Cisco Systems 102057 User Manual

Welcome to the Product Guide!

Cisco SWAN 2.2: Last Updated April 1, 2005

The Product Guide describes the Cisco SWAN products.

Refer to the OVERVIEWS section to see a big picture view of Cisco SWAN products and features.

See the SOLUTIONS section to look through real-world network and applicationspecific solutions to real-world problems.

Go to the TASKS section to find detailed instructions on how to install, configure, use, and troubleshoot Cisco SWAN products and supported 802.11 networks.

Visit the REFERENCES section to find technical information, such as the Glossary, Supported Country Codes, CLI Reference, Web User Interface Online Help files, Cisco WCS Online Help files, Cisco 1000 Series Lightweight Access Point Deployment Guide, Hardware and Software Quick Start Guides, and pointers to the current Release Notes.

FCC Statements for Cisco 4100 Series Wireless LAN Controllers FCC Statements for Cisco 2000 Series Wireless LAN Controllers FCC Statements for Cisco 1000 Series Lightweight Access Points

Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points Legal Information

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

4/1/05	© 2005 All Rights Reserved.
OL-7426-02

Obtaining Additional Publications and Information

Cisco SWAN Release Notes

Cisco WCS Release Notes

4/1/05	Product Guide
OL-7426-02

Legal Information

This section includes the following legal information:

•Products

•End User License Agreement

•Limited Warranty

•General Terms Applicable to the Limited Warranty Statement and End User License Agreement

•Additional Open Source Terms

•Trademarks and Service Marks

The following describes the Cisco Systems, Inc. standard Product Warranty for End Customers.

Products

•Cisco 2000 Series Wireless LAN Controllers

•Cisco 4100 Series Wireless LAN Controllers

•Cisco 1000 Series IEEE 802.11a/b/g lightweight access points

End User License Agreement

IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY. DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.

CISCO IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. BY DOWNLOADING OR INSTALLING THE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT (COLLECTIVELY, “CUSTOMER”) TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN CISCO IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND (A) DO NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND, OR, IF THE SOFTWARE IS SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE ORIGINAL END USER PURCHASER.

The following terms of this End User License Agreement (“Agreement”) govern Customer’s access and use of the Software, except to the extent (a) there is a separate signed agreement between Customer and Cisco governing Customer’s use of the Software or (b) the Software includes a separate “click-accept” license agreement as part of the installation and/or download process. To the extent of a conflict between the provisions of the foregoing documents, the order of precedence shall be (1) the signed agreement, (2) the click-accept agreement, and (3) this End User License Agreement.

License. Conditioned upon compliance with the terms and conditions of this Agreement, Cisco Systems, Inc. or its subsidiary licensing the Software instead of Cisco Systems, Inc. (“Cisco”), grants to Customer a nonexclusive and nontransferable license to use for Customer’s internal business purposes the Software and the Documentation for which Customer has paid the required license fees. “Documentation” means written information (whether contained in user or technical manuals, training materials, specifications or otherwise) specifically pertaining to the Software and made available by Cisco with the Software in any manner (including on CD-ROM, or on-line).

Customer’s license to use the Software shall be limited to, and Customer shall not use the Software in excess of, a single hardware chassis or card or that number of agent(s), concurrent users, sessions, IP

4/1/05	Legal Information
OL-7426-02

addresses, port(s), seat(s), server(s) or site(s), as set forth in the applicable Purchase Order which has been accepted by Cisco and for which Customer has paid to Cisco the required license fee.

Unless otherwise expressly provided in the Documentation, Customer shall use the Software solely as embedded in, for execution on, or (where the applicable documentation permits installation on non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer and used for Customer’s internal business purposes. NOTE: For evaluation or beta copies for which Cisco does not charge a license fee, the above requirement to pay license fees does not apply.

General Limitations. This is a license, not a transfer of title, to the Software and Documentation, and Cisco retains ownership of all copies of the Software and Documentation. Customer acknowledges that the Software and Documentation contain trade secrets of Cisco, its suppliers or licensors, including but not limited to the specific internal design and structure of individual programs and associated interface information. Accordingly, except as otherwise expressly provided under this Agreement, Customer shall have no right, and Customer specifically agrees not to:

(i)transfer, assign or sublicense its license rights to any other person or entity, or use the Software on unauthorized or secondhand Cisco equipment, and Customer acknowledges that any attempted transfer, assignment, sublicense or use shall be void;

(ii)make error corrections to or otherwise modify or adapt the Software or create derivative works based upon the Software, or permit third parties to do the same;

(iii)reverse engineer or decompile, decrypt, disassemble or otherwise reduce the Software to human-readable form, except to the extent otherwise expressly permitted under applicable law notwithstanding this restriction;

(iv)use or permit the Software to be used to perform services for third parties, whether on a service bureau or time sharing basis or otherwise, without the express written authorization of Cisco; or

(v)disclose, provide, or otherwise make available trade secrets contained within the Software and Documentation in any form to any third party without the prior written consent of Cisco. Customer shall implement reasonable security measures to protect such trade secrets; or

(vi)use the Software to develop any software application intended for resale which employs the Software.

To the extent required by law, and at Customer's written request, Cisco shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of Cisco's applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Cisco makes such information available. Customer is granted no implied licenses to any other intellectual property rights other than as specifically granted herein.

Software, Upgrades and Additional Copies. For purposes of this Agreement, “Software” shall include (and the terms and conditions of this Agreement shall apply to) computer programs, including firmware, as provided to Customer by Cisco or an authorized Cisco reseller, and any upgrades, updates, bug fixes or modified versions thereto (collectively, “Upgrades”) or backup copies of the Software licensed or provided to Customer by Cisco or an authorized Cisco reseller. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE FOR THE UPGRADE OR ADDITIONAL COPIES; (2) USE OF UPGRADES IS LIMITED TO CISCO EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED; AND (3) THE MAKING AND USE OF ADDITIONAL COPIES IS LIMITED TO NECESSARY BACKUP PURPOSES ONLY.

Proprietary Notices. Customer agrees to maintain and reproduce all copyright and other proprietary notices on all copies, in any form, of the Software in the same form and manner that such copyright

4/1/05	Legal Information
OL-7426-02

and other proprietary notices are included on the Software. Except as expressly authorized in this Agreement, Customer shall not make any copies or duplicates of any Software without the prior written permission of Cisco.

Open Source Content. Customer acknowledges that the Software contains open source or publicly available content under separate license and copyright requirements which are located either in an attachment to this license, the Software README file or the Documentation. Customer agrees to comply with such separate license and copyright requirements.

Third Party Beneficiaries. Certain Cisco or Cisco affiliate suppliers are intended third party beneficiaries of this Agreement. The terms and conditions herein are made expressly for the benefit of and are enforceable by Cisco’s suppliers; provided, however, that suppliers are not in any contractual relationship with Customer. Cisco’s suppliers include without limitation: (a) Hifn, Inc., a Delaware corporation with principal offices at 750 University Avenue, Los Gatos, California and (b) Wind River Systems, Inc., and its suppliers. Additional suppliers may be provided in subsequent updates of Documentation supplied to Customer.

Term and Termination. This Agreement and the license granted herein shall remain effective until terminated. Customer may terminate this Agreement and the license at any time by destroying all copies of Software and any Documentation. Customer’s rights under this Agreement will terminate immediately without notice from Cisco if Customer fails to comply with any provision of this Agreement. Cisco and its suppliers are further entitled to obtain injunctive relief if Customer’s use of the Software is in violation of any license restrictions. Upon termination, Customer shall destroy all copies of Software and Documentation in its possession or control. All confidentiality obligations of Customer and all limitations of liability and disclaimers and restrictions of warranty shall survive termination of this Agreement. In addition, the provisions of the sections titled “U.S. Government End User Purchasers” and “General Terms Applicable to the Limited Warranty Statement and End User License” shall survive termination of this Agreement.

Customer Records. Customer grants to Cisco and its independent accountants the right to examine Customer’s books, records and accounts during Customer’s normal business hours to verify compliance with this Agreement. In the event such audit discloses non-compliance with this Agreement, Customer shall promptly pay to Cisco the appropriate license fees, plus the reasonable cost of conducting the audit.

Export. Software and Documentation, including technical data, may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re-export, or import Software and Documentation. Customer’s failure to comply with such restrictions shall constitute a material breach of the Agreement.

U.S. Government End User Purchasers. The Software and Documentation qualify as “commercial items,” as that term is defined at Federal Acquisition Regulation (“FAR”) (48 C.F.R.) 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in FAR 12.212. Consistent with FAR 12.212 and DoD FAR Supp. 227.7202-1 through 227.7202-4, and notwithstanding any other FAR or other contractual clause to the contrary in any agreement into which this End User License Agreement may be incorporated, Customer may provide to Government end user or, if this Agreement is direct, Government end user will acquire, the Software and Documentation with only those rights set forth in this End User License Agreement. Use of either the Software or Documentation or both constitutes agreement by the Government that the Software and Documentation are “commercial computer software” and “commercial computer software documentation,” and constitutes acceptance of the rights and restrictions herein.

Limited Warranty

Hardware for 1000 Series Access Points. Cisco Systems, Inc., or the Cisco Systems, Inc. subsidiary selling the Product (“Cisco”) warrants that commencing from the date of shipment to Customer (and in

4/1/05	Legal Information
OL-7426-02

case of resale by a Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of one (1) year, the Hardware will be free from defects in material and workmanship under normal use. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped. This limited warranty extends only to the original user of the Product. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers under this limited warranty will be, at Cisco's or its service center's option, shipment of a replacement within the warranty period and according to the replacement process described in the Warranty Card (if any), or if no Warranty Card, as described at www.cisco.com/en/US/products/ prod_warranties_listing.html or a refund of the purchase price if the Hardware is returned to the party supplying it to Customer, freight and insurance prepaid. Cisco replacement parts used in Hardware replacement may be new or equivalent to new. Cisco's obligations hereunder are conditioned upon the return of affected Hardware in accordance with Cisco's or its service center's then-current Return Material Authorization (RMA) procedures.

Hardware for 4100 Series Wireless LAN Controllers. Cisco Systems, Inc., or the Cisco Systems, Inc. subsidiary selling the Product (“Cisco”) warrants that commencing from the date of shipment to Customer (and in case of resale by a Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of ninety (90) days, the Hardware will be free from defects in material and workmanship under normal use. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped. This limited warranty extends only to the original user of the Product. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers under this limited warranty will be, at Cisco's or its service center's option, shipment of a replacement within the warranty period and according to the replacement process described in the Warranty Card (if any), or if no Warranty Card, as described at www.cisco.com/en/US/ products/prod_warranties_listing.html or a refund of the purchase price if the Hardware is returned to the party supplying it to Customer, freight and insurance prepaid. Cisco replacement parts used in Hardware replacement may be new or equivalent to new. Cisco's obligations hereunder are conditioned upon the return of affected Hardware in accordance with Cisco's or its service center's then-current Return Material Authorization (RMA) procedures.

Software. Cisco warrants that commencing from the date of shipment to Customer (but in case of resale by an authorized Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of the longer of (a) ninety (90) days or (b) the software warranty period (if any) set forth in the warranty card accompanying the Product (if any): (a) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (b) the Software substantially conforms to its published specifications. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped. Except for the foregoing, the Software is provided AS IS. This limited warranty extends only to the Customer who is the original licensee. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers and licensors under this limited warranty will be, at Cisco's option, repair, replacement, or refund of the Software if reported (or, upon request, returned) to Cisco or the party supplying the Software to Customer. In no event does Cisco warrant that the Software is error free or that Customer will be able to operate the Software without problems or interruptions. In addition, due to the continual development of new techniques for intruding upon and attacking networks, Cisco does not warrant that the Software or any equipment, system or network on which the Software is used will be free of vulnerability to intrusion or attack.

Restrictions. This warranty does not apply if the Software, Product or any other equipment upon which the Software is authorized to be used (a) has been altered, except by Cisco or its authorized representative, (b) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by Cisco, (c) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident; or (d) is licensed, for beta, evaluation, testing or demonstration purposes for which Cisco does not charge a purchase price or license fee.

Disclaimer of Warranty

EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED

4/1/05	Legal Information
OL-7426-02

WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, ACCURACY OF INFORMATIONAL CONTENT, OR ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE EXPRESSLY DISCLAIMED BY CISCO, ITS SUPPLIERS AND LICENSORS. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE EXPRESS WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY. THIS WARRANTY GIVES CUSTOMER SPECIFIC LEGAL RIGHTS, AND CUSTOMER MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose.

General Terms Applicable to the Limited Warranty Statement and End User License Agreement

Disclaimer of Liabilities. REGARDLESS WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE OR OTHERWISE AND EVEN IF CISCO OR ITS SUPPLIERS OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall Cisco's or its suppliers' or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim or if the Software is part of another Product, the price paid for such other Product. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Customer agrees that the limitations of liability and disclaimers set forth herein will apply regardless of whether Customer has accepted the Software or any other product or service delivered by Cisco. Customer acknowledges and agrees that Cisco has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the parties.

The Warranty and the End User License shall be governed by and construed in accordance with the laws of the State of California, without reference to or application of choice of law rules or principles. The United Nations Convention on the International Sale of Goods shall not apply. If any portion hereof is found to be void or unenforceable, the remaining provisions of the Agreement shall remain in full force and effect. Except as expressly provided herein, this Agreement constitutes the entire agreement between the parties with respect to the license of the Software and Documentation and supersedes any conflicting or additional terms contained in any purchase order or elsewhere, all of which terms are excluded. This Agreement has been written in the English language, and the parties agree that the English version will govern. For warranty or license terms which may apply in particular countries and for translations of the above information please contact the Cisco Legal Department, 300 E. Tasman Drive, San Jose, California 95134.

Additional Open Source Terms

GNU General Public License. Certain portions of the Software are licensed under and Customer’s use of such portions are subject to the GNU General Public License version 2. A copy of the license is available at www.fsf.org or by writing to licensing@fsf.org or the Free Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307. Source code governed by the GNU General Public License

4/1/05	Legal Information
OL-7426-02

version 2 is available upon written request to the Cisco Legal Department, 300 E. Tasman Drive, San Jose, California 95134.

SSH Source Code Statement. © 1995 - 2004 SAFENET, Inc. This software is protected by international copyright laws. All rights reserved. SafeNet is a registered trademark of SAFENET, Inc., in the United States and in certain other jurisdictions. SAFENET and the SAFENET logo are trademarks of SAFENET, Inc., and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Components of the software are provided under a standard 2-term BSD license with the following names as copyright holders:

•Markus Friedl

•Theo de Raadt

•Niels Provos

•Dug Song

•Aaron Campbell

•Damien Miller

•Kevin Steves

Trademarks and Service Marks

CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0501R)

4/1/05	Legal Information
OL-7426-02

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool: http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace: http://www.cisco.com/go/marketplace/

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

4/1/05	Obtaining Documentation
OL-7426-02

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems

Attn: Customer Document Ordering 170 West Tasman Drive

San Jose, CA 95134-9883 We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

•From this site, you can perform these tasks:

•Report security vulnerabilities in Cisco products.

•Obtain assistance with security incidents that involve Cisco products.

•Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

•Emergencies— security-alert@cisco.com

•Nonemergencies— psirt@cisco.com

Tip: We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:

http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on

In an emergency, you can also reach PSIRT by telephone:

•1 877 228-7302

•1 408 525-6532

4/1/05	Documentation Feedback
OL-7426-02

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Note: Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227) EMEA: +32 2 704 55 55

USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL: http://www.cisco.com/techsupport/contacts

4/1/05	Obtaining Technical Assistance
OL-7426-02

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

•Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

•Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

•Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

•Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

•World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

4/1/05	Obtaining Additional Publications and Information
OL-7426-02

FCC Statements for Cisco 1000 Series Lightweight Access Points

This section includes the following FCC statements for Cisco 1000 Series lightweight access points:

•Class A Statement

•RF Radiation Hazard Warning

•Non-Modification Statement

•Deployment Statement

Class A Statement

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. [cfr reference 15.105]

RF Radiation Hazard Warning

To ensure compliance with FCC RF exposure requirements, this device must be installed in a location such that the antenna of the device will be greater than 20 cm (8 in.) from all persons. Using higher gain antennas and types of antennas not covered under the FCC certification of this product is not allowed.

Installers of the radio and end users of the Cisco Structured Wireless-Aware Network must adhere to the installation instructions provided in this manual.

Non-Modification Statement

Use only the supplied internal antenna, or external antennas supplied by the manufacturer. Unauthorized antennas, modifications, or attachments could damage the badge and could violate FCC regulations and void the user’s authority to operate the equipment.

Note: Refer to the Cisco SWAN Release Notes for 802.11a external antenna information. Contact Cisco for a list of FCC-approved 802.11a and 802.11b/g external antennas.

Deployment Statement

This product is certified for indoor deployment only. Do not install or use this product outdoors.

4/1/05 FCC Statements for Cisco 1000 Series Lightweight Access Points OL-7426-02

Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points

This device has been designed to operate with antennae having maximum gains of 7.8 dBi (2.4 GHz) and 7.4 dBi (5 GHz).

Antennae having higher gains is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms.

To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (EIRP) is not more than that required for successful communication.

4/1/05 Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points

OL-7426-02

FCC Statements for Cisco 4100 Series Wireless LAN Controllers

4/1/05 FCC Statements for Cisco 4100 Series Wireless LAN Controllers OL-7426-02

FCC Statements for Cisco 2000 Series Wireless LAN Controllers

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

•Reorient or relocate the receiving antenna.

•Increase the separation between the equipment and receiver.

•Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

•Consult the dealer or an experienced radio/TV technician for help. [cfr reference 15.105]

4/1/05 FCC Statements for Cisco 2000 Series Wireless LAN Controllers OL-7426-02

Safety Considerations

•The AIR-WLC4112-K9, AIR-WLC4124-K9, and AIR-WLC4136-K9 Cisco 4100 Series Wireless LAN Controllers contain Class 1 Lasers (Laser Klasse 1) according to EN 60825-1+A1+A2.

•The Cisco 1000 Series lightweight access points with or without external antenna ports are only intended for installation in Environment A as defined in IEEE 802.3af. All interconnected equipment must be contained within the same building including the interconnected equipment's associated LAN connections.

•For Cisco 1000 Series lightweight access points provided with optional external antenna ports, be sure that all external antennas and their associated wiring are located entirely indoors. Cisco 1000 Series lightweight access points and their optional external antennas are not suitable for outdoor use.

•Be sure that plenum-mounted Cisco 1000 Series lightweight access points are powered using Power over Ethernet (PoE) to comply with safety regulations.

•For Cisco Wireless LAN Controllers, verify that the ambient temperature remains between 0 to 40° C (32 to 104° F), taking into account the elevated temperatures when installed in a rack.

•When multiple Cisco Wireless LAN Controllers are mounted in an equipment rack, be sure that the power source is sufficiently rated to safety run all of the equipment in the rack.

•Verify the integrity of the ground before installing Cisco Wireless LAN Controllers in an equipment rack with other equipment.

•Suitable for use in environmental air space in accordance with Section 300.22.C of the National Electrical Code, and Sections 2-128, 12-010(3) and 12-100 of the Canadian Electrical Code, Part 1, C22.1.

4/1/05	Safety Considerations
OL-7426-02

Notes:

4/1/05	Notes
OL-7426-02

Table of Contents

Welcome to the Product Guide!

Legal Information

Products iii

End User License Agreement iii Limited Warranty v

Disclaimer of Warranty vi

General Terms Applicable to the Limited Warranty Statement and End User License Agreement vii Additional Open Source Terms vii

Trademarks and Service Marks viii

Obtaining Documentation

Cisco.com ix Documentation DVD ix Ordering Documentation ix

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products x

Obtaining Technical Assistance

Cisco Technical Support Website xi Submitting a Service Request xi Definitions of Service Request Severity xii

Obtaining Additional Publications and Information

FCC Statements for Cisco 1000 Series Lightweight Access Points

Class A Statement xiii

RF Radiation Hazard Warning xiii Non-Modification Statement xiii Deployment Statement xiii

Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points FCC Statements for Cisco 4100 Series Wireless LAN Controllers

FCC Statements for Cisco 2000 Series Wireless LAN Controllers Safety Considerations

OVERVIEWS

About the Cisco Structured Wireless-Aware Network

Single-Cisco Wireless LAN Controller Deployments 5

Multiple-Cisco Wireless LAN Controller Deployments 6 About the Operating System Software 7

About Operating System Security 7

About Cisco SWAN Wired Security 8 Layer 2 and Layer 3 LWAPP Operation 9

Operational Requirements 9

Configuration Requirements 9

About Radio Resource Management (RRM) 9 About the Master Cisco Wireless LAN Controller 10

About the Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers 11 About Client Roaming 11

Same-Cisco Wireless LAN Controller (Layer 2) Roaming 11

4/1/05	Table of Contents
OL-7426-02

Inter-Cisco Wireless LAN Controller (Layer 2) Roaming 11 Inter-Subnet (Layer 3) Roaming 12

Special Case: Voice Over IP Telephone Roaming 12

About Client Location 12

About External DHCP Servers 12

Per-WLAN Assignment 13

Per-Interface Assignment 13

Security Considerations 13

About Controller Mobility Groups 13 About Cisco SWAN Wired Connections 15

Between Cisco Wireless LAN Controllers and Cisco 1000 Series Lightweight Access Points 15 Between Cisco 4100 Series Wireless LAN Controllers and Other Network Devices 15

About Cisco SWAN WLANs 15

About Access Control Lists 16

About Identity Networking 16 About File Transfers 17

About Power Over Ethernet 17 Pico Cell Functionality 17

Intrusion Detection Service (IDS) 18

About Cisco Wireless LAN Controllers

About Cisco 2000 Series Wireless LAN Controllers 20 Cisco 4100 Series Wireless LAN Controllers 20 Cisco Wireless LAN Controller Features 20

Cisco 2000 Series Wireless LAN Controller Model Numbers 22

Cisco 4100 Series Wireless LAN Controller Model Numbers 22 Appliance Mode 23

About Distribution System Ports 23

About the Management Interface 24

About the AP-Manager Interface 25

About Operator-Defined Interfaces 25 About the Virtual Interface 26

About the Service Port 26

About the Service-Port Interface 26 About the Startup Wizard 27

About Cisco Wireless LAN Controller Memory 27 Cisco Wireless LAN Controller Failover Protection 28

Cisco Wireless LAN Controller Automatic Time Setting 29 Cisco Wireless LAN Controller Time Zones 29

Network Connection to Cisco Wireless LAN Controllers 29

Cisco 2000 Series Wireless LAN Controllers 29

Cisco 4100 Series Wireless LAN Controllers 30

VPN/Enhanced Security Module 31

About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points

About Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points 34 About Cisco 1000 Series Lightweight Access Point Models 36

About Cisco 1000 Series Lightweight Access Point External and Internal Antennas 36

External Antenna Connectors 37 Antenna Sectorization 37

802.11a Internal Antenna Patterns 37

802.11b/g Internal Antenna Patterns 40

About Cisco 1000 Series Lightweight Access Point LEDs 41 About Cisco 1000 Series Lightweight Access Point Connectors 42

4/1/05	Table of Contents
OL-7426-02

About Cisco 1000 Series Lightweight Access Point Power Requirements 43 About Cisco 1000 Series Lightweight Access Point External Power Supply 44 About Cisco 1000 Series Lightweight Access Point Mounting Options 44 About Cisco 1000 Series Lightweight Access Point Physical Security 44 About Cisco 1000 Series Lightweight Access Point Monitor Mode 45

About Rogue Access Points

Rogue AP Location, Tagging and Containment 46

About the Cisco Wireless Control System

About the Cisco Wireless Control System 49

About the Cisco Wireless Control System with Location Services 50 About the Cisco WCS User Interface 50

About Cisco Wireless LAN Controller Autodiscovery 50 About Cisco WCS Alarm Email Notification 51

About Cisco WCS Location Calibration 51

About the Web User Interface About the Command Line Interface

SOLUTIONS

Operating System Security

Overview 56

Layer 1 Solutions 56

Layer 2 Solutions 56

Layer 3 Solutions 57

Single Point of Configuration Policy Manager Solutions 57

Rogue Access Point Solutions 57

Rogue Access Point Challenges 57

Tagging and Containing Rogue Access Points 57

Integrated Security Solutions 58

Simple, Cost-Effective Solutions 58

Converting a Cisco SWAN from Layer 2 to Layer 3 Mode

Using the Web User Interface 59

Using the Cisco WCS User Interface 61

Converting a Cisco SWAN from Layer 3 to Layer 2 Mode

Using the Web User Interface 64

Using the Cisco WCS User Interface 64

Configuring a Firewall for Cisco WCS

Configuring the System for SpectraLink NetLink Telephones

Using the Command Line Interface 67

Using the Web User Interface 67

Using the Cisco Wireless Control System 68

Using Management over Wireless

Using the Command Line Interface 70

Using the Web User Interface 70

Configuring a WLAN for a DHCP Server

Using the Command Line Interface 71

Using the Web User Interface 71

Customizing the Web Auth Login Screen

Default Web Auth Operation 72

Customizing Web Auth Operation 74

Clearing and Restoring the Cisco SWAN Logo 74

4/1/05	Table of Contents
OL-7426-02

Changing the Web Title 74

Changing the Web Message 75

Changing the Logo 75

Creating a Custom URL Redirect 76

Verifying your Web Auth Changes 77

Sample Customized Web Auth Login Page 77

Configuring Identity Networking for Operating System 2.2

RADIUS Attributes 79

TASKS

Using the Cisco SWAN CLI

Logging Into the CLI 85

Using a Local Serial Connection 85

Using a Remote Ethernet Connection 86

Logging Out of the CLI 87

CLI Tree Structure 88

Navigating the CLI 88

Viewing Network Status 89

Configuring Cisco Wireless LAN Controllers

Collecting Cisco Wireless LAN Controller Parameters 90

Configuring System Parameters 91

Time and Date 91

Country 91

Supported 802.11a and 802.11b/g Protocols 92

Users and Passwords 93

Configuring Cisco Wireless LAN Controller Interfaces 93

Verifying and Changing the Management Interface 94

Creating and Assigning the AP-Manager Interface 94

Creating, Assigning and Deleting Operator-Defined Interfaces 95

Verifying and Changing the Virtual Interface 96

Enabling Web and Secure Web Modes 97

Configuring Spanning Tree Protocol 97

Creating Access Control Lists 98

Configuring WLANs 98

WLANs 98

VLANs 100

Layer 2 Security 100

Layer 3 Security 102

Local Netuser 104

Quality of Service 104

Activating WLANs 105

Configuring Controller Mobility Groups 105

Configuring RADIUS 105

Configuring SNMP 106

Configuring Other Ports and Parameters 106

Service Port 107
Radio Resource Management (RRM) 107
Serial (CLI Console) Port 107
802.3x Flow Control 107
System Logging 107
Adding SSL to the Web User Interface 107
Locally Generated Certificate 108
Externally Generated Certificate 108
4/1/05	Table of Contents
OL-7426-02

Transferring Files To and From a Cisco Wireless LAN Controller 110 Updating the Operating System Software 111

Using the Startup Wizard 113

Adding SSL to the Web User Interface 114

Locally Generated Certificate 114 Externally Generated Certificate 115

Adding SSL to the 802.11 Interface 117

Locally Generated Certificate 117 Externally Generated Certificate 118

Saving Configurations 119

Clearing Configurations 120

Erasing the Cisco Wireless LAN Controller Configuration 120 Resetting the Cisco Wireless LAN Controller 121

Using the Cisco Wireless Control System

Starting and Stopping Windows Cisco WCS

Starting Cisco WCS as a Windows Application 124 Starting Cisco WCS as a Windows Service 124 Stopping the Cisco WCS Windows Application 126 Stopping the Cisco WCS Windows Service 126 Checking the Cisco WCS Windows Service Status 126

Starting and Stopping Linux Cisco WCS

Starting the Linux Cisco WCS Application 128

Stopping the Linux Cisco WCS Application 128 Checking the Linux Cisco WCS Status 128

Starting and Stopping the Cisco WCS Web Interface

Starting a Cisco WCS User Interface 130

Stopping a Cisco WCS User Interface 131

Manually Stopping the Cisco WCS User Interface 131

Cisco WCS Shutdown Stopping the Cisco WCS User Interface 131

Using Cisco WCS

Checking the Cisco SWAN Network Summary 132

Adding a Cisco Wireless LAN Controller to Cisco WCS 133 Creating an RF Calibration Model 137

Adding a Campus Map to the Cisco WCS Database 137 Adding a Building to a Campus 139

Adding a Standalone Building to the Cisco WCS Database 143 Adding an Outdoor Area to a Campus 145

Adding Floor Plans to a Campus Building 148 Adding Floor Plans to a Standalone Building 153

Adding APs to Floor Plan and Outdoor Area Maps 157 Monitoring Predicted Coverage (RSSI) 163 Monitoring Channels on Floor Map 164

Monitoring Transmit Power Levels on a Floor Map 164 Monitoring Coverage Holes on a Floor Map 165 Monitoring Users on a Floor Map 165

Monitoring Clients From a Floor Map 166

Troubleshooting with Cisco WCS

Detecting and Locating Rogue Access Points 167 Acknowledging Rogue APs 171

Locating Clients 171 Finding Coverage Holes 172

4/1/05	Table of Contents
OL-7426-02

Pinging a Network Device from a Cisco Wireless LAN Controller 173

Viewing Current Cisco Wireless LAN Controller Status and Configurations 173 Viewing Cisco WCS Statistics Reports 173

Updating OS Software from Cisco WCS 174 Managing Cisco WCS and Database 175 Installing Cisco WCS 176

Updating Windows Cisco WCS 176 Updating Linux Cisco WCS 178

Reinitializing the Windows Cisco WCS Database 180 Reinitializing the Linux Cisco WCS Database 180 Administering Cisco WCS Users and Passwords 180

Adding User Accounts 181

Changing Passwords 181

Deleting User Accounts 182

Using the Web User Interface

Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller 184 Adding CA Certificates to a Cisco Wireless LAN Controller 184

Adding ID Certificates to a Cisco Wireless LAN Controller 185

Troubleshooting Tips

Using Error Messages 186

Using Client Reason and Status Codes in the Trap Log 189

Client Reason Codes 189

Client Status Codes 190

Using Cisco 1000 Series Lightweight Access Point LEDs 190

REFERENCES

Glossary

Cisco SWAN Supported Country Codes

4/1/05 OL-7426-02

OVERVIEWS

Refer to the following for information about the Product Guide and other high-level subjects:

•About the Cisco Structured Wireless-Aware Network

-About the Cisco Structured Wireless-Aware Network

-Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments

-Multiple-Cisco Wireless LAN Controller Deployments

-Operating System Software

-Operating System Security

-Cisco SWAN Wired Security

-Layer 2 and Layer 3 LWAPP Operation

-Radio Resource Management (RRM)

-Master Cisco Wireless LAN Controller

-Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers

-Client Roaming

-Client Location

-External DHCP Servers

-Controller Mobility Group

-Cisco SWAN Wired Connections

-Cisco SWAN WLANs

-Identity Networking

-Transferring Files

-Power Over Ethernet

-Pico Cell Functionality

-Intrusion Detection Service (IDS)

•Cisco Wireless LAN Controllers

•Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points

•Rogue Access Points

•Cisco Wireless Control System

-Cisco Wireless Control System

-Cisco Wireless Control System with Location Services

-Cisco WCS User Interface

-Cisco Wireless LAN Controller Autodiscovery

-Cisco WCS Alarm Email Notification

-Cisco WCS Location Calibration

3/11/05	© 2005 All Rights Reserved.
OL-7426-02

•Web User Interface

•Command Line Interface

3/11/05	OVERVIEWS
OL-7426-02

About the Cisco Structured Wireless-Aware Network

The Cisco Structured Wireless-Aware Network is designed to provide 802.11 wireless networking solutions for enterprises and service providers. The Cisco SWAN simplifies deploying and managing large-scale wireless LANs and enables a unique best-in-class security infrastructure. The Operating System manages all data client, communications, and system administration functions, performs Radio Resource Management (RRM) functions, manages system-wide mobility policies using the Operating System Security solution, and coordinates all security functions using the Operating System Security framework.

The Cisco SWAN consists of:

•Cisco Wireless LAN Controllers:

-Cisco 2000 Series Wireless LAN Controllers

-Cisco 4100 Series Wireless LAN Controllers

•Cisco 1000 Series IEEE 802.11a/b/g lightweight access points (Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points) controlled by the Operating System, all managed by any or all of the Operating System user interfaces.

•An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco Wireless LAN Controllers, running on any workstation with a supported Web browser can be used to configure and monitor individual Cisco Wireless LAN Controllers. See the Web User Interface section.

•A full-featured CLI (command line interface) can be used to configure and monitor individual Cisco Wireless LAN Controllers. Refer to the Command Line Interface section.

•The Cisco Wireless Control System uses the Cisco WCS User Interface:

-Cisco Wireless Control System (Cisco Wireless Control System)

-Cisco Wireless Control System with Location Services (Cisco Wireless Control System with Location Services)

is used to configure and monitor one or more Cisco Wireless LAN Controllers and associated Cisco 1000 Series lightweight access points, and has tools to facilitate large-system monitoring and control. The Cisco Wireless Control System runs on Windows 2000, Windows 2003, and Red Hat Enterprise Linux ES Server workstations.

•An industry-standard SNMP V1, V2c, and V3 interface can be used with any SNMP-compliant third-party network management system.

The Cisco SWAN supports client data services, client monitoring and control, and all Rogue AP detection, monitoring and containment functions. The Cisco SWAN uses Cisco 1000 Series lightweight access points, and optional Cisco Wireless Control System or Cisco Wireless Control System with Location Services to provide wireless services to enterprises and service providers.

The following figure shows the Cisco SWAN components, which can be simultaneously deployed across multiple floors and buildings.

Note: This document refers to Cisco Wireless LAN Controllers throughout. Refer to the Cisco 2000 Series Wireless LAN Controllers and Cisco Wireless LAN Controllers sections for more information.

3/11/05	About the Cisco Structured Wireless-Aware Network
OL-7426-02

Figure - Cisco SWAN Components

The Product Guide uses unique software to provide WLAN access for wireless clients and to simultaneously provide an active wireless access control system that protects your wired and wireless infrastructure from negligent and malicious wireless attacks. The Cisco SWAN uses the following components:

•Cisco Wireless LAN Controllers:

-Cisco 2000 Series Wireless LAN Controllers

-Cisco 4100 Series Wireless LAN Controllers

•Cisco 1000 Series IEEE 802.11a/b/g lightweight access points, described in Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points.

•Cisco 1030 remote edge lightweight access points, described in Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points.

•Operating System Software Software which provides all the Data and intrusion detection features and functions while operating the Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points.

•Cisco Wireless Control System, or which manages the Cisco SWAN, and which provides location to the nearest Cisco 1000 Series lightweight access point.

•Cisco Wireless Control System with Location Services, which manages the Cisco SWAN, and which provides location to within ten meters.

The Cisco SWAN provides wireless access services to data clients and provides intrusion protection. As such, it supports the full suite of Cisco Structured Wireless-Aware Network features and functions.

Refer to the following for more information:

•Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments

•Multiple-Cisco Wireless LAN Controller Deployments

•Operating System Software

•Operating System Security

•Cisco SWAN Wired Security

3/11/05	About the Cisco Structured Wireless-Aware Network
OL-7426-02

•Layer 2 and Layer 3 LWAPP Operation

•Radio Resource Management (RRM)

-Master Cisco Wireless LAN Controller

-Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers

-Client Roaming

-External DHCP Servers

-Controller Mobility Group

-Cisco SWAN Wired Connections

-Cisco SWAN WLANs

-Transferring Files

-Power Over Ethernet

•Cisco Wireless LAN Controllers

•Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points

•Rogue Access Points

•Cisco Wireless Control System

-Cisco WCS User Interface

-Cisco Wireless LAN Controller Autodiscovery

•Web User Interface

•Command Line Interface

Single-Cisco Wireless LAN Controller Deployments

As described in About the Cisco Structured Wireless-Aware Network, a standalone Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously, and supports the following features:

•Autodetecting and autoconfiguring Cisco 1000 Series lightweight access points as they are added to the network, as described in Radio Resource Management (RRM).

•Full control of Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points.

•Real-time control of system-wide WLAN Web, 802.1X, and IPSec security policies.

•Full control of up to 16 Cisco 1000 Series lightweight access point WLAN (SSID) policies, as described in the Cisco 4100 Series Wireless LAN Controller Quick Start Guide.

The following figures show a typical single Cisco Wireless LAN Controller deployed in Appliance Mode.

•Cisco 1000 Series lightweight access points connect to Cisco Wireless LAN Controllers through the network. The network equipment may or may not provide Power Over Ethernet to the access points.

Note: Cisco Wireless LAN Controllers can connect through the Management Interface to multiple subnets in the Network. This can be helpful, for instance, when Network operators want to confine multiple VLANs to separate subnets using Oper- ator-Defined Interfaces.

Note that the Cisco 4100 Series Wireless LAN Controller uses two redundant GigE connections to bypass single network failures. At any given time one of the Cisco 4100 Series Wireless LAN

3/11/05 Single-Cisco Wireless LAN Controller Wireless LAN Controller Deployments

OL-7426-02

Controller GigE connections is active and the other is passive. Upon a network failure, the active connection becomes passive, and the passive connection becomes active.

Figure - Typical Cisco Wireless LAN Controller Deployment

Multiple-Cisco Wireless LAN Controller Deployments

Each Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously. Similarly, each Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously. However, full functionality of the Cisco SWAN is realized when it includes multiple Cisco Wireless LAN Controllers. That is, a multiple-Cisco Wireless LAN Controller system has the following additional features over a single-Cisco Wireless LAN Controller deployment:

•Autodetecting and autoconfiguring Cisco Wireless LAN Controller RF parameters as the Cisco Wireless LAN Controllers are added to the network, as described in Radio Resource Management (RRM).

•Same-Cisco Wireless LAN Controller (Layer 2) Roaming and Inter-Subnet (Layer 3) Roaming.

•Automatic Cisco 1000 Series lightweight access point failover to any redundant Cisco Wireless LAN Controller with unused ports (refer to Cisco Wireless LAN Controller Failover Protection).

The following figure shows a typical multiple-Cisco Wireless LAN Controller deployment, with the Cisco Wireless LAN Controllers in Appliance Mode. The figure also shows an optional dedicated Service Network, and the three physical connection types between the network and the Cisco Wireless LAN Controllers, as further described in Network Connection to Cisco Wireless LAN Controllers.

3/11/05	Multiple-Cisco Wireless LAN Controller Deployments
OL-7426-02

+ 212 hidden pages