Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
Cisco IOS Releases 15.2(4)JA, 15.2(2)JB, 15.2(2)JA,12.4(25d)JA, and 12.3(8)JEE
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
Text Part Number: OL-29225-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
© 2013 - 2015 Cisco Systems, Inc. All rights reserved.
Contents
|
|
|
Audience i-xix |
|
|
|
|
|
|
|
|
|
||
|
|
|
Purpose |
i-xix |
|
|
|
|
|
|
|
|
|
|
|
|
|
Organization |
i-xx |
|
|
|
|
|
|
|
|
|
|
|
|
|
Conventions |
i-xxi |
|
|
|
|
|
|
|
|
|
|
|
|
|
Related Publications |
i-xxii |
|
|
|
|
|
|
|
|||
|
|
|
Obtaining Documentation, Obtaining Support, and Security Guidelines i-xxii |
|||||||||||
|
|
Overview |
|
|
|
|
|
|
|
|
|
|
|
|
C H A P T E R |
1 |
1-1 |
|
|
|
|
|
|
|
|
|
|
||
|
|
|
Features |
1-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Features Introduced in This Release |
1-2 |
|
|
|
|||||||
|
|
|
|
Support for IPv6 |
1-2 |
|
|
|
|
|
|
|||
|
|
|
|
Support for Guest Access |
|
1-2 |
|
|
|
|
||||
|
|
|
|
Support for 802.11w |
1-3 |
|
|
|
|
|
|
|||
|
|
|
Management Options |
1-3 |
|
|
|
|
|
|
|
|||
|
|
|
Roaming Client Devices |
1-3 |
|
|
|
|
|
|
|
|||
|
|
|
Network Configuration Examples |
1-3 |
|
|
|
|
||||||
|
|
|
Root Access Point |
|
1-4 |
|
|
|
|
|
|
|
||
|
|
|
Repeater Access Point |
1-4 |
|
|
|
|
|
|
||||
|
|
|
Bridges |
1-5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Workgroup Bridge |
|
1-6 |
|
|
|
|
|
|
|
||
|
|
|
Central Unit in an All-Wireless Network 1-7 |
|||||||||||
|
|
Using the Web-Browser Interface |
|
|
|
|
|
|||||||
C H A P T E R |
2 |
2-1 |
|
|
|
|
||||||||
|
|
|
Using the Web-Browser Interface for the First Time 2-2 |
|||||||||||
|
|
|
Using the Management Pages in the Web-Browser Interface 2-2 |
|||||||||||
|
|
|
Using Action Buttons |
2-3 |
|
|
|
|
|
|
||||
|
|
|
Character Restrictions in Entry Fields |
2-4 |
|
|
|
|||||||
|
|
|
Enabling HTTPS for Secure Browsing |
2-4 |
|
|
|
|
||||||
|
|
|
|
CLI Configuration Example |
|
2-12 |
|
|
|
|
||||
|
|
|
Deleting an HTTPS Certificate |
|
2-12 |
|
|
|
|
|||||
|
|
|
Using Online Help 2-13 |
|
|
|
|
|
|
|
|
|||
|
|
|
Changing the Location of Help Files |
2-13 |
|
|
|
|||||||
|
|
|
Disabling the Web-Browser Interface |
2-14 |
|
|
|
|||||||
|
|
Using the Command-Line Interface |
|
|
|
|
|
|
||||||
C H A P T E R |
3 |
|
3-1 |
|
|
|
|
|||||||
|
|
|
Cisco IOS Command Modes |
3-2 |
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|||
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
Getting Help 3-3 |
|
Abbreviating Commands |
3-3 |
Using the no and Default Forms of Commands 3-4 |
|
Understanding CLI Messages 3-4 |
|
Using Command History |
3-4 |
|
|
|
|
|
Changing the Command History Buffer Size |
3-5 |
|
|
|
|
|||||
|
|
|
|
|
Recalling Commands 3-5 |
|
|
|
|
|
|
|
|
||
|
|
|
|
|
Disabling the Command History Feature |
3-5 |
|
|
|
|
|
||||
|
|
|
|
|
Using Editing Features |
3-6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enabling and Disabling Editing Features |
3-6 |
|
|
|
|
|
||||
|
|
|
|
|
Editing Commands Through Keystrokes |
3-6 |
|
|
|
|
|
||||
|
|
|
|
|
Editing Command Lines that Wrap |
3-7 |
|
|
|
|
|
|
|||
|
|
|
|
|
Searching and Filtering Output of show and more Commands |
3-8 |
|
|
|||||||
|
|
|
|
|
Accessing the CLI |
3-9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Opening the CLI with Telnet |
3-9 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Opening the CLI with Secure Shell |
3-9 |
|
|
|
|
|
|
|||
|
|
Configuring the Access Point for the First Time |
|
|
|
|
|
||||||||
C H A P T E R 4 |
|
4-1 |
|
|
|
|
|||||||||
|
|
|
|
|
Before You Start |
4-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Resetting the Device to Default Settings |
4-2 |
|
|
|
|
|
||||
|
|
|
|
|
Resetting to Default Settings Using the MODE Button |
4-2 |
|
|
|||||||
|
|
|
|
|
Resetting to Default Settings Using the GUI |
4-2 |
|
|
|
||||||
|
|
|
|
|
Resetting to Default Settings Using the CLI |
4-3 |
|
|
|
||||||
|
|
|
|
|
Logging into the Access Point |
4-4 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Obtaining and Assigning an IP Address |
4-4 |
|
|
|
|
|
|
|||
|
|
|
|
|
Default IP Address Behavior |
4-5 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Connecting to the 1100 Series Access Point Locally |
4-5 |
|
|
|
||||||
|
|
|
|
|
Connecting to the 1130 Series Access Point Locally |
4-6 |
|
|
|
||||||
|
|
|
|
|
Connecting to the 1040, 1140,1200, 1230, 1240, 1250, 1260, and 2600 Series Access Points Locally 4-6 |
||||||||||
|
|
|
|
|
Connecting to the 1300 Series Access Point/Bridge Locally 4-7 |
||||||||||
|
|
|
|
|
Default Radio Settings |
4-8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Assigning Basic Settings |
4-8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default Settings on the Express Setup Page |
4-14 |
|
|
|
||||||
|
|
|
|
|
Configuring Basic Security Settings 4-16 |
|
|
|
|
|
|
||||
|
|
|
|
|
Understanding Express Security Settings |
4-17 |
|
|
|
|
|||||
|
|
|
|
|
Using VLANs |
4-17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Express Security Types |
4-18 |
|
|
|
|
|
|
|
||
|
|
|
|
|
Express Security Limitations |
4-20 |
|
|
|
|
|
|
|||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Using the Express Security Page |
4-20 |
|
|
|
|
|
|
|
|||||
|
|
CLI Configuration Examples |
4-21 |
|
|
|
|
|
|
|
|
||||
|
|
Configuring System Power Settings Access Points |
|
4-26 |
|
|
|
|
|
||||||
|
|
Using the AC Power Adapter |
4-26 |
|
|
|
|
|
|
|
|||||
|
|
Using a Switch Capable of IEEE 802.3af Power Negotiation |
4-26 |
|
|
|
|||||||||
|
|
Using a Switch That Does Not Support IEEE 802.3af Power Negotiation 4-26 |
|||||||||||||
|
|
Using a Power Injector |
4-27 |
|
|
|
|
|
|
|
|
|
|||
|
|
dot11 extension power native Command |
4-27 |
|
|
|
|
|
|||||||
|
|
Support for 802.11n Performance on 1250 Series Access Points with Standard 802.3af PoE 4-27 |
|||||||||||||
|
|
1250 Series Power Modes |
4-27 |
|
|
|
|
|
|
|
|
||||
|
|
Assigning an IP Address Using the CLI |
4-28 |
|
|
|
|
|
|
|
|||||
|
|
Using a Telnet Session to Access the CLI |
|
4-28 |
|
|
|
|
|
|
|
||||
|
|
Configuring the 802.1X Supplicant |
4-29 |
|
|
|
|
|
|
|
|
||||
|
|
Creating a Credentials Profile |
4-29 |
|
|
|
|
|
|
|
|
|
|||
|
|
Applying the Credentials to an Interface or SSID |
4-30 |
|
|
|
|
||||||||
|
|
Applying the Credentials Profile to the Wired Port |
4-30 |
|
|
|
|
||||||||
|
|
Applying the Credentials Profile to an SSID Used For the Uplink 4-31 |
|||||||||||||
|
|
Creating and Applying EAP Method Profiles |
4-32 |
|
|
|
|
||||||||
|
|
Configuring IPv6 |
4-32 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring DHCPv6 address 4-33 |
|
|
|
|
|
|
|
|
|
||||
|
|
IPv6 Neighbor Discovery |
4-34 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Configuring IPv6 Access Lists |
4-35 |
|
|
|
|
|
|
|
|
|
|||
|
|
RADIUS Configuration |
4-35 |
|
|
|
|
|
|
|
|
|
|
||
|
|
IPv6 WDS Support |
4-35 |
|
|
|
|
|
|
|
|
|
|
||
|
|
CDPv6 Support: 4-36 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RA filtering |
4-37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Administering the Access Point |
|
|
|
|
|
|
|
|
|
|
|
|||
C H A P T E R 5 |
5-1 |
|
|
|
|
|
|
|
|
|
|
||||
|
|
Disabling the Mode Button |
5-2 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Preventing Unauthorized Access to Your Access Point 5-3 |
|
|
|
|
|||||||||
|
|
Protecting Access to Privileged EXEC Commands |
5-3 |
|
|
|
|
|
|||||||
|
|
Default Password and Privilege Level Configuration |
5-4 |
|
|
|
|
||||||||
|
|
Setting or Changing a Static Enable Password |
5-4 |
|
|
|
|
|
|||||||
|
|
Protecting Enable and Enable Secret Passwords with Encryption |
5-6 |
|
|
|
|||||||||
|
|
Configuring Username and Password Pairs |
5-7 |
|
|
|
|
|
|
||||||
|
|
Configuring Multiple Privilege Levels |
5-8 |
|
|
|
|
|
|
|
|||||
|
|
Setting the Privilege Level for a Command |
5-8 |
|
|
|
|
|
|||||||
|
|
Logging Into and Exiting a Privilege Level |
|
5-9 |
|
|
|
|
|
||||||
|
|
Configuring Easy Setup 5-9 |
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
||||||||
|
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
Configuring Spectrum Expert Mode |
5-10 |
|
|
|
|
|
|
|||
|
|
|
Controlling Access Point Access with RADIUS |
5-11 |
|
|
|
||||||
|
|
|
Default RADIUS Configuration |
5-12 |
|
|
|
|
|
|
|||
|
|
|
Configuring RADIUS Login Authentication |
5-12 |
|
|
|
||||||
|
|
|
Defining AAA Server Groups |
5-14 |
|
|
|
|
|
|
|||
|
|
|
Configuring RADIUS Authorization for User Privileged Access and |
||||||||||
|
|
|
Network Services |
5-16 |
|
|
|
|
|
|
|
|
|
|
|
|
Displaying the RADIUS Configuration |
5-17 |
|
|
|
|
|
||||
|
|
|
Controlling Access Point Access with TACACS+ |
|
5-17 |
|
|
|
|||||
|
|
|
Default TACACS+ Configuration |
5-17 |
|
|
|
|
|
|
|||
|
|
|
Configuring TACACS+ Login Authentication |
|
5-17 |
|
|
|
|||||
|
|
|
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-19 |
||||||||||
|
|
|
Displaying the TACACS+ Configuration |
5-19 |
|
|
|
|
|||||
|
|
|
Configuring Ethernet Speed and Duplex Settings |
|
5-20 |
|
|
|
|||||
|
|
|
Configuring the Access Point for Wireless Network Management |
5-20 |
|
||||||||
|
|
|
Configuring the Access Point for Local Authentication and Authorization 5-21 |
||||||||||
|
|
|
Configuring the Authentication Cache and Profile |
5-22 |
|
|
|
||||||
|
|
|
Configuring the Access Point to Provide DHCP Service |
5-24 |
|
|
|||||||
|
|
|
Setting up the DHCP Server |
5-24 |
|
|
|
|
|
|
|||
|
|
|
Monitoring and Maintaining the DHCP Server Access Point |
5-26 |
|
||||||||
|
|
|
Show Commands |
5-26 |
|
|
|
|
|
|
|
|
|
|
|
|
Clear Commands |
5-26 |
|
|
|
|
|
|
|
|
|
|
|
|
Debug Command |
5-27 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring the Access Point for Secure Shell |
5-27 |
|
|
|
||||||
|
|
|
Understanding SSH |
|
5-27 |
|
|
|
|
|
|
|
|
|
|
|
Configuring SSH |
5-27 |
|
|
|
|
|
|
|
|
|
|
|
|
Support for Secure Copy Protocol |
5-28 |
|
|
|
|
|
||||
|
|
|
Configuring Client ARP Caching |
5-28 |
|
|
|
|
|
|
|||
|
|
|
Understanding Client ARP Caching 5-28 |
|
|
|
|
|
|||||
|
|
|
Optional ARP Caching |
5-29 |
|
|
|
|
|
|
|
||
|
|
|
Configuring ARP Caching 5-29 |
|
|
|
|
|
|
|
|||
|
|
|
Managing the System Time and Date |
5-29 |
|
|
|
|
|
|
|||
|
|
|
Understanding Simple Network Time Protocol |
5-30 |
|
|
|||||||
|
|
|
Configuring SNTP |
5-30 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring Time and Date Manually |
5-30 |
|
|
|
|
|
||||
|
|
|
Setting the System Clock 5-31 |
|
|
|
|
|
|
||||
|
|
|
Displaying the Time and Date Configuration |
5-32 |
|
|
|||||||
|
|
|
Configuring the Time Zone |
5-32 |
|
|
|
|
|
|
|||
|
|
|
Configuring Summer Time (Daylight Saving Time) 5-33 |
|
|
||||||||
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Defining HTTP Access 5-35 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Configuring a System Name and Prompt |
5-35 |
|
|
|
|
|
||||||
|
|
Default System Name and Prompt Configuration |
5-35 |
|
|
|
|
|||||||
|
|
Configuring a System Name |
5-35 |
|
|
|
|
|
|
|
||||
|
|
Understanding DNS |
5-36 |
|
|
|
|
|
|
|
|
|
||
|
|
Default DNS Configuration |
5-36 |
|
|
|
|
|
|
|||||
|
|
Setting Up DNS |
5-37 |
|
|
|
|
|
|
|
|
|
||
|
|
Displaying the DNS Configuration |
5-38 |
|
|
|
|
|
||||||
|
|
Creating a Banner |
5-38 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default Banner Configuration |
|
5-38 |
|
|
|
|
|
|
|
|||
|
|
Configuring a Message-of-the-Day Login Banner |
5-38 |
|
|
|
|
|||||||
|
|
Configuring a Login Banner |
5-40 |
|
|
|
|
|
|
|
||||
|
|
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode 5-40 |
||||||||||||
|
|
Migrating to Japan W52 Domain |
|
5-41 |
|
|
|
|
|
|
|
|||
|
|
Verifying the Migration |
5-43 |
|
|
|
|
|
|
|
|
|
||
|
|
Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging |
5-43 |
|
|
|
||||||||
|
|
CLI Command |
5-44 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring Radio Settings |
|
|
|
|
|
|
|
|
|
|
|||
C H A P T E R 6 |
6-1 |
|
|
|
|
|
|
|
|
|
||||
|
|
Enabling the Radio Interface |
6-2 |
|
|
|
|
|
|
|
|
|
||
|
|
Configuring the Role in Radio Network |
6-2 |
|
|
|
|
|
|
|||||
|
|
Universal Workgroup Bridge Mode |
6-5 |
|
|
|
|
|
|
|||||
|
|
Point-to-point and Multi Point bridging support for 802.11n platforms |
6-5 |
|
|
|
||||||||
|
|
Configuring Dual-Radio Fallback 6-6 |
|
|
|
|
|
|
||||||
|
|
Radio Tracking |
6-7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Fast Ethernet Tracking |
6-7 |
|
|
|
|
|
|
|
|
|
||
|
|
MAC-Address Tracking |
6-7 |
|
|
|
|
|
|
|
|
|
||
|
|
Bridge Features Not Supported |
6-8 |
|
|
|
|
|
|
|
||||
|
|
Configuring Radio Data Rates |
6-8 |
|
|
|
|
|
|
|
|
|||
|
|
Access Points Send Multicast and Management Frames at Highest Basic Rate 6-9 |
||||||||||||
|
|
Configuring MCS Rates |
6-11 |
|
|
|
|
|
|
|
|
|
||
|
|
Configuring Radio Transmit Power |
|
6-12 |
|
|
|
|
|
|
|
|||
|
|
Limiting the Power Level for Associated Client Devices 6-15 |
|
|
|
|
||||||||
|
|
Configuring Radio Channel Settings |
6-16 |
|
|
|
|
|
|
|||||
|
|
Channel Widths for 802..11n |
|
6-17 |
|
|
|
|
|
|
|
|||
|
|
Dynamic Frequency Selection |
|
6-18 |
|
|
|
|
|
|
|
|||
|
|
Radar Detection on a DFS Channel |
6-19 |
|
|
|
|
|
||||||
|
|
CLI Commands |
6-19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
||||||
|
|
|
|
|
|
|||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
Confirming that DFS is Enabled 6-20
Configuring a Channel 6-20
Blocking Channels from DFS Selection 6-21
|
|
|
|
|
Setting the 802.11n Guard Interval |
6-22 |
|
|
|||||
|
|
|
|
|
Configuring Location-Based Services |
|
6-22 |
|
|
|
|
||
|
|
|
|
|
Understanding Location-Based Services |
6-22 |
|
|
|||||
|
|
|
|
|
Configuring LBS on Access Points |
6-23 |
|
|
|||||
|
|
|
|
|
Enabling and Disabling World Mode |
|
6-24 |
|
|
|
|
||
|
|
|
|
|
Disabling and Enabling Short Radio Preambles 6-25 |
|
|
||||||
|
|
|
|
|
Configuring Transmit and Receive Antennas |
|
6-26 |
|
|
||||
|
|
|
|
|
Enabling and Disabling Gratuitous Probe Response 6-27 |
|
|
||||||
|
|
|
|
|
Disabling and Enabling Aironet Extensions |
|
6-28 |
|
|
||||
|
|
|
|
|
Configuring the Ethernet Encapsulation Transformation Method |
6-29 |
|
||||||
|
|
|
|
|
Enabling and Disabling Reliable Multicast to Workgroup Bridges |
6-29 |
|
||||||
|
|
|
|
|
Enabling and Disabling Public Secure Packet Forwarding 6-30 |
|
|
||||||
|
|
|
|
|
Configuring Protected Ports |
6-31 |
|
|
|
|
|
||
|
|
|
|
|
Configuring the Beacon Period and the DTIM |
6-32 |
|
|
|||||
|
|
|
|
|
Configure RTS Threshold and Retries |
|
6-32 |
|
|
|
|
||
|
|
|
|
|
Configuring the Maximum Data Retries |
6-33 |
|
|
|||||
|
|
|
|
|
Configuring the Fragmentation Threshold |
6-33 |
|
|
|||||
|
|
|
|
|
Enabling Short Slot Time for 802.11g Radios |
6-34 |
|
|
|||||
|
|
|
|
|
Performing a Carrier Busy Test |
6-34 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring VoIP Packet Handling |
6-34 |
|
|
|
|
|||
|
|
|
|
|
Viewing VoWLAN Metrics |
6-35 |
|
|
|
|
|
|
|
|
|
|
|
|
Viewing Voice Reports |
6-36 |
|
|
|
|
|
|
|
|
|
|
|
|
Viewing Wireless Client Reports |
|
6-38 |
|
|
|
|
||
|
|
|
|
|
Viewing Voice Fault Summary |
6-39 |
|
|
|
|
|||
|
|
|
|
|
Configuring Voice QoS Settings |
6-40 |
|
|
|
|
|||
|
|
|
|
|
Configuring Voice Fault Settings |
|
6-41 |
|
|
|
|
||
|
|
|
|
|
Configuring ClientLink 6-42 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Using the CLI to Configure ClientLink |
6-42 |
|
|
|||||
|
|
|
|
|
Debugging Radio Functions |
6-42 |
|
|
|
|
|
|
|
|
|
Configuring Multiple SSIDs |
|
|
|
|
|
|
|
|
|||
C H A P T E R 7 |
|
7-1 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
Understanding Multiple SSIDs |
7-2 |
|
|
|
|
|
|
|
|
|
|
|
|
Effect of Software Versions on SSIDs |
|
7-2 |
|
|
||||
|
|
|
|
|
Configuring Multiple SSIDs |
7-4 |
|
|
|
|
|
|
|
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|||||||
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
Default SSID Configuration |
7-4 |
|
Creating an SSID Globally |
7-4 |
|
Viewing SSIDs Configured Globally |
7-6 |
|
Using Spaces in SSIDs |
7-6 |
|
Using a RADIUS Server to Restrict SSIDs |
7-7 |
|
Configuring Multiple Basic SSIDs |
7-8 |
|
Requirements for Configuring Multiple BSSIDs 7-8 |
||
Guidelines for Using Multiple BSSIDs 7-8 |
||
Configuring Multiple BSSIDs |
7-8 |
|
|
|
CLI Configuration Example |
7-10 |
|
|
|
|||
|
|
Displaying Configured BSSIDs |
7-10 |
|
|
|
|||
|
|
Assigning IP Redirection for an SSID |
7-11 |
|
|
|
|||
|
|
Guidelines for Using IP Redirection |
7-12 |
|
|
|
|||
|
|
Configuring IP Redirection |
7-12 |
|
|
|
|
|
|
|
|
Including an SSID in an SSIDL IE |
7-13 |
|
|
|
|
||
|
|
NAC Support for MBSSID |
7-14 |
|
|
|
|
|
|
|
|
Configuring NAC for MBSSID 7-16 |
|
|
|
|
|||
|
Configuring Spanning Tree Protocol |
|
|
|
|
|
|||
C H A P T E R 8 |
8-1 |
|
|
|
|
||||
|
|
Understanding Spanning Tree Protocol |
8-2 |
|
|
|
|||
|
|
STP Overview 8-2 |
|
|
|
|
|
|
|
|
|
1300 and 350 Series Bridge Interoperability 8-3 |
|||||||
|
|
Access Point/Bridge Protocol Data Units 8-3 |
|||||||
|
|
Election of the Spanning-Tree Root |
8-4 |
|
|
|
|||
|
|
Spanning-Tree Timers |
8-5 |
|
|
|
|
|
|
|
|
Creating the Spanning-Tree Topology |
8-5 |
|
|
|
|||
|
|
Spanning-Tree Interface States |
8-6 |
|
|
|
|
||
|
|
Blocking State |
8-7 |
|
|
|
|
|
|
|
|
Listening State |
8-7 |
|
|
|
|
|
|
|
|
Learning State |
8-7 |
|
|
|
|
|
|
|
|
Forwarding State |
8-8 |
|
|
|
|
|
|
|
|
Disabled State |
8-8 |
|
|
|
|
|
|
|
|
Configuring STP Features |
8-8 |
|
|
|
|
|
|
|
|
Default STP Configuration |
8-8 |
|
|
|
|
|
|
|
|
Configuring STP Settings 8-9 |
|
|
|
|
|
||
|
|
STP Configuration Examples |
8-10 |
|
|
|
|
||
|
|
Root Bridge Without VLANs |
8-10 |
|
|
|
|||
|
|
Non-Root Bridge Without VLANs |
8-11 |
|
|
|
|||
|
|
Root Bridge with VLANs |
8-11 |
|
|
|
|
||
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|||
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
7 |
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
|
Non-Root Bridge with VLANs |
8-13 |
|
|
|
|
|||
|
|
|
|
|
Displaying Spanning-Tree Status |
8-14 |
|
|
|
|
|
||
|
|
|
Configuring an Access Point as a Local Authenticator 9-1 |
|
|
||||||||
C H A P T E R |
9 |
|
|
|
|||||||||
|
|
|
|
|
Understanding Local Authentication |
|
9-2 |
|
|
|
|
||
|
|
|
|
|
Configuring a Local Authenticator |
|
9-2 |
|
|
|
|
|
|
|
|
|
|
|
Guidelines for Local Authenticators |
9-3 |
|
|
|
|
|||
|
|
|
|
|
Configuration Overview |
9-3 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuring the Local Authenticator Access Point |
9-3 |
|
|
|||||
|
|
|
|
|
Configuring Other Access Points to Use the Local Authenticator 9-6 |
||||||||
|
|
|
|
|
Configuring EAP-FAST Settings |
|
9-7 |
|
|
|
|
||
|
|
|
|
|
Configuring PAC Settings |
|
9-7 |
|
|
|
|
||
|
|
|
|
|
Configuring an Authority ID |
9-8 |
|
|
|
|
|||
|
|
|
|
|
Configuring Server Keys |
9-8 |
|
|
|
|
|
||
|
|
|
|
|
Possible PAC Failures Caused by Access Point Clock |
9-8 |
|
||||||
|
|
|
|
|
Limiting the Local Authenticator to One Authentication Type 9-9 |
||||||||
|
|
|
|
|
Unblocking Locked Usernames |
|
9-9 |
|
|
|
|
||
|
|
|
|
|
Viewing Local Authenticator Statistics |
9-9 |
|
|
|
||||
|
|
|
|
|
Using Debug Messages |
9-10 |
|
|
|
|
|
|
|
|
|
|
Configuring Cipher Suites and WEP |
|
|
|
|
|
|
||||
C H A P T E R |
10 |
|
|
10-1 |
|
|
|
|
|||||
|
|
|
|
|
Understanding Cipher Suites and WEP |
10-2 |
|
|
|
|
|||
|
|
|
|
|
Configuring Cipher Suites and WEP |
|
10-3 |
|
|
|
|
||
|
|
|
|
|
Creating WEP Keys 10-3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
WEP Key Restrictions |
10-5 |
|
|
|
|
|
||
|
|
|
|
|
Example WEP Key Setup |
|
10-5 |
|
|
|
|
||
|
|
|
|
|
Enabling Cipher Suites and WEP |
10-6 |
|
|
|
|
|||
|
|
|
|
|
Matching Cipher Suites with WPA or CCKM |
10-7 |
|
|
|||||
|
|
|
|
|
Enabling and Disabling Broadcast Key Rotation |
10-8 |
|
|
|||||
|
|
|
Configuring Authentication Types |
|
|
|
|
|
|
||||
C H A P T E R |
11 |
|
11-1 |
|
|
|
|
|
|||||
|
|
|
|
|
Understanding Authentication Types |
11-2 |
|
|
|
|
|||
|
|
|
|
|
Open Authentication to the Access Point |
11-2 |
|
|
|
||||
|
|
|
|
|
Shared Key Authentication to the Access Point |
11-3 |
|
|
|||||
|
|
|
|
|
EAP Authentication to the Network |
11-4 |
|
|
|
||||
|
|
|
|
|
MAC Address Authentication to the Network 11-5 |
|
|
||||||
|
|
|
|
|
Combining MAC-Based, EAP, and Open Authentication |
11-6 |
|
||||||
|
|
|
|
|
Using CCKM for Authenticated Clients |
11-6 |
|
|
|
||||
|
|
|
|
|
Using WPA Key Management |
|
11-7 |
|
|
|
|
||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
|||||
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP 11-8 |
|||||||||||||
|
|
Configuring Authentication Types |
|
11-10 |
|
|
|
|
|
|
|
|
|
||
|
|
Assigning Authentication Types to an SSID |
11-10 |
|
|
|
|
|
|
||||||
|
|
Configuring WPA Migration Mode |
11-13 |
|
|
|
|
|
|
|
|||||
|
|
Configuring Additional WPA Settings |
11-14 |
|
|
|
|
|
|
||||||
|
|
Configuring MAC Authentication Caching |
11-15 |
|
|
|
|
|
|||||||
|
|
Configuring Authentication Holdoffs, Timeouts, and Intervals |
11-16 |
|
|
|
|||||||||
|
|
Creating and Applying EAP Method Profiles for the 802.1X Supplicant 11-17 |
|||||||||||||
|
|
Creating an EAP Method Profile |
11-18 |
|
|
|
|
|
|
|
|
||||
|
|
Applying an EAP Profile to the Fast Ethernet Interface |
11-18 |
|
|
|
|||||||||
|
|
Applying an EAP Profile to an Uplink SSID |
11-19 |
|
|
|
|
|
|||||||
|
|
Matching Access Point and Client Device Authentication Types |
11-19 |
|
|
|
|||||||||
|
|
Guest Access Management |
11-22 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Guest Account Creation |
11-24 |
|
|
|
|
|
|
|
|
|
|||
|
Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection |
||||||||||||||
C H A P T E R 12 |
|||||||||||||||
|
|
Services 12-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Understanding WDS |
12-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Role of the WDS Device |
12-2 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Role of Access Points Using the WDS Device |
12-3 |
|
|
|
|
|
|||||||
|
|
Understanding Fast Secure Roaming |
12-3 |
|
|
|
|
|
|
|
|
|
|||
|
|
Understanding Radio Management |
12-5 |
|
|
|
|
|
|
|
|
|
|||
|
|
Understanding Layer 3 Mobility |
12-5 |
|
|
|
|
|
|
|
|
|
|||
|
|
Understanding Wireless Intrusion Detection Services |
12-6 |
|
|
|
|
|
|||||||
|
|
Configuring WDS |
12-7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Guidelines for WDS 12-8 |
|
|
|
|
|
|
|
|
|
|
|
||
|
|
Requirements for WDS |
12-8 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Configuration Overview |
12-8 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Configuring Access Points as Potential WDS Devices |
12-9 |
|
|
|
|
||||||||
|
|
CLI Configuration Example |
12-13 |
|
|
|
|
|
|
|
|
|
|||
|
|
Configuring Access Points to use the WDS Device |
12-14 |
|
|
|
|
||||||||
|
|
CLI Configuration Example |
12-15 |
|
|
|
|
|
|
|
|
|
|||
|
|
Configuring the Authentication Server to Support WDS |
12-15 |
|
|
|
|||||||||
|
|
Configuring WDS Only Mode |
|
12-19 |
|
|
|
|
|
|
|
|
|
||
|
|
Viewing WDS Information |
12-20 |
|
|
|
|
|
|
|
|
|
|||
|
|
Using Debug Messages |
12-21 |
|
|
|
|
|
|
|
|
|
|
||
|
|
Configuring Fast Secure Roaming |
|
12-21 |
|
|
|
|
|
|
|
|
|
||
|
|
Requirements for Fast Secure Roaming |
12-21 |
|
|
|
|
|
|
|
|||||
|
|
Configuring Access Points to Support Fast Secure Roaming |
12-22 |
|
|
|
|||||||||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
||||||||
|
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
CLI Configuration Example 12-24 |
|
Support for 802.11r 12-24 |
|
Configuring Management Frame Protection 12-25 |
|
Management Frame Protection 12-25 |
|
Overview 12-26 |
|
Protection of Unicast Management Frames |
12-26 |
Protection of Broadcast Management Frames |
12-26 |
Client MFP For Access Points in Root mode |
12-26 |
Configuring Client MFP 12-27 |
|
Management Frame Protection with 802.11w |
12-28 |
|
Configuring Radio Management |
12-30 |
|
CLI Configuration Example |
12-31 |
|
Configuring Access Points to Participate in WIDS |
12-32 |
|
Configuring the Access Point for Scanner Mode |
12-32 |
|
Configuring the Access Point for Monitor Mode |
12-32 |
|
Displaying Monitor Mode Statistics 12-33 |
|
|
Configuring Monitor Mode Limits 12-34 |
|
|
Configuring an Authentication Failure Limit 12-34 |
|
|
Configuring RADIUS and TACACS+ Servers 13-1 |
|
C H A P T E R 13 |
||
|
Configuring and Enabling RADIUS 13-1 |
|
|
Understanding RADIUS 13-2 |
|
|
RADIUS Operation |
13-2 |
|
Configuring RADIUS |
13-3 |
|
|
|
Default RADIUS Configuration |
13-4 |
|
|
|
|
|
|
|
|
Identifying the RADIUS Server Host 13-4 |
|
|
|
|||
|
|
|
Configuring RADIUS Login Authentication |
13-7 |
|
|
|||
|
|
|
Defining AAA Server Groups |
13-9 |
|
|
|
|
|
|
|
|
Configuring RADIUS Authorization for User Privileged Access and Network Services |
13-11 |
|
||||
|
|
|
Configuring Packet of Disconnect |
13-12 |
|
|
|
||
|
|
|
Starting RADIUS Accounting m |
13-13 |
|
|
|
|
|
|
|
|
Selecting the CSID Format |
13-14 |
|
|
|
|
|
|
|
|
Configuring Settings for All RADIUS Servers |
13-15 |
|
|
|||
|
|
|
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes 13-16 |
|
|
||||
|
|
|
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication |
13-17 |
|
||||
|
|
|
Configuring WISPr RADIUS Attributes |
13-18 |
|
|
|||
|
|
|
Displaying the RADIUS Configuration |
13-19 |
|
|
|
|
|
|
|
|
RADIUS Attributes Sent by the Access Point |
13-20 |
|
|
|||
|
|
|
Configuring and Enabling TACACS+ |
13-23 |
|
|
|
|
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
10 |
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
Contents
|
|
|
Understanding TACACS+ |
13-23 |
|
|
|
|
|
|
|||
|
|
|
TACACS+ Operation |
13-24 |
|
|
|
|
|
|
|
||
|
|
|
Configuring TACACS+ |
13-24 |
|
|
|
|
|
|
|
||
|
|
|
Default TACACS+ Configuration |
13-25 |
|
|
|
|
|||||
|
|
|
Identifying the TACACS+ Server Host and Setting the Authentication Key 13-25 |
||||||||||
|
|
|
Configuring TACACS+ Login Authentication |
13-26 |
|
|
|
||||||
|
|
|
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 13-27 |
||||||||||
|
|
|
Starting TACACS+ Accounting |
13-28 |
|
|
|
|
|||||
|
|
|
Displaying the TACACS+ Configuration |
13-29 |
|
|
|
|
|||||
|
|
Configuring VLANs |
|
|
|
|
|
|
|
|
|
|
|
C H A P T E R |
14 |
14-1 |
|
|
|
|
|
|
|
|
|
||
|
|
|
Understanding VLANs |
14-2 |
|
|
|
|
|
|
|
|
|
|
|
|
Related Documents |
14-3 |
|
|
|
|
|
|
|
||
|
|
|
Incorporating Wireless Devices into VLANs 14-4 |
|
|
|
|
||||||
|
|
|
Configuring VLANs 14-4 |
|
|
|
|
|
|
|
|
||
|
|
|
Configuring a VLAN |
14-5 |
|
|
|
|
|
|
|
||
|
|
|
Assigning Names to VLANs |
14-7 |
|
|
|
|
|
|
|||
|
|
|
Guidelines for Using VLAN Names |
14-7 |
|
|
|
|
|||||
|
|
|
Creating a VLAN Name |
14-8 |
|
|
|
|
|
|
|||
|
|
|
Using a RADIUS Server to Assign Users to VLANs |
14-8 |
|
|
|
||||||
|
|
|
Using a RADIUS Server for Dynamic Mobility Group Assignment 14-9 |
||||||||||
|
|
|
Viewing VLANs Configured on the Access Point |
14-9 |
|
|
|
||||||
|
|
|
VLAN Configuration Example |
14-10 |
|
|
|
|
|
|
|||
|
|
Configuring QoS |
|
|
|
|
|
|
|
|
|
|
|
C H A P T E R |
15 |
15-1 |
|
|
|
|
|
|
|
|
|
||
|
|
|
Understanding QoS for Wireless LANs |
15-2 |
|
|
|
|
|||||
|
|
|
QoS for Wireless LANs Versus QoS on Wired LANs 15-2 |
||||||||||
|
|
|
Impact of QoS on a Wireless LAN |
15-2 |
|
|
|
|
|||||
|
|
|
Precedence of QoS Settings |
15-3 |
|
|
|
|
|
|
|||
|
|
|
Using Wi-Fi Multimedia Mode |
15-4 |
|
|
|
|
|
||||
|
|
|
Using Band Select |
15-5 |
|
|
|
|
|
|
|
||
|
|
|
Configuring QoS |
15-6 |
|
|
|
|
|
|
|
|
|
|
|
|
Configuration Guidelines |
15-6 |
|
|
|
|
|
|
|||
|
|
|
Configuring QoS Using the Web-Browser Interface |
15-6 |
|
|
|
||||||
|
|
|
The QoS Policies Advanced Page |
15-10 |
|
|
|
|
|||||
|
|
|
QoS Element for Wireless Phones |
15-10 |
|
|
|
|
|||||
|
|
|
IGMP Snooping |
15-11 |
|
|
|
|
|
|
|
||
|
|
|
AVVID Priority Mapping |
15-11 |
|
|
|
|
|
||||
|
|
|
WiFi Multimedia (WMM) |
15-11 |
|
|
|
|
|
||||
|
|
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
||||
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
|
Rate Limiting |
15-11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Adjusting Radio Access Categories |
15-12 |
|
|
|
|||||
|
|
|
|
|
Configuring Nominal Rates |
15-13 |
|
|
|
|||||
|
|
|
|
|
Optimized Voice Settings |
|
15-14 |
|
|
|
||||
|
|
|
|
|
Configuring Call Admission Control 15-14 |
|
|
|||||||
|
|
|
|
|
QoS Configuration Examples |
15-15 |
|
|
|
|
|
|||
|
|
|
|
|
Giving Priority to Voice Traffic |
|
15-15 |
|
|
|
||||
|
|
|
|
|
Giving Priority to Video Traffic |
|
15-16 |
|
|
|
||||
|
|
|
Configuring Filters |
|
|
|
|
|
|
|
|
|||
C H A P T E R |
16 |
|
16-1 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
Understanding Filters |
16-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring Filters Using the CLI |
16-2 |
|
|
|
|
||||
|
|
|
|
|
Configuring Filters Using the Web-Browser Interface |
16-3 |
|
|||||||
|
|
|
|
|
Configuring and Enabling MAC Address Filters |
16-3 |
|
|||||||
|
|
|
|
|
Creating a MAC Address Filter |
16-4 |
|
|
|
|||||
|
|
|
|
|
Using MAC Address ACLs to Block or Allow Client Association to the Access Point 16-6 |
|||||||||
|
|
|
|
|
Creating a Time-Based ACL |
16-8 |
|
|
|
|
||||
|
|
|
|
|
ACL Logging |
16-9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
CLI Configuration Example |
16-9 |
|
|
|
|||||
|
|
|
|
|
Configuring and Enabling IP Filters |
16-9 |
|
|
|
|||||
|
|
|
|
|
Creating an IP Filter |
16-11 |
|
|
|
|
|
|||
|
|
|
|
|
Configuring and Enabling EtherType Filters |
16-12 |
|
|||||||
|
|
|
|
|
Creating an EtherType Filter |
16-13 |
|
|
|
|||||
|
|
|
Configuring CDP |
|
|
|
|
|
|
|
|
|
||
C H A P T E R |
17 |
|
17-1 |
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
Understanding CDP |
17-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring CDP |
17-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Default CDP Configuration |
17-2 |
|
|
|
|
||||
|
|
|
|
|
Configuring the CDP Characteristics |
17-2 |
|
|
|
|||||
|
|
|
|
|
Disabling and Enabling CDP |
17-3 |
|
|
|
|
||||
|
|
|
|
|
Disabling and Enabling CDP on an Interface |
17-4 |
|
|||||||
|
|
|
|
|
Monitoring and Maintaining CDP |
17-4 |
|
|
|
|
||||
|
|
|
Configuring SNMP |
|
|
|
|
|
|
|
|
|||
C H A P T E R |
18 |
|
18-1 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
Understanding SNMP |
18-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
SNMP Versions |
18-2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
SNMP Manager Functions |
18-3 |
|
|
|
|
||||
|
|
|
|
|
SNMP Agent Functions |
18-4 |
|
|
|
|
|
|
||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|||||||
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
SNMP Community Strings |
18-4 |
|
|
|
Using SNMP to Access MIB Variables |
18-4 |
|||
Configuring SNMP |
18-5 |
|
|
|
Default SNMP Configuration |
18-5 |
|
||
Enabling the SNMP Agent |
18-5 |
|
|
|
Configuring Community Strings |
18-6 |
|
||
Specifying SNMP-Server Group Names |
18-7 |
|||
Configuring SNMP-Server Hosts |
18-8 |
|
||
Configuring SNMP-Server Users |
18-8 |
|
||
Configuring Trap Managers and Enabling Traps 18-8 |
||||
Setting the Agent Contact and Location Information 18-10 |
||||
Using the snmp-server view Command |
18-10 |
|||
SNMP Examples |
18-10 |
|
|
|
|
|
Displaying SNMP Status |
18-12 |
|
|
|
|
|
|
|
Configuring Repeater and Standby Access Points and Workgroup Bridge Mode 19-1 |
||||||||
C H A P T E R 19 |
|||||||||
|
|
Understanding Repeater Access Points |
19-2 |
|
|
|
|
||
|
|
Configuring a Repeater Access Point 19-3 |
|
|
|
|
|||
|
|
Default Configuration |
19-4 |
|
|
|
|
|
|
|
|
Guidelines for Repeaters 19-4 |
|
|
|
|
|
||
|
|
Setting Up a Repeater |
19-5 |
|
|
|
|
|
|
|
|
Aligning Antennas 19-6 |
|
|
|
|
|
|
|
|
|
Verifying Repeater Operation |
19-7 |
|
|
|
|
||
|
|
Setting Up a Repeater As a LEAP Client |
19-7 |
|
|
|
|||
|
|
Setting Up a Repeater As a WPA Client |
19-8 |
|
|
|
|||
|
|
Understanding Hot Standby |
19-9 |
|
|
|
|
|
|
|
|
Configuring a Hot Standby Access Point |
19-10 |
|
|
|
|||
|
|
Verifying Standby Operation |
19-12 |
|
|
|
|
||
|
|
Understanding Workgroup Bridge Mode |
19-13 |
|
|
|
|||
|
|
Treating Workgroup Bridges as Infrastructure Devices or as Client Devices 19-15 |
|||||||
|
|
Configuring a Workgroup Bridge for Roaming 19-16 |
|||||||
|
|
Configuring a Workgroup Bridge for Limited Channel Scanning 19-16 |
|||||||
|
|
Configuring the Limited Channel Set |
19-16 |
|
|
|
|||
|
|
Ignoring the CCX Neighbor List |
19-17 |
|
|
|
|||
|
|
Configuring a Client VLAN |
19-17 |
|
|
|
|
|
|
|
|
Workgroup Bridge VLAN Tagging |
19-17 |
|
|
|
|
||
|
|
Configuring Workgroup Bridge Mode |
19-18 |
|
|
|
|
||
|
|
Using Workgroup Bridges in a Lightweight Environment 19-20 |
|||||||
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|||
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
13 |
|
|
|
|
|
|
|
|
|
Contents
|
Guidelines for Using Workgroup Bridges in a Lightweight Environment 19-20 |
||||
|
Sample Workgroup Bridge Configuration 19-22 |
|
|||
|
Enabling VideoStream Support on Workgroup Bridges |
19-23 |
|||
|
Managing Firmware and Configurations |
|
|
||
C H A P T E R 20 |
20-1 |
|
|||
|
Working with the Flash File System |
20-1 |
|
||
|
Displaying Available File Systems |
|
20-2 |
|
|
|
Setting the Default File System |
20-3 |
|
||
|
Displaying Information About Files on a File System |
20-3 |
|||
|
Changing Directories and Displaying the Working Directory 20-3 |
||||
|
Creating and Removing Directories |
20-4 |
|
||
|
Copying Files |
20-4 |
|
|
|
|
Deleting Files |
20-5 |
|
|
|
|
|
|
Creating, Displaying, and Extracting tar Files 20-5 |
|
|
|
|
||||
|
|
|
Creating a tar File |
20-5 |
|
|
|
|
|
|
|
|
|
|
Displaying the Contents of a tar File |
20-6 |
|
|
|
|
|||
|
|
|
Extracting a tar File |
20-7 |
|
|
|
|
|
|
|
|
|
|
Displaying the Contents of a File 20-7 |
|
|
|
|
|
|||
|
|
|
Working with Configuration Files |
20-7 |
|
|
|
|
|
|
|
|
|
|
Guidelines for Creating and Using Configuration Files |
20-8 |
|
|
|||||
|
|
|
Configuration File Types and Location |
20-9 |
|
|
|
|
|||
|
|
|
Creating a Configuration File by Using a Text Editor |
|
20-9 |
|
|
||||
|
|
|
Copying Configuration Files by Using TFTP |
20-9 |
|
|
|
|
|||
|
|
|
Preparing to Download or Upload a Configuration File by Using TFTP |
20-10 |
|
||||||
|
|
|
Downloading the Configuration File by Using TFTP 20-10 |
|
|
||||||
|
|
|
Uploading the Configuration File by Using TFTP |
20-11 |
|
|
|||||
|
|
|
Copying Configuration Files by Using FTP |
20-11 |
|
|
|
|
|||
|
|
|
Preparing to Download or Upload a Configuration File by Using FTP |
20-12 |
|
||||||
|
|
|
Downloading a Configuration File by Using FTP |
|
20-12 |
|
|
||||
|
|
|
Uploading a Configuration File by Using FTP |
20-13 |
|
|
|||||
|
|
|
Copying Configuration Files by Using RCP |
20-14 |
|
|
|
|
|||
|
|
|
Preparing to Download or Upload a Configuration File by Using RCP |
20-15 |
|
||||||
|
|
|
Downloading a Configuration File by Using RCP |
20-16 |
|
|
|||||
|
|
|
Uploading a Configuration File by Using RCP |
20-17 |
|
|
|||||
|
|
|
Clearing Configuration Information |
20-17 |
|
|
|
|
|
||
|
|
|
Deleting a Stored Configuration File |
20-18 |
|
|
|
|
|||
|
|
|
Working with Software Images |
20-18 |
|
|
|
|
|
|
|
|
|
|
Image Location on the Access Point |
20-18 |
|
|
|
|
|
||
|
|
|
tar File Format of Images on a Server or Cisco.com |
|
20-19 |
|
|
||||
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
Contents
Copying Image Files by Using TFTP |
20-19 |
|
|
|
|
Preparing to Download or Upload an Image File by Using TFTP |
20-19 |
||||
Downloading an Image File by Using TFTP |
20-20 |
|
|||
Uploading an Image File by Using TFTP |
|
20-22 |
|
||
Copying Image Files by Using FTP |
20-22 |
|
|
|
|
Preparing to Download or Upload an Image File by Using FTP |
20-23 |
||||
Downloading an Image File by Using FTP |
|
20-24 |
|
||
Uploading an Image File by Using FTP |
20-26 |
|
|||
Copying Image Files by Using RCP |
20-27 |
|
|
|
|
Preparing to Download or Upload an Image File by Using RCP |
20-27 |
||||
Downloading an Image File by Using RCP |
20-29 |
|
|||
Uploading an Image File by Using RCP |
20-31 |
|
|||
Reloading the Image Using the Web Browser Interface 20-32 |
|
||||
Browser HTTP Interface |
20-32 |
|
|
|
|
Browser TFTP Interface |
20-33 |
|
|
|
|
C H A P T E R |
21 |
Configuring System Message Logging |
21-1 |
|
|
|
|
|
|||
|
|
|
Understanding System Message Logging |
21-2 |
|
|
|
|
|||
|
|
|
Configuring System Message Logging |
21-2 |
|
|
|
|
|
||
|
|
|
System Log Message Format |
21-2 |
|
|
|
|
|
|
|
|
|
|
Default System Message Logging Configuration |
21-3 |
|
|
|
||||
|
|
|
Disabling and Enabling Message Logging |
21-4 |
|
|
|
|
|||
|
|
|
Setting the Message Display Destination Device |
21-5 |
|
|
|
||||
|
|
|
Enabling and Disabling Timestamps on Log Messages 21-6 |
||||||||
|
|
|
Enabling and Disabling Sequence Numbers in Log Messages 21-6 |
||||||||
|
|
|
Defining the Message Severity Level |
21-7 |
|
|
|
|
|||
|
|
|
Limiting Syslog Messages Sent to the History Table and to SNMP 21-8 |
||||||||
|
|
|
Setting a Logging Rate Limit |
21-9 |
|
|
|
|
|
|
|
|
|
|
Configuring UNIX Syslog Servers |
21-10 |
|
|
|
|
|
||
|
|
|
Logging Messages to a UNIX Syslog Daemon |
21-10 |
|
|
|
||||
|
|
|
Configuring the UNIX System Logging Facility |
21-10 |
|
|
|
||||
|
|
|
Displaying the Logging Configuration |
21-12 |
|
|
|
|
|
||
|
|
Troubleshooting 22-1 |
|
|
|
|
|
|
|
|
|
C H A P T E R |
22 |
|
|
|
|
|
|
|
|
||
|
|
|
Checking the Top Panel Indicators |
22-2 |
|
|
|
|
|
|
|
|
|
|
Indicators on 1130 Series Access Points |
22-5 |
|
|
|
|
|||
|
|
|
Indicators on 1040 or 1140 Series Access Point |
22-8 |
|
|
|
||||
|
|
|
Indicators on 1240 Series Access Points |
22-11 |
|
|
|
|
|||
|
|
|
Indicators on 1250 Access Points |
22-13 |
|
|
|
|
|
||
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|||||
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
15 |
|
|
|
|
|
|
|
|
|
|
|
Contents
|
|
|
|
|
Indicators on 1260 Series Access Points |
22-15 |
|
|||||||
|
|
|
|
|
Indicators on 1300 Outdoor Access Point/Bridges 22-17 |
|||||||||
|
|
|
|
|
Normal Mode LED Indications |
22-18 |
|
|||||||
|
|
|
|
|
Power Injector |
22-20 |
|
|
|
|
||||
|
|
|
|
|
Checking Power |
22-21 |
|
|
|
|
|
|
||
|
|
|
|
|
Low Power Condition |
22-21 |
|
|
|
|
|
|||
|
|
|
|
|
Checking Basic Settings |
22-22 |
|
|
|
|
||||
|
|
|
|
|
SSID |
22-22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
WEP Keys |
|
22-22 |
|
|
|
|
|
|
|
|
|
|
|
|
Security Settings |
22-22 |
|
|
|
|
|
|||
|
|
|
|
|
Resetting to the Default Configuration |
22-23 |
|
|||||||
|
|
|
|
|
Using the MODE Button |
22-23 |
|
|
|
|||||
|
|
|
|
|
Using the Web Browser Interface |
22-24 |
|
|||||||
|
|
|
|
|
Using the CLI |
22-24 |
|
|
|
|
|
|||
|
|
|
|
|
Reloading the Access Point Image |
22-25 |
|
|
||||||
|
|
|
|
|
Using the MODE button |
22-26 |
|
|
|
|||||
|
|
|
|
|
Using the Web Browser Interface |
22-26 |
|
|||||||
|
|
|
|
|
Browser HTTP Interface |
22-27 |
|
|
||||||
|
|
|
|
|
Browser TFTP Interface |
22-27 |
|
|
||||||
|
|
|
|
|
Using the CLI |
22-28 |
|
|
|
|
|
|||
|
|
|
|
|
Obtaining the Access Point Image File |
22-29 |
|
|||||||
|
|
|
|
|
Obtaining TFTP Server Software |
22-30 |
|
|
||||||
|
|
|
|
|
Image Recovery on the 1520 Access Point |
22-30 |
|
|||||||
|
|
Protocol Filters |
|
|
|
|
|
|
|
|||||
A P P E N D I X A |
|
A-1 |
|
|
|
|
|
|
||||||
|
|
|
Supported MIBs |
|
|
|
|
|
|
|
||||
A P P E N D I X |
B |
|
B-1 |
|
|
|
|
|
|
|||||
|
|
|
|
|
MIB List |
B-1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Using FTP to Access the MIB Files |
B-2 |
|
|
||||||
|
|
|
Error and Event Messages C-1 |
|
|
|
|
|
||||||
A P P E N D I X |
C |
|
|
|
|
|
|
|||||||
|
|
|
|
|
Conventions |
C-2 |
|
|
|
|
|
|
||
|
|
|
|
|
Software Auto Upgrade Messages |
C-3 |
|
|
||||||
|
|
|
|
|
Association Management Messages |
C-5 |
|
|
||||||
|
|
|
|
|
Unzip Messages |
C-6 |
|
|
|
|
|
|
||
|
|
|
|
|
System Log Messages |
C-7 |
|
|
|
|
|
|||
|
|
|
|
|
802.11 Subsystem Messages |
C-8 |
|
|
|
|
||||
|
|
|
|
|
Inter-Access Point Protocol Messages |
C-21 |
||||||||
|
|
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
||||||||||
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
16 |
|
|
|
|
|
|
|
|
|
|
|
OL-29225-01 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contents
Local Authenticator Messages |
C-21 |
||
WDS Messages C-24 |
|
|
|
Mini IOS Messages |
C-25 |
|
|
Access Point/Bridge Messages |
C-26 |
||
Cisco Discovery Protocol Messages C-26 |
|||
External Radius Server Error Messages C-26 |
|||
LWAPP Error Messages |
C-27 |
|
|
Sensor Messages |
C-28 |
|
|
SNMP Error Messages |
C-29 |
|
|
SSH Error Messages |
|
C-30 |
|
G L O S S A R Y
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
OL-29225-01 |
17 |
|
|
|
Contents
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
18 |
OL-29225-01 |
|
|
This guide is for the networking professional who installs and manages Cisco Aironet Access Points. To use this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of wireless local area networks.
The guide covers Cisco IOS Releases 15.2(4)JA , 12.4(25d)JA, and 12.3(8)JEE.
Cisco IOS Releases 15.2(4)JA supports the following autonomous 32 Mb platforms:
•AP 1040
•AP 801
•AP 802
•AP 1140
•AP 1550
•AP 1600
•AP 2600
•AP 3500
•AP 3600
•AP 1260
Note This guide does not cover lightweight access points. Configuration for these devices can be found in the appropriate installation and configuration guides on Cisco.com.
This guide provides the information you need to install and configure your access point. This guide provides procedures for using the Cisco IOS software commands that have been created or changed for use with the access point. It does not provide detailed information about these commands. For detailed information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release. For information about the standard Cisco IOS software commands, refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support > Documentation.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
OL-29225-01 |
-xix |
|
This guide also includes an overview of the access point web-based interface (APWI), which contains all the functionality of the command-line interface (CLI). This guide does not provide field-level descriptions of the APWI windows nor does it provide the procedures for configuring the access point from the APWI. For all APWI window descriptions and procedures, refer to the access point online help, which is available from the Help buttons on the APWI pages.
Organization
This guide is organized into these chapters:
Chapter 1, “Overview,” lists the software and hardware features of the access point and describes the access point role in your network.
Chapter 2, “Using the Web-Browser Interface,” describes how to use the web-browser interface to configure the access point.
Chapter 3, “Using the Command-Line Interface,” describes how to use the command-line interface (CLI) to configure the access point.
Chapter 4, “Configuring the Access Point for the First Time,”describes how to configure basic settings on a new access point.
Chapter 5, “Administering the Access Point,” describes how to perform one-time operations to administer your access point, such as preventing unauthorized access to the access point, setting the system date and time, and setting the system name and prompt.
Chapter 6, “Configuring Radio Settings,” describes how to configure settings for the access point radio such as the role in the radio network, transmit power, channel settings, and others.
Chapter 7, “Configuring Multiple SSIDs,” describes how to configure and manage multiple Service Set Identifiers (SSIDs) and multiple basic SSIDs (BSSIDs) on your access point. You can configure up to 16 SSIDs and up to eight BSSIDs on your access point.
Chapter 8, “Configuring Spanning Tree Protocol,”describes how to configure Spanning Tree Protocol (STP) on your access point, bridge, or access point operating in a bridge mode. STP prevents bridge loops from occurring in your network.
Chapter 9, “Configuring an Access Point as a Local Authenticator,” describes how to configure the access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices.
Chapter 10, “Configuring Cipher Suites and WEP,” describes how to configure the cipher suites required to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation.
Chapter 11, “Configuring Authentication Types,” describes how to configure authentication types on the access point. Client devices use these authentication methods to join your network.
Chapter 12, “Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services,” describes how to configure the access point to participate in WDS, to allow fast reassociation of roaming client services, and to participate in radio management.
Chapter 13, “Configuring and Enabling RADIUS,” describes how to enable and configure the RADIUS and Terminal Access Controller Access Control System Plus (TACACS+), which provide detailed accounting information and flexible administrative control over authentication and authorization processes.
Chapter 14, “Configuring VLANs,” describes how to configure your access point to interoperate with the VLANs set up on your wired LAN.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
-xx |
OL-29225-01 |
|
|
|
Chapter 15, “Configuring QoS,” describes how to configure and manage MAC address, IP, and EtherType filters on the access point using the web-browser interface.
Chapter 16, “Configuring Filters,” describes how to configure and manage MAC address, IP, and EtherType filters on the access point using the web-browser interface.
Chapter 17, “Configuring CDP,” describes how to configure Cisco Discovery Protocol (CDP) on your access point. CDP is a device-discovery protocol that runs on all Cisco network equipment.
Chapter 18, “Configuring SNMP,” describes how to configure the Simple Network Management Protocol (SNMP) on your access point.
Chapter 19, “Configuring Repeater and Standby Access Points and Workgroup Bridge Mode,” describes how to configure your access point as a hot standby unit or as a repeater unit.
Chapter 20, “Managing Firmware and Configurations,” describes how to manipulate the Flash file system, how to copy configuration files, and how to archive (upload and download) software images.
Chapter 21, “Configuring System Message Logging,” describes how to configure system message logging on your access point.
Chapter 22, “Troubleshooting,”provides troubleshooting procedures for basic problems with the access point.
Appendix A, “Protocol Filters,” lists some of the protocols that you can filter on the access point.
Appendix B, “Supported MIBs,” lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the access point supports for this software release.
Appendix C, “Error and Event Messages,” lists the CLI error and event messages and provides an explanation and recommended action for each message.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
•Commands and keywords are in boldface text.
•Arguments for which you supply values are in italic.
•Square brackets ([ ]) mean optional elements.
•Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
•Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element.
Interactive examples use these conventions:
•Terminal sessions and system displays are in screen font.
•Information you enter is in boldface screen font.
•Nonprinting characters, such as passwords or tabs, are in angle brackets (< >). Notes, cautions, and timesavers use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
OL-29225-01 |
-xxi |
|
Caution Means reader be careful. In this situation, you might do something that could result equipment damage or loss of data.
Tip Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.
Related Publications
These documents provide complete information about the access point:
•Getting Started Guide: Cisco Aironet 1040 Series Access Points
•Getting Started Guide: Cisco Aironet 1260 Series Access Points
•Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 12.4(24d)JA and 12.3(8)JEE
•Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges
•Quick Start Guide: Cisco Aironet 1100 Series Access Points
•Quick Start Guide: Cisco Aironet 1130AG Series Access Point
•Getting Started Guide: Cisco Aironet 1140 Series Autonomous Access Point
•Quick Start Guide: Cisco Aironet 1200 Series Access Points
•Quick Start Guide: Cisco Aironet 1240 Series Access Point
•Quick Start Guide: Cisco Aironet 1250 Series Access Point
•Quick Start Guide: Cisco Aironet 1300 Series Outdoor Access Point/Bridge
•Cisco Aironet Access Point Hardware Installation Guide
•Installation Instructions for Cisco Aironet Power Injectors
•Cisco 1140 Series Access Point Deployment Guide
•Installation Instructions for Cisco Aironet 1250 Series Access Point Power Injector
•Cisco Aironet 802.11g Radio Upgrade Instructions
•Cisco Aironet 1250 Series Access Point Radio Upgrade Instructions
•Getting Started Guide: Cisco Aironet 2600 Series Access Points
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
-xxii |
OL-29225-01 |
|
|
|
Obtaining Documentation, Obtaining Support, and Security Guidelines
|
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
|
|
|
|
|
|
|||
|
OL-29225-01 |
|
|
-xxiii |
|
|
|
|
|
Obtaining Documentation, Obtaining Support, and Security Guidelines
|
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points |
-xxiv |
OL-29225-01 |
C H A P T E R 1
Cisco Aironet Access Points (hereafter called access points) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco Aironet access points are Wi-Fi certified, 802.11a-compliant, 802.11b-compliant, and 802.11g-compliant wireless LAN transceivers.
Note The 802.11n standard has not been ratified. Therefore, references to 802.11n throughout this document refer to 802.11n Draft 2.0.
An access point serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within the radio range of an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the network.
You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP).
Each access point platform contains one, two, or three radios:
•The 1040 series access point has dual-band (2.4 GHz and 5 GHz), integrated 802.11n radios and integrated antennas.
•The 1100 series access point uses a single, 802.11b, 2.4-GHz mini-PCI radio that can be upgraded to an 802.11g, 2.4-GHz radio.
•The 1130 series access point has integrated 802.11g and 802.11a radios and antennas.
•The 1140 series access point has integrated antennas for its pre-802.11n radios operating on the 2.4- or 5-GHz frequency bands.
•The 1200 series access point can contain two radios: a 2.4-GHz radio in an internal mini-PCI slot and a 5-GHz radio module in an external, modified cardbus slot. The 1200 series access point supports one radio of each type, but it does not support two 2.4-GHz or two 5-GHz radios.
•The 1230 series access point is pre-configured to include both an 802.11g and an 802.11a radio. It has antenna connectors for externally attached antennas for both radios.
•The 1240 series access point uses two externally connected antennas for each band instead of built-in antennas.
•The 1250 series access point uses three external connected antennas for its pre-802.11n radios operating on the 2.4- or 5-GHz frequency bands.
•The 1260 series access point uses three external connected antennas for its pre-802.11n radios operating on the 2.4- or 5-GHz frequency bands.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
OL-29225-01 |
1-1 |
|
|
|
Chapter 1 Overview
•The 1300 series outdoor access point/bridge uses an integrated antenna and can be configured to use external, dual-diversity antennas.
•The 2600 series access point contains dual-band radios (2.4 GHz and 5 GHz) with integrated and external antenna options. The access points support full inter-operability with leading 802.11n clients, and support a mixed deployment with other access points and controllers.
•The 3600 series access point contains a third radio slot. The autonomous mode is not supported on the third radio.
This chapter contains the following sections:
•Features, page 1-2
•Management Options, page 1-3
•Roaming Client Devices, page 1-3
•Network Configuration Examples, page 1-3
Features
This section lists features supported on access points running Cisco IOS software.
Note The proxy Mobile-IP feature is not supported in Cisco IOS Releases 12.3(2)JA and later.
This section describes the new features in Cisco IOS Release 15.2(4)JA and contains these topics:
•Support for IPv6, page 1-2
•Support for Guest Access, page 1-2
•Support for 802.11w, page 1-3
Cisco IOS Release 15.2(4)JA supports IPv6 protocols. IPv6 is the latest Internet protocol for IPv4. It uses 128-bit addresses as opposed to the 32-bit addresses that are used in IPv4. Cisco IOS Release 15.2(4)JA supports these unicast addresses:
•Aggregatable Global Address: These addresses are globally routable and reachable on the IPv6 portion of the Internet. Global addresses are identified by the format prefix of 001.
•Link-local address: These addresses are automatically configured on interface using:
–Link-local prefix FE80::/10 (1111 1110 10)
–Interface identifier in the modified EUI-64 format.
Cisco IOS Release 15.2(4)JA supports guest access to the network. Guest networks provide access to the Internet and intranet without compromising the security of the host enterprise network.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-2 |
OL-29225-01 |
|
|
Chapter 1 Overview
Cisco IOS Release 15.2(4)JA provides support for the 802.11w protocol. Unlike encrypted data traffic, management frames are sent in an unsecure manner while using the 802.11 protocol for data transfer. The standard 802.11w protocol ensures that the management frames are secured by applying robust management frame protection protocols.
Management Options
You can use the wireless device management system through the following interfaces:
•The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode. Most of the examples in this manual are taken from the CLI. Chapter 3, “Using the Command-Line Interface,” provides a detailed description of the CLI.
•A web-browser interface, which you use through a Web browser. Chapter 2, “Using the Web-Browser Interface,” provides a detailed description of the web-browser interface.
•Simple Network Management Protocol (SNMP). Chapter 18, “Configuring SNMP,” explains how to configure the wireless device for SNMP management.
If you have more than one wireless device in your wireless LAN, wireless client devices can roam seamlessly from one wireless device to another. The roaming functionality is based on signal quality, not proximity. When signal quality drops from a client, it roams to another access point.
Wireless LAN users are sometimes concerned when a client device stays associated to a distant access point instead of roaming to a closer access point. However, if a client signal to a distant access point remains strong and the signal quality is high, the client will not roam to a closer access point. Checking constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput on the wireless LAN.
Using CCKM and a device providing WDS, client devices can roam from one access point to another so quickly that there is no perceptible delay in voice or other time-sensitive applications.
This section describes the role of an access point in common wireless network configurations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as repeater access points, bridges, and workgroup bridges. These roles require specific configurations.
An access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
|
OL-29225-01 |
1-3 |
|
|
|
Chapter 1 Overview
Network Configuration Examples
seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.
Figure 1-1 Access Points as Root Units on a Wired LAN
Access point
Access point
135445
An access point can be configured as a stand-alone repeater to extend the range of your infrastructure or to overcome an obstacle that blocks radio communication. The repeater forwards traffic between wireless users and the wired LAN by sending packets to either another repeater or to an access point connected to the wired LAN. The data is sent through the route that provides the best performance for the client. Figure 1-2 shows an access point acting as a repeater. Consult the “Configuring a Repeater Access Point” section on page 19-3 for instructions on setting up an access point as a repeater.
Note Non-Cisco client devices might have difficulty communicating with repeater access points.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-4 |
OL-29225-01 |
|
|