Cisco
Wireless LAN Controllers in Appliance Mode. The figure also shows an optional dedicated Service
Network, and the three physical connection types between the network and the Cisco Wireless LAN
Controllers, as further described in Network Connection to Cisco Wireless LAN Controllers
.
).
Note: Cisco Wireless LAN Controllers can connect through the Management Interface
to multiple subnets in the Network. This can be helpful, for instance, when Network
operators want to confine multiple VLANs to separate subnets using Oper-
ator-Defined Interfaces.
3/11/05 Multiple-Cisco Wireless LAN Controller Deployments
OL-7426-02
Loading...