Cisco Systems 102075 Users Guide

Cisco Wireless LAN Controller Configuration Guide

Software Release 7.0.116.0 April 2011

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-21524-02

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1005R)

CONTENTS

Preface xxix

Audience xxix

Purpose xxix

Organization xxx

Conventions xxxi

Related Documentation xxxiii

Obtaining Documentation and Submitting a Service Request xxxiii

CHAPTER

1 Overview 1-1

Cisco Unified Wireless Network Solution Overview 1-1

Single-Controller Deployments 1-2 Multiple-Controller Deployments 1-3

Operating System Software 1-4

Operating System Security 1-4

Cisco WLAN Solution Wired Security 1-5

Layer 2 and Layer 3 Operation 1-5

Operational Requirements 1-6 Configuration Requirements 1-6

Cisco Wireless LAN Controllers 1-6

Client Location 1-7

Controller Platforms 1-7

Cisco 2100 Series Controller 1-7

Cisco 2500 Series Controller 1-8 Cisco 4400 Series Controllers 1-9 Cisco 5500 Series Controllers 1-9

Cisco Flex 7500 Series Controller 1-10 Catalyst 6500 Series Switch Wireless Services Module 1-10 Cisco 7600 Series Router Wireless Services Module 1-11 Cisco 28/37/38xx Series Integrated Services Router 1-12 Catalyst 3750G Integrated Wireless LAN Controller Switch 1-13

Features Not Supported 1-8

Features Not Supported 1-9

OL-21524-02

Cisco UWN Solution Wired Connections 1-13

Cisco Wireless LAN Controller Configuration Guide

Contents

Cisco UWN Solution WLANs 1-14

File Transfers 1-14

Power Over Ethernet 1-14

Cisco Wireless LAN Controller Memory 1-15

Cisco Wireless LAN Controller Failover Protection 1-15

Network Connections to Cisco Wireless LAN Controllers 1-16

Cisco 2100 Series Wireless LAN Controllers 1-16 Cisco 4400 Series Wireless LAN Controllers 1-17 Cisco 5500 Series Wireless LAN Controllers 1-17

CHAPTER

2 Using the Web-Browser and CLI Interfaces 2-1

Using the Configuration Wizard 2-1

Connecting the Controller’s Console Port 2-1 Using the GUI Configuration Wizard 2-2 Using the CLI Configuration Wizard 2-13

Using the GUI 2-16

Guidelines for Using the GUI 2-17 Logging into the GUI 2-17 Logging Out of the GUI 2-17 Enabling Web and Secure Web Modes 2-18

Using the GUI to Enable Web and Secure Web Modes 2-18 Using the CLI to Enable Web and Secure Web Modes 2-19 Loading an Externally Generated SSL Certificate 2-20

Using the CLI 2-22

Logging into the CLI 2-23

Using a Local Serial Connection 2-23

Using a Remote Ethernet Connection 2-24 Logging Out of the CLI 2-25 Navigating the CLI 2-25

Using the AutoInstall Feature for Controllers Without a Configuration 2-26

Overview of AutoInstall 2-26 Obtaining an IP Address Through DHCP and Downloading a Configuration File from a TFTP

Server 2-26 Selecting a Configuration File 2-28 Example of AutoInstall Operation 2-29

Managing the System Date and Time 2-29

Configuring an NTP Server to Obtain the Date and Time 2-30 Configuring NTP Authentication 2-30

Using the GUI to Configure NTP Authentication 2-30

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Using the CLI to Configure NTP Authentication 2-31

Configuring the Date and Time Manually 2-31

Using the GUI to Configure the Date and Time 2-31 Using the CLI to Configure the Date and Time 2-32

Configuring Telnet and SSH Sessions 2-34

Using the GUI to Configure Telnet and SSH Sessions 2-35 Using the CLI to Configure Telnet and SSH Sessions 2-36

Enabling Wireless Connections to the GUI and CLI 2-37

Contents

CHAPTER

3 Configuring Ports and Interfaces 3-1

Overview of Ports and Interfaces 3-1

Ports 3-1

Distribution System Ports 3-3 Service Port 3-5

Interfaces 3-6

Management Interface 3-7 AP-Manager Interface 3-7 Virtual Interface 3-8 Service-Port Interface 3-9 Dynamic Interface 3-9

WLANs 3-10

Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-11

Using the GUI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-11 Using the CLI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-14

Using the CLI to Configure the Management Interface 3-14 Using the CLI to Configure the AP-Manager Interface 3-16 Using the CLI to Configure the Virtual Interface 3-16 Using the CLI to Configure the Service-Port Interface 3-17

OL-21524-02

Configuring Dynamic Interfaces 3-18

Using the GUI to Configure Dynamic Interfaces 3-18 Using the CLI to Configure Dynamic Interfaces 3-21

Configuring Ports 3-23

Configuring Port Mirroring 3-27 Configuring Spanning Tree Protocol 3-28

Using the GUI to Configure Spanning Tree Protocol 3-29 Using the CLI to Configure Spanning Tree Protocol 3-33

Using the Cisco 5500 Series Controller USB Console Port 3-34

Choosing Between Link Aggregation and Multiple AP-Manager Interfaces 3-36

Enabling Link Aggregation 3-36

Cisco Wireless LAN Controller Configuration Guide

iii

Contents

Link Aggregation Guidelines 3-39 Using the GUI to Enable Link Aggregation 3-40 Using the CLI to Enable Link Aggregation 3-41 Using the CLI to Verify Link Aggregation Settings 3-41 Configuring Neighbor Devices to Support Link Aggregation 3-41

Configuring Multiple AP-Manager Interfaces 3-42

Using the GUI to Create Multiple AP-Manager Interfaces 3-45 Using the CLI to Create Multiple AP-Manager Interfaces 3-47 Cisco 5500 Series Controller Example 3-47

Configuring VLAN Select 3-49

Platform Support 3-49 Using Interface Groups 3-50

Using the GUI to Create Interface Groups 3-50

Using the CLI to Create Interface Groups 3-51

Using the GUI to Add Interfaces to Interface Groups 3-51

Using the CLI to Add Interfaces to Interface Groups 3-52

Using the GUI to Add an Interface Group to a WLAN 3-52

Using the CLI to Add an Interface Group to a WLAN 3-52

CHAPTER

Using Multicast Optimization 3-52

Using the GUI to Configure a Multicast VLAN 3-52

Using the CLI to Configure Multicast VLAN 3-53

3-53

4 Configuring Controller Settings 4-1

Installing and Configuring Licenses 4-2

Obtaining an Upgrade or Capacity Adder License 4-3 Installing a License 4-7

Using the GUI to Install a License 4-7

Using the CLI to Install a License 4-8 Viewing Licenses 4-9

Using the GUI to View Licenses 4-9

Using the CLI to View Licenses 4-11 Choosing the Licensed Feature Set 4-14

Using the GUI to Choose the Licensed Feature Set 4-14

Using the CLI to Choose the Licensed Feature Set 4-16 Activating an AP-Count Evaluation License 4-17

Using the GUI to Activate an AP-Count Evaluation License 4-17

Using the CLI to Activate an AP-Count Evaluation License 4-19 Rehosting a License 4-20

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Using the GUI to Rehost a License 4-21

Using the CLI to Rehost a License 4-23 Transferring Licenses to a Replacement Controller after an RMA 4-25 Configuring the License Agent 4-26

Using the GUI to Configure the License Agent 4-26

Using the CLI to Configure the License Agent 4-28

Configuring 802.11 Bands 4-29

Using the GUI to Configure 802.11 Bands 4-29 Using the CLI to Configure 802.11 Bands 4-31

Configuring 802.11n Parameters 4-33

Using the GUI to Configure 802.11n Parameters 4-33 Using the CLI to Configure 802.11n Parameters 4-35

Configuring 802.11h Parameters 4-38

Using the GUI to Configure 802.11h Parameters 4-38 Using the CLI to Configure 802.11h Parameters 4-39

Contents

Configuring DHCP Proxy 4-39

Using the GUI to Configure DHCP Proxy 4-40 Using the CLI to Configure DHCP Proxy 4-40 Using the GUI to Configure a DHCP Timeout 4-41 Using the CLI to Configure DHCP Timeout 4-41

Configuring Administrator Usernames and Passwords 4-41

Configuring Usernames and Passwords 4-41 Restoring Passwords 4-42

Configuring SNMP 4-42

Changing the Default Values of SNMP Community Strings 4-43

Using the GUI to Change the SNMP Community String Default Values 4-43 Using the CLI to Change the SNMP Community String Default Values 4-44

Changing the Default Values for SNMP v3 Users 4-45

Using the GUI to Change the SNMP v3 User Default Values 4-45 Using the CLI to Change the SNMP v3 User Default Values 4-47

Configuring Aggressive Load Balancing 4-47

Client Association Limits 4-48

Client Association Limits for Lightweight Access Points 4-48

Client Association Limits for Autonomous Cisco IOS Access Points 4-48 Using the GUI to Configure Aggressive Load Balancing 4-49 Using the CLI to Configure Aggressive Load Balancing 4-50

OL-21524-02

Configuring Band Selection 4-51

Guidelines for Using the Band Selection 4-51 Using the GUI to Configure Band Selection 4-52

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the CLI to Configure Band Selection 4-53

Configuring Fast SSID Changing 4-54

Using the GUI to Configure Fast SSID Changing 4-54 Using the CLI to Configure Fast SSID Changing 4-54

Enabling 802.3X Flow Control 4-54

Configuring 802.3 Bridging 4-55

Using the GUI to Configure 802.3 Bridging 4-55 Using the CLI to Configure 802.3 Bridging 4-56

Configuring Multicast Mode 4-57

Understanding Multicast Mode 4-57 Guidelines for Using Multicast Mode 4-58 Using the GUI to Enable Multicast Mode 4-59 Using the GUI to View Multicast Groups 4-60 Using the CLI to Enable Multicast Mode 4-60 Using the CLI to View Multicast Groups 4-61 Using the CLI to View an Access Point’s Multicast Client Table 4-62

Configuring Client Roaming 4-62

Intra-Controller Roaming 4-62 Inter-Controller Roaming 4-62 Inter-Subnet Roaming 4-63 Voice-over-IP Telephone Roaming 4-63 CCX Layer 2 Client Roaming 4-63

Using the GUI to Configure CCX Client Roaming Parameters 4-64 Using the CLI to Configure CCX Client Roaming Parameters 4-66 Using the CLI to Obtain CCX Client Roaming Information 4-66 Using the CLI to Debug CCX Client Roaming Issues 4-67

Configuring IP-MAC Address Binding 4-67

Configuring Quality of Service 4-68

Configuring Quality of Service Profiles 4-68

Using the GUI to Configure QoS Profiles 4-68 Using the CLI to Configure QoS Profiles 4-70

Configuring Quality of Service Roles 4-71

Using the GUI to Configure QoS Roles 4-71 Using the CLI to Configure QoS Roles 4-73

Configuring Voice and Video Parameters 4-75

Call Admission Control 4-75

Bandwidth-Based CAC 4-75 Load-Based CAC 4-75

Expedited Bandwidth Requests 4-76

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

U-APSD 4-77 Traffic Stream Metrics 4-77 Using the GUI to Configure Voice Parameters 4-77 Using the GUI to Configure Video Parameters 4-79 Using the GUI to View Voice and Video Settings 4-80 Using the GUI to Configure Media Parameters 4-85 Using the CLI to Configure SIP Based CAC 4-86 Using the CLI to Configure Voice Parameters 4-87 Using the CLI to Configure Video Parameters 4-88 Using the CLI to View Voice and Video Settings 4-89

Configuring Voice Prioritization Using Preferred Call Numbers 4-93

Using the GUI to Configure a Preferred Call Number 4-93 Using the CLI to Configure a Preferred Call Number 4-94

Configuring EDCA Parameters 4-94

Using the GUI to Configure EDCA Parameters 4-94 Using the CLI to Configure EDCA Parameters 4-95

Contents

Configuring the Cisco Discovery Protocol 4-96

Using the GUI to Configure the Cisco Discovery Protocol 4-99 Using the GUI to View Cisco Discovery Protocol Information 4-101 Using the CLI to Configure the Cisco Discovery Protocol 4-105 Using the CLI to View Cisco Discovery Protocol Information 4-106

Configuring Authentication for the Controller and NTP Server 4-108

Using the GUI to Configure the NTP Server for Authentication 4-108 Using the CLI to Configure the NTP Server for Authentication 4-108

Configuring RFID Tag Tracking 4-109

Using the CLI to Configure RFID Tag Tracking 4-110 Using the CLI to View RFID Tag Tracking Information 4-111 Using the CLI to Debug RFID Tag Tracking Issues 4-112

Configuring and Viewing Location Settings 4-113

Installing the Location Appliance Certificate 4-113 Synchronizing the Controller and Location Appliance 4-114 Configuring Location Settings 4-114 Viewing Location Settings 4-116 Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues 4-118 Viewing NMSP Settings 4-118 Debugging NMSP Issues 4-121

OL-21524-02

Configuring the Supervisor 720 to Support the WiSM 4-121

General WiSM Guidelines 4-122 Configuring the Supervisor 4-122

Cisco Wireless LAN Controller Configuration Guide

vii

Contents

Using the Wireless LAN Controller Network Module 4-123

Resetting the Controller to Default Settings 4-124

Using the GUI to Reset the Controller to Default Settings 4-124 Using the CLI to Reset the Controller to Default Settings 4-124

CHAPTER

5 Configuring VideoStream 5-1

Overview of the VideoStream 5-1

Guidelines for Configuring VideoStream on the Controller 5-1

Configuring VideoStream 5-2

Using the GUI to Configure the VideoStream on the Controller 5-2 Using the CLI to Configure the VideoStream to the Controller 5-8

6 Configuring Security Solutions 6-1

Cisco UWN Solution Security 6-1

Security Overview 6-2 Layer 1 Solutions 6-2 Layer 2 Solutions 6-2 Layer 3 Solutions 6-2 Integrated Security Solutions 6-2

Configuring RADIUS 6-3

Configuring RADIUS on the ACS 6-4 Using the GUI to Configure RADIUS 6-6 Using the CLI to Configure RADIUS 6-11 RADIUS Authentication Attributes Sent by the Access Point 6-15 RADIUS Accounting Attributes 6-18

viii

Configuring TACACS+ 6-19

Configuring TACACS+ on the ACS 6-20 Using the GUI to Configure TACACS+ 6-24 Using the CLI to Configure TACACS+ 6-26 Viewing the TACACS+ Administration Server Logs 6-29 TACACS+ VSA 6-30

Configuring Maximum Local Database Entries 6-31

Using the GUI to Configure Maximum Local Database Entries 6-31 Using the CLI to Configure Maximum Local Database Entries 6-31

Configuring Local Network Users 6-32

Using the GUI to Configure Local Network Users 6-32 Using the CLI to Configure Local Network Users 6-34 Configuring Password Policies 6-35

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Using the GUI to Configure Password Policies 6-35

Using the CLI to Configure Password Policies 6-35

Configuring LDAP 6-36

Using the GUI to Configure LDAP 6-36 Using the CLI to Configure LDAP 6-40

Configuring Local EAP 6-42

Using the GUI to Configure Local EAP 6-43 Using the CLI to Configure Local EAP 6-49

Configuring the System for SpectraLink NetLink Telephones 6-54

Using the GUI to Enable Long Preambles 6-54 Using the CLI to Enable Long Preambles 6-55 Using the CLI to Configure Enhanced Distributed Channel Access 6-56

Configuring RADIUS NAC Support 6-56

Using the CLI to Configure RADIUS NAC Support 6-57

Using the GUI to Configure RADIUS NAC Support 6-58

Contents

Using Management over Wireless 6-58

Using the GUI to Enable Management over Wireless 6-58 Using the CLI to Enable Management over Wireless 6-59

Configuring DHCP Option 82 6-59

Using the GUI to Configure DHCP Option 82 6-60 Using the CLI to Configure DHCP Option 82 6-61

Configuring and Applying Access Control Lists 6-61

Using the GUI to Configure Access Control Lists 6-62 Using the GUI to Apply Access Control Lists 6-66

Applying an Access Control List to an Interface 6-66

Applying an Access Control List to the Controller CPU 6-67

Applying an Access Control List to a WLAN 6-68

Applying a Preauthentication Access Control List to a WLAN 6-69 Using the CLI to Configure Access Control Lists 6-70 Using the CLI to Apply Access Control Lists 6-71

Configuring Management Frame Protection 6-72

Guidelines for Using MFP 6-74

Using the GUI to Configure MFP 6-74

Using the GUI to View MFP Settings 6-76 Using the CLI to Configure MFP 6-77 Using the CLI to View MFP Settings 6-78 Using the CLI to Debug MFP Issues 6-80

OL-21524-02

Configuring Client Exclusion Policies 6-80

Using the GUI to Configure Client Exclusion Policies 6-80

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the CLI to Configure Client Exclusion Policies 6-81

Configuring Identity Networking 6-82

Identity Networking Overview 6-82 RADIUS Attributes Used in Identity Networking 6-83

QoS-Level 6-83 ACL-Name 6-84 Interface-Name 6-84 VLAN-Tag 6-84 Tunnel Attributes 6-85

Configuring AAA Override 6-86

Updating the RADIUS Server Dictionary File for Proper QoS Values 6-86 Using the GUI to Configure AAA Override 6-88 Using the CLI to Configure AAA Override 6-88

Managing Rogue Devices 6-89

Challenges 6-89 Detecting Rogue Devices 6-89 Classifying Rogue Access Points 6-90 WCS Interaction 6-92 Configuring Rogue Detection 6-93

Using the GUI to Configure Rogue Detection 6-93 Using the CLI to Configure RLDP 6-94

Configuring Rogue Classification Rules 6-96

Using the GUI to Configure Rogue Classification Rules 6-96 Using the CLI to Configure Rogue Classification Rules 6-100

Viewing and Classifying Rogue Devices 6-102

Using the GUI to View and Classify Rogue Devices 6-102 Using the CLI to View and Classify Rogue Devices 6-107

Configuring IDS 6-112

Configuring IDS Sensors 6-112

Using the GUI to Configure IDS Sensors 6-112 Using the CLI to Configure IDS Sensors 6-114 Viewing Shunned Clients 6-115

Configuring IDS Signatures 6-117

Using the GUI to Configure IDS Signatures 6-119 Using the CLI to Configure IDS Signatures 6-124 Using the CLI to View IDS Signature Events 6-126

Configuring wIPS 6-128

Using the GUI to Configure wIPS on an Access Point 6-129 Using the CLI to Configure wIPS on an Access Point 6-129

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Viewing wIPS Information 6-130

Configuring Web Auth Proxy 6-132

Using the GUI to Configure Web Auth Proxy 6-132 Using the CLI to Configure Web Auth Proxy 6-133

Detecting Active Exploits 6-133

Contents

CHAPTER

7 Configuring WLANs 7-1

WLAN Overview 7-1

Configuring WLANs 7-2

Creating WLANs 7-2

Using the GUI to Create WLANs 7-4

Using the CLI to Create WLANs 7-6 Using the GUI to Search WLANs 7-7 Configuring the Maximum Number of Clients per WLAN 7-8

Using the GUI to Configure the Maximum Number of Clients per WLAN 7-9

Using the CLI to Configure the Maximum Number of Clients per WLAN 7-9

Configuring DHCP 7-10

Internal DHCP Server 7-10

External DHCP Servers 7-10

DHCP Assignment 7-10

Security Considerations 7-11

Using the GUI to Configure DHCP 7-12

Using the CLI to Configure DHCP 7-13

Using the CLI to Debug DHCP 7-13

Configuring DHCP Scopes 7-14 Configuring MAC Filtering for WLANs 7-17

Enabling MAC Filtering 7-17

Creating a Local MAC Filter 7-18

Configuring a Timeout for Disabled Clients 7-18 Assigning WLANs to Interfaces 7-18 Configuring the DTIM Period 7-19

Using the GUI to Configure the DTIM Period 7-19

Using the CLI to Configure the DTIM Period 7-20 Configuring Peer-to-Peer Blocking 7-21

Guidelines for Using Peer-to-Peer Blocking 7-22

Using the GUI to Configure Peer-to-Peer Blocking 7-22

Using the CLI to Configure Peer-to-Peer Blocking 7-23 Configuring Layer 2 Security 7-24

Static WEP Keys 7-24

OL-21524-02

Cisco Wireless LAN Controller Configuration Guide

Contents

Dynamic 802.1X Keys and Authorization 7-24 Configuring a WLAN for Both Static and Dynamic WEP 7-25 WPA1 and WPA2 7-25 CKIP 7-29

Configuring a Session Timeout 7-31

Using the GUI to Configure a Session Timeout 7-31 Using the CLI to Configure a Session Timeout 7-32

Configuring Layer 3 Security 7-32

VPN Passthrough 7-32 Web Authentication 7-33

Configuring a Fallback Policy with MAC Filtering and Web Authentication 7-35

Using the GUI to Configure a Fallback Policy with MAC Filtering and Web Authentication 7-36 Using the CLI to Configure a Fallback Policy with MAC Filtering and Web Authentication 7-37

Assigning a QoS Profile to a WLAN 7-37

Using the GUI to Assign a QoS Profile to a WLAN 7-38 Using the CLI to Assign a QoS Profile to a WLAN 7-38

Configuring QoS Enhanced BSS 7-39

Guidelines for Configuring QBSS 7-40 Additional Guidelines for Using Cisco 7921 and 7920 Wireless IP Phones 7-40 Using the GUI to Configure QBSS 7-40 Using the CLI to Configure QBSS 7-41

Configuring Media Session Snooping and Reporting 7-42

Using the GUI to Configure Media Session Snooping 7-43 Using the CLI to Configure Media Session Snooping 7-44

Configuring Reanchoring of Roaming Voice Clients 7-47

Using the GUI to Configure Reanchoring of Roaming Voice Clients 7-48 Using the CLI to Configure Reanchoring of Roaming Voice Clients 7-49

Configuring IPv6 Bridging 7-49

Guidelines for Using IPv6 Bridging 7-49 Using the GUI to Configure IPv6 Bridging 7-51 Using the CLI to Configure IPv6 Bridging 7-52

Configuring Cisco Client Extensions 7-52

Using the GUI to Configure CCX Aironet IEs 7-53 Using the GUI to View a Client’s CCX Version 7-53 Using the CLI to Configure CCX Aironet IEs 7-55 Using the CLI to View a Client’s CCX Version 7-55

Configuring Access Point Groups 7-55

Creating Access Point Groups 7-57

Configuring Web Redirect with 802.1X Authentication 7-62

Conditional Web Redirect 7-62

xii

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Splash Page Web Redirect 7-63

Using the GUI to Configure the RADIUS Server 7-63

Using the GUI to Configure Web Redirect 7-64

Using the CLI to Configure Web Redirect 7-65 Using the GUI to Disable the Accounting Servers per WLAN 7-66 Disabling Coverage Hole Detection per WLAN 7-67

Using the GUI to Disable Coverage Hole Detection on a WLAN 7-67

Using the CLI to Disable Coverage Hole Detection on a WLAN 7-68 Configuring NAC Out-of-Band Integration 7-68

Guidelines for Using NAC Out-of-Band Integration 7-69

Using the GUI to Configure NAC Out-of-Band Integration 7-70

Using the CLI to Configure NAC Out-of-Band Integration 7-73 Configuring Passive Client 7-74

Using the GUI to Configure Passive Client 7-75

Using the CLI to Configure Passive Client 7-78 Per-WLAN RADIUS Source Support 7-81

Configuring Per-WLAN RADIUS Source Support 7-81

Monitoring the Status of Per-WLAN RADIUS Source Support 7-82

Guidelines and Limitations 7-82 Configuring Remote LANs 7-82

Using the GUI to Configure a Remote LAN 7-83

Using the CLI to Configure a Remote LAN 7-84

Contents

CHAPTER

OL-21524-02

8 Controlling Lightweight Access Points 8-1

Access Point Communication Protocols 8-2

Guidelines for Using CAPWAP 8-2 Configuring Data Encryption 8-2

Upgrading or Downgrading DTLS Images for Cisco 5500 Series Controllers 8-4

Using the GUI to Configure Data Encryption 8-4

Using the CLI to Configure Data Encryption 8-5 Viewing CAPWAP MTU Information 8-6 Debugging CAPWAP 8-7 Controller Discovery Process 8-7 Verifying that Access Points Join the Controller 8-9

Using the GUI to Verify that Access Points Join the Controller 8-9

Using the CLI to Verify that Access Points Join the Controller 8-9

All APs 8-9

Using the GUI to Search the AP Filter 8-10

All APs > Details 8-13

Cisco Wireless LAN Controller Configuration Guide

xiii

Contents

Using the GUI to Monitor the Interface Details 8-28

Using the GUI to Search Access Point Radios 8-31

Configuring Global Credentials for Access Points 8-33

Using the GUI to Configure Global Credentials for Access Points 8-33 Using the CLI to Configure Global Credentials for Access Points 8-35

Configuring Authentication for Access Points 8-37

Using the GUI to Configure Authentication for Access Points 8-38 Using the CLI to Configure Authentication for Access Points 8-39 Configuring the Switch for Authentication 8-41

Embedded Access Points 8-41

Autonomous Access Points Converted to Lightweight Mode 8-43

Guidelines for Using Access Points Converted to Lightweight Mode 8-44 Reverting from Lightweight Mode to Autonomous Mode 8-44

Using a Controller to Return to a Previous Release 8-44 Using the MODE Button and a TFTP Server to Return to a Previous Release 8-45

Authorizing Access Points 8-45

Authorizing Access Points Using SSCs 8-45 Authorizing Access Points Using MICs 8-46 Authorizing Access Points Using LSCs 8-46 Using the GUI to Authorize Access Points 8-50

Using the CLI to Authorize Access Points 8-51 Using DHCP Option 43 and DHCP Option 60 8-52 Troubleshooting the Access Point Join Process 8-53

Using the CLI to Configure the Syslog Server for Access Points 8-55

Viewing Access Point Join Information 8-55 Using a Controller to Send Debug Commands to Access Points Converted to Lightweight Mode 8-60 Understanding How Converted Access Points Send Crash Information to the Controller 8-60 Understanding How Converted Access Points Send Radio Core Dumps to the Controller 8-60

Using the CLI to Retrieve Radio Core Dumps 8-61

Using the GUI to Upload Radio Core Dumps 8-61

Using the CLI to Upload Radio Core Dumps 8-62 Uploading Memory Core Dumps from Converted Access Points 8-63

Using the GUI to Upload Access Point Core Dumps 8-63

Using the CLI to Upload Access Point Core Dumps 8-63 Viewing the AP Crash Log Information 8-64

Using the GUI to View the AP Crash Log information 8-64

Using the CLI to View the AP Crash Log information 8-65 Displaying MAC Addresses for Converted Access Points 8-65 Disabling the Reset Button on Access Points Converted to Lightweight Mode 8-66

xiv

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Configuring a Static IP Address on a Lightweight Access Point 8-66

Using the GUI to Configure a Static IP Address 8-66 Using the CLI to Configure a Static IP Address 8-67

Supporting Oversized Access Point Images 8-68

OfficeExtend Access Points 8-69

OEAP 600 Series Access Points 8-70

Supported Controller Platforms 8-70 OEAP in Local Mode 8-70 Supported WLAN Settings for 600 Series OfficeExtend Access Point 8-71 WLAN Security Settings for the 600 Series OfficeExtend Access Point 8-72 Authentication Settings 8-76 Supported User Count on 600 Series OfficeExtend Access Point 8-76 Remote LAN Settings 8-77 Channel Management and Settings 8-78

Additional Caveats 8-79 Implementing Security 8-79 Licensing for an OfficeExtend Access Point 8-80 Configuring OfficeExtend Access Points 8-80

Using the GUI to Configure OfficeExtend Access Points 8-80 Using the CLI to Configure OfficeExtend Access Points 8-83 Configuring a Personal SSID on an OfficeExtend Access Point 8-85 Viewing OfficeExtend Access Point Statistics 8-87 Troubleshooting OfficeExtend Access Points 8-88

Contents

OL-21524-02

Cisco Workgroup Bridges 8-88

Guidelines for Using WGBs 8-88 Sample WGB Configuration 8-90 Using the GUI to View the Status of Workgroup Bridges 8-91 Using the CLI to View the Status of Workgroup Bridges 8-93 Using the CLI to Debug WGB Issues 8-94

Non-Cisco Workgroup Bridges 8-94

Notes About Some non-Cisco WGBs 8-95

Configuring Backup Controllers 8-95

Using the GUI to Configure Backup Controllers 8-96 Using the CLI to Configure Backup Controllers 8-99

Configuring Failover Priority for Access Points 8-101

Using the GUI to Configure Failover Priority for Access Points 8-101 Using the CLI to Configure Failover Priority for Access Points 8-102 Using the CLI to View Failover Priority Settings 8-103

Configuring Access Point Retransmission Interval and Retry Count 8-103

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the GUI to Configure the Access Point Retransmission Interval and Retry Count 8-104 Using the CLI to Configure the Access Point Retransmission Interval and Retry Count 8-105

Configuring Country Codes 8-106

Guidelines for Configuring Multiple Country Codes 8-106 Using the GUI to Configure Country Codes 8-107 Using the CLI to Configure Country Codes 8-109

Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain 8-111

Guidelines for Migration 8-112 Using the GUI to Migrate Access Points to the -U Regulatory Domain 8-113

Using the W56 Band in Japan 8-114

Dynamic Frequency Selection 8-115

Optimizing RFID Tracking on Access Points 8-116

Using the GUI to Optimize RFID Tracking on Access Points 8-116 Using the CLI to Optimize RFID Tracking on Access Points 8-118

Using the CLI to Configure Probe Request Forwarding 8-119

Retrieving the Unique Device Identifier on Controllers and Access Points 8-120

Using the GUI to Retrieve the Unique Device Identifier on Controllers and Access Points 8-120 Using the CLI to Retrieve the Unique Device Identifier on Controllers and Access Points 8-121

Performing a Link Test 8-121

Using the GUI to Perform a Link Test 8-122 Using the CLI to Perform a Link Test 8-124

Configuring Link Latency 8-124

Using the GUI to Configure Link Latency 8-125 Using the CLI to Configure Link Latency 8-126

Configuring the TCP MSS 8-127

Using the CLI to Configure TCP MSS 8-127

Configuring Power over Ethernet 8-128

Using the GUI to Configure Power over Ethernet 8-129 Using the CLI to Configure Power over Ethernet 8-131

Configuring Flashing LEDs 8-132

Viewing Clients 8-133

Using the GUI to View Clients 8-133 Using the CLI to View Clients 8-137

CHAPTER

xvi

9 Controlling Mesh Access Points 9-1

Cisco Aironet Mesh Access Points 9-1

Access Point Roles 9-2 Network Access 9-3

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Network Segmentation 9-4 Cisco Indoor Mesh Access Points 9-4

Cisco Outdoor Mesh Access Points 9-4 Mesh Deployment Modes 9-5

Wireless Mesh Network 9-5

Wireless Backhaul 9-6

Point-to-Multipoint Wireless Bridging 9-7

Point-to-Point Wireless Bridging 9-7

Architecture Overview 9-12

CAPWAP 9-12 Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing 9-12

Mesh Neighbors, Parents, and Children 9-12 Wireless Mesh Constraints 9-13

Wireless Backhaul Data Rate 9-13 ClientLink Technology 9-16

Using the GUI to Configure ClientLink 9-17

Using the CLI to Configure ClientLink 9-19

Commands Related to ClientLink 9-20 Controller Planning 9-21

Contents

Adding Mesh Access Points to the Mesh Network 9-23

Adding MAC Addresses of Mesh Access Points to MAC Filter 9-24

Adding the MAC Address of the Mesh Access Point to the Controller Filter List Using the

GUI 9-24

Adding the MAC Address of the Mesh Access Point to the Controller Filter List Using the

CLI 9-25

Defining Mesh Access Point Role 9-26

Configuring the AP Role Using the GUI 9-26

Verifying Layer 3 Configuration 9-27

Configuring Multiple Controllers Using DHCP 43 and DHCP 60 9-27

Configuring Backup Controllers 9-28

Configuring Backup Controllers Using the GUI 9-29

Configuring Backup Controllers Using the CLI 9-31 Configuring External Authentication and Authorization Using a RADIUS Server 9-33

Configuring RADIUS Servers 9-33

Adding a Username to a RADIUS Server 9-34

Enabling External Authentication of Mesh Access Points Using the GUI 9-34

Enable External Authentication of Mesh Access Points Using the CLI 9-35

View Security Statistics Using the CLI 9-35 Configuring Global Mesh Parameters 9-35

Configuring Global Mesh Parameters Using the GUI 9-36

OL-21524-02

Cisco Wireless LAN Controller Configuration Guide

xvii

Contents

Configuring Global Mesh Parameters Using the CLI 9-40 Viewing Global Mesh Parameter Settings Using the CLI 9-41

Universal Client Access 9-42

Configuring Universal Client Access using the GUI 9-42 Configuring Universal Client Access using the CLI 9-43 Universal Client Access on Serial Backhaul Access Points 9-43 Configuring Extended Universal Access Using the GUI 9-44 Configuring Extended Universal Access Using the CLI 9-46 Configuring Extended Universal Access from the Wireless Control System (WCS) 9-47

Configuring Local Mesh Parameters 9-47

Configuring Wireless Backhaul Data Rate 9-48 Configuring Ethernet Bridging 9-52 Enabling Ethernet Bridging Using the GUI 9-53 Configuring Bridge Group Names 9-54 Configuring BGN Using the CLI 9-54 Verifying BGN Using the GUI 9-55 Configuring Public Safety Band Settings 9-56 Configuring Interoperability with Cisco 3200 9-57 Enabling AP1522 to Associate with Cisco 3200 Using the GUI 9-58 Enabling 1522 and 1524PS Association with Cisco 3200 Using the CLI 9-59 Configuring Power and Channel Settings 9-60

Configuring Antenna Gain 9-63

Configuring Antenna Gain Using the GUI 9-63 Configuring Antenna Gain Using the CLI 9-64

Backhaul Channel Deselection on Serial Backhaul Access Point 9-64

Configuring Backhaul Channel Deselection Using the GUI 9-65 Configuring Backhaul Channel Deselection Using the CLI 9-65 Backhaul Channel Deselection Guidelines 9-68

Configuring Dynamic Channel Assignment 9-69

xviii

Configuring Advanced Features 9-72

Using the 2.4-GHz Radio for Backhaul 9-72

Changing the Backhaul from 5 GHz to 2.4 GHz 9-73 Changing the Backhaul from 2.4 GHz to 5 GHz 9-74 Verifying the Current Backhaul in Use 9-74

Configuring Ethernet VLAN Tagging 9-74

Ethernet Port Notes 9-75 Ethernet VLAN Tagging Guidelines 9-76 VLAN Registration 9-78 Enabling Ethernet VLAN Tagging Using the GUI 9-78 Configuring Ethernet VLAN Tagging Using the CLI 9-80

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Viewing Ethernet VLAN Tagging Configuration Details Using the CLI 9-81 Workgroup Bridge Interoperability with Mesh Infrastructure 9-82 Configuring Workgroup Bridges 9-84

Supported Workgroup Bridge Modes and Capacities 9-84

Guidelines for Configuration 9-86

Configuration Example 9-87

WGB Association Check 9-88

Link Test Result 9-89

WGB Wired/Wireless Client 9-91 Client Roaming 9-92

WGB Roaming Guidelines 9-92

Configuration Example 9-93

Troubleshooting Tips 9-93 Configuring Voice Parameters in Indoor Mesh Networks 9-94

CAC 9-94

QoS and DSCP Marking 9-94

Encapsulations 9-95

Queuing on the Mesh Access Point 9-96

Bridging Backhaul Packets 9-98

Bridging Packets from and to a LAN 9-99

Guidelines For Using Voice on the Mesh Network 9-99

Voice Call Support in a Mesh Network 9-100

Viewing the Voice Details for Mesh Networks Using the CLI 9-101 Enabling Mesh Multicast Containment for Video 9-104

Enabling Multicast on the Mesh Network Using the CLI 9-105 IGMP Snooping 9-105 Locally Significant Certificates for Mesh APs 9-106

Guidelines for Configuration 9-106

Differences Between LSCs for Mesh APs and Normal APs 9-107

Certificate Verification Process in LSC AP 9-107

Configuring an LSC Using the CLI 9-107

LSC-Related Commands 9-108

Controller CLI show Commands 9-110

Controller GUI Security Settings 9-110

Deployment Guidelines 9-112

Contents

OL-21524-02

Slot Bias Options 9-112

Disabling Slot Bias 9-112 Commands Related to Slot Bias 9-113 Preferred Parent Selection 9-114

Preferred Parent Selection Criteria 9-114

Cisco Wireless LAN Controller Configuration Guide

xix

Contents

Configuring a Preferred Parent 9-114 Co-Channel Interference 9-116

Viewing Mesh Statistics for a Mesh Access Point 9-116

Viewing Mesh Statistics for a Mesh Access Point Using the GUI 9-116 Viewing Mesh Statistics for an Mesh Access Point Using the CLI 9-120

Viewing Neighbor Statistics for a Mesh Access Point 9-121

Viewing Neighbor Statistics for a Mesh Access Point Using the GUI 9-121 Viewing the Neighbor Statistics for a Mesh Access Point using the CLI 9-123

Converting Indoor Access Points to Mesh Access Points 9-124

Changing MAP and RAP Roles for Indoor Mesh Access Points 9-125

Using the GUI to Change MAP and RAP Roles for Indoor Mesh Access Points 9-125 Using the CLI to Change MAP and RAP Roles for Indoor Mesh Access Points 9-125

Converting Indoor Mesh Access Points to Nonmesh Lightweight Access Points (1130AG, 1240AG) 9-126

Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers 9-127

Configuration Guidelines 9-127 Using the GUI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access

Routers 9-128 Using the CLI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access

Routers 9-129

CHAPTER

10 Managing Controller Software and Configurations 10-1

Upgrading the Controller Software 10-1

Guidelines for Upgrading Controller Software 10-2 Guidelines for Upgrading to Controller Software 6.0 in Mesh Networks 10-3

Upgrade Compatibility Matrix 10-3 Using the GUI to Upgrade Controller Software 10-5 Using the CLI to Upgrade Controller Software 10-8 Predownloading an Image to an Access Point 10-11

Access Point Predownload Process 10-11

Guidelines and Limitations for Predownloading Images 10-12

Using the GUI to Predownload an Image to an Access Point 10-12

Using the CLI to Predownload an Image to Access Points 10-13

Transferring Files to and from a Controller 10-15

Downloading a Login Banner File 10-15

Using the GUI to Download a Login Banner File 10-16

Using the CLI to Download a Login Banner File 10-17

Using the GUI to Clear the Login Banner 10-18 Downloading Device Certificates 10-19

Using the GUI to Download Device Certificates 10-20

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Using the CLI to Download Device Certificates 10-21

Downloading CA Certificates 10-22

Using the GUI to Download CA Certificates 10-22 Using the CLI to Download CA Certificates 10-23

Uploading PACs 10-25

Using the GUI to Upload PACs 10-25 Using the CLI to Upload PACs 10-26

Uploading and Downloading Configuration Files 10-27

Uploading Configuration Files 10-28 Downloading Configuration Files 10-30

Saving Configurations 10-33

Editing Configuration Files 10-33

Clearing the Controller Configuration 10-34

Erasing the Controller Configuration 10-34

Contents

CHAPTER

Resetting the Controller 10-35

11 Managing User Accounts 11-1

Creating Guest User Accounts 11-1

Creating a Lobby Ambassador Account 11-1

Using the GUI to Create a Lobby Ambassador Account 11-1

Using the CLI to Create a Lobby Ambassador Account 11-3 Creating Guest User Accounts as a Lobby Ambassador 11-3 Viewing Guest User Accounts 11-5

Using the GUI to View Guest Accounts 11-5

Using the CLI to View Guest Accounts 11-6

Obtaining a Web Authentication Certificate 11-6

Support for Chained Certificate 11-6 Using the GUI to Obtain a Web Authentication Certificate 11-6 Using the CLI to Obtain a Web Authentication Certificate 11-8

Web Authentication Process 11-9

Choosing the Web Authentication Login Page 11-11

Choosing the Default Web Authentication Login Page 11-12

Using the GUI to Choose the Default Web Authentication Login Page 11-12

Using the CLI to Choose the Default Web Authentication Login Page 11-13

Modified Default Web Authentication Login Page Example 11-15 Creating a Customized Web Authentication Login Page 11-16 Using a Customized Web Authentication Login Page from an External Web Server 11-19

Using the GUI to Choose a Customized Web Authentication Login Page from an External Web

Server 11-19

OL-21524-02

Cisco Wireless LAN Controller Configuration Guide

xxi

Contents

Using the CLI to Choose a Customized Web Authentication Login Page from an External Web Server 11-20

Downloading a Customized Web Authentication Login Page 11-20

Using the GUI to Download a Customized Web Authentication Login Page 11-21 Using the CLI to Download a Customized Web Authentication Login Page 11-22 Customized Web Authentication Login Page Example 11-23 Using the CLI to Verify the Web Authentication Login Page Settings 11-23

Assigning Login, Login Failure, and Logout Pages per WLAN 11-24

Using the GUI to Assign Login, Login Failure, and Logout Pages per WLAN 11-24 Using the CLI to Assign Login, Login Failure, and Logout Pages per WLAN 11-25

Configuring Wired Guest Access 11-26

Configuration Overview 11-28 Wired Guest Access Guidelines 11-28 Using the GUI to Configure Wired Guest Access 11-29 Using the CLI to Configure Wired Guest Access 11-32

CHAPTER

12 Configuring Cisco CleanAir 12-1

Overview of Cisco CleanAir 12-1

Role of the Controller 12-1 Benefits 12-2 Types of Interferences 12-2 Supported Access Point Modes 12-3 Guidelines 12-4

Configuring Cisco CleanAir on the Controller 12-5

Using the GUI to Configure Cisco CleanAir on the Controller 12-5 Using the CLI to Configure Cisco CleanAir on the Controller 12-8

Configuring Cisco CleanAir on an Access Point 12-11

Using the GUI to Configure Cisco CleanAir on an Access Point 12-11 Using the CLI to Configure Cisco CleanAir on an Access Point 12-13

Monitoring the Interference Devices 12-14

Using GUI to Monitor the Interference Device 12-14 Using the CLI to Monitor the Interference Device 12-16

Monitoring the Air Quality of Radio Bands 12-18

Using the GUI to Monitor the Air Quality of Radio Bands 12-18 Using the CLI to Monitor the Air Quality of Radio Bands 12-19 Using the GUI to Monitor the Worst Air Quality of Radio Bands 12-19 Using the CLI to Monitor the Worst Air Quality of Radio Bands 12-20

xxii

Configuring a Spectrum Expert Connection 12-23

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Contents

CHAPTER

13 Configuring Radio Resource Management 13-1

Overview of Radio Resource Management 13-1

Radio Resource Monitoring 13-2 Transmit Power Control 13-2 Dynamic Channel Assignment 13-3 Coverage Hole Detection and Correction 13-4 RRM Benefits 13-5

Overview of RF Groups 13-5

RF Grouping Support for Controllers and Access Points 13-5 RF Group Leader 13-6 RF Group Name 13-7

Configuring an RF Group 13-7

Using the GUI to Configure an RF Group Name 13-8 Using the CLI to Configure an RF Group Name 13-8

Viewing the RF Group Status 13-9

Using the GUI to View RF Group Status 13-9 Using the CLI to View RF Group Status 13-10

Configuring RRM 13-10

Configuring RRM 13-11

Using the GUI to Configure RF Group Mode 13-11

Using the CLI to Configure the RF Group Mode 13-12

Using the GUI to Configure Transmit Power Control 13-13

Off-Channel Scanning Defer 13-14

Using the GUI to Configure Off-Channel Scanning Defer for a WLAN 13-14

Using the CLI to Configure Off Channel Scanning Defer for a WLAN 13-15

Using the GUI to Configure Dynamic Channel Assignment 13-16

Using the GUI to Configure Coverage Hole Detection 13-20

Using the GUI to Configure RRM Profile Thresholds, Monitoring Channels, and Monitor

Intervals 13-22 Using the CLI to Configure RRM 13-24 Using the CLI to View RRM Settings 13-28 Using the CLI to Debug RRM Issues 13-30

OL-21524-02

RRM Neighbor Discovery Packet 13-31

Important Notes about RRM NDP and RF Grouping 13-31

Configuring RRM NDP Using the CLI 13-31

Overriding RRM 13-32

Statically Assigning Channel and Transmit Power Settings to Access Point Radios 13-32

Using the GUI to Statically Assign Channel and Transmit Power Settings 13-32

Using the CLI to Statically Assign Channel and Transmit Power Settings 13-37

Cisco Wireless LAN Controller Configuration Guide

xxiii

Contents

Disabling Dynamic Channel and Power Assignment Globally for a Controller 13-39

Using the GUI to Disable Dynamic Channel and Power Assignment 13-39 Using the CLI to Disable Dynamic Channel and Power Assignment 13-40

Enabling Rogue Access Point Detection in RF Groups 13-40

Using the GUI to Enable Rogue Access Point Detection in RF Groups 13-41 Using the CLI to Enable Rogue Access Point Detection in RF Groups 13-42 Configuring Beamforming 13-43 Guidelines for Using Beamforming 13-44 Using the GUI to Configure Beamforming 13-44 Using the CLI to Configure Beamforming 13-46

Configuring CCX Radio Management Features 13-48

Radio Measurement Requests 13-48 Location Calibration 13-49 Using the GUI to Configure CCX Radio Management 13-49 Using the CLI to Configure CCX Radio Management 13-50 Using the CLI to Obtain CCX Radio Management Information 13-50 Using the CLI to Debug CCX Radio Management Issues 13-52

CHAPTER

14 Configuring Mobility Groups 14-1

Overview of Mobility 14-1

Overview of Mobility Groups 14-4

Determining When to Include Controllers in a Mobility Group 14-7 Messaging Among Mobility Groups 14-7 Using Mobility Groups with NAT Devices 14-8

Configuring Mobility Groups 14-9

Prerequisites 14-9 Using the GUI to Configure Mobility Groups 14-11 Using the CLI to Configure Mobility Groups 14-15

Viewing Mobility Group Statistics 14-17

Using the GUI to View Mobility Group Statistics 14-17 Using the CLI to View Mobility Group Statistics 14-20

Configuring Auto-Anchor Mobility 14-20

Guidelines for Using Auto-Anchor Mobility 14-22 Using the GUI to Configure Auto-Anchor Mobility 14-22 Using the CLI to Configure Auto-Anchor Mobility 14-24

WLAN Mobility Security Values 14-26

xxiv

Using Symmetric Mobility Tunneling 14-26

Running Mobility Ping Tests 14-29

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Configuring Dynamic Anchoring for Clients with Static IP Addresses 14-30

How Dynamic Anchoring of Static IP Clients Works 14-30 Using the GUI to Configure Dynamic Anchoring of Static IP Clients 14-31 Using the CLI to Configure Dynamic Anchoring of Static IP Clients 14-31 Configuring Foreign Mappings 14-31

Using the GUI to Configure Foreign MAC Mapping 14-32

Using the CLI to Configure Foreign Controller MAC Mapping 14-32

Contents

CHAPTER

15 Configuring Hybrid REAP 15-1

Overview of Hybrid REAP 15-1

Hybrid-REAP Authentication Process 15-2 Hybrid-REAP Guidelines 15-6

Configuring Hybrid REAP 15-7

Configuring the Switch at the Remote Site 15-7 Configuring the Controller for Hybrid REAP 15-8

Using the GUI to Configure the Controller for Hybrid REAP 15-8

Using the CLI to Configure the Controller for Hybrid REAP 15-13 Configuring an Access Point for Hybrid REAP 15-13

Using the GUI to Configure an Access Point for Hybrid REAP 15-13

Using the CLI to Configure an Access Point for Hybrid REAP 15-16

Using the GUI to Configure an Access Point for Local Authentication on a WLAN 15-17

Using the CLI to Configure an Access Point for Local Authentication on a WLAN 15-18 Connecting Client Devices to the WLANs 15-18

Configuring Hybrid-REAP Groups 15-19

Hybrid-REAP Groups and Backup RADIUS Servers 15-20 Hybrid-REAP Groups and CCKM 15-20 Hybrid-REAP Groups and OKC 15-20 Hybrid-REAP Groups and Local Authentication 15-20 Using the GUI to Configure Hybrid-REAP Groups 15-21 Using the CLI to Configure Hybrid-REAP Groups 15-25

APPENDIX

OL-21524-02

A Safety Considerations and Translated Safety Warnings A-1

Safety Considerations A-1

Warning Definition A-2

Class 1 Laser Product Warning A-5

Ground Conductor Warning A-7

Chassis Warning for Rack-Mounting and Servicing A-9

Battery Handling Warning A-18

Cisco Wireless LAN Controller Configuration Guide

xxv

Contents

Equipment Installation Warning A-20

More Than One Power Supply Warning for Cisco 5500 and 4400 Series Controllers A-23

APPENDIX

B Declarations of Conformity and Regulatory Information B-1

Guidelines for Operating Controllers in Japan B-1

VCCI Class A Warning for Cisco 5500 Series Controllers and 4400 Series Controllers in Japan B-1

VCCI Class B Warning for Cisco 2100 Series Controller in Japan B-2 Power Cable and AC Adapter Warning for Japan B-2

Declaration of Conformity Statements B-2

FCC Statement for Cisco 5500 Series Wireless LAN Controllers B-3

FCC Statement for Cisco 4400 Series Wireless LAN Controllers B-3

FCC Statement for Cisco 2100 Series Wireless LAN Controllers B-3

C End User License and Warranty C-1

End User License Agreement C-1

Limited Warranty C-4

Disclaimer of Warranty C-5

General Terms Applicable to the Limited Warranty Statement and End User License Agreement C-5

Notices and Disclaimers C-6

Notices C-6

OpenSSL/Open SSL Project C-6

Disclaimers C-8

APPENDIX

xxvi

D Troubleshooting D-1

Interpreting LEDs D-1

Interpreting Controller LEDs D-1 Interpreting Lightweight Access Point LEDs D-2

System Messages D-2

Viewing System Resources D-5

Using the CLI to Troubleshoot Problems D-6

Configuring System and Message Logging D-8

Using the GUI to Configure System and Message Logging D-8 Using the GUI to View Message Logs D-10 Using the CLI to Configure System and Message Logging D-11 Using the CLI to View System and Message Logs D-14

Viewing Access Point Event Logs D-15

Uploading Logs and Crash Files D-15

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

Using the GUI to Upload Logs and Crash Files D-16 Using the CLI to Upload Logs and Crash Files D-17

Uploading Core Dumps from the Controller D-18

Configuring the Controller to Automatically Upload Core Dumps to an FTP Server D-18

Using the GUI to Configure the Controller to Automatically Upload Core Dumps to an FTP

Server D-18

Using the CLI to Configure the Controller to Automatically Upload Core Dumps to an FTP

Server D-19 Uploading Core Dumps from Controller to a TFTP or FTP Server D-20

Uploading Packet Capture Files D-21

Using the GUI to Upload Packet Capture Files D-22

Using the CLI to Upload Packet Capture Files D-23

Monitoring Memory Leaks D-24

Troubleshooting CCXv5 Client Devices D-25

Diagnostic Channel D-25 Client Reporting D-26 Roaming and Real-Time Diagnostics D-26 Using the GUI to Configure the Diagnostic Channel D-26 Using the CLI to Configure the Diagnostic Channel D-27 Using the GUI to Configure Client Reporting D-31 Using the CLI to Configure Client Reporting D-34 Using the CLI to Configure Roaming and Real-Time Diagnostics D-37

Contents

APPENDIX

Using the Debug Facility D-40

Configuring Wireless Sniffing D-44

Prerequisites for Wireless Sniffing D-45

Using the GUI to Configure Sniffing on an Access Point D-45 Using the CLI to Configure Sniffing on an Access Point D-47

Troubleshooting Access Points Using Telnet or SSH D-48

Using the GUI to Troubleshoot Access Points Using Telnet or SSH D-49 Using the CLI to Troubleshoot Access Points Using Telnet or SSH D-49

Debugging the Access Point Monitor Service D-50

Using the CLI to Debug Access Point Monitor Service Issues D-50

Troubleshooting OfficeExtend Access Points D-51

Interpreting OfficeExtend LEDs D-51 Positioning OfficeExtend Access Points for Optimal RF Coverage D-51 Troubleshooting Common Problems D-51

E Logical Connectivity Diagrams E-1

Cisco WiSM E-1

OL-21524-02

Cisco Wireless LAN Controller Configuration Guide

xxvii

Contents

Cisco 28/37/38xx Integrated Services Router E-3

Catalyst 3750G Integrated Wireless LAN Controller Switch E-4

xxviii

Cisco Wireless LAN Controller Configuration Guide

OL-21524-02

+ 108 hidden pages

Cisco Systems 102075 Users Guide

Specifications and Main Features

Frequently Asked Questions

User Manual