User Guide for the CiscoWorks 1105
Wireless LAN Solution Engine
Corporate Headquarters
Cisco Systems , Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814947=
Text Part Number: 78-14947-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTW ARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE S ET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWA RE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adap tati on o f a pr ogr am d eveloped by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
CIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of
isco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST,
PX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
isco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch,
ast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers
ogo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet,
trataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of
isco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
ll other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a
artnership relationship between Cisco and any other company. (0304R)
User Guide for the Cis coWorks 1105 Wireless LAN Solution Engine
Copyright ©2002, Cisco Sys tems, In c.
All rights reserved.
Preface xiii
Audience xiii
Conventions xiii
Related Documentation xiv
Obtaining Documentation xv
World Wide Web xv
Ordering Documentation xvi
Documentation Feedback xvi
Obtaining Technical Assistance xvi
Cisco.com xvii
Technical Assistance Center xvii
CONTENTS
CHAPTER
CHAPTER
78-14947-01
1 Getting Started 1-1
Overview of the Wireless LAN Solution Engine 1-1
Understanding the WLSE User Interface 1-2
The WLSE Dashboard 1-2
Device Name and IP Address Display 1-5
Time Display 1-5
Logging In and Out 1-6
Getting Started with Device Management 1-7
2 Fault Monitoring 2-1
Displaying Faults 2-1
Viewing Fault D etails 2-5
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
iii
Contents
Managing Profiles 2-7
Creating a Prof ile 2-8
Copying a Profile 2-8
Renaming a Prof ile 2-9
Editing a Profile 2-9
Deleting a Prof ile 2-10
Assigning a Profile to a Device 2-10
Viewing Devices 2-11
Profile Choices 2-12
Notification Settings 2-20
Setting Trap Notification 2-21
Setting Syslog Notification 2-22
Emailing Fau lts 2-23
CHAPTER
iv
3 Configuring Devices 3-1
Using the Template s 3-1
Template Choices 3-2
Creating a Template 3-132
Copying a Template 3-133
Editing a Template 3-134
Deleting a Temp la te 3-134
Importing a Template 3-135
Exporting a Template 3-137
Managing Configuration Jobs 3-137
Job Choices 3-138
Creating a Configuration Job 3-144
Viewing Configuration Job Status 3-144
Automating Configurations 3-151
Assigning a Startup Configuration 3-151
Creating a Sta rt up Co nfiguration Tem p la te 3-153
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Assigning an Auto-Managed Configuration 3-154
Contents
CHAPTER
CHAPTER
4 Updating Device Firmware 4-1
Managing Firmware Images 4-1
Viewing Images on the WLSE 4-2
Editing Image Details on the WLSE 4-3
Deleting Images f rom the WLSE 4-4
Importing Images 4-4
Using a Remote TFTP Server for Image Upload 4-9
Managing Firmware Jobs 4-9
Job Choices 4-10
Creating a Firmware Job 4-18
Using the Job Functions 4-18
5 Using Reports 5-1
Using the Device Cent er 5-1
Viewing the Fau l t Su mm a ry Report 5-3
Viewing Device History 5-4
Viewing Config Hi story 5-4
Viewing Firmw a re His to r y 5-5
78-14947-01
Displaying Wireless Client Reports 5-6
Displaying a Client Detail Report 5-6
Displaying a Client Statistics Report 5-8
Displaying a Client Historical Association Report 5-9
Displaying Current Reports 5-11
Displaying a Group Report 5-12
Displaying a Group Security Report 5-14
Displaying a Group SSID Report 5-16
Displaying a Group VLAN Report 5-18
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
v
Contents
Displaying a Per VLAN Client Report 5-20
Displaying a Group Policy Report 5-21
Displaying an AP Summary Report 5-24
Displaying a Detailed Report 5-26
Displaying a Current Client Association Report 5-29
Displaying an EAP Authentication Report 5-30
Displaying an AP Ethertype Protocol Fil ters Report 5-32
Displaying an AP IP Protocol Filters Report 5-33
Displaying an AP IP Port Filters Report 5-35
Displaying an AP Policy Report 5-36
Displaying an AP QBSS QoS Report 5-38
Displaying an AP SSID Report 5-40
Displaying an AP VLAN Report 5-42
Displaying a Per VLAN Client Report 5-43
Displaying a Switch Summary Report 5-45
Displaying an AP and Bridge Connected to Switch Report 5-46
Displaying a Router Summary Report 5-47
Displaying an AP and B ridge Connected to Router Report 5-48
Displaying a Server Summary Report 5-49
vi
Displaying Trends 5-50
Displaying a Group Performance Report: RF Utilization 5-51
Displaying a Group Performance Report: Ethernet Utilizati on 5-53
Displaying a Top N Number of Associations Report 5-54
Displaying a Top N Percentage Errors 5-55
Displaying an AP and B ridge RF Transmission Statistics Report 5-56
Displaying an AP and B ridge Ethernet Transmission Statistics Report 5-58
Displaying an AP and B ridge Performance Graph 5-60
Displaying an AP and B ridge Performance: Tabular 5-61
Displaying Top N Busiest Clients 5-62
Displaying Top N Client Error Rate 5-64
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Displaying a Server Response Time Graph 5-65
Exporting a Report 5-66
Emailing a Rep or t 5-66
Scheduling Email Jobs 5-68
Viewing Email Job Details 5-69
Contents
CHAPTER
6 Performing Administrative Tasks 6-1
Using Discovery and Managing Devices 6-2
Managing Devices 6-2
Specifying Device Credentials 6-6
Managing Device Discovery 6-10
Running Inventories 6-24
Viewing Inventory an d Discovery Task History 6-27
Importing Devices 6-28
Exporting Devices 6-31
Adding, Modifying and Deleting AAA Servers 6-33
Managing Groups 6-37
Overview: Groups 6-37
Creating, Editing, and Deleting Groups 6-39
Managing the Appliance 6-44
Viewing WLSE Status 6-45
Managing the Software 6-47
Overview: Security 6-55
Managing Security 6-56
Backing Up and Restoring Data 6-61
Using Diagnostics 6-64
Setting Up the Splash Screen Message 6-69
Setting the Current Time and Date on the WLSE 6-69
Specifying NTP Time Servers 6-70
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
vii
Contents
Specifying Name Servers 6-71
Specifying an SMTP Mail Server 6-71
Using Connectivi ty Tools 6-72
Managing System Parameters 6-73
Administering Users 6-75
Managing Roles 6-75
Managing Users 6-77
Modifying Your Profile 6-80
Linking to a CiscoWo rks2000 Server 6-81
CHAPTER
CHAPTER
APPENDIX
APPENDIX
7 Frequently Asked Questions 7-1
8 Troubleshooting 8-1
A Naming Guidelines A-1
B Command Reference B-1
Using the CLI B-2
CLI Conventions B-2
Command Privileges B-2
Checking Command Syntax B-2
Command History Feature B-3
Help for CLI Comm a nds B-3
Command Summary B-4
Command Description Conventions B-9
Privilege Level 0 Commands B-10
exit B-10
ping B-10
viii
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
show clock B-11
show domain-name B-12
show interfaces B-13
show process B-13
show version B-14
traceroute B-15
Privilege Lev el 15 Co m m a nd s B-17
auth B-17
backup B-18
backupconfig B-19
cdp B-20
clock B- 21
df B-22
erase config B-23
firewall B-24
gethostbyname B-25
hostname B-25
import B-26
install configure B-27
install list B-28
install update B-29
interface B-30
ip domain-name B-31
ip name-server B-32
listbackup B-33
mail B-34
mailcntrl clear B-35
mailcntrl list B-35
mailroute B-36
nslookup B-36
Contents
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
ix
Contents
ntp server B-37
reload B-39
reinitdb B-40
repository B-40
repository add B-41
repository delete B-42
repository list B-43
repository server B-44
restore B-45
route B-4 6
services B-46
show anilog B-48
show auth-cli B-49
show auth-http B-49
show backupconfig B-50
show bootlog B-51
show cdp neighbor B-52
show cdp run B-52
show collectorlog B-53
show config B-54
show daemonslog B-55
show dmgtdlog B-56
show webaccesslog B-57
show weberrorlog B-58
show websslaccesslog B-59
show import B-59
show install logs B-60
show ipchains B-60
show hosts B-61
show maillog B-62
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
x
78-14947-01
show proc B-62
show repository B-63
show route B-64
show securitylog B-64
show snmp-server B-66
show ssh-version B-66
show syslog B-67
show tech B-68
show telnetenable B-68
show tomcatlog B-69
shutdown B-70
snmp-server B-71
ssh B-71
ssh-version B-72
telnet B-72
telnetenable B-73
username B-74
Contents
G
LOSSARY
I
NDEX
78-14947-01
Maintenance Image Commands B-75
erase config B-75
fsck B-76
reload B-76
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xi
Contents
xii
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Audience
Preface
This manual describe s the Wireless LAN Solut ion E ngin e (WL SE) an d pr ovides
instructions for using it .
This document i s for sy stem a dm inistr ato rs respon sibl e for m a nag ing a wire less
network who are familiar with some of the concepts and terminology of Ethernet
and wireless local area networking.
Conventions
This docume nt u s es the f ol lowing conventions:
78-14947-01
Item Convention
Commands and keywords boldface font
Variables for which you supply values italic font
Displayed session and system inf ormation
Information you enter
Variables you enter
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
screen font
boldface screen font
italic screen
font
xiii
Related Documentation
Item Convention
Menu items and button name s boldface font
Selecting a menu item Option>Network Preferences
Note Means reader take note. Notes contain helpful suggestions or references to
material not covered in the pub lication .
Caution Means rea der be careful. In this situation, you might do something that could
result in equipment damage or l oss of data.
Related Documentation
Preface
xiv
Note Although every effort has been made to validate th e accur acy of the i nform ation
in the printed and electronic documentation, you should also review the Wireless
LAN Solution Eng ine docu me nta tion o n C is co.c om for a ny up date s.
The following additional documentation is available:
Paper Docume ntation
• Installation and Configuration Guide for the CiscoWorks 1105 Wireless LAN
Solution Engine
• Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
• Regulatory Compliance and Safety Info rmation f or the CiscoWorks 1105
Wireless LAN Solution Engine
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Preface
Obtaining Documentation
Online Documentation
• Online help—Access the online help by clicking on the Help tab.
• Release Notes for the C isco Works 1105 Wireless LAN Solution Engine
• Integrating Cisco Applications with CiscoWorks2000 Management
Connection (CMC)
• PDF for:
–
Installation and Configuration Guide for the Cisco Works 1105 Warless
LAN Solution Engine
–
Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution
Engine
–
Regulatory Compliance and Safety Information for the CiscoWorks 1105
Wireless LAN Solution Engine
Note Adobe Acrobat Reader 4.0 is required.
Obtaining Documentation
These sections explain how to obtain docu mentation from Cisco Syste ms.
World Wide Web
You can access the most current Cisco do cumentation on the World Wide Web at
this URL:
http://www.cisco.com
Translated documentation is available at this URL:
http://www.cisco.com/public/countries_languages.shtml
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
xv
Obtaining Technical Assistance
Ordering Documentation
Cisco documentation is available in these ways:
• Registered Cisco.com u sers (Cisco d irect custo mers) can ord er Cisco pr oduct
documentation fr om t he N et working Prod uc ts M arketPlac e:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com u s ers can order the Documentation CD-ROM through
the online Subscription Stor e:
http://www.cisco.com/go/subscription
• Nonregistered Cisco.com users c an order docum entat ion through a local
account representa tive by calling Cisco corpora te hea dquarters (C alifo rnia,
USA) at 408 526-7208 or, elsewhere in North America, by calling
800 553-NETS (6387).
Documentation Feedback
Preface
You can e-mail your comments to bug-do c@cisco. com.
You can submit your comments by mail by using the re sponse ca rd beh ind the
front cover of your document or by writing to the following address:
Cisco Systems
Attn: Document Resour ce Connec tion
170 West Tasman Drive
San Jose, CA 95134- 988 3
We appreciate yo ur comm ents .
Obtaining Technical Assistanc e
Cisco provides Cisco.com as a starting point for all technical assistance.
Customers and partners ca n obtain on line docu mentat ion, trou blesh ooting tips,
and sample configurations from online tools by using the Cisco Technical
Assistance Center (TAC) Web Site. Cisco.com registered users have complete
access to the technical support resources on the Cisco TAC Web Site.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xvi
78-14947-01
Preface
Cisco.com
Obtaining Technical Assistance
Cisco.com is the foundat ion of a suite of interac tive, networked services th at
provides immediate, open a ccess to Cisco informa tion, net working solutions,
services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-us e
tool that provides a broad range of featur es and servi ces to he lp you to
• Streamline business processes and improve productivity
• Resolve technical issues with online support
• Download and te st so ft war e pa ck ag es
• Order Cisco learning m ateri als and me rcha ndise
• Register for online skill assessment, training, and certification programs
You can self-r egister on Cisco .com to obtain cu stomized informat ion and service.
To access Cisco.com, go to this URL:
http://www.cisco.com
Technical Assistance Center
The Cisco Technical Assistanc e Center (TAC) is available to all custome rs who
need technical assistan ce wit h a Cisco pro duct, tec hnology, or solution. Two
levels of support are available: the Cisco TAC Web Site and the Cisco TAC
Escalation Center.
Cisco TAC inquires are categorized according to the urgency of the issue:
• Priority level 4 (P4)—You need information or assistance concerning Cisco
product capabilities, pro duct ins tallation , or basic pro duct configurat ion.
• Priority level 3 (P3)—You r network perf orman ce is degraded. Network
functionality is noticeably impaired, but most business operations continue.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
xvii
Obtaining Technical Assistance
• Priority level 2 (P2)—You r produc tion ne twork is severely degraded ,
• Priority leve l 1 (P1)—Your production network is down, and a critical impact
Which Cisco TA C resource you choose is based on the priority of the problem and
the conditions of service contracts, when applicable.
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving
both cost and time. The site provides around-the-clock access to online tools,
knowledge bases, and software. To access the Cisco TAC Web Site, go to this
URL:
http://www.cisco.com/tac
All customers, part ners, and re selle rs w ho have a valid Cisco se rvice cont rac t
have complete access to the technical support resources on the Cisco TAC Web
Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If
you have a valid service contr act but do not have a login ID or passwo rd, g o to
this URL to register:
Preface
affecting significant aspects of business ope rations. N o workaroun d is
available.
to business operations will occur if service is not restore d quickly. No
workaround is available.
http://www.cisco.com/register/
If you are a Cisco.com registere d user, and you cannot res olve your techni cal
issues by using the C is co TAC W e b Site , yo u can op en a cas e on lin e by using the
TAC Case Open tool at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recom mended t hat you open P3 and P4 cases
through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2
issues. These classifications are assigned when severe network degradation
significantly impacts business operation s. When you conta ct the TAC Escalation
Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a
case.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xviii
78-14947-01
Preface
Obtaining Technical Assistance
T o obtain a directory of toll-free Cisco TAC telephone numbers for your country,
go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the
level of Cisco support services to which your company is entitled: for example,
SMARTnet, SMARTnet Onsite, or Network Support ed Accoun ts (NSA). W hen
you call the center , please have a vailabl e your service agr eement number and y our
product serial numb er.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xix
Obtaining Technical Assistance
Preface
xx
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
CHAPTER
Getting Started
The following topics provide a n overview of the Wireless LAN Solution Engine
(WLSE), information about WLSE displays, and assistance with getting started:
• Overview of the Wireless LAN Solution Engine, page 1-1
• Understanding the WLSE Use r Interfa ce, page 1-2
• Logging In and Out , pa ge 1-6
• Getting Started with Device Mana gement , page 1-7
Overview of the Wireless LAN Solution Engine
The WLSE is a hardware and software soluti on for manag ing Cisco wi reless
devices. The WLSE has th e following m ajor f eature s:
1
78-14947-01
• Configuration and Firmware
The configuration feature allows you to apply a set of configuration changes
to access points and bridges. Using the firmware feature, you can upgrade the
firmware on access points and bridges.
• Reporting
Allows you to display reports for tracking device, client and security
information. Report s can be ema iled, prin ted, and expor ted.
• Fault and Policy Monito ring
Provides device monitoring for fault and performance conditions, monitoring
of LEAP server resp onses , a nd mon itori ng of p ol icy misc onfigura tions .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-1
Understanding the WLSE Use r Interface
The WLSE works by gathering fault, performance, and configuration information
about Cisco devices tha t it d iscovers in your networ k. T he devices mu st be
properly configured for di scovery. After devices are discovered, yo u de cide
which devices to manage with the WLSE.
Understanding the WLSE User Interface
When you log into the WLSE through the Wo rld Wide Web, the set of features
(tabs and subtabs) displayed in the UI depends on the roles assigned to your user
login. A user wi th syste m adminis trator pr i vile ges can a ccess the featur es in all of
the tabs and subtabs, while other users may see only a subset of features. For more
information about user rol es, see Ma na gin g R oles, pag e 6-75 .
Note The WLSE UI times out after 30 minutes of inactivity and you must log in again.
The timeout is not configur able.
This section describes the following aspects of the UI:
• The dashboard, i ncl uding th e tabs, su btab s, and buttons in t he u ppe r ri gh t
corner—See The W LSE D ashbo ar d, page 1 -2.
Chapter 1 Getting Started
• How device names and IP addr es ses are disp laye d i n the WLSE G UI —See
Device Name and IP Address Display, page 1-5.
• The way the WLSE displays timestamps—See Time Display, page 1-5.
The WLSE Dashboard
The WLSE dashboard cons ists of:
• Tabs and subtabs that provide access to specific functions (see Tabs and
Subtabs, page 1-3).
• Buttons in the upper right corner that provide general functions (see Buttons,
page 1-4).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-2
78-14947-01
Chapter 1 Getting Started
Understanding the WLSE User Interface
Tabs and Subtabs
The dashboard contai ns the fol lowing tabs a nd subtabs:
Table 1-1 Tabs and Subtabs
Main Tab Subtabs For information, see...
Faults Display faults—display device faults.
Manage Profiles—use profiles to set thresholds and policies.
Fault Forwarding—s end fau lt i nfo rm atio n (t r aps, sysl og
messages, and emails)
Configure Templates—create configuration templates.
Jobs—apply configura tio n temp lat es t o devices.
Auto update—automate initial configuration.
Firmware Images—import firmware for access points and bridges from
the desktop or from Cisc o.co m to t he WLSE .
Jobs—upload firmware to devices.
Reports Device Center—quickly view reports for a partic ular d evice.
Wireless Clients—view reports about client associations with
access points.
Fault Monitoring,
page 2-1.
Configuring Devices,
page 3-1.
Updating Device
Firmware, page 4-1
Using Repo rts ,
page 5-1.
78-14947-01
Current—view, export, and email report s abo ut eac h t ype of
monitored device.
Trends—view, export, and email reports about current trends
for monitored devices.
Scheduled email jobs—manage email jobs.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-3
Chapter 1 Getting Started
Understanding the WLSE Use r Interface
Table 1-1 Tabs and Subtabs (continued)
Main Tab Subtabs For information, see...
Administration Discover—run discoveries, enter device credentials, put
devices under management, run immediate inventories, view
task history for inventory and discovery, import and export
devices, and enter AAA servers (LEAP, RADIUS, and
EAP-MD5) to be monitore d.
Group Management—view and manage device grouping.
Appliance—manage the WLSE sy stem (vi ew diagnost ic s,
manage WLSE software, manage WLSE security, backup
and restore data, configure the login screen, set current time,
specify NTP servers and name servers, and set up routing for
email jobs).
System Parameters—set global parameters for inventory and
polling.
User Admin—manage users and use r pro files.
My Profile—reset your password.
Performing
Administrative T asks,
page 6-1.
Buttons
1-4
Connectivity Tools—use the connectivity tools (ping,
traceroute, nslo okup, TC P po rt sc an, and SNMP
reachability).
The four buttons in the upper right co rner of th e user inte rface ha ve th e following
functions:
• Help—Displays online help for the subtab or option you are using and a table
of contents and ind ex for o nl ine hel p.
• About—Displays in formati on about th e WLSE version.
• Logout—Log s you out of the WL SE and displ ays the logi n screen.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 1 Getting Started
Device Name and IP Address Display
Many WLSE displays include a field for the device name . The da ta displaye d in
this field differs depending upon t he fo llowing:
• If reverse DNS looku p is enabled on the WLSE, the de vice name is displayed
in this field if the lookup succeeds. If the lookup fails, the device IP address
is displayed.
• If you do not enable reverse DNS lookup and d evice’s sysName is set, the
sysName SNMP variable is displayed. If sysName is no t se t, the device IP
address is displayed.
In some displays there are separate fields for device name, sysName, and IP
address.
To enable DNS lo okup o n th e WLSE , se lec t Administr ation > Discover >
DISCOVER > Discov ery Options and select Use reverse DNS lookup. For more
information, see E nabl e D iscovery O pti on s, page 6- 18 .
Time Display
Understanding the WLSE User Interface
78-14947-01
The WLSE uses browser (client) time in most of its displays. The format of
timestamps depends on the br owser you are using :
• In Internet Explorer, the timestamp usually consists of the browser time
(hours:minutes:sec onds) a nd date; for example :
14:17:16 10/12/2002
In some displays the timestamp is the day of the week, month and day,
browser time, timezone, and year; for example:
Sat Oct 12 11:15:01 PDT 2002
• In Netscape Navigator, the timestamp usually consists of the browser time
(hours:minutes:sec onds) a nd date; for example:
14:17:16 10/12/2002
In some displays the timestamp is the day of the week, time, offset from
GMT/UTC, timezone , and year ; for examp le:
Mon Mar 25 13:29:21 GMT-0800 (Pacific Standard Time) 2002
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-5
Logging In and Out
It is recommende d that y ou check t he cur rent time o n the WLSE a nd reset it to the
correct time the first time you log in. For more information about setting the
current tim e, see Setting the Current Time and Date on the WLSE, page 6-69.
The WLSE’s system time is Universal Coordinated Time (UTC), and UTC is used
in certain logs, such as the Discover y Run Log. To display or reset the UTC time,
use the CLI clock command. For more information on this command a nd other
CLI commands , see th e comm and ref ere nce in the Hardware Installation and
Configuration Guide for the CiscoWorks 1105 Wireless LAN Solution
Engine—click the PDF button in the online help.
Logging In and Out
When user logins are set up, users are assigne d one or more ro les. Roles define
which tabs and s u btab s a re v is ibl e t o t h e us er an d, th ere for e, whi ch fe atu re s c an
be accessed. There are predefined roles, which can be edited but not removed; and
you can create new roles. After initial setup, only the admin user can log into the
WLSE, using the re served u ser na me admin and the password spe cified duri ng
initial setup. To set up access for other users, see Managing Users, page 6-77 and
Managing Roles, pag e 6-75 .
Chapter 1 Getting Started
1-6
Procedure
To log into the GUI:
Step 1 Access the WLSE through a browser by entering the WLSE’s IP address,
followed by :1741 (for example: http://209.165.12 8:1741) .
For information on supported br owsers, see the Quick Start Guide for the
CiscoWorks 1105 Wireless LAN Solution Engine.
Step 2 Enter your username and pa ssword and click Logi n.
If you do not see fea tur es y ou nee d to u se , log out a nd lo g ba ck in a s a use r wi th
those privileges. Contact the system admi nistrato r for infor mation ab out the
features you can acc ess.
To log out from the WLSE, click Logout in the upper right corner of the window.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 1 Getting Started
Getting Started with Device Management
Note Login sessions automatically time out after 30 minutes of inactivity.
Getting Started with Device Management
Before you can use WLSE moni toring , configurati on, firmware upgrading (or
downgrading), and repo rting, you must set up your device s, initiate discov ery , and
move devices into the manag ed st at e. To get started, fo llow the di rec tio ns in the
Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine or use
the following task list as a general guide.
Table 1-2 Basic Initial Tasks
Task Description and References
1. Set up devices (access points, brid ges,
routers, switches, and AAA servers).
2. Log into the WLSE u sin g a Web brow ser. Enter the WLSE’s IP address, followed by:1741; for
3. Enter device credent ials. Device community strings for all managed devices must
4. Initiate discovery from the WLSE or
import devices from a file or from a
CiscoWorks2000 server.
5. Verify the discovery. On the WLSE, verify that devices were discovered. See
See Set Up Devices, page 6-12 for details.
example, http://209 .1 65. 202 .128 :174 1. Us e th e a dm in
username and the password you created during initial
setup of the WLSE.
be entered on the WLSE. See Specifying Device
Credentials, page 6-6.
For access point configuration tasks, HTT P userna mes
and passwords must be e ntere d on t he WL SE . See
Specify the HT TP U ser name and Password, p ag e 6-9.
If you are using discovery from the WLSE, add seed
devices and enable discovery. You can initiate an
immediate one-time dis covery or s chedule di s covery fo r
a later time. See Managing Device Discovery , page 6-10.
Viewing Inventory and Discovery Task History,
page 6-27.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-7
Getting Started with Dev ic e Management
Table 1-2 Basic Initial Tasks (continued)
Task Description and References
6. Move devices to the ma naged st at e a n d
run inventory.
7. Create other users and user roles as
needed.
You must move devices to the managed st ate on t he
WLSE before you c an use co nfigurati on, r ep orting , an d
monitoring featu res; or you can spe cify th at all
discovered devices be automatically manage d (see
Managing Devices, pa ge 6 -2). Aft er m oving devices t o
the managed state, you can run an immed iate inventory
to obtain device information need ed to use such WLSE
features as reports and automatic grouping (see Running
Inventories, page 6-24).
The WLSE has one predefined user (the system
administrator with t he u ser na me a dm in) an d fou r
predefined user roles. User roles are used to specify the
WLSE functions a given user ca n have access to. To
allow other users access to the WLSE, the system
administrator must add users. The system administrator
can also create roles to customize user access. See
Administering User s, page 6-75.
Chapter 1 Getting Started
1-8
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
CHAPTER
Fault Monitoring
The Faults tab displays inform ation t o help you mon itor your devices. All th e
device information shown under this tab is poll ed from the devices in your
network.
Following are the subtabs under Faults:
Note Some of the subtabs may no t be v isible to some u sers.
• Display Faults—See Displaying Faults, page 2-1
• Manage Profiles—See Managing Pro files, pa ge 2-7
• Notification Sett ing s—See Notification Settings, page 2-20
2
Displaying Faults
This window displays device fault information. A fault is an abnormal condition
that occurs when a system component exceeds a performance threshold or is not
functioning prope rly. (See Specifying Fault Thresholds, pag e 2-15 to set
threshold levels.)
A fault can also occur when a system policy is violated. (See Notification
Settings, page 2-20 to set policies.)
Displayed fault information is retained by default for 30 days. To change the
default, see Managing Sy stem Parame ters , page 6- 73.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-1
Displaying Faults
Note Your login determines whet her yo u ca n use th is opti on.
Step 1 Select Fau l ts > Disp l ay Faul ts. The Fault window appears.
Step 2 Use the Filter: bar to display the faults you want to view:
Chapter 2 Fault Monitoring
Procedure
Table 2-1 Display Faults Filter Bar
Field Description
Devices From the list, select the device type
whose fault summary you want to
display.
Severity From the list, select the severity from
P1, which is the highest severity level
to P5, which is the lowest severity
level, to display:
2-2
• P1—Severity P1 faults.
• P1-P2—Severity P1 and P2 faults.
• P1-P3—Severity P1 through P3
faults.
• P1-P4—Severity P1 through P4
faults.
• P1-P5—Severity P1 through P5
faults.
• All—Severity P1 through P5
faults, and faults that have been
cleared.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Table 2-1 Display Faults Filter Bar (continued)
Field Description
State From the list, select a states to display:
Name/IP Enter a complete or partial device
Displaying Faults
• All—Faults in all states are
displayed.
• Active—Faults are active (current)
and have not been acknowledged.
• Acknowledged—Fault s th at ar e
active and have been
acknowledged.
• Cleared—Faults tha t have be en
cleared (no longer in an Active or
Acknowledged state) .
name or IP addr es s.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-3
Displaying Faults
Step 3 Click Apply. The following table appears:
Chapter 2 Fault Monitoring
Note If no data is displayed in the table, there are no faults for your filtering
selection to report.
Table 2-2 Display Faults Table
Column Description
IP Address The device IP addres s.
Click to see various repor ts a bou t the
device. For information on the reports,
see Using the Device Center, page 5-1.
Hostname The device for which the fault is
reported.
Click to see various repor ts a bou t the
device. For information on the reports,
see Using the Device Center, page 5-1.
Family The product family.
Product The product name.
Type The device or the sub-device
component.
Description A description of the fault.
2-4
Click to see fault details. See Viewing
Fault Details, page 2-5.
Severity The fault severity level.
State The operational state of the device.
Timestamp Indicates the time, based on the client
browser , that the s tate of the de vice last
changed. See Time Display, page 1-5.
Click to see fault details. See Viewing
Fault Details, page 2-5.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Step 4 To sort table data, click on the column heading you want to use to sort the data:
Step 5 To acknowledge (change th e state f rom A c tive to Acknowledge d) :
Step 6 To unacknowledge (change the state from Acknowledged to Active):
Related Topics
Displaying Faults
• A triangle indi cat es a sce ndin g order.
• An upside-down triangle i ndic ates d esce nding orde r.
• No triangle indicates that the data is not sorted.
• A single fault, select it, then click Acknowledge.
• All faults, click Select All, then click Acknowledge.
• A single fault, select it, then click Unacknowledged.
• All faults, click Select All, then click Unacknowledged.
• Managing Profiles, page 2-7
• Notification Settings, page 2-20
Viewing Fault Details
The following tables are displayed in the Fault Details window.
To sort table data, click on the column heading you want to use to sort the data:
• A triangle indi cat es a sce ndin g order.
• An upside-down triangle i ndic ates d esce nding orde r.
• No triangle indicates that the data is not sorted.
Fault details for
Table 2-3 Fault Details Table
Column Description
IP The device IP addres s.
Name The device hostname.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-5
Displaying Faults
Chapter 2 Fault Monitoring
Table 2-3 Fault Details Table (continued)
Column Description
Family The device family.
Product The product name.
Type The device or the device sub-entity
(which could include a logical entity,
such as software o r a ser vice) in which
the fault is found.
Note If the Type is a sub-entity,
additional co lumns appear with
keys and valu es to help identify
the precise su b-e ntity. These
additional keys an d values are
MIB variables.
ifIndex A unique number that identifies the
interface .
2-6
Conditions
Table 2-4 Conditions Table
Column Description
Name The fault condition.
State The state of the device.
Severity The fault severity level.
Description A description of the fault.
Timestamp Indicates the time, based on the client
browser , that the s tate of the de vice last
changed.
See Time Display, page 1-5.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Fault History
Table 2-5 Fault History Table
Column Description
State The state of the device.
Severity The fault severity level.
Description A description of the fault.
Change A description of the state change.
Timestamp Indicates the time, based on the client
By Displays the username of t he person
Managing Profiles
browser , that the s tate of the de vice last
changed.
See Time Display, page 1-5.
who changed the fault state.
If the fault state has not been
acknowledged, nothing is displaye d in
this col um n .
Managing Profiles
Every de vice managed b y the WLSE has a prof ile assig ned to it. A pr ofile is made
up of threshold values and policy settings.
If you have not assigned a specific profile to a device it has the system Default
profile. The default p rofile c an be edit ed, but it c a nnot be d ele ted .
The topics covered in this sect ion are:
• Creating a Profile, page 2-8
• Copying a Profile, page 2-8
• Renaming a Profile, page 2-9
• Editing a Profile, page 2-9
• Deleting a Profile, page 2-10
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-7
Managing Profiles
• Assigning a Profile to a Device, page 2 -10
• Viewing Devices, page 2-11
Creating a Profile
Use this option to create a profile.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Enter a unique n ame. ( See Namin g G u idel ine s, pa ge A- 1 for details.)
Step 3 Click Create New. The new name appears in the Existing Profiles list.
Chapter 2 Fault Monitoring
Note The new profile is a copy of the Default profile.
Step 4 Select the name, then click Edit. The Editing Profile window appears. (See
Editing a Profile, page 2-9 .)
Copying a Profile
Use this option to copy a profile tha t you can use as a base for ano ther profile.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-8
78-14947-01
Chapter 2 Fault Monitoring
Step 2 Select the profile you want to copy from the Existing Profiles box, then click
Create Copy. A dialog box appe ars a ski ng you to ent er a name f or the copy.
Step 3 Enter a unique n ame. ( See Namin g G u idel ine s, pa ge A- 1 for details.)
Step 4 Click OK. The new name appears in the Existing Profiles list.
Step 5 Select the name, then click Edit. The Editing Profile window appears. (See
Editing a Profile, page 2-9 .)
Renaming a Profile
Use this option to rename a profile.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to rename fro m the Ex isting Profiles box, then click
Rename. A dialog box ap pear s as king yo u to e nte r a new name .
Managing Profiles
Step 3 Enter a unique n ame. ( See Namin g G u idel ine s, pa ge A- 1 for details.)
Step 4 Click OK. The new name appears in the Existing Profiles list.
Editing a Profile
Use this option to edit a profile.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-9
Managing Profiles
Step 2 Select the policy you want to edit from the Existing Policies box, then click Edit.
The Editing Profile w ind ow appears.
Step 3 Select the policies and thresholds in the left pane that you want to assign to the
profile. For a description, see Profile Choices, p age 2-1 2.
Deleting a Profile
Use this option to delete a profile.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to delete from the Existing Profiles box, then click
Delete. A window appears asking if you want to delete the pr ofile.
Chapter 2 Fault Monitoring
Note Any devices that were assign ed th is dele ted profile will be assi gned th e
Default profile.
Step 3 Click OK to delete it.
Assigning a Profile to a Device
Use this option to assign a profile to a single device or a group of devices. Devices
can only have one profile assigned to them at a time.
Note Your login determines whet her yo u ca n use th is opti on.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-10
78-14947-01
Chapter 2 Fault Monitoring
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to assign to the devices from the Existing Profiles box,
then click Assign to Devices. The Assigning Profiles window appears.
Step 3 If you want to sea rch for devices , use the d ialog bo x in the le ft pan e above the
device selector:
a. From the list, select the method yo u want to u se to se arc h for t he d evice: by
b. Enter the IP address or nam e, o r use a n aste risk (*) as a wildc a rd t o denot e
Step 4 If you know which device you want, use the device selector to select the devices.
They are added to the list of Available Devices.
Step 5 From the list of Available Devices, select the device to which you want to apply
the profile and click >>. The devices are moved to the Selected Devices list.
Step 6 Click Continue. A confirmation di alog bo x appea rs fo r the device assi g nment .
Managing Profiles
name or by IP address.
numbers and letters, then click Go. The requested device appears in the
Search Results folder.
Step 7 Click OK to accept the device assignment or Cancel to cancel the device
assignment.
Viewing Devices
Use this option to view the devices that have been assigned to a profile.
Note Your login determines whet her yo u ca n use th is opti on.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-11
Managing Profiles
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select a profile from Existing Profiles box, then click View Devices. A window
appears listing the devices that are assigne d to that pro file.
Profile Choices
When you create or edit a profile, the following choices appear in the left pane of
the Editing Profile window:
• Security Policies—See Specifying Security Policies, page 2-12
• Thresholds—See Specifying Fault Thresholds, page 2-1 5
Specifying Security Policies
Chapter 2 Fault Monitoring
2-12
This is option allows you to activate or deactivate a set of pre-defined policies for
access points.
The policies you set in this window will determine how some of the faults are
displayed in the Fau lt s > Di s pl a y Faul t s subtab.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 In the left pane, select the variable for which you want to set a policy.
• SSID—Go to Step 2
• Firmware Version—Go to Step 5
• Broadcast SSID Disabled—Go to Step 8
• WEP Enabled—Go to Step 8
• LEAP Enabled —Go to Step 8
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Step 2 To activate the policy, do the following:
Field Description
V er ify Select if you want to v erify that SSID is en abled.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
Enter ssid Enter the unique identifier used by client
Managing Profiles
• WEP Key Length—Go to Step 10
• HTTP Disabled—Go to Step 8
• Telnet Dis abled—Go t o Step 8
• PSPF Enabled—Go to Step 8
• User Manager En fo rce d—Go to Step 8
• HTTP Authentication—Go to Step 8
with this policy.
devices to associate with the access point. Any
alphanumeric character up to 32 characters
long.
78-14947-01
Step 3 Click Add to add the SSID to the list, then go to Step 11.
Step 4 To remove an SSID from the list, select it, click Remove, then go t o Step 11.
Step 5 To activate the policy, do the following:
Field Description
Verify Select if you want to verify that firmware
version is enabled.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
with this policy.
Enter Firmware Version Enter the firmware version.
Step 6 Click Add to add the firmware version to the list, then go to Step 11.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-13
Managing Profiles
Step 7 To remove a firmware version from the list, select it, click Remove, then go to
Step 8 Complete th e foll owing :
Chapter 2 Fault Monitoring
Step 11.
Field Description
Verify Select if you wa nt to ve rify one of the follo wing:
• Broadcast SSID is disabl ed
• WEP is enabled
• LEAP is enabled
• HTTP is disable d
• Telnet is disabled
• PSPF is enabled
• User Manager Capabilities are enforced
• HTTP authentication
Polling Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
with this policy.
2-14
Step 9 Go to Step 11.
Step 10 Complete the fo llowi ng :
Field Description
Verify Select if you want to verify the WEP key length.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
with this policy.
WEP Key Length Select to indicate the bit length.
Step 11 Click Reset to refresh any fields you have changed but want to restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Specifying Fault Thresholds
This option allows you to set polling and exception threshold values collected
from the devices you are monitoring.
The threshold values you set in this window will determine how the faults are
displayed in the Fau lt s > Di s pl a y Faul t s subtab.
Note Your login determines whet her yo u ca n use th is opti on.
Threshold choices include the foll owing options:
• Access Point—See Setting Access Point Fault Thresholds, pa ge 2-1 5.
• Switch—See Setting Switch Fault Thresholds, page 2-17.
• Router—See Setting Router Fault Thresholds, page 2-19.
• LEAP—See Setting Server Re spo nse Time, page 2- 19 .
• Radius—See Setting Server R esponse Time, page 2 -19.
• EAP-MD5—See Setting Server Response Time, page 2-19
Managing Profiles
Setting Access Point Fault Thresholds
Using this optio n, you c a n s et up th reshol d s f or ac c ess po int fau lts. W hen t he
thresholds are exceeded, faults are generated and can be viewed under Faults >
Display Faults.
Procedure
Step 1 Select any of the following to set values for:
• SNMP Reachable—Go to Step 2.
• RF Port Status—Go to Step 2.
• RF Port Utilization—Go to Step 4.
• RF Port Packet Errors—Go to Step 4.
• RF Port WEP Errors—Go to Step 4.
• RF Port FCS Errors—Go to Step 4.
• Ethernet Port Status—Go to Step 2.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-15
Managing Profiles
Step 2 Complete th e foll owing :
Chapter 2 Fault Monitoring
• Ethernet Port Utilization—Go to Step 4.
• Ethernet Port Packet Errors—Go to Step 4.
• Associated Clients—Go toStep 4.
• SSID Mismatch Rate—Go toStep 4.
• Association Rate—Go to Step 4.
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
number of polling cycles bef ore the stat us is
Down.
Up From the list, select the number of polling
cycles before the fault is cleared and the status
is Up.
2-16
Step 3 Continue to Step 5.
Step 4 Complete th e foll owing :
Field Description
Enable Select to enable a threshold for this
component.
Poll Interval From the list, select the polling
interval.
Settings
Overloaded From the list, select the severity level,
the percentag e, a nd the nu mb er of
polling cycles before the status is
Overloaded.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Field Description
Degraded From the list, select the severity level,
OK From the list, select the severity level,
Step 5 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
Setting Switch Fault Thresholds
Using this option, you can set up thresholds for switch faults. When the thresholds
are exceeded, faults ar e gene rated and can be viewed under Faul ts > Dis pla y
Faults.
Managing Profiles
the percentag e, a nd the nu mb er of
polling cycles before the status is
Degraded.
the percentag e, a nd the nu mb er of
polling cycles before the st atu s is O K.
78-14947-01
Procedure
Step 1 Select any of the following to set values for:
• SNMP Reachable —Go to Step 2.
• CPU Utilization—Go to Step 4.
• Memory Utilization—Go to Step 4.
• Port Status—Go to Step 2.
• Port Utilization—Go to Step 4.
• Module Status—Step 2.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-17
Managing Profiles
Step 2 Complete th e foll owing :
Step 3 Go to step Step 5.
Step 4 Complete th e foll owing :
Chapter 2 Fault Monitoring
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
number of polling cycles bef ore the stat us is
Down.
Up From the list, select the number of polling
cycles before the fault is cleared and the status
is Up.
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
percentage, and the nu mber of polling cycles
before the status is Overloaded.
Degraded From the list, select the severity level, the
percentage, and the nu mber of polling cycles
before the status is Degraded.
OK From the list, select the severity level, the
percentage, and the nu mber of polling cycles
before the status is OK.
2-18
Step 5 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Setting Router Fault Thresholds
Using this option, yo u can set up the ro uter ’s SNMP reachable threshold. When
the threshold is exc eede d, a fau l t is gene rat ed a nd can be viewed und er Fa ults >
Display Faults.
Procedure
Step 1 Complete th e foll owing :
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
Up From the list, select the number of polling
Managing Profiles
number of polling cycles bef ore the stat us is
Down.
cycles before the fault is cleared and the status
is Up.
Step 2 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
Setting Server Response Time
Using this option, you can set up a threshold for LEAP, RADIUS, and EAP-MD5
server response time. When the threshold is e xceeded, a fault is gene rated and can
be viewed under Faults > Display Faults.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-19
Notification Settings
Step 1 Complete th e foll owing :
Chapter 2 Fault Monitoring
Procedure
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is Overloaded.
Degraded From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is Degraded.
OK From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is OK.
Step 2 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
Notification Settings
The WLSE has the capability to send traps, syslog messages, and emails when a
fault is detected.
This section has the following options:
• Setting Trap Notification
• Setting Syslog Notification
• Emailing Faults
Note Your login determines whet her yo u ca n use th is opti on.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-20
78-14947-01
Chapter 2 Fault Monitoring
Related Topics
• Displaying Faults, page 2-1
• Specifying Fault Thresholds, page 2- 15
• Notification Settings, page 2-20
Setting Trap Notification
This option al lows you to e nabl e t he W LSE to send nor th-b oun d excep tio n
notification to one or more SNMP trap receivers. The exception notification
contains information such as device name and IP, fault number, timestamp,
exception severity, and a message describing th e pro ble m.
The MIB that defines the trap and the varbinds can be found at the following URL:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-DEVICE-EXCEPTION-REPORTINGMIB.my
Before You Begin
Make sure your SNMP trap receiver’s trap receiving daemon is set to the correct
port. The default port is set to 162.
Notification Settings
78-14947-01
Procedure
Step 1 Select F aults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message format for th e notification: Plai n Text or XML.
Step 3 Complete th e foll owing :
Field Description
Trap Select to enable trap notification.
Port Enter the port number if different from the
default of 162.
Host Enter the hostname/IP of the SNMP trap
receiver to which you want to send SNMP trap
notification.
Community Enter the community string.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-21
Notification Settings
Step 4 If you want a different host to receive trap notification, click add row . Ther e is no
limit to the number you can enter.
To delete a row, click delete, next to the row you want to r emove.
Step 5 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
• Setting Syslog Notification, page 2-22
• Emailing Faults, page 2-23
Setting Syslog Notification
This option allows you to send syslog messag es to selected syslog servers. T he
messages contain information such as device name and IP, fault number, date and
time, exception severity, and a message about what is wrong.
Chapter 2 Fault Monitoring
2-22
Before You Begin
Make sure your syslog server is turned on to be able to receive messages from the
Wireless LAN Solution Engine. Also make sure that the receiving process is
configured to receive messages from remote hosts (for example, start syslogd with
-r option on some UNIX versions ).
Procedure
Step 1 Select F aults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message format for th e notification: Plai n Text or XML.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Step 3 Complete th e foll owing :
Field Description
Syslog Select to send syslog messages to designa ted
Enter Syslog host names Enter the hostname/IP for the syslog servers.
Step 4 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
Notification Settings
syslog servers.
Names must be separated by a space, a comma,
a semicolon, or a n ew line.
• Setting Trap Notification, page 2-21
• Emailing Faults, page 2-23
Emailing Faults
The emailed exception notification contains the following information:
78-14947-01
Attribute Description
FaultId A unique identifier for the fault.
DeviceId A unique identifier used by the WLSE for the
device with the fault.
DeviceIp The IP address of the device with the fault.
DeviceName The name of the device with the fault .
MOId The id en ti fier u sed by the W LS E f or th e
subcomponent of t he d evice wi th the fault.
AlarmState The state of the Alarm (Active or Cleared).
Description A descript ion of the last updated to the fault .
Severity The severity of the fault.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-23
Notification Settings
Chapter 2 Fault Monitoring
You have the option of sending the em ail no tificati on as p la in text or in an XML
format.
• An example of a messa ge us in g p lain t ext will app ear a s f ollows:
FaultId 19
DeviceId 106
DeviceIp 172.20.29.118
DeviceName sj-W-10- AP- 118
MOId {MOID[c=1013,d =10 6,i=37 9]}
AlarmState Active
Description SSID po lic y viol atio n
Severity P1
• An example of the same message sent in an XML format will appear as
follows:
<Msg><FaultId>19</F aul tId><D evic eId>10 6</ Dev iceId>< Dev iceIP> 172.
20.29.118</DeviceIP ><D eviceN ame> sj-W-1 0-A P-1 18<Devi ceN ame><M OId>
{MOID[c=1013,d=106, i=3 79]}</ MOId ><Alar mSt ate >Active </A larmSt ate>
<Description>SSID p oli cy vio lati on
</Description><Seve rit y>P1</ Seve rity>< /Ms g>
2-24
Procedure
Step 1 Select F aults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message format for th e notification: Plai n Text or XML.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 2 Fault Monitoring
Step 3 Complete th e foll owing :
Field Description
Email Select to enable email notification of exception
Enter email addresse s Enter t he email addr esses of users you want to
Priority From the list, select the priority of the
Tip If email notification is not worki ng, you may need to configur e the
Notification Settings
information.
receive exception notification.
Addresses must be separated by a space, a
comma, a semicolon, or a new line.
exceptions you want to email.
mailroute by selecting Administration > Appliance > Configure
Mailroute.
78-14947-01
Step 4 If you want a different group of users to receive different priority level exceptions,
click add row to add another set of email addresses. There is no limit to the
number of email addresses you c an enter.
Step 5 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
• Setting Trap Notification, page 2-21
• Setting Syslog Notification, page 2-22
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-25
Notification Settings
Chapter 2 Fault Monitoring
2-26
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
CHAPTER
Configuring Devices
The Configure tab allows you to view, create, copy, edit, and delete configuration
templates and appl y them to lar ge num bers of devices at a time.It als o allo ws you
to schedule a configuration job and to che ck on the j ob’s status.
Following are the subtabs under Configure:
Note Some of the subtabs may no t be v isible to some u sers.
• Templates—See Using the Templates, page 3-1.
• Jobs—See Managing Configuration Jobs, pa ge 3-13 7.
• Auto Update—See Automating Configura tions, page 3 -151.
3
Using the Templates
This is window allows you to create, modify, and delete configuration templates.
The topics covered in this sect ion are:
• Creating a Template, page 3-132
• Copying a Template, page 3-133
• Editing a Template, page 3-134
• Deleting a Template, page 3-134
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
3-1
Using the Templates
• Importing a Template, page 3-135
• Exporting a Template, page 3-137
Related Topic
Managing Configuration Jobs, pa ge 3-13 7
Template Choices
Note Clicking Clear removes all the current e ntrie s in t he win dow and any entries you
have made in other Template windows up until that point.
When you create or edit a configuration template, the following choices appear in
the left pane of the Templates window:
1. Template Name—See Naming the Template, page 3-3.
2. Template Categories
Chapter3 Configuring Devices
3-2
Note Any or all of the template categories can be completed in any order.
–
Express Template—See Using Express Template, page 3-3.
–
Association—See Setting Up Association, page 3-8.
–
Ethernet—See Configuring the Ethernet Por t, page 3-49.
–
11b Radio—See Configuring t he 1 1b Radi o, pa ge 3-5 6.
–
11a Radio—See Configuring the 11a Radio, pa ge 3-73.
–
Security—See Defining the Security Setting s, pa ge 3-92 .
–
Services—See Configuring Services, page 3-1 02.
–
Events—See Configuring Events, page 3-1 24.
–
Custom Values—See Configuring Custom Values, page 3- 130.
3. Preview—See Previewing the Template, page 3-131.
4. Finish—See Finishing the Template, page 3-132.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Naming the Template
This option enables to you to name the template.
Procedure
Note Clicking Clear removes all the entries you have made.
Step 1 Select Template Name. The Template Name dialog box appears:
Field Description
Name
Description Ent er a desc ripti on of t he p urp ose of t he
Using the Templates
Enter a name for the template.
See Naming Guidelines, page A -1 .
template.
See Naming Guidelines, page A -1
Step 2 Select a template categ ory. (F or additi onal information , see Template Cate g orie s,
page 3-2.)
Using Express Template
Use this option if you need to set up an ac cess point quic kly with a simp le
configuration. This will all ow you to enter al l the access point's essential setting s
for basic operation.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-3
Using the Templates
Step 1 Select Express Template. The Express dialog box disp lays in the righ t pa ne :
Chapter3 Configuring Devices
Procedure
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
Table 3-1 Express Template Settings
Field Description
Reboot Device From the list, select Yes if you want to allow
device reboots.
SysName Enter a system name.
The system name appears in the titles of the
management system pa ges and in the acc ess
point's Association Table page.
3-4
This is not an essential setting, but it helps
identify the access po int on your net work.
SysLocation Enter the system’s location.
This is not an essential setting, but it helps
identify the access po int on your net work.
SysContact Enter a conta ct name.
This is not an essential setting but it helps
identify the person responsible for the access
point on your network.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Configuration Server Protocol Set this entry to match the network’s method
Default Subnet Mask Enter an IP subnet mask to iden tify th e
Using the Templates
of IP address assignment.
From the list, select one of the following
options:
• None-Static IP—Use this if y ou r
network does not have an automatic
system for IP address assignment.
• BOOTP—Use this if your network uses
Bootstrap Protocol, i n w hic h IP
addresses are hard-coded based on MAC
addresses.
• DHCP—Use this i f y our n etwor k use s
Dynamic Host Configuratio n Prot ocol ,
in which IP addresses are “leased” for
predetermined pe riod s of time .
subnetwork so the IP address can be
recognized on t he L A N.
78-14947-01
If DHCP or BOOTP is not enabled, this f ield
is the subnet mask.
If DHCP or BOOTP is enabled, this field
provides the subnet m ask on ly i f no se rver
responds to the access poi nt's D HCP or
BOOTP request.
Default Gateway Enter the IP address of your default Interne t
gateway.
The entry 255.25 5.2 55.255 i ndic ates no
gateway.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-5
Using the Templates
Chapter3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Radio Service Se t I D (SSI D) Ente r any al phanu me ric , case -sen sitive
string, from 2 to 32 ch ar act ers long.
The SSID is a unique identifier that client
devices use to asso ciat e with t he acc ess
point. The SSID helps cl ient devices
distinguish between multiple wireless
networks in the same vicinity and provides
access to VLANs by wireless client devices.
Several access points on a network or
subnetwork can share an SSID.
3-6
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Role in Network From the list, select one of the following:
Using the Templates
• Access Point—Use this setting if the
access point is connecte d to the wire d
LAN.
• Repeater—Use this setting for access
points not connected to the wir ed LAN.
• Survey Clien t—Use this setting when
performing a site survey for a repeater
access point. When you selec t this
setting, clients are not allowed to
associate and th e brid ge's S TP funct ion
is disabled.
• Root Bridge—Use this setting to set a
bridge as the root bridge. (One bridge in
each group of bridges must be set as the
root bridge). T he ro ot bri dg e ca nn ot
associate with anothe r root bri dge.
78-14947-01
• Non-Root Bridge w/ Client—Use this
setting for non- root br idge s th at ac cept
associations from clie nt devices and for
bridges acting as repeater s. A non-root
bridge will only associa te to an other
bridge (root or non-root).
• Non-Root Bridge w/o Cl ient —Use this
setting for non-roo t bri dges t hat should
not accept associations fro m clie nt
devices. A non-root bridge (witho ut
clients) can connect to a wired LAN and
only associates to another bridge (root or
non-root).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-7
Using the Templates
Chapter3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Ensure Compatibility with Cisco From the list, select one of the following:
• Enable—Use this setting to
automatically configure the device to be
compatible with othe r Cisco devices o n
your wireless L AN.
• Disable—Use this setting to not
automatically configure the device to be
compatible with othe r Cisco devices o n
your wireless L AN.
Ensure Compatibility with
2MB/sec Clients
From the list, select one of the following:
• Enable— Use this setting to operate at a
maximum speed of two megabits per
second.
• Disable—Use this setting i f yo u do not
want devices to operate at a maximum
speed of two megabits per second.
Step 2 Select one of the following:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Setting Up Association
Use this option to se t u p sp an ning tre e prot ocol (S TP) o n b ridg es an d to set up
filtering to control the flow of data through the access poi nt.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-8
78-14947-01
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association. The menu expands and the Association dialog box displays in
the right pane.
Step 2 Select one of the following from the Assoc iation me nu:
• Spanning Tree—See Defining Spanning Tree Protocol, page 3-9.
• Address Filters—See Defining Address Filters, page 3-12.
• Ethertype Filters—See Defining Ethertype Filters , page 3-14.
• IP Protocol Filters—See Defining IP Protocol Filters, page 3-18.
• IP Port Filters—See Defining IP Port Filters, pa ge 3-23 .
• Policy Groups—See Configuring Policy Gr oups , pag e 3-28.
• VLANs—See Configuring VLANs, page 3-31.
• Quality of Service—See Configuring Quality of Service, page 3-36.
• Service Sets—See Configuring Service Sets, pa ge 3-38 .
• Advanced—See Defining Advanced Associations, page 3-42.
• Port Assignments—See Configuring Port Assignments, page 3-47.
Using the Templates
• DSCP to CoS—See Configuring DSCP to CoS, page 3-48 .
Defining Spanning Tree Pr otocol
This option is used for only bridges.
Procedure
Step 1 Select Association > Spanning Tree. The Association: Spanning Tree Protocol
dialog box appears.
Step 2 Click see details for information on which bridges this configuration is valid.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-9
Using the Templates
Step 3 Complete th e foll owing :
Chapter3 Configuring Devices
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
Table 3-2 Spanning Tree Protocol Sett ings
Field Description
Spanning Tree Protocol
(STP)
Always Unblock
Ethernet wh en S TP is
disabled
From the list, select one of the following:
• Enable—Use this setting to enable STP on the
bridge.
• Disable—If you do not want STP enabled the
bridge.
From the list, select one of the following:
• Yes—Use this setting to maintain a bridge link
when STP is disabled
3-10
• No—Use this setting to not maintain a bridge
link when STP is disabled.
Click see details to see w hich ve rsions this sett ing is
valid for.
Root Configuration
Priority (0-65535) Enter a num ber to infl uence w hich bridge is
designated the root bridge in the spanning tree.
When bridges have the same priority setting, STP
uses the MAC addresses as a tiebreaker.
The bridge with the lowest priority setting is likely
to be designated the root bridge in the tree.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-2 Spanning Tree Protocol Settings (continued)
Field Description
Max Age (6-40 Seconds) Enter the number of seconds to define how long the
Hello Time (1-10
Seconds)
Forward Delay (4-30
Seconds)
Port Configuration
Path Cost (1-65535) Enter a number to indicates the relati v e ef f icienc y of
Using the Templates
bridge waits before deciding the network has
changed and the spanning tree needs to be rebuilt.
For example, with Ma x A g e set to 2 0, th e br idge
attempts to rebuild the spanning tree if it does not
receive a hello BDPU fro m the ro ot bridge in the
spanning tree within 20 seconds.
Enter the number of seconds to define how often the
root bridge in the spanning tree sends out a hello
BPDU telling the other bridges that the network
topology has not changed and that the spanning tree
should remain the same .
Enter the number of seconds to define how long the
bridge’s ports should stay in the listening and
learning transition states if there is a change in the
spanning tree.
a port’s network link.
78-14947-01
A port with a high path cost is less likely to become
a bridge’s root port.
Priority (0-255) Enter a number to influence whether STP designates
a port as a bridge’s root port.
A port with a low priority setting is more likely to
become a bridge’s root port .
Enable From the list, select one of the following for each
port configured:
• Enable—Use this setting to indicate whether the
port participates in STP. (This determines
whether the port blocks or for wards tra ffic.)
• Disable—Use this setting to indicate that the
port does not participate in STP.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-11
Using the Templates
Step 4 Select one of the following:
Defining Address Filters
Step 1 Select Association > Address Filters. The Association: Address Filters dialo g
Step 2 To add a new MAC address filter complete the following fields:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Using this option, you can:
• Create a MAC address filter
• Remove a MAC address filter
Procedure
box appears.
3-12
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Field Description
Lookup MAC
address on
Authenti cation
Server if not in an
Existing Filter List?
Is MAC
Authentication alone
sufficient for a clien t
to be fully
authenticated?
New Destination
MAC Address
Using the Templates
Click one of the following:
• Yes—Use this setting to allow looking up a MAC
address on the authentication server.
• No—Use this setting to disa llow looking up a
MAC address.
From the list, select one of the following:
• Yes—Use this setting to specify that client devices
that associate to th e access poin t using 8 02.11
open authentication, first attempt MAC
authentication.
• No—Use this setting to specify that MAC
authentication alone is not sufficient.
Click see details to see which versions this setting is
valid for.
Enter a destination MAC address by entering the
address in one of the following ways:
78-14947-01
• With colons separating the character pairs
(00:40:96:12:34: 56, for example )
• Without any intervening characters
(004096123456, for example)
Allowed Click to pass traffic to the MAC address.
Disallowed Click to discard traffic to the MAC address.
Step 3 Click Add to add the MAC address to the Current MAC Address Filters list.
Step 4 To remove a MAC Address, select it from the Current MAC Address Filters list,
then click Remove.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-13
Using the Templates
Step 5 Select one of the following:
Defining Ethertype Filt ers
Procedure
Step 1 Select Association > Ethertype Filters. The Association: Ethertype Filters
dialog box appears.
Step 2 Using thi s op tio n:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
• Create new filters—See Creating New Ethertype Filters, page 3-14.
• Delete the Filters—See Deleting Ethertype Filters, page 3-16.
3-14
Using this optio n y ou c an als o:
• Create Special Cases—See Creating Special Cases, page 3-16.
• Delete Special Cases—See Deleting Special Cases, page 3-18.
Creating New Ethertype Filters
Procedure
Step 1 T o c reate and enab le protoco l f ilte rs for t he access p oint’s Ethern et por t, ent er the
following:
Note Refer to the following URL for a list of Ether type protoc ols:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350ax b.htm#85314
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-3 Creating New Ethertype Filters Settings
Field Description
Add New Ethertype Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
Default Disposition From the list, select one of the following:
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
multicast Enter the number of milliseconds multicast packets
Using the Templates
See Naming Guidelines, pa ge A-1 .
• Forward—Use this setting to forward protocol
traffic.
• Block—Use this set tin g to blo ck pr otoc ol traffic.
should stay in the access point’s buffer before th ey are
discarded.
should stay in the access point’s buffer before th ey are
discarded.
78-14947-01
Step 2 Click Add. The new name is added to the Ethertype Filte rs list.
Step 3 Select one of the following:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-15
Using the Templates
Step 1 To delete protocol filters for the access point's Ethernet port, select the set name
Step 2 Select one of the following:
Chapter3 Configuring Devices
Deleting Ethertype Filters
Procedure
from the Current Ethertype Filters list, then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Creating Special Cases
Procedure
3-16
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-4 Ethertype Filter Special Cases Settings
Field Description
Special Cases
Ethertype Enter the Ethertype filter name.
Disposition From the list, select one of the following:
• Default—Use the disposition you se t f or the E ther type
filter.
• Forward—Use this setting to forward protocol traffic.
• Block—Use this setting to blo ck pr otoc ol tr affic.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-4 Ethertype Filter Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets sh ould stay in
multicast Enter the number of milliseconds multicast p ackets should stay
Alert From the list, select one of the following:
Using the Templates
• Default—This setting is the same as best effort, which
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and other
activities that are allowed on the network but should not
impact network use by o ther u ser s and a pplic ati on s.
• Excellent Effort—Use this setting for a network’s most
important users.
• Controlled Load —Use this setting for important business
applications that are subjec t to some for m of admissi on
control.
• Interactive Video—Use this setting for traffic with less
than 100 ms del ay.
• Interactive Voice—Use this setting for traff ic with less than
10 ms delay.
• Network C ont ro l—Use this setting for traffic that must get
through to maintain and support the ne twork infrastr ucture.
the access po int ’s buffer before they are discarde d.
in the access point’s buffer before they are discarded.
78-14947-01
• yes—Use this setting to send an alert to the ev ent log when
a user transmits or recei v es the protoc ol throug h the access
point.
• no—Use this setting to not send an alert to the event log.
Step 3 Click Add. The new name is added to the list box.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-17
Using the Templates
Step 4 Select one of the following:
Step 1 To delete special cases for the access point's Ethernet port, select the Ethertype
Step 2 Select one of the following:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting Special Cases
Procedure
name from the list box, then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Defining IP Protocol Filters
Procedure
Step 1 Select Association > IP Protocol Filters. The Association: IP Protocol Filters
dialog box appears.
Step 2 With this option you ca n:
• Create new filters—See Creating New IP Protocol Filters, page 3-19.
• Delete the filters—See Deleting IP Protocol Filters, page 3-2 0.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-18
Categories, page 3-2.)
78-14947-01
Chapter 3 Configuring Devices
Using this optio n y ou c an als o:
• Create Special Cases —See Creating Specia l Cases, pag e 3-21.
• Delete Special Cases—See Deleting Special Cases, page 3-23.
Creating New IP Protocol Filters
Procedure
Step 1 To create and enable IP protocol filters, enter the following:
Note Refer to the following URL for a list of IP prot ocols:
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
Using the Templates
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350ax b.htm#85314
78-14947-01
See Naming Guidelines, pa ge A-1 .
Default Disposition From the list, select one of the following:
• Forward—Use this setting to forward protocol
traffic.
• Block—Use this set tin g to blo ck pr otoc ol traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the access point’s buffer before th ey are
discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the access point’s buffer before th ey are
discarded.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-19
Using the Templates
Step 2 Click Add. The new name is added to the Current Protocol Filters list.
Step 3 Select one of the following in the left pane:
Step 1 To delete an IP protocol filter, select the name from the Current Protocol Filters
Step 2 Select one of the following in the left pane:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting IP Protocol Filters
Procedure
list, then click Delete.
3-20
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-5 IP Protocol Filters Special Cases Settings
Field Description
Special Cases
Protocol Enter the IP protocol name.
Disposition From the list, select one of the following:
Using the Templates
• Default—Use the disposition you se t f or the pr otoc ol
filter.
• Forward—Use this setting to forward traffic.
• Block—Use this setting to block traffic.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-21
Using the Templates
Chapter3 Configuring Devices
Table 3-5 IP Protocol Filters Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
• Default—This setting is the same as best ef fort, wh ich
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not impac t n etwork use by othe r use rs and
applications.
• Excellent Ef fort—Use this setting for a network's most
important users.
• Controlled Load —Use this setting for important
business applications that are subject to some form of
admission control.
• Interacti ve V ideo—Use this setting for traf fic with less
than 100 ms del ay.
3-22
• Interactive Voice—Use this setting for traffic with less
than 10 ms delay.
• Network C ontrol—Use this setting for tr affic t hat must
get through to maintain and support the network
infrastructure .
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets should
stay in the access point’s buffer before they are discar ded.
multicast Enter the number of milliseconds mult icast p ack et s sh ould
stay in the access point’s buffer before they are discar ded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the event log
when a user transmits or receives the protocol through
the access point.
• no—Use this setting to not send an alert to the event
log.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Step 3 Click Add. The new name is added to the list box.
Step 4 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Deleting Special Cases
Procedure
Step 1 To delete special cases, select the protocol name from the list box, then click
Delete.
Step 2 Select one of the following in the left pane:
Using the Templates
Template, page 3-13 1.)
Categories, page 3-2.)
Defining IP Port Filters
Step 1 Select Association > IP Po rt Filter s. The Associa tion: IP Port Filters d ialog box
Step 2 With this option you ca n:
78-14947-01
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Procedure
appears.
• Create new filters—See Creating New Port Filters, page 3-24.
• Delete the filters—See Deleting Port Filters, page 3-25.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-23
Using the Templates
Step 1 To create and enable port filters, enter the following:
Chapter3 Configuring Devices
Using this optio n y ou c an als o:
• Create Special Cases —See Creating Specia l Cases, pag e 3-26.
• Delete Special Cases—See Deleting Special Cases, page 3-28.
Creating New Port Filters
Procedure
Note Refer to the following URL for a list of IP port protoc ols:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350ax b.htm#85314
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
3-24
See Naming Guidelines, pa ge A-1 .
Default Disposition From the list, select one of the following:
• Forward—Use this setting to forward traffic.
• Block—Use this setting to block traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the ac cess point ’s buffer before they
are discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the ac cess point ’s buffer before they
are discarded.
Step 2 Click Add. The new name is added to the Current Port Filters list.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Deleting Port Filters
Procedure
Step 1 To delete a protocol filter, select the na me from the Current Po rt Filters list, then
click Delete.
Step 2 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Using the Templates
Template, page 3-13 1.)
Categories, page 3-2.)
Template, page 3-13 1.)
78-14947-01
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-25
Using the Templates
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Chapter3 Configuring Devices
Creating Special Cases
Procedure
Table 3-6 IP Port Filters Special Cases Settings
Field Description
Special Cases
Port Enter the IP Port filter na me.
Disposition From the list, select one of the following:
• Default—Use the disposition you set for the port filter.
• Forward—Use this setting to forward protocol traffic.
• Block—Use this setting to blo ck pr otoc ol tr affic.
3-26
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-6 IP Port Filters Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
Using the Templates
• Default—This setting is the same as best effort, which
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not impac t n etwork use by othe r use rs and
applications.
• Excellent Effort—Use this setting for a network's most
important users.
• Controlled Load —Use this setting for important
business applications that are subject to some form of
admission control.
• Interactive Video—Use this setting for traffic with less
than 100 ms del ay.
78-14947-01
• Interactive Voice—Use this setting for traffic with less
than 10 ms delay.
• Network Control—Use this setting for traffic that must
get through to maintain and support the network
infrastructure .
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets shoul d stay
in the buffer before they are discarded.
multicast Enter the number of milliseconds multicast packets should
stay in the buffer before they are discarded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the event log
when a user tra nsmi ts or r ece ives the prot ocol thr oug h
the access point.
• no—Use this setting to not send an alert to the e v en t log.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-27
Using the Templates
Step 3 Select one of the following in the left pane:
Step 1 To delete special cases, select the port name from the list box, then click Delete.
Step 2 Select one of the following in the left pane:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting Special Cases
Procedure
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Configuring Policy G roups
Policy groups are used t o configur e ac c ess pa rame te rs to a log ica l gr oup o f
stations in a consiste nt ma nner fr om a single plac e. For exampl e, pr otoc ol filters
can be applied to f rame s f or a se lect ed g roup o f stati ons.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-28
Categories, page 3-2.)
78-14947-01
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association > Policy Group. The Association: Policy Group dialog box
appears.
Step 2 Click see details to see which ver s io n s th is o p ti o n i s vali d fo r.
Note Clicking Clear removes all the current entries in the window and any
Step 3 Using this optio n y ou can :
• Add and delete a policy group—See Adding or Deleting a New Policy Group,
• Delete an exiting Policy Group From a Device—See Deleting an Existing
Adding or Deleting a New Policy Group
Using the Templates
entries you have made in other Template windows up until that point.
page 3-29.
Policy Group from a Device, page 3-30.
78-14947-01
Step 1 To add a new policy group, enter the following:
Field Description
GroupID Enter an identification number for the policy group.
Group Name Enter a name f or t he pol icy gro up.
Ethertype
Receive Enter the ID of a defined Ethertype filter, or select one of
the filters you created using Association > Ethertype
Filters.
Transmit Enter the ID of a defined Ethertype filter, or select one of
the filters you created using Association > Ethertype
Filters.
IP Protocol
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-29
Using the Templates
Step 2 Click Add to add the group to the Policy Groups to Add list.
Step 3 T o de lete a group from the Polic y Groups to Add list, select the group name , then
Chapter3 Configuring Devices
Field Description
Receive Enter the ID of a defined IP protocol filter, or select one
of the filters you created using Association > IP
Protocol Filters.
Transmit Enter the ID of a defined IP protocol filter, or select one
of the filters you created using Association > IP
Protocol Filters.
IP Port
Receive Enter the ID of a defined IP port filter, or select one of
the filters you created using Association > IP Port
Filters.
Transmit Enter the ID of a defined IP port filter, or select one of
the filters you created using Association > IP Port
Filters.
click Delete.
3-30
Step 4 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting an Existing Policy Group from a Device
Step 1 Enter the grou p id en tifica tion num be r i n the Group ID text bo x, the n cli ck Add
to add it to the Poli cy Gr oups to Dele te list .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Step 2 T o d elete an ide ntif icatio n number from th e Policy Groups to Delet e list, select it,
Step 3 Select one of the following in the left pane:
Configuring VLANs
Using the Templates
then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Access points and bri dges i n a V LAN ne twork, whic h are ru nning sp ec ific
software versions, can provide a wireless VLAN trunk link between two wired
segments of the network.
Using this option, yo u ca n c onfigure V LA Ns on t he a ccess poi nt.
78-14947-01
Procedure
Step 1 Select Association > VLANs. The Association: V LAN di alog b ox ap pear s.
Step 2 Click see details to see whic h versions th is o p ti o n i s vali d fo r.
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-31
Using the Templates
Step 3 Enter the following information:
Chapter3 Configuring Devices
Field Description
VLAN (802.1Q)
Tagging
Native VLAN ID Enter identification number of the access point’s native
Single VLAN ID
which allows
unencrypted
packets
Optionally allow
Point-to-point
Packet Encryptio n
From the list, select one of the following:
• Enabled—Use this setting to allow IEEE 802.1Q
protocol tagging on VLAN packets.
The IEEE 802.1Q prot ocol is used t o intercon nect
multiple switches and routers, and for defining
VLAN topologies.
• Disabled—Use this setting to not allow tagging.
VLAN.
Note This setting must agree wit h the nati ve VLAN ID
setting on the switch.
Enter an identification number to allow unencrypted
packets. An en try with a v alue of 0 ( zero) requir es the use
of encryption .
From the list, select one of the following:
• Yes—Use this setting to allow point-to-point
encryption.
3-32
• No—Use this setting to not allow point-to-point
encryption.
Step 4 Using this optio n y ou can :
• Add a new VLAN—See Adding a New VLAN, page 3- 33 .
• Delete an exiting VLAN from a Device—See Deleting an Existing VLAN,
page 3-36.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Adding a New VLAN
Step 1 To add a new VLAN, enter the following:
Table 3-7 Adding a New VLAN Settings
Field Description
VLAN ID Enter the identification number of the VLAN.
VLAN Name Enter the a unique name f or the VLAN conf igured on the
VLAN Enable From the list, select one of the following:
Default Priority From the list, select one of the following:
Using the Templates
Note This setting must match the setti ng on the switch .
access point.
• Enabled—Use this setting to enable the VLAN.
• Disabled—Use this setting to disable the VLAN.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not impac t n etwork use by othe r use rs and
applications.
• Default—Use this setting for normal LAN traffic.
78-14947-01
Default Policy
Group
• Excellent Effort—Use this setting for the network’s
most important users .
• Controlled Load —Use this setting for important
business applications that are subject to some form
of admission control .
• Interactive Video—Use this setting for traffic with
less than 100 ms delay.
• Interactive Voice—Use this setting for traffic with
less than 10ms delay.
• Network Control—Use this setting for traffic that
must get through to mainta in and support the
network infrastructure.
Enter the default policy group number, or select one you
created using Association > Policy Groups.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-33
Using the Templates
Chapter3 Configuring Devices
Table 3-7 Adding a New VLAN Settings (continued)
Field Description
Enhanced MIC
verify WEP
Te mp Key
Integrity Protocol
WEP Key Rotatio n
Interval
From the list, select one of the following:
• None—Use this setting if you do not wan t Messag e
Integrity Check (MIC) enabled.
• MMH—Use this setting if you want MIC enabled to
protect WEP keys.
Note When you enable MIC, only MIC-capable client
devices can communicate with the access point.
From the list, select one of the following:
• None—Use this setting if you do not want to enable
the temporal key integrity pr otoc ol ( TKIP, or WEP
key hashing.)
• Cisco—Use this setting to enable TKIP.
Note When TKIP is enabled, all WEP-enabled client
devices associated to the access point must
support WEP key hashing, or they will not be
able to communicate with the access point.
Use this setting t o e nabl e or disa ble broa dcast key
rotation.
• To enable it, enter the rotation interval in seconds.
3-34
If you enter 900, f or exa mple, th e access p oint send s
a new broadcast WEP key to all associated client
devices every 15 minutes.
Note When you enable broadcast key rotation, only
wireless cl ien t devices usi ng LE AP or EAP -TLS
authentication can use the access point. Client
devices using static WE P (with open, s hared k e y,
or EAP-MD5) cannot use t he a cce ss poi nt w hen
you enable broadcast key rotation.
• To disable it, enter 0 (zero).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-7 Adding a New VLAN Settings (continued)
Field Description
Alert From the list, select one of the following:
WEP Keys 1
through 4
Size For each WEP key, select one of the following: Not set,
Step 2 Click Add to add the VLAN to the VLANs to Add list.
Using the Templates
• Yes—Us e this setting if yo u are not ad ding an
encrypted VLAN.
• No—Use this setting if you are adding an en cr y pted
VLAN.
Enter the encryptio n keys used: 40 bit or 128 bit
hexadecimal digits.
40 bit, or 128 bit.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-35
Using the Templates
Step 3 T o del ete a group from the VLANs to Add list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
Step 1 Enter the VLAN identifica tio n number in the VLAN ID text box, then click Add
Step 2 To delete an identification number from the VLANs to Delete list, select it, then
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting an Existing VLAN
Procedure
to add it to the VLANs to Delete list.
click Delete.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Configuring Quality of Service
This option is used to configure the access point’s Quality of Service feature.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-36
78-14947-01
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association > Quality of Service. The Association: Quality of Service
dialog box appears.
Note Clicking Clear removes all the current entries in the window and any
Step 2 Click see details to see whic h versions th is o p ti o n i s vali d fo r.
Step 3 Enter the following information:
Table 3-8 Quality of Service Settings
Field Description
Generate QBBS
Element
Using the Templates
entries you have made in other Template windows up until that point.
From the list, select one of the following:
• Yes—Use this setting to enable support for basic
802.11 Quality of Se rvice .
78-14947-01
User Symbol
Extensions
Send IGMP
General Query
• No—Use this set ting t o disabl e sup por t f or ba sic
802.11 Quality of Se rvice .
From the list, select one of the following:
• Yes—Use this setting enables support for Symbol
Voice over IP (Vo IP) ph one s.
• No—Use this set ting to di sable sup port for Symb ol
VoIP phones.
From the list, select one of the following:
• Yes—Use this setting to allow the access point to
send an IGMP General Query to all associated
stations when they complete all required high-level
authentication.
• No—Use this setting to not allow the access point to
send an IGM P G ene ra l Q uery.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-37
Using the Templates
Step 4 Select one of the following in the left pane:
Chapter3 Configuring Devices
Table 3-8 Quality of Service Settings (continued)
Field Description
Background From the CWmin and CWmax lists, select the minimum
(spare)
Best Effort
(default)
Excellent Effort
Controlled Load
Interactive Video
Interactive Voice
Network Control
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
and maximum contention window values for each traffic
category.
Configuring Service Sets
This option allows you to define service sets.
Procedure
Step 1 Select Association > Service Sets. The Association: Service Sets dialog box
appears.
Step 2 Click see details to see whic h versions th is o p ti o n i s vali d fo r.
Note Clicking Clear removes all the current entries in the window and any
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-38
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
entries you have made in other Template windows up until that point.
78-14947-01
Chapter 3 Configuring Devices
Step 3 Using this optio n y ou can :
• Add a new Service Set—See Adding a New Service Set, page 3- 39.
• Delete an exiting Service Set from a device—See Deleting an Existing
Adding a New Servic e S et
Procedure
Step 1 To add a new Service set, enter the following:
Table 3-9 New Service Set Settings
Field Description
Service Set ID
(1-24)
Service Set Name Enter a unique name for the wireless VLAN.
Maximum Number
of Associations
Proxy Mobile IP
Enabled
Using the Templates
Service Set, page 3-42.
Enter an identification number for your SSID.
Enter a number to limit the maximum numbe r of wireless
clients per SSID.
From the list, select one of the following:
• Yes—This setting allows proxy mobile IP use by all
stations associated to this access point.
78-14947-01
• No—This setting does not allow proxy mobile IP
use.
Default VLAN ID Enter the identification number for a defined VLAN, or
select one o f th e VLA N I Ds yo u c r eat ed usi n g
Association >VLANs.
Default Policy
Group
Enter the identification number of a defined policy
group, or select o ne o f t he pol icy gr oups y ou cr eat ed
using Association > Policy Groups.
Accept Authentication Type
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-39
Using the Templates
Chapter3 Configuring Devices
Table 3-9 New Service Set Settings (continued)
Field Description
Open From the list, select one of the following:
• Yes—All ows any device, regardless of its WEP
keys, to authentica te and attempt to associate. This is
the recommen ded setti ng.
• No—Does not allow any device, regardless of its
WEP keys, to authenticate and attempt to associate.
Shared From the list, select one of the following:
• Yes—Tells the access point to se nd a p lai n-text,
shared key query to a ny device a ttem pti ng to
associate with the access point. This query can leave
the access point open to a known-text attack from
intruders. This is not as secure as the Open setting.
• No—Does not allow the access point to send a
plain-text, shared key query to any device attempting
to associate with the access point.
Network-EAP From the list, select one of the following:
3-40
• Yes—Allows EAP-enabled client devices to
authenticate through the access point.
• No—Does not allow EAP-enabled client devices to
authenticate through the access point.
Require EAP
Open From the list, select one of the following:
• Yes—Us e thi s op tio n if y ou use op en and E AP
authentication to block client devices that are not
using EAP from authen ticat ing throu gh the acce ss
point.
• No—Use this option if you do not use open and EAP
authentication.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-9 New Service Set Settings (continued)
Field Description
Shared From the list, select one of the following:
Default Unicast Address Filter
Open From the list, select one of the following:
Shared
Network-EAP
Using the Templates
• Yes—Us e thi s op tio n if y ou use sh ar ed and EAP
authentication to block client devices that are not
using EAP from authen ticat ing throu gh the acce ss
point.
• No—Use this op t ion if yo u do not use sh ar ed and
EAP authentication.
• Allowed—The access point forwards all traffic
except packets sent to the MAC addresses set as
disallowed with the Address Filters.
• Disallowed—The access point discards all traffic
except packets sent to the MAC addresses set as
allowed with the Address Filters or on your
authentication server.
78-14947-01
Select Disallowed for each authentication type that
also uses MAC-based authentication.
Step 2 Click Add to add the Service Set to the Service Sets to Add list.
Step 3 To delete a group from the list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-41
Using the Templates
Deleting an Existing Service Set
Procedure
Step 1 Enter the Service Set number in the Service Set ID text box, then click Add to
add it to the Service Sets to Delete list.
Step 2 To delete an identification number from the list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Defining Advanced Associati ons
Chapter3 Configuring Devices
3-42
Use this option to control the total number of devices an access point can list in
the Association Table and the amount of time the ac cess po int contin ues to trac k
each device class whe n a device is i nactive.
Procedure
Step 1 Select Associ at io n > Adv a nced. The Association: Advanced dialog box appears.
Step 2 To define advanced associations, enter the following:
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Using the Templates
Table 3-10 Advanced Association Settings
Field Description
Alert Severity Level From the list select one of the following:
• systemFatal—Indicates an event that prevents
operation of the port or device.
• protocolFatal—Indicates an event that prevents
operation of the port or device
• portFatal—Indicates an event that prevents
operation of the port or device
• systemAlert—Indicates that you nee d to take
action to correct the condition.
• protocolAlert—Indicates that you need t o take
action to correct the condition.
• portAlert—Indicates that you need to take
action to correct the condition.
• externalAlert—Indicates th at you ne ed to t ake
action to correct the condition.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-43
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
• systemWarning—Indicates that an erro r or
failure may have occurre d.
• protocolWarning—Indicates that an error or
failure may have occurre d.
• portWarning—Indicates that an error or failure
may have occurred.
• externalWarning—Indicates that an error or
failure may have occurre d.
• systemInfo—Notification that some sort of
event has occurred.
• protocolInfo—Notification that some sort of
event has ocurred.
• portInfo—Notification that some sort of event
has ocurred.
• externalInfo—Notification that some sort of
event has ocurred.
Max Bytes Stored Pe r
Alert Packet
Enter the maximum number of bytes the access point
stores for each Station Alert packet when packet
tracing is enabled.
3-44
If you use 0, the access point does not store bytes for
Station Alert packets; it only logs the event.
Max Fwd Table Entries From the list, select one of the follo wing to designate
the maximum numbe r of devices that can appe ar in
the Association Table:
1024, 2048, 4096, 8192, 16384, 32 768, 65536.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Chapter 3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
Enable Extended Stats
in MIB
Enable PSPF From the list, select one of the following:
Using the Templates
From the list, select one of the following:
• Enable—Use this setting to enable the storage
of detailed statistics in the device’s memory.
• Disable—Use this setting to disable the storage
of detailed statistics in the device’s memory.
When you disable extende d stat istic s y ou
conserve memory, and the device can include
more devices in the Association Table.
• Enable—Use this setting to enable Publicly
Secure Packet Forwarding, which ensures that
client devices cannot communicate with other
client devices on the w irel ess net work. Th is
feature is useful for pu blic wir eless networks
like those installed in airports or on college
campuses.
78-14947-01
• Disable—Use this setting to disable Publicly
Secure Packet Forwarding.
Click see details to see w hich ve rsions this sett ing is
valid for.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-45
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
Unknown Class
Timeout
Multicast Addresses
Timeout
Infrastructure Hosts
Timeout
Client Stations
Timeout
Repeaters Timeout
Access Points Timeout
Across Bridge Hosts
Timeout
Non-Root Bridges
Timeout
Root Bridges Timeout
Enter the number of seconds the access point
continues to track an inac tive device depending on
its class.
A setting of zero tells the access point to track a
device indefinitely no matter how long it is inactive.
A setting of 300 equals 5 minut es; 1800 equal s 30
minutes; 28800 e quals 8 h our s.
3-46
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-13 1.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Loading...