Cisco 2100 Series, 4400 Series Configuration Manual

Download

Cisco Wireless LAN Controller Configuration Guide

Software Release 5.2 November 2008

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-17037-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)

Preface xxiii

Audience xxiv

Purpose xxiv

Organization xxiv

Conventions xxv

Related Publications xxvii

Obtaining Documentation and Submitting a Service Request xxvii

CHAPTER

1 Overview 1-1

Cisco Unified Wireless Network Solution Overview 1-2

Single-Controller Deployments 1-3 Multiple-Controller Deployments 1-4

Operating System Software 1-4

Operating System Security 1-5

Cisco WLAN Solution Wired Security 1-5

Layer 2 and Layer 3 Operation 1-6

Operational Requirements 1-6 Configuration Requirements 1-6

Cisco Wireless LAN Controllers 1-6

Client Location 1-7

Controller Platforms 1-7

Cisco 2100 Series Controllers 1-8

Cisco 4400 Series Controllers 1-8 Catalyst 6500 Series Wireless Services Module 1-9 Cisco 7600 Series Router Wireless Services Module 1-10 Cisco 28/37/38xx Series Integrated Services Router 1-11 Catalyst 3750G Integrated Wireless LAN Controller Switch 1-11

Features Not Supported 1-8

OL-17037-01

Cisco UWN Solution Wired Connections 1-12

Cisco UWN Solution WLANs 1-12

Identity Networking 1-13

Enhanced Integration with Cisco Secure ACS 1-13

File Transfers 1-14

Cisco Wireless LAN Controller Configuration Guide

iii

Contents

Power over Ethernet 1-14

Startup Wizard 1-15

Cisco Wireless LAN Controller Memory 1-15

Cisco Wireless LAN Controller Failover Protection 1-16

Network Connections to Cisco Wireless LAN Controllers 1-17

Cisco 2100 Series Wireless LAN Controllers 1-17 Cisco 4400 Series Wireless LAN Controllers 1-18

CHAPTER

2 Using the Web-Browser and CLI Interfaces 2-1

Using the Web-Browser Interface 2-2

Guidelines for Using the GUI 2-2 Opening the GUI 2-2 Enabling Web and Secure Web Modes 2-2

Using the GUI to Enable Web and Secure Web Modes 2-3 Using the CLI to Enable Web and Secure Web Modes 2-4 Loading an Externally Generated SSL Certificate 2-5

Using the CLI 2-7

Logging into the CLI 2-7

Using a Local Serial Connection 2-8

Using a Remote Ethernet Connection 2-8 Logging Out of the CLI 2-9 Navigating the CLI 2-9

Enabling Wireless Connections to the Web-Browser and CLI Interfaces

3 Configuring Ports and Interfaces 3-1

2-9

Overview of Ports and Interfaces 3-2

Ports 3-2

Distribution System Ports 3-4

Service Port 3-5 Interfaces 3-6

Management Interface 3-6

AP-Manager Interface 3-6

Virtual Interface 3-7

Service-Port Interface 3-8

Dynamic Interface 3-8 WLANs 3-9

Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-10

Using the GUI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-11

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Contents

Using the CLI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces 3-13

Using the CLI to Configure the Management Interface 3-13 Using the CLI to Configure the AP-Manager Interface 3-14 Using the CLI to Configure the Virtual Interface 3-14 Using the CLI to Configure the Service-Port Interface 3-15

Configuring Dynamic Interfaces 3-16

Using the GUI to Configure Dynamic Interfaces 3-16 Using the CLI to Configure Dynamic Interfaces 3-18

Configuring Ports 3-19

Configuring Port Mirroring 3-22 Configuring Spanning Tree Protocol 3-23

Using the GUI to Configure Spanning Tree Protocol 3-24 Using the CLI to Configure Spanning Tree Protocol 3-28

Enabling Link Aggregation 3-29

Link Aggregation Guidelines 3-32 Using the GUI to Enable Link Aggregation 3-33 Using the CLI to Enable Link Aggregation 3-34 Using the CLI to Verify Link Aggregation Settings 3-34 Configuring Neighbor Devices to Support LAG 3-34

CHAPTER

Configuring a 4400 Series Controller to Support More Than 48 Access Points 3-34

Using Link Aggregation 3-35 Using Multiple AP-Manager Interfaces 3-35

4 Configuring Controller SettingsWireless Device Access 4-1

Using the Configuration Wizard 4-2

Before You Start 4-2 Resetting the Device to Default Settings 4-3

Resetting to Default Settings Using the CLI 4-3 Resetting to Default Settings Using the GUI 4-3

Running the Configuration Wizard on the CLI 4-4

Using the AutoInstall Feature for Controllers Without a Configuration 4-6

Overview of AutoInstall 4-6 Obtaining an IP Address Through DHCP and Downloading a Configuration File from a TFTP

Server

4-7

Selecting a Configuration File 4-8 Example of AutoInstall Operation 4-9

Managing the System Date and Time 4-10

Configuring an NTP Server to Obtain the Date and Time 4-10 Configuring the Date and Time Manually 4-10

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the GUI to Configure the Date and Time 4-10

Using the CLI to Configure the Date and Time 4-11

Configuring 802.11 Bands 4-14

Using the GUI to Configure 802.11 Bands 4-14 Using the CLI to Configure 802.11 Bands 4-15

Configuring 802.11n Parameters 4-17

Using the GUI to Configure 802.11n Parameters 4-17 Using the CLI to Configure 802.11n Parameters 4-19

Configuring DHCP Proxy 4-22

Using the GUI to Configure DHCP Proxy 4-22 Using the CLI to Configure DHCP Proxy 4-23

Configuring Administrator Usernames and Passwords 4-23

Configuring Usernames and Passwords 4-23 Restoring Passwords 4-24

Configuring SNMP 4-24

Changing the Default Values of SNMP Community Strings 4-25

Using the GUI to Change the SNMP Community String Default Values 4-25 Using the CLI to Change the SNMP Community String Default Values 4-27

Changing the Default Values for SNMP v3 Users 4-27

Using the GUI to Change the SNMP v3 User Default Values 4-27 Using the CLI to Change the SNMP v3 User Default Values 4-29

Configuring Aggressive Load Balancing 4-29

Using the GUI to Configure Aggressive Load Balancing 4-30 Using the CLI to Configure Aggressive Load Balancing 4-30

Configuring Fast SSID Changing 4-31

Using the GUI to Configure Fast SSID Changing 4-31 Using the CLI to Configure Fast SSID Changing 4-31

Enabling 802.3X Flow Control 4-31

Configuring 802.3 Bridging 4-32

Using the GUI to Configure 802.3 Bridging 4-32 Using the CLI to Configure 802.3 Bridging 4-33

Configuring Multicast Mode 4-34

Understanding Multicast Mode 4-34 Guidelines for Using Multicast Mode 4-35 Using the GUI to Enable Multicast Mode 4-36 Using the GUI to View Multicast Groups 4-37 Using the CLI to Enable Multicast Mode 4-38 Using the CLI to View Multicast Groups 4-39

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Using the CLI to View an Access Point’s Multicast Client Table 4-39

Configuring Client Roaming 4-40

Intra-Controller Roaming 4-40 Inter-Controller Roaming 4-40 Inter-Subnet Roaming 4-40 Voice-over-IP Telephone Roaming 4-40 CCX Layer 2 Client Roaming 4-41

Using the GUI to Configure CCX Client Roaming Parameters 4-42 Using the CLI to Configure CCX Client Roaming Parameters 4-43 Using the CLI to Obtain CCX Client Roaming Information 4-43 Using the CLI to Debug CCX Client Roaming Issues 4-44

Configuring IP-MAC Address Binding 4-44

Configuring Quality of Service 4-45

Configuring Quality of Service Profiles 4-45

Using the GUI to Configure QoS Profiles 4-45 Using the CLI to Configure QoS Profiles 4-47

Configuring Quality of Service Roles 4-48

Using the GUI to Configure QoS Roles 4-48 Using the CLI to Configure QoS Roles 4-50

Contents

Configuring Voice and Video Parameters 4-52

Call Admission Control 4-52

Bandwidth-Based CAC 4-52

Load-Based CAC 4-52 Expedited Bandwidth Requests 4-53 U-APSD 4-54 Traffic Stream Metrics 4-54 Using the GUI to Configure Voice Parameters 4-54 Using the GUI to Configure Video Parameters 4-56 Using the GUI to View Voice and Video Settings 4-57 Using the CLI to Configure Voice Parameters 4-62 Using the CLI to Configure Video Parameters 4-63 Using the CLI to View Voice and Video Settings 4-64

Configuring EDCA Parameters 4-67

Using the GUI to Configure EDCA Parameters 4-67 Using the CLI to Configure EDCA Parameters 4-68

Configuring Cisco Discovery Protocol 4-69

Using the GUI to Configure Cisco Discovery Protocol 4-72 Using the GUI to View Cisco Discovery Protocol Information 4-73 Using the CLI to Configure Cisco Discovery Protocol 4-77

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

vii

Contents

Using the CLI to View Cisco Discovery Protocol Information 4-78

Configuring RFID Tag Tracking 4-79

Using the CLI to Configure RFID Tag Tracking 4-81 Using the CLI to View RFID Tag Tracking Information 4-82 Using the CLI to Debug RFID Tag Tracking Issues 4-83

Configuring and Viewing Location Settings 4-84

Installing the Location Appliance Certificate 4-84 Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues 4-85 Synchronizing the Controller and Location Appliance 4-86

Using the CLI to View Location Settings 4-86

Configuring the Supervisor 720 to Support the WiSM 4-89

General WiSM Guidelines 4-90 Configuring the Supervisor 4-90

Using the Wireless LAN Controller Network Module 4-91

CHAPTER

5 Configuring Security Solutions 5-1

Cisco UWN Solution Security 5-2

Security Overview 5-2 Layer 1 Solutions 5-2 Layer 2 Solutions 5-2 Layer 3 Solutions 5-3 Integrated Security Solutions 5-3

Configuring RADIUS 5-3

Configuring RADIUS on the ACS 5-4 Using the GUI to Configure RADIUS 5-6 Using the CLI to Configure RADIUS 5-11 RADIUS Authentication Attributes Sent by the Access Point 5-15 RADIUS Accounting Attributes 5-17

Configuring TACACS+ 5-18

Configuring TACACS+ on the ACS 5-19 Using the GUI to Configure TACACS+ 5-23 Using the CLI to Configure TACACS+ 5-25 Viewing the TACACS+ Administration Server Logs 5-27

viii

Configuring Local Network Users 5-29

Using the GUI to Configure Local Network Users 5-30 Using the CLI to Configure Local Network Users 5-32

Configuring LDAP 5-33

Using the GUI to Configure LDAP 5-33 Using the CLI to Configure LDAP 5-36

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Configuring Local EAP 5-38

Using the GUI to Configure Local EAP 5-40 Using the CLI to Configure Local EAP 5-45

Configuring the System for SpectraLink NetLink Telephones 5-50

Using the GUI to Enable Long Preambles 5-50 Using the CLI to Enable Long Preambles 5-51 Using the CLI to Configure Enhanced Distributed Channel Access 5-52

Using Management over Wireless 5-52

Using the GUI to Enable Management over Wireless 5-52 Using the CLI to Enable Management over Wireless 5-52

Configuring DHCP Option 82 5-53

Configuring and Applying Access Control Lists 5-54

Using the GUI to Configure Access Control Lists 5-55 Using the GUI to Apply Access Control Lists 5-59

Applying an Access Control List to an Interface 5-59

Applying an Access Control List to the Controller CPU 5-60

Applying an Access Control List to a WLAN 5-61

Applying a Preauthentication Access Control List to a WLAN 5-62 Using the CLI to Configure Access Control Lists 5-63 Using the CLI to Apply Access Control Lists 5-65

Contents

Configuring Management Frame Protection 5-66

Guidelines for Using MFP 5-67 Using the GUI to Configure MFP 5-68 Using the GUI to View MFP Settings 5-69 Using the CLI to Configure MFP 5-70 Using the CLI to View MFP Settings 5-71 Using the CLI to Debug MFP Issues 5-73

Configuring Client Exclusion Policies 5-73

Configuring Identity Networking 5-74

Identity Networking Overview 5-74 RADIUS Attributes Used in Identity Networking 5-75

QoS-Level 5-75

ACL-Name 5-75

Interface-Name 5-76

VLAN-Tag 5-76

Tunnel Attributes 5-77 Configuring AAA Override 5-78

Updating the RADIUS Server Dictionary File for Proper QoS Values 5-78

Using the GUI to Configure AAA Override 5-79

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the CLI to Configure AAA Override 5-80

Managing Rogue Devices 5-80

Challenges 5-80 Detecting Rogue Devices 5-81 Classifying Rogue Access Points 5-81

WCS Interaction 5-84

Configuring RLDP 5-84

Using the GUI to Configure RLDP 5-84 Using the CLI to Configure RLDP 5-85

Configuring Rogue Classification Rules 5-87

Using the GUI to Configure Rogue Classification Rules 5-87 Using the CLI to Configure Rogue Classification Rules 5-90

Viewing and Classifying Rogue Devices 5-93

Using the GUI to View and Classify Rogue Devices 5-93 Using the CLI to View and Classify Rogue Devices 5-98

CHAPTER

Configuring IDS 5-103

Configuring IDS Sensors 5-103

Using the GUI to Configure IDS Sensors 5-103 Using the CLI to Configure IDS Sensors 5-105 Viewing Shunned Clients 5-106

Configuring IDS Signatures 5-107

Using the GUI to Configure IDS Signatures 5-109 Using the CLI to Configure IDS Signatures 5-115 Using the CLI to View IDS Signature Events 5-117

Configuring wIPS 5-119

Configuring wIPS on an Access Point 5-119 Viewing wIPS Information 5-120

Detecting Active Exploits 5-122

Configuring Maximum Local Database Entries 5-122

Using the GUI to Configure Maximum Local Database Entries 5-122 Using the CLI to Specify the Maximum Number of Local Database Entries 5-122

6 Configuring WLANsWireless Device Access 6-1

WLAN Overview 6-2

Configuring WLANs 6-2

Creating WLANs 6-3

Using the GUI to Create WLANs 6-3 Using the CLI to Create WLANs 6-5

Searching WLANs 6-7

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Configuring DHCP 6-8

Internal DHCP Server 6-8

External DHCP Servers 6-8

DHCP Assignment 6-8

Security Considerations 6-9

Using the GUI to Configure DHCP 6-9

Using the CLI to Configure DHCP 6-10

Using the CLI to Debug DHCP 6-11

Configuring DHCP Scopes 6-11 Configuring MAC Filtering for WLANs 6-14

Enabling MAC Filtering 6-15

Creating a Local MAC Filter 6-15

Configuring a Timeout for Disabled Clients 6-15 Assigning WLANs to Interfaces 6-15 Configuring the DTIM Period 6-16

Using the GUI to Configure the DTIM Period 6-16

Using the CLI to Configure the DTIM Period 6-17 Configuring Peer-to-Peer Blocking 6-18

Guidelines for Using Peer-to-Peer Blocking 6-19

Using the GUI to Configure Peer-to-Peer Blocking 6-19

Using the CLI to Configure Peer-to-Peer Blocking 6-20 Configuring Layer 2 Security 6-20

Static WEP Keys 6-21

Dynamic 802.1X Keys and Authorization 6-21

Configuring a WLAN for Both Static and Dynamic WEP 6-22

WPA1 and WPA2 6-22

CKIP 6-25 Configuring a Session Timeout 6-27

Using the GUI to Configure a Session Timeout 6-27

Using the CLI to Configure a Session Timeout 6-28 Configuring Layer 3 Security 6-28

VPN Passthrough 6-29

Web Authentication 6-29 Assigning a QoS Profile to a WLAN 6-30

Using the GUI to Assign a QoS Profile to a WLAN 6-31

Using the CLI to Assign a QoS Profile to a WLAN 6-32 Configuring QoS Enhanced BSS 6-32

Guidelines for Configuring QBSS 6-34

Additional Guidelines for Using 7921 and 7920 Wireless IP Phones 6-34

Using the GUI to Configure QBSS 6-35

Contents

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

Contents

Using the CLI to Configure QBSS 6-36

Configuring IPv6 Bridging 6-36

Guidelines for Using IPv6 Bridging 6-37 Using the GUI to Configure IPv6 Bridging 6-38 Using the CLI to Configure IPv6 Bridging 6-39

Configuring Cisco Client Extensions 6-39

Using the GUI to Configure CCX Aironet IEs 6-40 Using the GUI to View a Client’s CCX Version 6-40 Using the CLI to Configure CCX Aironet IEs 6-42 Using the CLI to View a Client’s CCX Version 6-42

Configuring Access Point Groups 6-42

Creating Access Point Groups 6-44

Configuring Web Redirect with 802.1X Authentication 6-49

Conditional Web Redirect 6-49 Splash Page Web Redirect 6-50 Configuring the RADIUS Server 6-50 Using the GUI to Configure Web Redirect 6-51

Using the CLI to Configure Web Redirect 6-52 Disabling Accounting Servers per WLAN 6-53 Disabling Coverage Hole Detection per WLAN 6-54

Using the GUI to Disable Coverage Hole Detection on a WLAN 6-54

Using the CLI to Disable Coverage Hole Detection on a WLAN 6-55 Configuring NAC Out-of-Band Integration 6-55

Guidelines for Using NAC Out-of-Band Integration 6-56

Using the GUI to Configure NAC Out-of-Band Integration 6-57

Using the CLI to Configure NAC Out-of-Band Integration 6-60

CHAPTER

xii

7 Controlling Lightweight Access Points 7-1

Access Point Communication Protocols 7-2

Guidelines for Using CAPWAP 7-2 The Controller Discovery Process 7-2 Verifying that Access Points Join the Controller 7-4

Using the GUI to Verify that Access Points Join the Controller 7-4

Using the CLI to Verify that Access Points Join the Controller 7-4 Viewing CAPWAP MTU Information 7-5 Debugging CAPWAP 7-5

Configuring Global Credentials for Access Points 7-5

Using the GUI to Configure Global Credentials for Access Points 7-6 Using the CLI to Configure Global Credentials for Access Points 7-8

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Contents

Configuring Authentication for Access Points 7-9

Using the GUI to Configure Authentication for Access Points 7-10 Using the CLI to Configure Authentication for Access Points 7-12 Configuring the Switch for Authentication 7-14

Embedded Access Points 7-14

Autonomous Access Points Converted to Lightweight Mode 7-16

Guidelines for Using Access Points Converted to Lightweight Mode 7-16 Reverting from Lightweight Mode to Autonomous Mode 7-17

Using a Controller to Return to a Previous Release 7-17 Using the MODE Button and a TFTP Server to Return to a Previous Release 7-17

Authorizing Access Points 7-18

Authorizing Access Points Using SSCs 7-18 Authorizing Access Points Using MICs 7-18 Authorizing Access Points Using LSCs 7-19 Using the GUI to Authorize Access Points 7-22

Using the CLI to Authorize Access Points 7-23 Using DHCP Option 43 and DHCP Option 60 7-24 Troubleshooting the Access Point Join Process 7-24

Configuring the Syslog Server for Access Points 7-26

Viewing Access Point Join Information 7-26 Using a Controller to Send Debug Commands to Access Points Converted to Lightweight Mode 7-28 Converted Access Points Send Crash Information to Controller 7-28 Converted Access Points Send Radio Core Dumps to Controller 7-28

Using the CLI to Retrieve Radio Core Dumps 7-29

Using the GUI to Upload Radio Core Dumps 7-29

Using the CLI to Upload Radio Core Dumps 7-30 Uploading Memory Core Dumps from Converted Access Points 7-31

Using the GUI to Upload Access Point Core Dumps 7-31

Using the CLI to Upload Access Point Core Dumps 7-32 Display of MAC Addresses for Converted Access Points 7-32 Disabling the Reset Button on Access Points Converted to Lightweight Mode 7-33 Configuring a Static IP Address on an Access Point Converted to Lightweight Mode 7-33 Supporting Oversized Access Point Images 7-33

OL-17037-01

Cisco Workgroup Bridges 7-34

Guidelines for Using WGBs 7-35 Sample WGB Configuration 7-37 Using the GUI to View the Status of Workgroup Bridges 7-37 Using the CLI to View the Status of Workgroup Bridges 7-40 Using the CLI to Debug WGB Issues 7-40

Cisco Wireless LAN Controller Configuration Guide

xiii

Contents

Configuring Backup Controllers 7-41

Using the GUI to Configure Backup Controllers 7-42 Using the CLI to Configure Backup Controllers 7-44

Configuring Failover Priority for Access Points 7-46

Using the GUI to Configure Failover Priority for Access Points 7-46 Using the CLI to Configure Failover Priority for Access Points 7-48 Using the CLI to View Failover Priority Settings 7-48

Configuring Country Codes 7-49

Guidelines for Configuring Multiple Country Codes 7-49 Using the GUI to Configure Country Codes 7-50 Using the CLI to Configure Country Codes 7-52

Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain 7-55

Guidelines for Migration 7-56 Migrating Access Points to the -U Regulatory Domain 7-56

Using the W56 Band in Japan 7-58

Dynamic Frequency Selection 7-58

Optimizing RFID Tracking on Access Points 7-59

Using the GUI to Optimize RFID Tracking on Access Points 7-59 Using the CLI to Optimize RFID Tracking on Access Points 7-61

Configuring Probe Request Forwarding 7-62

Retrieving the Unique Device Identifier on Controllers and Access Points 7-63

Using the GUI to Retrieve the Unique Device Identifier on Controllers and Access Points 7-63 Using the CLI to Retrieve the Unique Device Identifier on Controllers and Access Points 7-64

Performing a Link Test 7-64

Using the GUI to Perform a Link Test 7-65 Using the CLI to Perform a Link Test 7-67

Configuring Link Latency 7-67

Using the GUI to Configure Link Latency 7-68 Using the CLI to Configure Link Latency 7-69

Configuring Power over Ethernet 7-70

Using the GUI to Configure Power over Ethernet 7-71 Using the CLI to Configure Power over Ethernet 7-73

Configuring Flashing LEDs 7-74

xiv

Viewing Clients 7-74

Using the GUI to View Clients 7-74 Using the CLI to View Clients 7-78

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Contents

CHAPTER

8 Controlling Mesh Access Points 8-1

Cisco Aironet Mesh Access Points 8-2

Access Point Roles 8-2 Network Access 8-3 Deployment Modes 8-4

Cisco Wireless Mesh Network 8-4

Wireless Backhaul 8-4

Point-to-Point Wireless Bridging 8-5

Point-to-Multipoint Wireless Bridging 8-5

Architecture Overview 8-6

CAPWAP 8-6 Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing 8-6

Mesh Neighbors, Parents, and Children 8-7

Wireless Mesh Constraints 8-7

Adding Mesh Access Points to the Mesh Network 8-10

Adding MAC Addresses of Mesh Access Points to the Controller Filter List 8-10

Configuring External Authentication and Authorization Using a RADIUS Server 8-13

Defining the Mesh Access Point Role 8-16

Configuring Global Mesh Parameters 8-16

Configuring Local Mesh Parameters 8-22

Client Roaming 8-24

Configuring Ethernet Bridging and Ethernet VLAN Tagging 8-25

Configuring Advanced Features 8-32

Configuring Voice Parameters in Mesh Networks 8-32

CAC 8-32

QoS and DSCP Marking 8-32

Guidelines for Using Voice on the Mesh Network 8-33

Voice Call Support in a Mesh Network 8-34

Using the CLI to View Voice Details for Mesh Networks 8-34 Enabling Mesh Multicast Containment for Video 8-37

Backhaul Client Access (Universal Access) for Indoor and Outdoor Mesh Access Points 8-39

Viewing Mesh Statistics and Reports 8-39

Viewing Mesh Statistics for an Access Point 8-39

Using the GUI to View Mesh Statistics for an Access Point 8-39

Using the CLI to View Mesh Statistics for an Access Point 8-43 Viewing Neighbor Statistics for an Access Point 8-44

Using the GUI to View Neighbor Statistics for an Access Point 8-44

Using the CLI to View Neighbor Statistics for an Access Point 8-47

Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG) 8-48

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

Contents

Changing MAP and RAP Roles for Indoor Mesh Access Points (1130AG, 1240AG) 8-49

Using the GUI to Change MAP and RAP Roles for Indoor Mesh Access Points 8-49 Using the CLI to Change MAP and RAP Roles for Indoor Mesh Access Points 8-49

Converting Indoor Mesh Access Points to Non-Mesh Lightweight Access Points (1130AG, 1240AG) 8-50

Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers 8-51

Configuration Guidelines 8-51 Using the GUI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access

Routers Using the CLI to Enable Mesh Access Points to Operate with Cisco 3200 Series Mobile Access

Routers

8-52

8-53

CHAPTER

9 Managing Controller Software and Configurations 9-1

Upgrading Controller Software 9-2

Guidelines for Upgrading Controller Software 9-2 Guidelines for Upgrading to Controller Software 5.2 in Mesh Networks 9-3

Mandatory Boot Variable Update for Networks with 1522 Access Points 9-4

Upgrade Compatibility Matrix 9-6 Using the GUI to Upgrade Controller Software 9-8 Using the CLI to Upgrade Controller Software 9-10

Transferring Files to and from a Controller 9-13

Downloading Device Certificates 9-13

Using the GUI to Download Device Certificates 9-14

Using the CLI to Download Device Certificates 9-15 Downloading CA Certificates 9-16

Using the GUI to Download CA Certificates 9-16

Using the CLI to Download CA Certificates 9-17 Uploading PACs 9-19

Using the GUI to Upload PACs 9-19

Using the CLI to Upload PACs 9-20 Uploading and Downloading Configuration Files 9-21

Uploading Configuration Files 9-21

Downloading Configuration Files 9-23

xvi

Saving Configurations 9-26

Editing Configuration Files 9-27

Clearing the Controller Configuration 9-28

Erasing the Controller Configuration 9-28

Resetting the Controller 9-28

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Contents

CHAPTER

10 Managing User Accounts 10-1

Creating Guest User Accounts 10-2

Creating a Lobby Ambassador Account 10-2

Using the GUI to Create a Lobby Ambassador Account 10-2

Using the CLI to Create a Lobby Ambassador Account 10-3 Creating Guest User Accounts as a Lobby Ambassador 10-4 Viewing Guest User Accounts 10-6

Using the GUI to View Guest Accounts 10-6

Using the CLI to View Guest Accounts 10-7

Web Authentication Process 10-7

Choosing the Web Authentication Login Page 10-9

Choosing the Default Web Authentication Login Page 10-10

Using the GUI to Choose the Default Web Authentication Login Page 10-10

Using the CLI to Choose the Default Web Authentication Login Page 10-11

Modified Default Web Authentication Login Page Example 10-13 Creating a Customized Web Authentication Login Page 10-14 Using a Customized Web Authentication Login Page from an External Web Server 10-16

Using the GUI to Choose a Customized Web Authentication Login Page from an External Web

Server

10-16

Using the CLI to Choose a Customized Web Authentication Login Page from an External Web

Server

10-17

Downloading a Customized Web Authentication Login Page 10-17

Using the GUI to Download a Customized Web Authentication Login Page 10-18

Using the CLI to Download a Customized Web Authentication Login Page 10-19

Customized Web Authentication Login Page Example 10-20

Using the CLI to Verify the Web Authentication Login Page Settings 10-20 Assigning Login, Login Failure, and Logout Pages per WLAN 10-21

Using the GUI to Assign Login, Login Failure, and Logout Pages per WLAN 10-21

Using the CLI to Assign Login, Login Failure, and Logout Pages per WLAN 10-22

CHAPTER

OL-17037-01

Configuring Wired Guest Access 10-23

Configuration Overview 10-25 Configuration Guidelines 10-25 Using the GUI to Configure Wired Guest Access 10-25 Using the CLI to Configure Wired Guest Access 10-29

11 Configuring Radio Resource ManagementWireless Device Access 11-1

Overview of Radio Resource Management 11-2

Radio Resource Monitoring 11-2 Transmit Power Control 11-2

Cisco Wireless LAN Controller Configuration Guide

xvii

Contents

Dynamic Channel Assignment 11-3 Coverage Hole Detection and Correction 11-4 RRM Benefits 11-5

Overview of RF Groups 11-5

RF Group Leader 11-6 RF Group Name 11-6

Configuring an RF Group 11-6

Using the GUI to Configure an RF Group 11-7 Using the CLI to Configure RF Groups 11-7

Viewing RF Group Status 11-8

Using the GUI to View RF Group Status 11-8 Using the CLI to View RF Group Status 11-9

Configuring RRM 11-9

Using the GUI to Configure RRM 11-9

Using the GUI to Configure RF Group Mode 11-10 Using the GUI to Configure Transmit Power Control 11-10 Using the GUI to Configure Dynamic Channel Assignment 11-12 Using the GUI to Configure Coverage Hole Detection 11-15 Using the GUI to Configure RRM Profile Thresholds, Monitoring Channels, and Monitor

Intervals

Using the CLI to Configure RRM 11-19 Using the CLI to View RRM Settings 11-23 Using the CLI to Debug RRM Issues 11-25

11-17

xviii

Overriding RRM 11-25

Statically Assigning Channel and Transmit Power Settings to Access Point Radios 11-26

Using the GUI to Statically Assign Channel and Transmit Power Settings 11-26 Using the CLI to Statically Assign Channel and Transmit Power Settings 11-30

Disabling Dynamic Channel and Power Assignment Globally for a Controller 11-33

Using the GUI to Disable Dynamic Channel and Power Assignment 11-33 Using the CLI to Disable Dynamic Channel and Power Assignment 11-33

Enabling Rogue Access Point Detection in RF Groups 11-34

Using the GUI to Enable Rogue Access Point Detection in RF Groups 11-34 Using the CLI to Enable Rogue Access Point Detection in RF Groups 11-36

Configuring CCX Radio Management Features 11-36

Radio Measurement Requests 11-37 Location Calibration 11-37 Using the GUI to Configure CCX Radio Management 11-37 Using the CLI to Configure CCX Radio Management 11-39 Using the CLI to Obtain CCX Radio Management Information 11-39

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Using the CLI to Debug CCX Radio Management Issues 11-41

Configuring Pico Cell Mode 11-41

Guidelines for Using Pico Cell Mode 11-42 Using the GUI to Configure Pico Cell Mode 11-42 Using the CLI to Configure Pico Cell Mode 11-44 Using the CLI to Debug Pico Cell Mode Issues 11-45

Contents

CHAPTER

12 Configuring Mobility GroupsWireless Device Access 12-1

Overview of Mobility 12-2

Overview of Mobility Groups 12-5

Determining When to Include Controllers in a Mobility Group 12-7 Messaging among Mobility Groups 12-7 Using Mobility Groups with NAT Devices 12-8

Configuring Mobility Groups 12-9

Prerequisites 12-9 Using the GUI to Configure Mobility Groups 12-11 Using the CLI to Configure Mobility Groups 12-14

Viewing Mobility Group Statistics 12-16

Using the GUI to View Mobility Group Statistics 12-16 Using the CLI to View Mobility Group Statistics 12-19

Configuring Auto-Anchor Mobility 12-20

Guidelines for Using Auto-Anchor Mobility 12-21 Using the GUI to Configure Auto-Anchor Mobility 12-21 Using the CLI to Configure Auto-Anchor Mobility 12-23

WLAN Mobility Security Values 12-25

CHAPTER

OL-17037-01

Using Symmetric Mobility Tunneling 12-26

Running Mobility Ping Tests 12-28

13 Configuring Hybrid REAPWireless Device Access 13-1

Overview of Hybrid REAP 13-2

Hybrid-REAP Authentication Process 13-2 Hybrid REAP Guidelines 13-4

Configuring Hybrid REAP 13-5

Configuring the Switch at the Remote Site 13-5 Configuring the Controller for Hybrid REAP 13-6

Using the GUI to Configure the Controller for Hybrid REAP 13-7

Using the CLI to Configure the Controller for Hybrid REAP 13-11 Configuring an Access Point for Hybrid REAP 13-11

Cisco Wireless LAN Controller Configuration Guide

xix

Contents

Using the GUI to Configure an Access Point for Hybrid REAP 13-11 Using the CLI to Configure an Access Point for Hybrid REAP 13-14

Connecting Client Devices to the WLANs 13-15

Configuring Hybrid-REAP Groups 13-15

Hybrid-REAP Groups and Backup RADIUS Servers 13-16 Hybrid-REAP Groups and CCKM 13-16 Hybrid-REAP Groups and Local Authentication 13-17 Using the GUI to Configure Hybrid-REAP Groups 13-17 Using the CLI to Configure Hybrid-REAP Groups 13-22

APPENDIX

A Safety Considerations and

Translated Safety Warnings

A-1

Safety Considerations A-2

Warning Definition A-2

Class 1 Laser Product Warning A-5

Ground Conductor Warning A-7

Chassis Warning for Rack-Mounting and Servicing A-9

Battery Handling Warning for 4400 Series Controllers A-18

Equipment Installation Warning A-20

More Than One Power Supply Warning for 4400 Series Controllers A-23

B Declarations of Conformity and Regulatory Information B-1

Regulatory Information for Lightweight Access Points B-2

Manufacturers Federal Communication Commission Declaration of Conformity Statement B-2 Department of Communications—Canada B-3

Canadian Compliance Statement B-3

European Community, Switzerland, Norway, Iceland, and Liechtenstein B-4

Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC B-4 Declaration of Conformity for RF Exposure B-5 Guidelines for Operating Controllers in Japan B-6

VCCI Class A Warning for 4400 Series Controllers in Japan B-6

VCCI Class B Warning for 2100 Series Controllers in Japan B-6

Power Cable and AC Adapter Warning for Japan B-7 Guidelines for Operating Controllers and Access Points in Japan B-7 Administrative Rules for Cisco Aironet Access Points in Taiwan B-8

Access Points with IEEE 802.11a Radios B-8

All Access Points B-9 Declaration of Conformity Statements B-10

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

FCC Statement for Cisco 2100 Series Wireless LAN Controllers B-10

FCC Statement for 4400 Series Wireless LAN Controllers B-10

Contents

APPENDIX

C End User License and Warranty C-1

End User License Agreement C-2

Limited Warranty C-4

Disclaimer of Warranty C-5

General Terms Applicable to the Limited Warranty Statement and End User License Agreement C-6

Notices C-6

OpenSSL/Open SSL Project C-6

License Issues C-7

D Troubleshooting D-1

Interpreting LEDs D-2

Interpreting Controller LEDs D-2 Interpreting Lightweight Access Point LEDs D-2

System Messages D-2

Using the CLI to Troubleshoot Problems D-5

Configuring System and Message Logging D-6

Using the GUI to Configure System and Message Logging D-7 Using the GUI to View Message Logs D-9 Using the CLI to Configure System and Message Logging D-10 Using the CLI to View System and Message Logs D-12

OL-17037-01

Viewing Access Point Event Logs D-13

Uploading Logs and Crash Files D-14

Using the GUI to Upload Logs and Crash Files D-14 Using the CLI to Upload Logs and Crash Files D-15

Uploading Core Dumps from the Controller D-17

Using the CLI to Upload Controller Core Dumps D-17

Monitoring Memory Leaks D-17

Troubleshooting CCXv5 Client Devices D-19

Diagnostic Channel D-19 Client Reporting D-19 Roaming and Real-Time Diagnostics D-20 Using the GUI to Configure the Diagnostic Channel D-20 Using the CLI to Configure the Diagnostic Channel D-21 Using the GUI to Configure Client Reporting D-25 Using the CLI to Configure Client Reporting D-28

Cisco Wireless LAN Controller Configuration Guide

xxi

Contents

Using the CLI to Configure Roaming and Real-Time Diagnostics D-31

Using the Debug Facility D-34

Configuring Wireless Sniffing D-39

Prerequisites for Wireless Sniffing D-39 Using the GUI to Configure Sniffing on an Access Point D-39 Using the CLI to Configure Sniffing on an Access Point D-41

Troubleshooting Access Points Using Telnet or SSH D-42

Debugging the Access Point Monitor Service D-43

Using the CLI to Debug Access Point Monitor Service Issues D-43

APPENDIX

NDEX

E Logical Connectivity Diagrams E-1

Cisco WiSM E-2

Cisco 28/37/38xx Integrated Services Router E-3

Catalyst 3750G Integrated Wireless LAN Controller Switch E-4

xxii

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Preface

This preface provides an overview of the Cisco Wireless LAN Controller Configuration Guide, Release

5.2, references related publications, and explains how to obtain other documentation and technical

assistance, if necessary. It contains these sections:

• Audience, page xxiv

• Purpose, page xxiv

• Organization, page xxiv

• Conventions, page xxv

• Related Publications, page xxvii

• Obtaining Documentation and Submitting a Service Request, page xxvii

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

xxiii

Audience

This guide describes Cisco Wireless LAN Controllers and Cisco Lightweight Access Points. This guide is for the networking professional who installs and manages these devices. To use this guide, you should be familiar with the concepts and terminology of wireless LANs.

Purpose

This guide provides the information you need to set up and configure wireless LAN controllers.

Note This version of the Cisco Wireless LAN Controller Configuration Guide pertains specifically to

controller software release 5.2. If you are using an earlier version of software, you will notice differences in features, functionality, and GUI pages.

Organization

Preface

This guide is organized into these chapters:

Chapter 1, “Overview,” provides an overview of the network roles and features of wireless LAN

controllers.

Chapter 2, “Using the Web-Browser and CLI Interfaces,” describes how to use the controller GUI and

CLI.

Chapter 3, “Configuring Ports and Interfaces,” describes the controller’s physical ports and interfaces

and provides instructions for configuring them.

Chapter 4, “Configuring Controller SettingsWireless Device Access,” describes how to configure

settings on the controllers.

Chapter 5, “Configuring Security Solutions,” describes application-specific solutions for wireless

LANs.

Chapter 6, “Configuring WLANsWireless Device Access,” describes how to configure wireless LANs

and SSIDs on your system.

Chapter 7, “Controlling Lightweight Access Points,” explains how to connect lightweight access points

to the controller and manage access point settings.

Chapter 8, “Controlling Mesh Access Points,” explains how to connect mesh access points to the

controller and manage access point settings.

Chapter 9, “Managing Controller Software and Configurations,” describes how to upgrade and manage

controller software and configurations.

Chapter 10, “Managing User Accounts,” explains how to create and manage guest user accounts,

describes the web authentication process, and provides instructions for customizing the web authentication login.

Chapter 11, “Configuring Radio Resource ManagementWireless Device Access,” describes radio

resource management (RRM) and explains how to configure it on the controllers.

xxiv

Chapter 12, “Configuring Mobility GroupsWireless Device Access,” describes mobility groups and

explains how to configure them on the controllers.

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Preface

Chapter 13, “Configuring Hybrid REAPWireless Device Access,” describes hybrid REAP and explains

how to configure this feature on controllers and access points.

Appendix A, “Safety Considerations and Translated Safety Warnings,” lists safety considerations and

translations of the safety warnings that apply to the Cisco Unified Wireless Network Solution products.

Appendix B, “Declarations of Conformity and Regulatory Information,” provides declarations of

conformity and regulatory information for the products in the Cisco Unified Wireless Network Solution.

Appendix C, “End User License and Warranty,” describes the end user license and warranty that apply

to the Cisco Unified Wireless Network Solution products.

Appendix D, “Troubleshooting,” describes the LED patterns on controllers and lightweight access

points, lists system messages that can appear on the Cisco Unified Wireless Network Solution interfaces, and provides CLI commands that can be used to troubleshoot problems on the controller.

Appendix E, “Logical Connectivity Diagrams,”provides logical connectivity diagrams and related

software commands for controllers that are integrated into other Cisco products.

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

• Commands and keywords are in boldface text.

• Arguments for which you supply values are in italic.

• Square brackets ([ ]) mean optional elements.

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.

Interactive examples use these conventions:

• Terminal sessions and system displays are in screen font.

• Information you enter is in boldface.

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result equipment damage

or loss of data.

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

xxv

Preface

Warning

Waarschuwing

Varoitus

Attention

Warnung

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. (To see translations of the warnings that appear in this publication, refer to the appendix “Translated Safety Warnings.”)

Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico’s en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het aanhangsel “Translated Safety Warnings” (Vertalingen van veiligheidsvoorschriften) raadplegen.)

Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).)

Ce symbole d’avertissement indique un danger. Vous vous trouvez dans une situation pouvant entraîner des blessures. Avant d’accéder à cet équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures courantes de prévention des accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez consulter l’annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité).

Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. (Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Anhang mit dem Titel “Translated Safety Warnings” (Übersetzung der Warnhinweise).)

xxvi

Avvertenza

Questo simbolo di avvertenza indica un pericolo. Si è in una situazione che può causare infortuni. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nell’appendice, “Translated Safety Warnings” (Traduzione delle avvertenze di sicurezza).

Advarsel

Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du være oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. (Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler].)

Aviso

Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos fisicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. (Para ver as traduções dos avisos que constam desta publicação, consulte o apêndice “Translated Safety Warnings” - “Traduções dos Avisos de Segurança”).

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

Preface

¡Advertencia!

Varning!

Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. (Para ver traducciones de las advertencias que aparecen en esta publicación, consultar el apéndice titulado “Translated Safety Warnings.”)

Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta säkerhetsvarningar].)

Related Publications

These documents provide complete information about the Cisco Unified Wireless Network Solution:

• Quick Start Guide: Cisco 2100 Series Wireless LAN Controllers

• Quick Start Guide: Cisco 4400 Series Wireless LAN Controllers

• Cisco Wireless LAN Controller Command Reference

• Cisco Wireless Control System Configuration Guide

• Quick Start Guide: Cisco Wireless Control System

• Quick start guide and hardware installation guide for your specific lightweight access point

Click this link to browse to user documentation for the Cisco Unified Wireless Network Solution:

http://www.cisco.com/cisco/web/psa/default.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

xxvii

Preface

xxviii

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

CHAP T E R

Overview

This chapter describes the controller components and features. Its contains these sections:

• Cisco Unified Wireless Network Solution Overview, page 1-2

• Operating System Software, page 1-5

• Operating System Security, page 1-5

• Layer 2 and Layer 3 Operation, page 1-6

• Cisco Wireless LAN Controllers, page 1-7

• Controller Platforms, page 1-8

• Cisco UWN Solution Wired Connections, page 1-12

• Cisco UWN Solution WLANs, page 1-13

• Identity Networking, page 1-13

• File Transfers, page 1-14

• Power over Ethernet, page 1-14

• Startup Wizard, page 1-15

• Cisco Wireless LAN Controller Memory, page 1-16

• Cisco Wireless LAN Controller Failover Protection, page 1-16

• Network Connections to Cisco Wireless LAN Controllers, page 1-17

OL-17037-01

Cisco Wireless LAN Controller Configuration Guide

1-1

Cisco Unified Wireless Network Solution Overview

The Cisco Unified Wireless Network (Cisco UWN) Solution is designed to provide 802.11 wireless networking solutions for enterprises and service providers. The Cisco UWN Solution simplifies deploying and managing large-scale wireless LANs and enables a unique best-in-class security infrastructure. The operating system manages all data client, communications, and system administration functions, performs radio resource management (RRM) functions, manages system-wide mobility policies using the operating system security solution, and coordinates all security functions using the operating system security framework.

The Cisco UWN Solution consists of Cisco Wireless LAN Controllers and their associated lightweight access points controlled by the operating system, all concurrently managed by any or all of the operating system user interfaces:

• An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco Wireless LAN

Controllers can be used to configure and monitor individual controllers. See Chapter 2.

• A full-featured command-line interface (CLI) can be used to configure and monitor individual Cisco

Wireless LAN Controllers. See Chapter 2.

• The Cisco Wireless Control System (WCS), which you use to configure and monitor one or more

Cisco Wireless LAN Controllers and associated access points. WCS has tools to facilitate large-system monitoring and control. WCS runs on Windows 2000, Windows 2003, and Red Hat Enterprise Linux ES servers.

Chapter 1 Overview

Note WCS software release 5.2 must be used with controllers running controller software release

5.2. Do not attempt to use older versions of WCS software with controllers running controller software release 5.2.

• An industry-standard SNMP V1, V2c, and V3 interface can be used with any SNMP-compliant

third-party network management system.

The Cisco UWN Solution supports client data services, client monitoring and control, and all rogue access point detection, monitoring, and containment functions. It uses lightweight access points, Cisco Wireless LAN Controllers, and the optional Cisco WCS to provide wireless services to enterprises and service providers.

Note Unless otherwise noted, all of the Cisco wireless LAN controllers are hereafter referred to as controllers,

and all of the Cisco lightweight access points are hereafter referred to as access points.

Figure 1-1 shows the Cisco Wireless LAN Solution components, which can be simultaneously deployed

across multiple floors and buildings.

1-2

Cisco Wireless LAN Controller Configuration Guide

OL-17037-01

+ 766 hidden pages

Cisco 2100 Series, 4400 Series Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Cisco Wireless LAN Controller Configuration Guide

CONTENTS

Preface

Overview

Cisco Unified Wireless Network Solution Overview