User Guide for the CiscoWorks 1105
Wireless LAN Solution Engine
Corporate Headquarters
Cisco Systems , Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814092=
Text Part Number: 78-14092-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTW ARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE S ET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWA RE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adap tati on o f a pr ogr am d eveloped by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
CCIP, the Cisco Powered Network mark, the Cisco Systems Verif ied logo, Cisco Un ity, Foll ow Me Brow sing, Fo rmShar e, Inte rnet Quot ient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath,
and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest
Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA,
CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco
Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack,
IOS, IP/TV, LightStream, MGX, MICA, th e Networ kers logo , Networ k Regist rar, Packet, P IX, Pos t-Routi ng, Pr e-Ro uting, RateMUX , Regi strar ,
SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the
U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cis co and any oth er company . (0203 R)
User Guide for the Cis coWorks 1105 Wireless LAN Solution Engine
Copyright ©2002, Cisco Sys tems, In c.
All rights reserved.
Preface xi
Audience xi
Conventions xi
Related Documentation xii
Obtaining Documentation xiii
World Wide Web xiii
Ordering Documentation xiv
Documentation Feedback xiv
Obtaining Technical Assistance xv
Cisco.com xv
Technical Assistance Center xv
CONTENTS
CHAPTER
CHAPTER
78-14092-01
1 Getting Started with the Wireless LAN Solution Engine 1-1
Overview of the Wireless LAN Solution Engine 1-1
Date and Time Display on the WLSE 1-2
Getting Started 1-3
Logging Out 1-4
2 Fault Monitoring 2-1
Displaying Faults 2-1
Viewing Fault D etails 2-6
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
iii
Contents
Specifying Faul t Thresholds 2-7
Setting Access Point Fault Thresholds 2-8
Setting Switch Fault Thresholds 2-10
Setting LEAP Server Response Time 2-12
Specifying Policies 2-13
Forwarding Faults 2-15
Setting Trap Notification 2-16
Setting Syslog Notification 2-17
Emailing Fau lts 2-18
CHAPTER
CHAPTER
3 Configuring Devices 3-1
Using the Template s 3-1
Template Choices 3-2
Creating a Template 3-90
Copying a Template 3-91
Editing a Template 3-91
Deleting a Temp la te 3-92
Managing Configuration Jobs 3-92
Job Choices 3-93
Creating a Configuration Job 3-99
Viewing Configuration Job Status 3-99
4 Using Reports 4-1
Displaying Wireless Client Reports 4-1
Displaying a Client Detail Report 4-2
Displaying a Client Statistics Report 4-3
Displaying a Client Historical Association Report 4-5
iv
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Displaying Current Reports 4-6
Displaying a Group Report 4-7
Displaying a Group Security Report 4-9
Displaying an AP Summary Report 4-11
Displaying a Detailed Report 4-13
Displaying a Current Client Association Report 4-15
Displaying an EAP Authentication Report 4-16
Displaying a Switch Summary Report 4-17
Displaying an AP and Bridge Connected to Switch Report 4-18
Displaying a Router Summary Report 4-19
Displaying an AP and B ridge Connected to Router Report 4-20
Displaying Trends 4-21
Displaying a Group Performance Report: RF Utilization 4-22
Displaying a Group Performance Report: Ethernet Utilizati on 4-23
Displaying an AP and Bridge RF Transmission Statistics 4-24
Displaying an AP and B ridge Ethernet Transmission Statisti cs 4-25
Displaying an AP and Bridge Performance: Graph 4-26
Displaying an AP and B ridge Performance: Tabular 4-27
Contents
CHAPTER
78-14092-01
Exporting a Report 4-28
Emailing a Rep or t 4-28
Scheduling Email Jobs 4-29
Viewing Email Job Details 4-31
5 Performing Administrative Tasks 5-1
Using Discovery and Managing Devices 5-2
Managing Device Discovery 5-2
Managing Devices 5-13
Running Inventory Now 5-17
Setting Device Credentials 5-17
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
v
Contents
Importing Devices 5-21
Exporting Devices 5-24
Managing LEAP Servers 5-26
Managing Groups 5-28
Overview: Groups 5-28
Creating, Edit ing, and Deleting Groups 5-29
Managing the Appliance 5-34
Viewing WLSE Status 5-34
Managing the Software 5-37
Overview: Security 5-45
Managing Security 5-45
Backing Up and Restoring Data 5-50
Using Diagnostics 5-52
Setting Up the Splash Screen Message 5-57
Managing System Parameters 5-58
CHAPTER
CHAPTER
APPENDIX
vi
Administering Users 5-60
Managing Roles 5-60
Managing Users 5-62
Modifying Your Profile 5-65
Using Connectivi ty Tools 5-66
6 Frequently Asked Questions 6-1
7 Troubleshooting 7-1
A Naming Guidelines A-1
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Contents
APPENDIX
B Command Reference B-1
Using the CLI B-2
CLI Conventions B-2
Command Privileges B-2
Checking Command Syntax B-2
Command History Feature B-3
Help for CLI Comm a nds B-3
Command Summary B-4
Command Description Conventions B-9
Privilege Level 0 Commands B-10
exit B-10
ping B-10
show clock B-11
show domain-name B-12
show interfaces B-13
show process B-13
show version B-14
traceroute B-15
78-14092-01
Privilege Le v el 15 Co m m a nd s B-16
auth B-16
backup B-17
backupconfig B-18
cdp B-19
clock B-20
df B-22
erase config B-22
firewall B-23
gethostbyname B-24
hostname B-25
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
vii
Contents
import B-25
install configure B-27
install list B-28
install update B-29
interface B-29
ip domain-name B-31
ip name-server B-32
listbackup B-33
mail B-34
mailcntrl clear B-34
mailcntrl list B-35
mailroute B-36
nslookup B-36
ntp server B-37
reload B-39
reinitdb B-40
repository B-40
repository add B-41
repository delete B-42
repository list B-43
repository server B-44
restore B-45
route B-46
services B-46
show anilog B-48
show auth-cli B-49
show auth-http B-49
show backupconfig B-50
show bootlog B-51
show cdp neighbor B-52
viii
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
show cdp run B-52
show collectorlog B-53
show config B-54
show daemonslog B-55
show dmgtdlog B-56
show hseaccesslog B-57
show hseerrorlog B-58
show hsesslaccesslog B-59
show import B-59
show install logs B-60
show ipchains B-60
show hosts B-61
show maillog B-62
show proc B-62
show repository B-63
show route B-64
show securitylog B-64
show snmp-server B-66
show ssh-version B-66
show syslog B-67
show tech B-68
show telnetenable B-68
show tomcatlog B-69
shutdown B-70
snmp-server B-71
ssh B-71
ssh-version B-72
telnet B-72
telnetenable B-73
username B-74
Contents
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
ix
Contents
G
LOSSARY
I
NDEX
Maintenance Image Commands B-75
erase config B-75
fsck B-76
reload B-76
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
x
78-14092-01
Audience
Preface
This manual descr i bes the Wireless LAN Solut ion E ngine an d p rovides
instructions for using it .
This document i s for sy stem a dm inistr ato rs respon sibl e for m a nag ing a wire less
network who are familiar with some of the concepts and terminology of Ethernet
and wireless local area networking.
Conventions
This docume nt u s es the f ol lowing conventions:
78-14092-01
Item Convention
Commands and keywords boldface font
Variables for which you supply values italic font
Displayed session and system inf ormation
Information you enter
Variables you enter
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
screen font
boldface screen font
italic screen
font
xi
Related Documentation
Item Convention
Menu items and button name s boldface font
Selecting a menu item Option>Network Preferences
Note Means reader take note. Notes contain helpful suggestions or references to
material not covered in the pub lication .
Caution Means reader be careful. In this situation, you might do something that could
result in equipment damage or l oss of data.
Related Documentation
Preface
xii
Note Although every effort has been made to validate th e accur acy of the
information in the pr inted and ele ctroni c docume ntatio n, you should a lso
review the [product] documentation on Cisco.c om for any updat es.
The following additional documentation is available:
Paper Docume ntation
• Installation and Configuration G uide for t he C isco Works 1105 Wirless LAN
Solution Engine
• Quick Start Guide for the CiscoWorks 1105 Wirleless LAN Solution Engine
• Release Notes for the C isco Works 1105 Wireless LAN Solution Engine
• Regulatory Compliance and Safety Info rmation f or the CiscoWorks 1105
Wireless LAN Solution Engine
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Preface
Online Documentation
• Online help—Access the online help by clicking on the Help tab.
• PDF for:
–
Installation and Configuration Guide for the CiscoWorks 1105 Wirless
LAN Solution Engine
–
Quick Start Guide for the CiscoWorks 1105 Wirleless LAN Solution
Engine
–
Regulatory Compliance and Safety Information for the CiscoWorks 1105
Wireless LAN Solution Engine
Note Adobe Acrobat Reader 4.0 is required.
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
Obtaining Documentation
World Wide Web
You can access the most current Cisco do cumentation on the World Wide Web at
the following URL:
http://www.cisco.com
Translated documen tati on is available at the fo llowing URL:
http://www.cisco.com/public/countries_languages.shtml
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xiii
Obtaining Documentation
Ordering Documentation
Cisco documentation is available in the following ways:
• Registered Cisco Direct Cu stome rs c an or de r Ci sco produ ct doc umen t ation
from the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com u s ers can order the Documentation CD-ROM through
the online Subscription Stor e:
http://www.cisco.com/go/subscription
• Nonregistered Cisco.com users c an order docum entat ion through a local
account representa tive by calling Cisco corpora te hea dquarters (C alifo rnia,
USA) at 408 526-7208 or, elsewhere in North America, by calling
800 553-NETS (6387).
Documentation Feedback
Preface
xiv
If you are reading Cisco product doc umen tation on Cisco.co m, you can subm it
technical comments electronically. Click Feedback at the top of the Cisco
Documentation home page. After you complete the form, print it out and fax it to
Cisco at 408 527-0730.
You can e-mail your comments to bug-do c@cisco. com.
To submit your co mment s by mai l, u se the resp onse ca rd be hind t he f ro nt c over
of your document, or write to th e following address:
Cisco Systems
Attn: Document Resour ce Connec tion
170 West Tasman Drive
San Jose, CA 95134- 988 3
We appreciate yo ur comm ents .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Preface
Obtaining Technical Assistanc e
Cisco provides Cisco.com as a starting point for all technical assistance.
Customers and par tner s ca n obta in d ocume nta tion, t roubl eshoo tin g ti ps, a nd
sample configurations from onlin e to ols b y using the Cisco Technical Assistance
Center (TAC) Web Site. Cisco.com regi st ered u s er s h ave compl et e acc es s t o th e
technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundat ion of a suite of interac tive, networked services th at
provides immediate, open a ccess to Cisco informa tion, net working solutions,
services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-us e
tool that provides a broad range of featur es and servi ces to he lp you to
• Streamline business processes and improve productivity
• Resolve technical issues with online support
Obtaining Technical Assistance
• Download and te st so ft war e pa ck ag es
• Order Cisco learning m ateri als and me rcha ndise
• Register for online skill assessment, training, and certification programs
You can self-r egister on Cisco .com to obtain cu stomized informat ion and service.
To access Cisco.com, go to the following URL:
http://www.cisco.com
Technical Assistance Center
The Cisco TAC is ava ilab le to all custo mers w ho nee d tec hnic al assistan ce with a
Cisco product, technology, or solution. T wo types of support are available through
the Cisco TAC: the Cisco TAC Web Site and the Cisc o TAC Escalation Center.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
xv
Obtaining Technical Assistance
Inquiries to Cisco TAC are categorized according to the urgency of the issue :
• Priority level 4 (P4)—You need information or assistance c once rnin g C isco
• Priority level 3 (P3)—Your network performance is degraded. Network
• Priority level 2 (P2)—Your production network is severely degraded,
• Priority level 1 (P1)—Your production network is down, and a critical impact
Which Cisco TA C resource you choose is based on the priority of the problem and
the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving
both cost and time. The site provides around-the-clock access to online tools,
knowledge bases, and software. To access the Cisco TAC Web Site, go to the
following URL:
Preface
product capabilities, pro duct ins tallation , or basic pro duct configurat ion.
functionality is noticeably impaired, but most business operations continue.
affecting significant aspects of business ope rations. N o workaroun d is
available.
to business operations will occur if service is not restore d quickly. No
workaround is available.
xvi
http://www.cisco.com/tac
All customers, partners, and resellers who have a valid Cisco services contract
have complete access to the technical support resources on the Cisco TAC Web
Site. The Cisco T A C Web Site requires a Cisco.com login ID and password. If you
have a valid service contract but do not have a login ID or password, go to the
following URL to register:
http://www.cisco.com/register/
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and
you are a Cisco.com registered user, you can open a case online by using the TAC
Case Open tool at the following URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recom mended t hat you open P3 and P4 cases
through the Cisco TAC Web Site.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Preface
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority
level 1 or priority level 2; these classifications are assigned when severe network
degradation significantly impacts business operations. When you contact the T A C
Escalation Center with a P1 or P2 pro blem, a Cisc o TAC engineer will
automatically open a case.
T o obtain a directory of toll-free Cisco TAC telephone numbers for your country,
go to the fo llowing URL :
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the
level of Cisco support services to which your company is entitled; for example,
SMARTnet, SMARTnet Onsite, or Network Support ed Accoun ts (NSA). In
addition, pleas e have available your service agreement number and your product
serial number.
The Cisco TAC Escalation Center addresses issues that are classified as priority
level 1 or priority level 2; these classifications are assigned when severe network
degradation significantly impacts business operations. When you contact the T A C
Escalation Center with a P1 or P2 pro blem, a Cisc o TAC engineer will
automatically open a case.
Obtaining Technical Assistance
78-14092-01
T o obtain a directory of toll-free Cisco TAC telephone numbers for your country,
go to the fo llowing URL :
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the
level of Cisco support services to which your company is entitled; for example,
SMARTnet, SMARTnet Onsite, or Network Support ed Accoun ts (NSA). In
addition, pleas e have available your service agreement number and your product
serial number.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xvii
Obtaining Technical Assistance
Preface
xviii
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
CHAPTER
Getting Started with the Wireless LAN Solution Engine
The following topics provide a n overview of the Wireless LAN Solution Engine
(WLSE) and assistance in getting started:
• Overview of the Wireless LAN Solution Engine, page 1-1
• Date and Time Display o n th e WLSE , pa ge 1-2
• Getting Started, page 1-3
• Logging Out, page 1-4
Overview of the Wireless LAN Solution Engine
1
78-14092-01
The WLSE is a hardware and software soluti on for manag ing Cisco wi reless
devices. The WLSE has th e following m ajor f eature s:
• Configuration
Allows you to apply a set of configuration changes to a group of access points
and connected switc h ports.
• Reporting
Allows you to display reports for tracking device, client and security
information. R eport s can be ema il ed, pri nte d, or expo rte d.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-1
Chapter 1 Getting Started with the Wireless LAN Solution Engine
Date and Time Disp lay on the WLSE
• Fault and Policy Monito ring
Provides device monitoring for fault and performance conditions, monitoring
of LEAP server resp onses , a nd mon itori ng of p ol icy misc onfigura tions .
The WLSE works by gathering fault, performance, and configuration information
about the Cisco wir eless d evices tha t it dis covers in your n etwor k. T he WL SE
allows you to manage t he d iscovered devices. You can customize configuration
templates and apply them, display reports on managed devices and wireless
clients, and monitor device faul ts.
When you log in to the WLSE, a dashboard appears with the following tabs:
Tab Allows you to ... See...
Faults Display device faults, specify fault thresholds,
specify policies, and enable syslog and traps.
Configure Create and appl y configurat ion te mpla tes and
manage jobs.
Reports Run, view and email reports. Using Reports, page 4-1 .
Administration Perform administrative tasks such as
discovering devices, managi ng user pr ofiles,
and managing the appliance.
Fault Monitoring, page 2-1.
Configuring Devices,
page 3-1.
Performing Administr ative
Tasks, page 5-1.
Date and Time Display on the WLSE
The WLSE uses browser (client) time in most of its displays. The format of
timestamps depends on the br owser you are using :
• In Internet Explorer, the timestamp is date, tim (hours:minutes:seconds),
timezone, and y ea r; for exam ple :
Mon Mar 25 13:29:21 PST 2002
• In Netscape Navigator, the timestamp is date, time (hours:minutes:seconds),
offset from GMT/UTC, timezone , and year ; for example:
Mon Mar 25 13:29:21 GMT-0800 (Pacific Standard Time) 2002
In some WLSE tables, the timestamp is hours:minutes:seconds month /day/year;
for example, 19:2 3:44 06 /29/200 2. T he t ime is browser (cl ien t) t im e.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-2
78-14092-01
Chapter 1 Getting Started with the Wireless LAN Solu ti on Engine
Getting Started
The WLSE’s syst em time is Univ ersal Coordinated T ime (UTC), and UTC is used
in certain displays, such as the Disc o ver y Run Log. To disp lay or r eset the system
time, see the instructions in the Hardware Installation and Configuration Guide
for the CiscoWorks 1105 Wireless LAN Solution Engine.
Getting Started
Before you can use WLSE monitoring, configuration, and reporting, you must set
up your devices, initiate discovery, and move devices into the managed state. To
get started, follow the directions in the Quick Start Guide or use the following
task list.
Task Description and References
1. Set up devices (access points,
bridges, rout ers, swit ches, and LEAP
servers).
2. Log in to the WLSE using a Web
browser.
3. Enter device credent ials. D evice comm unity stri ngs must be en tered on the
4. Initiate di scovery fro m the WL SE
or import devices from a file or from
CiscoWorks.
5. Verify the discovery. On the WLSE, verify that devices were disc overed. See
See Set Up Devices, page 5-4 for de tail s.
Enter the WLSE’s IP address, followed by:1741; for
example, http://209 .1 65. 202.12 8: 1741.
WLSE. See Setting Device Credentials, page 5-17.
For access point configuration tasks, th e HTTP
username and password must be entere d on the WLSE.
See Specify the HTTP Username and Password,
page 5-20.
If you are using discovery from the WLSE, add seed
devices and enable discovery. You can initiate an
immediate one-time discovery or schedule discovery for
a later time. See Managing Device Discovery, page 5-2 .
View Discovery History and St atu s, page 5- 12.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-3
Chapter 1 Getting Started with the Wireless LAN Solution Engine
Logging Out
Task Description and References
6. Set device stat e to “managed” and
run inventory polling.
7. Create other users and user roles as
needed.
You must move devices to the managed st ate on t he
WLSE before you can use configuration, reporting, and
monitoring featu res. After moving devices to the
managed state, y ou shou l d p erfor m an i mm edi ate
inventory polling to obtain device information needed to
use such WLSE features as reports and automatic
grouping. See Using Discovery and M anag ing D evices,
page 5-2.
The WLSE has one predefined user (the system
administrator) and four predefined user roles. User roles
are used to spec ify the WLSE fun ctions a gi v e n user can
have acc ess to. To allow other users access t o the WLSE,
the system administrator must add users. The system
administrator can also create roles to customize user
access. SeeAdministering Users, page 5-60.
Logging Out
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-4
To log out from the WLSE, click Logout in the upper right corner of the window.
78-14092-01
CHAPTER
Fault Monitoring
The Faults tab displays inform ation t o help you mon itor your devices. All th e
device information shown under this tab is poll ed from the devices in your
network.
Following are the subtabs under Faults:
Note Some of the subtabs may no t be v isible to some u sers.
• Display Faults—See Displaying Faults, page 2-1
• Specify Fault Thresholds—See Specifying Fault Thresholds, page 2-7
• Specify Policies—See Specifying Policies, page 2 -13
• Fault Forwarding—See Forwarding Faults, page 2-15
2
Displaying Faults
This window displays device fault information. A fault is an abnormal condition
that occurs when a system component exceeds a performance threshold or is not
functioning properly. (See Specifying Fault Thresholds, page 2-7 to set threshold
levels.)
A fault can also occur when a system policy is violated. (See Specifying Policies,
page 2-13 to set policies.)
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-1
Displaying Faults
Note Your login determines whet her yo u ca n use th is opti on.
Step 1 Select Fau l ts > Disp l ay Faul ts. The Fault window appears.
Step 2 Use the Filter: bar to display the faults you want to view:
Chapter2 Fault Monitoring
Displayed fault information is retained by default for 30 days. To change the
default, see Managing Sy stem Parame ters , page 5- 58.
Procedure
Table 2-1 Display Faults Filter Bar
Field Description
Devices From the list, select the device type
whose fault summary you want to
display.
2-2
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Table 2-1 Display Faults Filter Bar (continued)
Field Description
Severity From the list, select the severity from
State From the list, select a states to display:
Displaying Faults
P1, which is the highest severity level
to P5, which is the lowest severity
level, to display:
• P1—Severity P1 faults.
• P1-P2—Severity P1 and P2 faults.
• P1-P3—Severity P1 through P3
faults.
• P1-P4—Severity P1 through P4
faults.
• P1-P5—Severity P1 through P5
faults.
• All—Severity P1 through P5
faults, and faults that have been
cleared.
78-14092-01
• All—Faults in all states are
displayed.
• Active—F aults are active (current)
and have not been acknowledged.
• Acknowledged— Faults that are
active and have been
acknowledged.
• Cleared—Faults tha t have been
cleared (no longer in an Active or
Acknowledged state) .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-3
Displaying Faults
Step 3 Click Apply. The following table appears:
Chapter2 Fault Monitoring
Note If no data is displayed in the table, there are no faul ts for your f ilterin g
selection to report.
Table 2-2 Display Faults Table
Column Description
IP Address The device IP addres s.
Click to see the device’s summary
report. For:
• Access Points— see Displaying an
AP Summary Report, page 4-11.
• Switches— see Displaying a
Switch Summary Report,
page 4-17.
2-4
• Routers— see Displaying a Router
Summary Report, page 4-19.
Hostname The device for which the fault is
reported.
Click to see the device’s summary
report. For:
• Access Points— see Displaying an
AP Summary Report, page 4-11.
• Switches— see Displaying a
Switch Summary Report,
page 4-17.
• Routers— see Displaying a Router
Summary Report, page 4-19.
Family The product family.
Product The product name.
Type The device or the sub-device
component.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Table 2-2 Display Faults Table (continued)
Column Description
Description A description of the fault.
Severity The fault severity level.
State The operational state of the device.
Timestamp Indicates the time, based on the client
Step 4 To sort table data, click on the column heading you want to use to sort the data:
Displaying Faults
Click to see fault details. See Viewing
Fault Details, page 2-6.
browser , that the s tate of the de vice last
changed. See Date and Time Display
on the WLSE, page 1-2.
Click to see fault details. See Viewing
Fault Details, page 2-6.
• A triangle indi cat es a sce ndin g order.
78-14092-01
• An upside-down triangle i ndic ates d esce nding orde r.
• No triangle indicates that the data is not sorted.
Step 5 To acknowledge (change th e state f rom A c tive to Acknowledge d) :
• A single fault, check it, then click Acknowled ge .
• All faults, click Select All, then click Acknowledge.
Step 6 To unacknowledge (change the state from Acknowledged to Active):
• A single fault, check it, then click Unacknowledged.
• All faults, click Select All, then click Unacknowledged.
Related Topics
• Specifying Fault Thresholds, page 2- 7
• Specifying Policies, page 2-13
• Forwarding Faults, page 2 -15
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-5
Displaying Faults
Viewing Fault Details
The following tables are displayed in the Fault Details window.
To sort table data, click on the column heading you want to use to sort the data:
• A triangle indi cat es a sce ndin g order.
• An upside-down triangle i ndic ates d esce nding orde r.
• No triangle indicates that the data is not sorted.
Fault details for
Column Description
IP The device IP addres s.
Name The device hostname.
Family The device family.
Product The product name.
Type The device or the device sub-entity
Chapter2 Fault Monitoring
(which could include a logical entity,
such as software o r a ser vice) in which
the fault is found.
2-6
Note If the Type is a sub-entity,
additional columns appear
with keys an d values to help
identify t h e pr e ci s e
sub-entity . These additional
keys and values are MIB
variables.
Conditions
Column Description
Name The fault condition.
State The state of the device.
Severity The fault severity level.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Column Description
Description A description of the fault.
Timestamp Indicates the time, based on the client
Fault History
Column Description
State The state of the device.
Severity The fault severity level.
Description A description of the fault.
Change A description of the state change.
Timestamp Indicates the time, based on the client
By Displays the username of t he person
Specifying Fault Thresholds
browser , that the s tate of the de vice last
changed.
See Date and Time Display on the
WLSE, page 1-2.
browser , that the s tate of the de vice last
changed.
See Date and Time Display on the
WLSE, page 1-2.
who changed the fault state.
Specifying Fault Thresholds
This window allows you to set polling and exception threshold values collected
from the devices you are monitoring.
The threshold values you set in this window will determine how the faults are
displayed in the Fau lt s > Di s pl a y Faul t s subtab.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
If the fault state has not been
acknowledged, nothing is displaye d in
this col um n .
2-7
Specifying Fault Thres holds
Note Your login determines whet her yo u ca n use th is opti on.
The Specify Fault T hresh old w ind ow has t he fo l lowing opt ions:
• Access Point—See Setting Access Point Fault Thresholds, page 2-8 .
• Switch—See Setting Switch Fault Thresholds, page 2-10.
• LEAP—See Setting LEAP Server Response Time, page 2-12.
Related Topics
• Displaying Faults, page 2-1
• Specifying Policies, page 2-13
• Forwarding Faults, page 2 -15
Setting Access Point Fault Thresholds
Using this optio n, you c a n s et up th reshol d s f or ac c ess po int fau lts. W hen t he
thresholds are exceeded, faults are generated and can be viewed under Faults >
Display Faults.
Chapter2 Fault Monitoring
2-8
Procedure
Step 1 Select Faults > Specify Fault Thresholds. The Fault threshold window appear s.
Step 2 Select Access Point in the left pane and the menu expands.
Step 3 Select any of the following to set values for:
• SNMP Reachable—Go to Step 4.
• RF port status—Go to Step 4.
• RF port utilization—Go to Step 6.
• RF port packet errors—Go to Step 6.
• RF port WEP errors—Go to Step 6.
• RF port FCS errors—Go to Step 6.
• Ethernet port sta tus —G o to Step 4.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Step 4 Complete th e foll owing :
Field Description
Enable Check to enable a threshold for this component.
Polling Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
Up From the list, select the number of polling
Step 5 Continue to Step 7.
Specifying Fault Thresholds
• Ethernet port utilization—Go to Step 6.
• Ethernet port pa cket err ors— Go to Step 6.
number of polling cycles bef ore the stat us is
Down.
cycles before the fault is cleared and the status
is Up.
78-14092-01
Step 6 Complete th e foll owing :
Field Description
Enable Check to enable a threshold for this
component.
Polling Interval From the list, select the polling
interval.
Settings
Overloaded From the list, select the severity level,
the percentag e, a nd the nu mb er of
polling cycles before the status is
Overloaded.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-9
Specifying Fault Thres holds
Field Description
Degraded From the list, select the severity level,
OK From the list, select the severity level,
Step 7 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
Setting Switch Fault Thresholds
Using this option, you can set up thresholds for switch faults. When the thresholds
are exceeded, faults ar e gene rated and can be viewed under Faul ts > Dis pla y
Faults.
Chapter2 Fault Monitoring
the percentag e, a nd the nu mb er of
polling cycles before the status is
Degraded.
the percentag e, a nd the nu mb er of
polling cycles before the st atu s is O K.
2-10
Procedure
Step 1 Select Faults > Specify Fault Threshold. The Fault threshold window appears.
Step 2 Select Switch in the left pane a nd t he m e nu expands.
Step 3 Select any of the following to set values for:
• SNMP Reachable —Go to Step 4.
• CPU utilization—Go to Step 6.
• Memory utilization—Go to Step 6.
• Port Status—Go to Step 4.
• Port Utilization—Go to Step 6.
• Module Status—Step 4.
Step 4 Complete th e foll owing :
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Field Description
Enable Check to enable a threshold for this component.
Polling Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
Up From the list, select the number of polling
Step 5 Go to step Step 7.
Step 6 Complete th e foll owing :
Field Description
Enable Check to enable a threshold for this component.
Polling Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
Degraded From the list, select the severity level, the
OK From the list, select the severity level, the
Specifying Fault Thresholds
number of polling cycles bef ore the stat us is
Down.
cycles before the fault is cleared and the status
is Up.
percentage, and the nu mber of polling cycles
before the status is Overloaded.
percentage, and the nu mber of polling cycles
before the status is Degraded.
percentage, and the nu mber of polling cycles
before the status is OK.
78-14092-01
Step 7 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-11
Specifying Fault Thres holds
Setting LEAP Server Response Time
Using this option, you can s et up a thresho ld for LEA P server response time.
When the threshold is exceeded, a fault is genera ted and can be viewed under
Fau lts > D i s p l a y Fa ult s .
Procedure
Step 1 Select Faults > Specify Fault Threshold. The LEAP Server:Response Time
threshold window appears.
Step 2 Select LEAP in the left pane an d th e menu expa nds.
Step 3 Complete th e foll owing :
Field Description
Enable Check to enable a threshold for this component.
Polling Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is Overloaded.
Degraded From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is Degraded.
OK From the list, select the severity level, the
response time, and the number of pollin g cy cles
before the status is OK.
Chapter2 Fault Monitoring
2-12
Step 4 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Specifying Policies
This is window allows yo u to a ctivate or dea ctivate a set of pr e- defined po lici es
for access points.
The policies you set in this window will determine how some of the faults are
displayed in the Fau lt s > Di s pl a y Faul t s subtab.
Note Your login determines whet her yo u ca n use th is opti on.
Procedure
Step 1 Select Faults > Specify Policies. The Access Point window appears.
Step 2 In the left pane, select the variable for which you want to set a policy.
• SSID—Go to Step 3
• Broadcast SSID Disabled—Go to Step 6
• WEP Enabled—Go to Step 6
Specifying Policies
78-14092-01
• LEAP Enabled—Go to Step 6
• WEP Key Length—Go to Step 8
• HTTP Disabled—Go to Step 6
• Telnet Disabled—Go to Step 6
• User Manager E nf orc e d—G o to Step 6
• HTTP Authentication—Go to Step 6
Step 3 To activate the policy, do the following:
Field Description
Verify Check if you want to veri fy tha t S SI D is
enabled.
Polling Interval From the list, select the polling interval.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-13
Specifying Policies
Step 4 Click Add to add the SSID to the list, then go to Step 9.
Step 5 To remove an SSID from the list, select it, click Remove, then go t o Step 9.
Step 6 Complete th e foll owing :
Chapter2 Fault Monitoring
Field Description
Severity From the list, select a severity lev el t o associate
with this policy.
Enter ssid Enter the unique identifier used by client
devices to associate with the access point. Any
alphanumeric character up to 32 characters
long.
Field Description
Verify Check if you want to verify o ne of t he
following:
• Broadcast SSID is disabl ed
2-14
• WEP is enabled
• LEAP is enabled
• HTTP is disable d
• Telnet is disabled
• User Manager Capabilities are enforced
• HTTP authentication
Polling Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
with this policy.
Step 7 Go to Step 9.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Step 8 Complete th e foll owing :
Field Description
Verify Check if you wa nt to verify the WEP ke y length.
Polling Interval From the list, select the polling interval.
Severity From the list, select a severity lev el t o associate
WEP Key Length Select to indicate the bit length.
Step 9 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to set the new entries.
Related Topics
Forwarding Faults
with this policy.
• Displaying Faults, page 2-1
• Specifying Fault Thresholds, page 2- 7
• Forwarding Faults, page 2 -15
Forwarding Faults
This window allows you to set SNMP traps to enable north-b ound except ion
notification to specified hosts, issue syslog messages to selected sy slog servers,
and send exception notification email to selected users.
This section has the following options:
• Setting Trap Notification
• Setting Syslog Notification
• Emailing Faults
Note Your login determines whet her yo u ca n use th is opti on.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-15
Forwarding Faults
Related Topics
• Displaying Faults, page 2-1
• Specifying Fault Thresholds, page 2- 7
• Specifying Policies, page 2-13
Setting Trap Notification
This option allows you to e na ble t he W LSE to send nor th-b oun d excep tio n
notification to one or more SNMP trap receivers. The exception notification
contains information such as device name and IP, fault number, timestamp,
exception severity, and a message describing th e pro ble m.
Before You Begin
Make sure your SNMP trap receiver’s trap receiving daemon is set to the correct
port. The default port is set to 162.
Procedure
Chapter2 Fault Monitoring
2-16
Step 1 Select Faults > Fault Forwarding. The Fault Forwarding dialog box appears.
Step 2 Complete th e foll owing :
Field Description
Trap Check to enable trap notification.
Port Enter the port number if different from the
default of 162.
Host Enter the hostname/IP of the SNMP trap
receiver to which you want to send SNMP trap
notification.
Community Enter the community string.
Step 3 If you want a different host to receive trap notification, click add row . Ther e is no
limit to the number you can enter.
To delete a row, click delete, next to the row you want to r emove.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Step 4 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
• Setting Syslog Notification, page 2-17
• Emailing Faults, page 2-18
Setting Syslog Notification
This option allows you to send syslog messag es to selected syslog servers. T he
messages contain information such as device name and IP, fault number, date and
time, exception severity, and a message about what is wrong.
Before You Begin
Make sure your syslog server is turned on to be able to receive messages from the
Wireless LAN Solution Engine. Also make sure that the receiving process is
configured to receive messages from remote hosts (for example, start syslogd with
-r option on some unix versions).
Forwarding Faults
78-14092-01
Procedure
Step 1 Select Faults > Fault Forwarding. The Fault Forwarding dialog box appears.
Step 2 Complete th e foll owing :
Field Description
Syslog Check to send syslog messages to designated
syslog servers.
Enter Syslog host names Enter the hostname/IP for the syslog servers.
Names must be separated by a space, a comma,
a semicolon, or a n ew line.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-17
Forwarding Faults
Step 3 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
Emailing Faults
The emailed exception notif ication conta ins information such as de vice name a nd
IP, fault number, exception severity, and a message about what is wrong
Procedure
Step 1 Select Faults > Fault Forwarding. The Fault Forwarding dialog box appears.
Chapter2 Fault Monitoring
• Setting Trap Notification, page 2-16
• Emailing Faults, page 2-18
2-18
Step 2 Complete th e foll owing :
Field Description
Email Check to enable email notification of exception
information.
Enter email addresse s Enter the email addresses of users you want to
receive exception notification.
Addresses must be separated by a space, a
comma, a semicolon, or a new line.
Priority From the list, select the priority of the
exceptions you want these uses to receive.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 2 Fault Monitoring
Step 3 If you want a different group of users to receive different priority level exceptions,
click add row to add another set of email addresses. There is no limit to the
number of email addresses you c an enter.
Step 4 Click Reset to refresh any fields you have changed but want t o restore, or Apply
to save your settings.
Related Topics
Forwarding Faults
• Setting Trap Notification, page 2-16
• Setting Syslog Notification, page 2-17
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-19
Forwarding Faults
Chapter2 Fault Monitoring
2-20
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Configuring Devices
The Configure tab allows you to view, create, copy, edit, and delete configuration
templates and appl y them to lar ge num bers of devices at a time.It als o allo ws you
to schedule a configuration job a nd to check on th e job’s status.
Following are the subtabs under Configure:
Note Some of the subtabs may no t be v isible to some u sers.
• Templates—See Using the Templates, page 3-1.
• Jobs—See Managing C onfiguratio n Jo bs, pa ge 3-92 .
Using the Templates
CHAPTER
3
78-14092-01
This is window allows you to create, modify, and delete configuration templates.
The topics covered in this sect ion are:
• Creating a Template, page 3-90
• Copying a Template, page 3-91
• Editing a Template, page 3-91
• Deleting a Template, page 3-92
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-1
Using the Templates
Related Topic
Managing Configuration Jobs, pa ge 3-92
Template Choices
Note Clicking Clear removes all the current entries in the window and any entries
you have made in other Template windows up until tha t po int .
When you create or edit a configuration template, the following choices appear in
the left pane of the Templates window:
1. Template Name—See Naming the Template, page 3-3.
2. Template Categories
Note Any or all of the template categories can be completed in any order.
Chapter3 Configuring Devices
3-2
–
Express Template—See Using Express Template, page 3-3.
–
Association—See Setting Up Association, page 3-7.
–
Ethernet—See Configuring the Ethernet Port, page 3-31 .
–
Radio—See Configuring the Radio, page 3-36.
–
Security—See Defining the Security Settings, pa ge 3-51 .
–
Services—See Configuring Ser vices, page 3-60.
–
Events—See Configuring Events, page 3-79.
–
Custom Values—See Configuring Custom Val ues, page 3- 85.
3. Preview—See Previewing the Template, page 3-89.
4. Finish—See Finishing the Template, page 3-89.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Naming the Template
This option enables to you to name the template.
Procedure
Note Clicking Clear removes all the entries you have made.
Step 1 Select Template Name. The Template Name dialog box appears:
Field Description
Name
Description Enter a descripti on of the p urp ose of the
Using the Templates
Enter a name for the template.
See Naming Guidelines, page A -1 .
template.
See Naming Guidelines, page A -1
Step 2 Select a template categ ory. (F or additi onal information , see Template Cate go ries,
page 3-2.)
Using Express Template
Use this option if you need to set up an ac cess point quic kly with a simp le
configuration. This will all ow you to enter al l the access point's essential setting s
for basic operation.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-3
Using the Templates
Step 1 Select Express Template. The Express dialog box disp lays in the righ t pa ne :
Chapter3 Configuring Devices
Procedure
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Table 3-1 Express Template Settings
Field Description
Configuration Server Protocol Set this entry to match the netw ork’s method
of IP address assignment.
From the list, select one of the following
options:
• None-Static IP—Use this if your
network does not have an automatic
system for IP address assignment.
• BOOTP—Use this if your network uses
Bootstrap Protocol, i n w hic h IP
addresses are hard-coded based on MAC
addresses.
3-4
• DHCP—Use this if your networ k uses
Dynamic Host Configuratio n Prot ocol ,
in which IP addresses are “leased” for
predetermined pe riod s of time .
Default Subnet Mask Ente r an IP subne t mask to iden tify th e
subnetwork so the IP address can be
recognized on t he L A N.
If DHCP or BOOTP is not enabled, this f ield
is the subnet mask.
If DHCP or BOOTP is enabled, this field
provides the subnet m ask on ly i f no se rver
responds to the access poi nt's D HCP or
BOOTP request.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Default Gateway Enter the IP address of your default Interne t
Radio Service Set ID (SSID) Enter a unique ide ntifier client dev ices use to
Using the Templates
gateway.
The entry 255.25 5.2 55.255 i ndic ates no
gateway.
associate with the acc es s p oi nt. I t ca n be any
alphanumeric, case -sensit ive string, from 2
to 32 characters long.
Several access points on a network or
sub-network can share an SSID.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-5
Using the Templates
Chapter3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Role in Network From the list, select one of the following:
• Access Point—Use this setting if the
access point is connecte d to the wire d
LAN.
• Repeater—Use this setting for access
points not connected to the wir ed LAN.
• Survey Client—Use this setting when
performing a site survey for a repeater
access point. When you selec t this
setting, clients are not allowed to
associate and th e brid ge's S TP funct ion
is disabled.
• Root Bridge—Use this setting to set a
bridge as the root bridge. (One bridge in
each group of bridges must be set as the
root bridge). T he ro ot bri dg e ca nn ot
associate with anothe r root bri dge.
3-6
• Non-Root Bridge w/ Client—Use this
setting for non- root br idge s th at ac cept
associations from clie nt devices and for
bridges acting as repeater s. A non-root
bridge will only associa te to an other
bridge (root or non-root).
• Non-Root Bridge w/o Client—Use this
setting for non-roo t bri dges t hat should
not accept associations fro m clie nt
devices. A non-root bridge (witho ut
clients) can connect to a wired LAN and
only associates to another bridge (root or
non-root).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Ensure Compatibility with Cisco From the list, select one of the following:
Ensure Compatibility with
2MB/sec Clients
Using the Templates
• Enable—Use this setting to
automatically configure the device to be
compatible with othe r Cisco devices o n
your wireless L AN.
• Disable—Use this setting to not
automatically configure the device to be
compatible with othe r Cisco devices o n
your wireless L AN.
From the list, select one of the following:
• Enable— Use this setting to opera te at a
maximum speed of two megabits per
second.
• Disable—Use this settin g if yo u do not
want devices to operate at a maximum
speed of two megabits per second.
Step 2 Select one of the following:
• Preview to see your cha nges be fore yo u app ly the m. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Setting Up Association
Use this option to se t u p sp an ning tre e prot ocol (S TP) o n b ridg es an d to set up
filtering to control the flow of data through the access poi nt.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-7
Using the Templates
Procedure
Step 1 Select Association. The menu expands and the Association dialog box displays in
the right pane.
Step 2 Select one of the following from the Assoc iation me nu:
• Spanning Tree—Defining Spanning Tree Protocol , pa ge 3-8.
• Address Filters—Defining Address Filters, page 3-11.
• Ethertype Filters—Defining Ethertype Filters, page 3-12.
• IP Protocol Filters—Defining IP Protocol Filters, page 3-16.
• IP Port Filters—Defining IP Port Filters, page 3-21.
• Advanced—Defining Advanced Associations, page 3-25.
• Port Assignments—Configuring Port Assignm ents, pag e 3-30.
Defining Spanning Tree Pr otocol
Chapter3 Configuring Devices
3-8
This option is used for only bridges.
Procedure
Step 1 Select Association > Spanning Tree. The Association: Spanning Tree Protocol
dialog box appears.
Step 2 Click see details for information on which bridges this configuration is valid.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Step 3 Complete th e foll owing :
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
Table 3-2 Spanning Tree Protocol Set tings
Field Description
Spanning Tree Protocol
(STP)
Root Configuration
Priority (0-65535) Enter a num ber to infl uence w hich bridge is
Using the Templates
entries you have made in other Template windows up until that point.
From the list, select one of the following:
• Enable—Use this setting to enable STP on the
bridge.
• Disable—If you do not want STP enable d the
bridge.
designated the root bridge in the spanning tree.
When bridges have the same priority setting, STP
uses the bridges’ MAC addresses as a tiebreaker.
78-14092-01
The bridge with the lowest priority setting is likely
to be designated the root bridge in the tree.
Max Age (6-40 Seconds) Enter the number of seconds to define how long the
bridge waits before deciding the network has
changed and the spanning tree needs to be rebuilt.
For example, with Ma x A g e set to 2 0, th e br idge
attempts to rebuild the spanning tree if it does not
receive a hello BDPU fro m the ro ot bridge in the
spanning tree within 20 seconds.
Hello Time (1-10
Seconds)
Enter the number of seconds to define how often the
root bridge in the spanning tree sends out a hello
BPDU telling the other bridges that the network
topology has not changed and that the spanning tree
should remain the same .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-9
Using the Templates
Chapter3 Configuring Devices
Table 3-2 Spanning Tree Protocol Settings (continued)
Field Description
Forward Delay (4-30
Seconds)
Port Configuration
Path Cost (1-65535) Enter a number to indicates the relati v e ef f icienc y of
Priority (0-255) Enter a number to influence whether STP designates
Enable From the list, select one of the following for each
Enter the number of seconds to define how long the
bridge’s ports should stay in the listening and
learning transition states if there is a change in the
spanning tree.
a port’s network link.
A port with a high path cost is less likely to become
a bridge's root port.
a port as a b ridge' s r oot por t.
A port with a low priority setting is more likely to
become a bridge 's r oot por t.
port configured:
3-10
• Enable—Use this setting to indicate whether th e
port participates in STP. (This determines
whether the port blocks or for wards tra ffic.)
• Disable—Use this setting to indicate that the
port does not participate in STP.
Step 4 Select one of the following:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Defining Address Filters
Step 1 Select Association > Address Filters. The Association: Address Filters dialo g
Step 2 To add a new MAC address filter complete the following fields:
Using the Templates
Using this option, you can:
• Create a MAC address filter
• Remove a MAC address filter
Procedure
box appears.
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Field Description
New Destination
MAC Address
Enter a destination MAC address by entering the
address in one of the following ways:
78-14092-01
• With colons separating the character pairs
(00:40:96:12:34: 56, for example )
• Without any intervening characters
(004096123456, for example)
Allowed Click to pass traffic to the MAC address.
Disallowed Click to discard traffic to the MAC address.
Step 3 Click Add to add the MAC address to the Current MAC Address Filters list.
Step 4 To remove a MAC Address, select it from the Current MAC Address Filters list,
then click Remove.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-11
Using the Templates
Step 5 Select one of the following:
Defining Ethertype Filt ers
Procedure
Step 1 Select Association > Ethertype Filters. The Association: Ethertype Filters
dialog box appears.
Step 2 Using thi s op tio n:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
• Create new filters—See Creating New Ethertype Filters, page 3-12.
• Delete the Filters—See Deleting Ethertype Filters, page 3-14.
3-12
Using this optio n y ou c an als o:
• Create Special Cases —See Creating Special Cases, page 3-14.
• Delete Special Cases—See Deleting Special Cases, page 3-16.
Creating New Ethertype Filters
Procedure
Step 1 T o c reate and ena ble proto col filters for the acc ess point ’s Ethernet port, e nter the
following:
Table 3-3 Creating New Ethertype Filters Settings
Field Description
Add New Ethertype Filter
Set ID Enter an identification number for the filter set.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-3 Creating New Ethertype Filters Settings (continued)
Field Description
Set Name Enter a descriptive filter set name.
Default Disposition From the list, select one of the following:
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
multicast Enter the number of milliseconds multicast packets
Using the Templates
See Naming Guidelines, pa ge A-1 .
• Forward—Use this setting to forward protocol
traffic.
• Block—Use this set tin g to blo ck prot ocol traffic.
should stay in the access point’s buffer before they are
discarded.
should stay in the access point’s buffer before they are
discarded.
78-14092-01
Step 2 Click Add. The new name is added to the Ethertype Filte rs list.
Step 3 Select one of the following:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-13
Using the Templates
Step 1 To delete protocol filters for the access point's Ethernet port, select the set name
Step 2 Select one of the following:
Chapter3 Configuring Devices
Deleting Ethertype Filters
Procedure
from the Current Ethertype Filters list, then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Creating Special Cases
Procedure
3-14
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-4 Ethertype Filter Special Cases Settings
Field Description
Special Cases
Ethertype Enter the Ethertype filter name.
Disposition From the list, select one of the following:
• Default—Use the d is positi on you se t f or the Eth ertype
filter.
• Forward—Use this setting to forward protocol traffic.
• Block—Use t his set ting to blo ck pr otoc ol tr affic.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-4 Ethertype Filter Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets sh ould stay in
multicast Enter the number of milliseconds multicast packets sh ould stay
Alert From the list, select one of the following:
Using the Templates
• Default—This setting is the same as best effort, which
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and other
activities that are allowed on the network but should not
impact network use by o ther u ser s and a pplic ati on s.
• Excellent Effort—Use this setting for a network’s most
important users.
• Controlled Load—Use this setting for important business
applications that are subjec t to some for m of admissi on
control.
• Interactive Video—Use this setting for traffic with less
than 100 ms del ay.
• Interactive Voice—Use this setting for traffic with less
than 10 ms delay.
• Network Control—Use this setting for traffic that must get
through to maintain and support the ne twork infrastr ucture.
the access poin t’s buffer before they are discar ded.
in the access point’s buffer before they are discarded.
78-14092-01
• yes—Use this setting to send an alert to the ev ent log when
a user transmits or recei v es the protoc ol throug h the access
point.
• no—Use this setting to not send an alert to the event log.
Step 3 Click Add. The new name is added to the list box.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-15
Using the Templates
Step 4 Select one of the following:
Step 1 To delete special cases for the access point's Ethernet port, select the Ethertype
Step 2 Select one of the following:
Chapter3 Configuring Devices
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting Special Cases
Procedure
name from the list box, then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Defining IP Protocol Filters
Procedure
Step 1 Select Association > IP Protocol Filters. The Association: IP Protocol Filters
dialog box appears.
Step 2 With this option you ca n:
• Create new filters—See Creating New IP Protocol Filters, page 3-17.
• Delete the filters—See Deleting IP Protocol Filters, page 3-18.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-16
Categories, page 3-2.)
78-14092-01
Chapter 3 Configuring Devices
Using this optio n y ou c an als o:
• Create Special Cases —See Creating Special Cases, page 3-18.
• Delete Special Cases—See Deleting Special Cases, page 3-21.
Creating New IP Protocol Filters
Procedure
Step 1 To create and enable IP protocol filters, enter the following:
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
Default Disposition From the list, select one of the following:
Using the Templates
See Naming Guidelines, pa ge A-1 .
78-14092-01
• Forward—Use this setting to forward protocol
traffic.
• Block—Use this set tin g to blo ck prot ocol traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the access point’s buffer before they are
discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the access point’s buffer before they are
discarded.
Step 2 Click Add. The new name is added to the Current Protocol Filters list.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-17
Using the Templates
Step 1 To delete an IP protocol filter, select the name from the Current Protocol Filters
Step 2 Select one of the following in the left pane:
Chapter3 Configuring Devices
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Deleting IP Protocol Filters
Procedure
list, then click Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
3-18
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-5 IP Protocol Filters Special Cases Settings
Field Description
Special Cases
Protocol Enter the IP protocol name.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-5 IP Protocol Filters Special Cases Settings (continued)
Field Description
Disposition From the list, select one of the following:
Priority From the list, select one of the following:
Using the Templates
• Default—Use the d is positi on you se t f or the prot ocol
filter.
• Forward—Use this setting to forward traffic.
• Block—Use this setting to block traffic.
• Default—This setting is the same as best effort, which
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not impac t n etwork use by othe r use rs and
applications.
• Excellent Effort—Use th is setting for a network's most
important users.
78-14092-01
• Controlled Load—Use this setting for important
business applications that are subject to some form of
admission control.
• Interactive V ideo —Use this setting for traff ic with less
than 100 ms del ay.
• Interactive Voice—Use this setting for traff ic wit h less
than 10 ms delay.
• Network Control—Use this setting for traf fic tha t must
get through to maintain and support the network
infrastructure .
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets should
stay in the acc ess poin t’s buffer before they are disc arded.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-19
Using the Templates
Step 3 Click Add. The new name is added to the list box.
Step 4 Select one of the following in the left pane:
Chapter3 Configuring Devices
Table 3-5 IP Protocol Filters Special Cases Settings (continued)
Field Description
multicast Enter the number of milliseconds multicast packet s sh ould
stay in the acc ess poin t’s buffer before they are disc arded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the event log
when a user transmits or receives the protocol through
the access point.
• no—Use this setting to not send an alert to the event
log.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
3-20
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Step 1 To delete special cases, select the protocol name from the list box, then click
Step 2 Select one of the following in the left pane:
Defining IP Port Filters
Using the Templates
Deleting Special Cases
Procedure
Delete.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Procedure
78-14092-01
Step 1 Select Association > IP Po rt Filter s. The Associa tion: IP Port Filters d ialog box
appears.
Step 2 With this option you ca n:
• Create new filters—See Creating New Port Filters, page 3-22.
• Delete the filters—See Deleting Port Filters, page 3-23.
Using this optio n y ou c an als o:
• Create Special Cases —See Creating Special Cases, page 3-23.
• Delete Special Cases—See Deleting Special Cases, page 3-25.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-21
Using the Templates
Step 1 To create and enable port filters, enter the following:
Chapter3 Configuring Devices
Creating New Port Filters
Procedure
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
See Naming Guidelines, pa ge A-1 .
Default Disposition From the list, select one of the following:
• Forward—Use this setting to forward traffic.
• Block—Use this setting to block traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the ac cess point ’s buffer before they
are discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the ac cess point ’s buffer before they
are discarded.
3-22
Step 2 Click Add. The new name is added to the Current Port Filters list.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Deleting Port Filters
Procedure
Step 1 To delete a protocol filter, select the na me from the Current Po rt Filters list, then
click Delete.
Step 2 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Creating Special Cases
Procedure
Using the Templates
Template, page 3-89 .)
Categories, page 3-2.)
78-14092-01
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-6 IP Port Filters Special Cases Settings
Field Description
Special Cases
Port Enter the IP Port filter na me.
Disposition From the list, select one of the following:
• Default—Use the disposition you set for the port filter.
• Forward—Use this setting to forward protocol traffic.
• Block—Use t his set ting to blo ck pr otoc ol tr affic.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-23
Using the Templates
Chapter3 Configuring Devices
Table 3-6 IP Port Filters Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
• Default—This setting is the same as best effort, which
applies to nor mal LAN tr affic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not impac t n etwork use by othe r use rs and
applications.
• Excellent Effort—Use this setting for a network's most
important users.
• Controlled Load—Use this setting for important
business applications that are subject to some form of
admission control.
• Interactive Video—Use this setting for traffic with less
than 100 ms del ay.
3-24
• Interactive Voice—Use this setting for traffic with less
than 10 ms delay.
• Network Control—Use this setting for traffic that must
get through to maintain and support the network
infrastructure .
Time t o Liv e ( mse c )
unicast Enter the number of milliseconds unicast packets shoul d stay
in the buffer before they are discarded.
multicast Enter the number of milliseconds multicast packets should
stay in the buffer before they are discarded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the event log
when a user tra nsmi ts or r ece ives the prot ocol thr oug h
the access point.
• no—Use this setting to not send an aler t to the e v ent log .
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Deleting Special Cases
Procedure
Step 1 To delete special cases, select the port name from the list box, then click Delete.
Step 2 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Using the Templates
Template, page 3-89 .)
Categories, page 3-2.)
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Defining Advanced Associati ons
Use this option to control the total number of devices an access point can list in
the Association Table and the amount of time the ac cess po int contin ues to trac k
each device class whe n a device is i nactive.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-25
Using the Templates
Step 1 Select Associ at io n > Adv a nced. The Association: Advanced dialog box appears.
Step 2 To define advanced associations, enter the following:
Chapter3 Configuring Devices
Procedure
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Table 3-7 Advanced Association Settings
Field Description
Alert Severity Level From the list select one of the following:
• systemFatal—Indicates an event that prevents
operation of the port or device.
• protocolFatal—Indicates an event that prevents
operation of the port or device
• portFatal—Indicates an event that prevents
operation of the port or device
• systemAlert—Indic ates t h at you nee d to t ake
action to correct the condition.
• protocolAlert—In dicat es that you need to take
action to correct the condition.
• portAlert—Indicates that you need to take
action to correct the condition.
• externalAlert—Indicate s th at you nee d to t ake
action to correct the condition.
3-26
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-7 Advanced Association Settings (continued)
Field Description
Max Bytes Stored Pe r
Alert Packet
Using the Templates
• systemWarning—Indicates that an error or
failure may have occurre d.
• protocolWarning—Indicates that an er ror or
failure may have occurre d.
• portWarning—Indicates that an error or fa ilure
may have occurred.
• externalWarning—Indicates that an erro r or
failure may have occurre d.
• systemInfo—Notification that some sort of
event has occurred.
• protocolInfo—Notification that some sort of
event has ocurred.
• portInfo—Notification that some sort of event
has ocurred.
• externalInfo—Notification th at some sort of
event has ocurred.
Enter the maximum number of bytes the access point
stores for each Station Alert packet when packet
tracing is enabled.
78-14092-01
If you use 0, the access point does not store bytes for
Station Alert packets; it only logs the event.
Max Fwd Table Entries From the list, select one of the following to
designate the maxim um number of devices tha t can
appear in the Association Table:
1024, 2048, 4096, 8192, 16384, 32 768, 65536.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-27
Using the Templates
Chapter3 Configuring Devices
Table 3-7 Advanced Association Settings (continued)
Field Description
Enable Extended Stats
in MIB
Enable PSPF From the list, select one of the following:
From the list, select one of the following:
• Enable—Use this setting to enable the storage
of detailed statistics in the device’s memory.
• Disable—Use this setting to disable the storage
of detailed statistics in the device’s memory.
When you disable extende d stat istic s y ou
conserve memory, and the device can include
more devices in the Association Table.
• Enable—Use this setting to enable Publicly
Secure Packet Forwarding, which ensures that
client devices cannot communicate with other
client devices on the w irel ess net work. Th is
feature is useful for pu blic wir eless networks
like those installed in airports or on college
campuses.
3-28
• Disable—Use this setting to disable Publicly
Secure Packet Forwarding.
Click se e detail to see for which versions this setting
is valid.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-7 Advanced Association Settings (continued)
Field Description
Unknown Class
Timeout
Multicast Addresses
Timeout
Infrastructure Hosts
Timeout
Client Stations
Timeout
Repeaters Timeout
Access Points Timeout
Across Bridge Hosts
Timeout
Non-Root Bridges
Timeout
Root Bridges Timeout
Using the Templates
Enter the number of seconds the access point
continues to track an inac tive device depending on
its class.
A setting of zero tells the access point to track a
device indefinitely no matter how long it is inactive.
A setting of 300 equals 5 minut es; 1800 equal s 30
minutes; 28800 e quals 8 h our s.
78-14092-01
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-29
Using the Templates
Configuring Port Assignments
When you assign specific ports, your network top ology remai ns constan t even
when devices reboot.
Procedure
Step 1 Select Association > Port Assignments. The Association: Port Assignments
dialog box appears.
Step 2 To define port assignments, enter the following:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
Field Description
ifIndex Lists the port’s designator in the Standard MIB-II
dot1dBasePort Lists the port’ s designator in the Bridge MI B (RFC1493;
AID Lists the port’s 802.11 radi o drivers associ atio n
Station Enter th e MAC address of the device to which you want
Chapter3 Configuring Devices
entries you have made in other Template windows up until that point.
(RFC1213-MIB. my ) in terfa ce i n dex.
BRIDGE-MIB.m y) i n terface i ndex.
identifier.
to assign the port .
3-30
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Configuring the Ethernet Port
Use this option to configure the device’s Ethernet port.
Procedure
Step 1 Select Ethernet. The menu expands and the Ethernet dial og box displ ays in the
right pane.
Step 2 Select one of the following from th e Ethern et menu:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
• Identification—See Identifying the Ethernet Port, pa ge 3-31 .
• Filters—See Setting Up Ethernet Filters, page 3-32.
• Advanced—See Defining the Ethernet Advanced Settings, page 3-34.
Using the Templates
Identifying the Ethernet Port
Use this option to define basic identity information for the Ethernet port.
Procedure
Step 1 Select Ethernet > Ident ificati on. The Ether net: Iden tificati on dialog box
displays in the right pane.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-31
Using the Templates
Step 2 Enter the following information to identify the port:
Step 3 Select one of the following in the left pane:
Chapter3 Configuring Devices
Field Description
Primary Port? From the list, select one of the following:
• yes—Sets the Ethernet port as the
primary port.
• no—Sets the radio port as the primary
port.
Adopt Primary Port Identity? From the list, select one of the following:
• yes—This adopts the pr imary port
settings (MAC and IP addresses) for the
Ethernet port.
• no—This uses different MAC and IP
addresses for the Ethernet po rt.
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Setting Up Ether net Filters
Use this option to define filters for the Ethernet port, the IP Protocol, and the IP
Port.
Note Changing this setting may cause the access point to reboot.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-32
Categories, page 3-2.)
78-14092-01
Chapter 3 Configuring Devices
Procedure
Step 1 Select Ethernet > Filters. The Ethernet: Filters dialog box displays in the right
pane.
Step 2 Complete th e foll owing :
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
Field Description
Ethertype
Receive Enter the ID of a d efined Ethertype filter, o r select one of the
Transmit Enter the ID of a defined Eth er ty pe filter , o r sel ect one of the
IP Protocol
Receive Enter the ID of a defined IP protocol filter, or select one of
Transmit Enter the ID of a defined IP protocol filter, or select one of
IP Port
Receive Enter the ID of a defined IP port filter, or select one of the
Transmit Enter the ID of a defined IP port filter, or select one of the
Using the Templates
entries you have made in other Template windows up until that point.
filters you created using Association > Ethertype Filters.
filters you created using Association > Ethertype Filters.
the filters you created using Association > IP Protocol
Filters.
the filters you created using Association > IP Protocol
Filters.
filters you created using Association > IP Po rt F ilt er s .
filters you created using Association > IP Po rt F ilt er s .
78-14092-01
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-33
Using the Templates
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Defining the Ethernet Advanced Settings
Use this option to define the settings a nd operat ional sta tus of the Eth ernet port .
Procedure
Step 1 Select Ethernet > Advanced. The Ethernet: Advanced dialog box displays in the
right pane.
Step 2 Complete th e foll owing :
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Chapter3 Configuring Devices
3-34
Table 3-8 Ethernet Advanced Settings
Field Description
Status From the list, select one of the following:
• up— Enables the Ethernet port for normal operation.
• down—Disables the device’s Ethernet port.
Packet Forwarding From the list, select one of the following:
• enabled—Allows norm al ope ra tion.
• disabled—Prevents data from moving between the
Ethernet and the ra dio, whic h is useful in
troubleshooting.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-8 Ethernet Advanced Settings (continued)
Field Description
Default Multicast
Address Filter
Maximum Multic ast
Packets/Second
Default Unicast
Address Filter
Using the Templates
From the list, select one of the following:
• allowed—The access point forwards all traffic
except packets sent to the MAC addresses set as
disallowed under Association > Address Filters.
• disallowed—The access point discards all traffic
except packets sent to the MAC addresses set as
allowed under Association > Address Filters.
Use this setting to control the number of multicast
packets that can pass throu gh the Eth erne t port each
second.
If you enter 0, the access point passes an unlimited
number of multicast packets.
If you enter a number other than 0, the device passes only
that number of multicast packets per second.
From the list, select one of the following:
• allowed—The access point forwards all traffic
except packets sent to MAC addresses that have
been set as disallowed under Association > Address
Filters.
78-14092-01
• disallowed—The access point discards all traffic
except packets sent to the MAC addresses that have
been set as allowed under Association > Address
Filters.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-35
Using the Templates
Configuring the Radio
Use this option to configure the device’s radio.
Procedure
Step 1 Select Radio. The menu expands and the Radi o di al og box disp lays i n th e righ t
pane.
Step 2 Select one of the following from the Ra dio menu:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
• Identification—See Identifying the Radio Port, page 3-36.
• Filters—See Setting Up Radio Filters, page 3-38.
• Hardware—See Defining the Radio Hardware Setting s, page 3-39 .
• Advanced—See De fining the Radio A dvanced Settings, pa ge 3-44.
Chapter3 Configuring Devices
entries you have made in other Template windows up until that point.
Identifying the Radio Port
Use this option to define basic identity information for the Ethernet port.
Note Changing this setting may cause the access point to reboot.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-36
• Searched Channels—See Defining the Radio Searched Channels Settings,
page 3-49.
78-14092-01
Chapter 3 Configuring Devices
Procedure
Step 1 Select Radio > Identification. The Radio: Identification dialog box displays in
the right pane.
Step 2 Enter the following information to identify the port:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
Field Description
Primary Port? From the list, select one of the following:
Adopt Primary Port Identity? From the list, select one of the following:
Using the Templates
entries you have made in other Template windows up until that point.
• yes—Sets the ra dio por t a s the prim ar y
port.
• no—Sets the Ethernet port as the
primary port.
78-14092-01
• yes—This adopts the pr imary port
settings (MAC and IP addresses) for the
Ethernet port.
• no—This uses different MAC and IP
addresses for the Ethernet po rt.
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-37
Using the Templates
Setting Up Radio Filters
Note Changing this setting may cause the access point to reboot.
Step 1 Select Radio > Filters. The Radio Filters dialog box displays in the right pane.
Step 2 Complete th e foll owing :
Chapter3 Configuring Devices
Procedure
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Table 3-9 Radio Filters Settings
Field Description
Ethertype
Receive Enter the ID of a defined Ethertype filter, or
select one of the filters you create d using
Association > Ethertype Filters.
Transmit Enter the ID of a defined Ethertype filter, or
select one of the filters you create d using
Association > Ethertype Filters.
IP Protocol
Receive Enter the ID of a defined IP p rotocol filte r , or
select one of the filters you create d using
Association > IP Protocol Fi lters.
Transmit Enter the ID of a defined IP protoco l filter , or
select one of the filters you create d using
Association > IP Protocol Fi lters.
3-38
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-9 Radio Filters Settings (continued)
Field Description
IP Port
Receive Ente r the ID of a de fined I P po rt pro toco l
Transmit Ent er the ID of a defined I P po rt proto co l
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Using the Templates
filter, or select one of the filters you created
using Association > IP Port Filters.
filter, or select one of the filters you created
using Association > IP Port Filters.
Template, page 3-89 .)
Categories, page 3-2.)
Defining the Radio Hardwa re Settings
Procedure
Step 1 Select Radio > H a rd wa re. The Radio: Hardware dialog box displays in the right
pane.
Step 2 Complete th e foll owing :
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-39
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Radio Hardware Settings
Field Description
Service SetID (SSID) Enter a unique ide ntifier client d evic es use to
associate with the acc es s p oi nt. I t ca n be any
alphanumeric, case -sensit ive string, from 2
to 32 characters long.
Several access points on a network or
sub-network can share an SSID.
Allow “Broadcast” SSID to
Associate
Enable “World Mode”
multi-domain operation?
From the list, select one of the following:
• yes—Allows devices that do no t sp ecify
an SSID (devices that are “broadcasting”
in search of an access point to associate
with) to associate with the access point.
• no—Does not allow devices th at do n ot
specify an SSID (devices that are
“broadcasting” in search of an access
point to associate wi th) to associ ate with
the access poin t.
With no selected, the SSID used by the
client device must match exactly the
access point’s SSID.
From the list, select one of the following:
• yes—Allows the access point to add
channel carrier set information to its
beacon.
3-40
Client devices with world-mode enabled
receive the carrier set information and
adjust their settings automatically.
• no—Does not allow the access point to
add channel carrier set inf ormation to its
beacon.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-10 Radio Hardware Settings (continued)
Field Description
Data Rates (Mb/sec)
1.0 From the list, select one of the following for
2.0
5.5
11.0
Transmit Power From the list, select one of the following
Fragmentation Thr eshol d
(256-2338)
Using the Templates
each of the four rates in megabits per second:
• basic—Allows transmission at this rate
for all packets, both unicast and
multicast. At least one data rate must be
set to basic.
• yes—Allows transmission at this ra te for
unicast packets only.
• no—Does not allow transmission at this
rate.
milliwatt settings: 1, 5 , 20, 3 0, 50 , 100.
To reduce interf er en ce or to cons e rve power,
select a lower power setting.
Enter a setting to determine the size at which
packets are fr ag me nt ed (s en t a s several
pieces instead o f as one b lock).
78-14092-01
Use a low setting in areas where
communication is p oor or w here ther e is a
great deal of radio interfe rence .
RTS Threshold (0-2339) Enter a setting to determine the packet size at
which the access point issues a request to
send (RTS) before sending the packet.
A low R TS Threshold setting can be useful in
areas where ma ny cl ie nt device s a re
associating with the access point, or in areas
where the clients are far apart and can detect
only the access point and not each other.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-41
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Radio Hardware Settings (continued)
Field Description
Maximum RTS Retries (1-128) Enter the maximum number of times the
access point issues an RTS before stopping
the attempt to send the packet through the
radio.
Max. Data Retires (1- 128) Enter the maximum number of attempts the
access point makes to se nd a pa cket b efo re
giving up and dropping the packet.
Beacon Period (Kusec) Enter the amount of time between beacons in
Kilo microseconds. (One Km sec equ als
1,024 microseconds.)
Data Beacon Rate (DTIM) Enter the amount of time, always a multiple
of the beacon period, to determine how often
the beacon contains a de livery traffic
indication message (DTIM).
The DTIM tells power-save client devices
that a packet is waiti ng for t hem.
3-42
If the beacon period is set at 100, its default
setting, and the data beacon rate is set at 2, its
default setting, then the access point sends a
beacon containing a DTI M every 200
Kmsecs. (One Kmsec equal s 1,024
microseconds.)
Default Radio Channel From the list, select the radio channel you
want for a default. Each c ha nnel covers 22
MHz.
The factory setting for Cisco wireless LAN
systems is Radio Channel 6 transmitting at
2437 MHz.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-10 Radio Hardware Settings (continued)
Field Description
Search for less-congested Radio
Channel?
Receive Antenna From the list, select one of the following:
Transmit Antenna
Using the Templates
From the list, select one of the following:
• yes—Allows the access poin t to scan for
the radio channe l tha t is lea st busy an d
selects that chan nel for use.
• no—Will not allow the access point to
scan for a radio channel that is least
busy.
• Right—Use this setting if your access
point has removable antennas and you
install a high -gain antenna on t he ac ces s
point's right conne ctor. (When you l ook
at the access point's back p anel, t he right
antenna is on t he ri ght. )
Use this setting for both receive and
transmit.
78-14092-01
• Left—Use this setting if your access
point has removable antennas and you
install a high -gain antenna on t he ac ces s
point's left connector. (When you look at
the access point's back panel, the left
antenna is on the left.)
Use this setting for both receive and
transmit.
• Diversity—Use this setting if your
access point has two fixed
(non-removable) antennas; it tells the
access point to use the ant enna th at
receives the best s ig nal.
Use this setting for both receive and
transmit.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-43
Using the Templates
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Defining the Radio Advanced Settings
Use this option to define the settings a nd operat ional sta tus of the Eth ernet port .
Procedure
Step 1 Select Radio > Advanced. The Radio: Advanced dialog box displays in the right
pane.
Step 2 Complete th e foll owing :
Chapter3 Configuring Devices
3-44
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-11 Radio Advanced Settings
Field Description
Status From the list, select one of the following:
Packet Forwarding From the list, select one of the following:
Default Multicast Address Filter From the list, select one of the following:
Using the Templates
• up— Enables the Radio port fo r normal
operation.
• down—Disables the device’s Radio
port.
• enabled—Allows norm al ope rat ion.
• disabled—Prevents data from moving
between the Ethernet and the radio,
which is useful in trou ble shoo tin g.
• Allowed—The access point forwards all
traffic except packets sent to the MAC
addresses set as disallowed under
Association > Address Filters.
78-14092-01
Maximum Multic ast
Packets/Second
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
• Disallowed—The access point discards
all traffic except packets sent to the
MAC addresses set as allowed under
Association > Address Filters.
Use this setting to control the number of
multicast packets that can pass through the
Ethernet port each sec ond.
If you enter 0, the access point passes an
unlimited number of multicast packets.
If you enter a number other than 0, the device
passes only that number of multicast packets
per second.
3-45
Using the Templates
Chapter3 Configuring Devices
Table 3-11 Radio Advanced Settings (continued)
Field Description
Maximum Numb er of
Associations
Use Aironet Extensions From the list, select one of the following:
Ethernet encapsulation
transform
Enter the maximum number of wireless
networking devices that are allowed to
associate to the access point.
If you enter 0 it means that the maximum
possible number of a sso cia tions is allowed.
Click see details to see for which versions
this setting is valid.
• yes—Enable load balancing, Message
Integrity Check (MIC), and WEP key
hashing.
• no—Does no enable the features listed
above.
From the list, select one of the following:
• 802.1H—Provides optimum
performance for Ci sco A iro net wire less
products.
3-46
• RFC1042—Ensures interoperability
with non-Cisco Aironet wireless
equipment.
Enhanced MIC verification for
WEP
From the list, select one of the following:
• None—Does not enabl e MIC.
• NMH—Enables MIC (Message Integrity
Check), a security feature that protects
your WEP keys by preventing attacks on
encrypted packets called bit-flip attacks.
Click see details to see for which versions
this setting is valid.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-11 Radio Advanced Settings (continued)
Field Description
Temporal Key Integrity Protocol From the list, select the following:
Broadcast WEP Key rotation
interval (sec)
Using the Templates
• None—Does not enable WE P key
hashing.
• Cisco— Enables WEP key hashing that
defends against an att ack o n W EP in
which the intruder uses th e unenc ry pted
initialization vect or (I V) in en cryp ted
packets to calculate the WEP key.
Click see details to see for which versions
this setting is valid.
Enter a rotation interval in seconds.
• If you enter 900, for example, the access
point sends a new broadcast WEP key to
all associated client devices every 15
minutes.
78-14092-01
• If you enter 0, you disable broadc ast
WEP key rotation.
Click see details to see for which versions
this setting is valid.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-47
Using the Templates
Chapter3 Configuring Devices
Table 3-11 Radio Advanced Settings (continued)
Field Description
Default Unicast Address Filter
Open From the list, select one of the following:
Shared
Network-EAP
Specified Access Point 1 If this access point is a repeater, enter the
Specified A cc ess Poin t 2
Specified A cc ess Poin t 3
Specified A cc ess Poin t 4
• Allowed—The access point forwards all
traffic except packets sent to the MAC
addresses set as disallowed with the
Address Filters.
• Disallowed—The access point discards
all traffic except packets sent to the
MAC addresses set as allowed with the
Address Filters or on your authentication
server.
Select Disallowed for each
authentication type that also uses
MAC-based authentication.
MAC addr ess of one or mor e root-unit access
points with which you want this access point
to associate.
With MAC addresses in these fields, the
repeater access point always tri es to
associate with the specified access points
instead of with other less-efficient access
points.
3-48
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-11 Radio Advanced Settings (continued)
Field Description
Radio Modulation From the list, select one of the following:
Radio Preamble From the list, select one of the following:
Using the Templates
• Standard—This setting is the
modulation type specified in IEEE
802.11, the wireless standard pub lished
by the Institute of Electrical and
Electronics Engineers (IEEE) Standards
Association.
• MOK—This modulati on was used
before the IEEE finished the high-speed
802.11 standard and may still be in use in
older wireless networks.
• Long—Ensures compatibility between
the access point and all ea rly mode ls of
Cisco Aironet Wireless LAN Adapters
(PC4800 and PC4800A).
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Defining the Radio Searc hed Channels Settings
Use this option to limit the channels that the access point scans when Search for
less-congested radio channel is enabled.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
• Short— Cisco Aironet’s Wireless LAN
Adapter supports short preambles; it
improves throughput performance .
3-49
Using the Templates
Step 1 Select Radio > Searched Channels. The Radio: Search ed Ch an nel s dia log box
Step 2 Complete th e foll owing :
Chapter3 Configuring Devices
The access point uses this setting to scan for the radio channel that is least busy
and selects that ch anne l for use .
Procedure
displays in the right pane.
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Field Description
Channel Numbe r List the available channels by numbe r.
Frequency (mHz) Lists the chan nel fr eq ue ncy.
Search? From the list, select one of the following:
3-50
• Yes—Use this option to include the
channel in the scan for less-congested
channels.
• No—Use this option to exclude the
channel in the scan for less-congested
channels
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Defining the Security Settings
Use this option to configure the device’s security settings.
Procedure
Step 1 Select Security. The menu expands and the Security dialog box display s in the
right pane.
Step 2 Select one of the following from th e Securi ty menu:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
• Local Admin Access—See Setting Local Admin Access, page 3-51.
• Local AP/Client Security—See Setting Local AP/Client Security, page 3-52.
• Server-Based Security—See Setting Server-Based Security, page 3-55 .
Using the Templates
Setting Local Admin Access
Use this option to enable or disable local admin access.
Procedure
Step 1 Select Security > Local Admin Access. The Security: Local Admin Access
dialog box appears.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-51
Using the Templates
Step 2 Complete th e foll owing :
Step 3 Select one of the following in the left pane:
Chapter3 Configuring Devices
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Field Description
Local Admin Authentication Select Enable to enab le l o ca l a dm in
authentication, or Disable to disable it.
Allow read-only browsing
without login
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Select Yes to allow it, or No to disallow it.
Setting Local AP/Client Security
Use this option to set up the local access point and client security.
Procedure
Step 1 Select Security > Local AP/Client Security. The Security: Local AP/Client
Security dialog box appears:
Step 2 Complete th e foll owing :
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-52
entries you have made in other Template windows up until that point.
78-14092-01
Chapter 3 Configuring Devices
Table 3-12 Local AP /Client Security Settings
Field Description
Data Encryption by
Stations
Authenti c a ti o n Type
Open From the list, select one of the following:
Using the Templates
From the list, select the encryption type:
• No Encryption—Requires clients to communicate
with the Access Po int w ithout any d ata e ncry ptio n.
This setting is not recommended.
• Optional—Allows clients to communicate with the
Access Point either with or without data e ncryption.
Typically, this option is used when you have client
devices that cannot make a WEP connection, such as
non-Cisco clients in a 128-bit WEP environment.
• Full Encryption—Requires clients to use data
encryption when communicating with the Access
Point. Clients not using data encryption are allowed
to communicate. This option is recommended if you
want to maximize the security of your Wireless
LAN.
78-14092-01
• Yes—Allows any device, regardless of its WEP
keys, to authenticate and attempt to associate. This
is the recommended setting.
• No—Does not allow any device, regardless of its
WEP keys, to authenticate and attempt to associate.
Shared Key From the list, select one of the following:
• Yes—Tells the access point t o send a p lain- text,
shared key query to a ny device a ttem pti ng to
associate with the access point. This query can leave
the access point open to a known-text attack from
intruders. This is not as secure as the Open setting.
• No—Does not allow the access point to send a
plain-text, shar ed key query t o any d evice
attempting to associate with the access point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-53
Using the Templates
Chapter3 Configuring Devices
Table 3-12 Local AP /Client Security Settings (continued)
Field Description
Network-EAP From the list, select one of the following:
• Yes—Allows EAP-enabled client devices to
authenticate through the access point.
• No—Does not allow EAP-enabled client devices to
authenticate through the access point.
Require EAP
Open From the list, select one of the following:
• Yes—Use this option if y ou use op en and E AP
authentication to block client devices that are not
using EAP from authen ticat ing throu gh the acce ss
point.
• No—Use this option if you do not use open and EAP
authentication.
Shared From the list, select one of the following:
3-54
• Yes—Use this option if y ou use sh ar ed and EA P
authentication to block client devices that are not
using EAP from authen ticat ing throu gh the acce ss
point.
• No—Use this op tio n if you do not use sh ared a nd
EAP authentication.
Encryption Keys 1 through 4
Transmit Key Click to indicate this is the key you want to use to
transmit packets. Only one key can be selected at a time.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-12 Local AP /Client Security Settings (continued)
Field Description
Encryption Key Enter the type of encryption key used:
Key Size From the list, select one of the following:
Step 3 Select one of the following in the left pane:
• Preview to see y our cha nges be fore yo u app ly t hem. ( See Previewing the
Using the Templates
• For 40-bit WEP keys, enter as 10 hexadecimal digits
(0-9, a-f, or A-F).
• For128-bit WEP keys, enter as 26 hexadecimal
digits (0-9, a- f, or A-F) .
• Not set
• 40 bit
• 128 bit
Template, page 3-89 .)
• Finish to save the template. (See Finishing the Template, page 3-89.)
• Another template cat egory to configure mor e option s. (See Template
Categories, page 3-2.)
Setting Server-Based Security
Use this option to set up server-based security.
Note Changing this setting may cause the access point to reboot.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-55
Using the Templates
Step 1 Select Security > Server-Based Security. The Se curity: Serv er-B ased dialog box
Step 2 Complete th e foll owing :
Chapter3 Configuring Devices
Procedure
appears:
Note Clicking Clear remov e s al l the cur re nt entries in the wind ow and any
entries you have made in other Template windows up until that point.
Table 3-13 Server-Based Security Settings
Field Description
Server Name/IP Enter the name or IP addre ss of the server.
Server Type Enter the type of server.
Port Enter the port numb er y our se rver use s f or
authentication.
Shared Secret Enter the shared secret used by your server.
It must match the shared secret on the
RADIUS server.
Time Out (sec’s) Enter the number of seconds the access point
should wait before authentication fails.
3-56
If the server does not respond within this
time, the access point tries to contact the next
defined authenticatio n server.
Use this server for
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Chapter 3 Configuring Devices
Table 3-13 Server-Based Security Settings (continued)
Field Description
EAP Authentication From the list, select one of the following:
Using the Templates
• Yes—Use this server for EAP
authentica ti on .
In this type of authentication, th e acc ess
point relays authentication messa ges
between the server and the
authenticating client device.
• No—Do not use thi s server fo r E AP
authentica ti on .
Click see detail to see for which versions thi s
setting is valid.
78-14092-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-57
Using the Templates
Chapter3 Configuring Devices
Table 3-13 Server-Based Security Settings (continued)
Field Description
MAC Address Authentication From the list, select one of the following:
• Yes—Use this server for MAC-based
authentica ti on .
This allows only client devices with
specified MAC addresses to associate
and pass data thro ugh t he a ccess point .
Client devices with MAC addresses not
in a list of allowed MAC addresses are
not allowed to associate with the access
point.
• No—Do not use thi s server fo r
MAC-based authentication.
Click see detail to see for which versions thi s
setting is valid.
3-58
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14092-01
Loading...