Cisco Systems AIRONET 350 User Manual 2

CHAPTER

1

Overview

Cisco Aironet Bridges are wireless LAN transceivers that connect two or more remote networks into a
single LAN. The 350 Series Bridge can also be used as a rugged access point, providing network access
to wireless client devices.

The bridge uses a browser-based management system, but you can also configure the bridge using a
terminal emulator, a Telnet session, Secure Shell (SSH), or Simple Network Management Protocol
(SNMP).

This chapter provides information on the following topics:

• Key Features, page 1-2

• Management Options, page 1-3

• Roaming Client Devices, page 1-3

• Quality of Service Support, page 1-3

• VLAN Support, page 1-4

• Role in a Wireless Network, page 1-9

OL-1410-07

Cisco Aironet 350 Series Bridge Software Configuration Guide

1-1

Key Features

Key Features

This section describes the key features of the bridge firmware. The following are the key features of
version 12.01T:

• Multiple IEEE 802.11service set identifiers(SSIDs) to create different levels of network access and

• Quality of service (QoS) to allow various devices on the network to communicate more

• Centralized administrator authentication uses an AAA server to authenticate users if the user

• Best handling of lost Ethernet links allows a number of actions to be executed when a bridge loses

• Authentication server management includes two new features in release 12.01T:

• Secure Shell (SSH) support for providing a strong user authentication and encryption of

Chapter 1 Overview

to access virtual LANs (VLANs)—You can configure up to 16 separate SSIDs to support up to 16
VLANs on your network. Each VLAN can have a different wireless security configuration so that
the devices that support the latest Cisco security enhancements can exist alongside legacy devices.
This additional bridge functionality enables a variety of users having different security levels to
access different parts of the network.

effectively—The bridge now supports QoS for wireless Voice over IP (VoIP) telephones and
downlink prioritized channel access for streaming audio and video traffic. Filters can also be set to
prioritize traffic based on VLAN, VoIP address-based filters, protocol, or port.

administration feature is enabled on the bridge. The AAA server verifies the user login and passes
back the appropriate privileges for the user or an administrator.

backbone connectivity:

–

No action—the bridge continues to maintain associations with clients and manages traffic
between them, but traffic to the backbone is not passed. When the backbone is restored, the
bridge begins passing traffic to and from the wired network.

–

Switch to repeater mode—the bridge tries to connect to a root access point using any of the
configuredSSIDs.If it cannot connect, all clients are disassociated and the bridge removes itself
from the wireless network until connectivity is restored.

–

Shut the radio off—all clients are disassociated and the bridge removes itself from the wireless
network until backbone connectivity is restored.

–

Restrict to SSID—the bridge allows association using a restricted SSID (for administrator
troubleshooting and diagnosis purposes).

–

Display of active authentication servers—for each authentication type: 802.1x/LEAP, MAC, or
Admin Authentication (if enabled), the active server is identified by a green color.

–

Automatic return to primary authentication server—if the selected RADIUS server (primary) is
not reachable after a predetermined period of time-out and retries, the bridge uses the next
server listed.

Reporting bridges that fail authentication with LEAP provide a passive method of detecting rogue
bridges in a LEAP enabled network. It is passive because bridges do not actively look for or detect
a rogue bridge in the wireless network. Instead, the bridge depends on LEAP enabled clients to
report rouge bridges.

management traffic.SSHisa software package that provides a cryptographically secure replacement
for or an alternative to Telnet. It provides strong host-to-host and user authentication as well as
secure encrypted communications over a non secure network. The feature operates as follows:

–

The SSH server on the access point listens to its TCP port 22 for requests.

–

When a request from a client is received, the access point sends a public key, supported cipher
specification details, and supported authentication type (password only) to the client.

1-2

Cisco Aironet 350 Series Bridge Software Configuration Guide

OL-1410-07

Chapter 1 Overview

–

The client generates a double encrypted session key and sends it to the access point along with
the chosen cipher specification.

–

The access point authenticates the client based on a user ID and password when the user
manager feature is enabled.

–

If authentication is successful, all management traffic between the client and access point is
encrypted using the session key.

Management Options

You can use the bridge management system through the following interfaces:

• A web-browser interface

• A command-line interface (CLI)

• Simple Network Management Protocol (SNMP)

The bridge’s management system pages are organized the same way for the web- browser interface and
the CLI. The examples in this manual are all taken from the web-browser interface. Chapter 2, “Using

the Management Interfaces” provides a detailed description of each management option.

Management Options

Roaming Client Devices

If you have more than one bridge or access point in your wireless LAN, wireless client devices can roam
seamlessly from one bridge or access point to another. The roaming functionality is based on signal
quality, not proximity. When a client’s signal quality drops, it roams to another bridge or access point.

Wireless LAN users are sometimes concerned when a client device stays associated to a distant bridge
or access point instead of roaming to a closer bridge or access point. However, if a client’s signal to a
distant bridge or access point remains strong, the client will not roam to a closer bridge or access point.
If client devices checked constantly for closer bridges and access points, the extra radio traffic would
slow throughput on the wireless LAN.

Quality of Service Support

The bridge now supports Cisco’s QoS, primarily in the area of wireless VoIP telephones from
Spectralink and Symbol Technologies Corporation. The bridge also provides priority classification,
prioritized queueing, and prioritized channel access for other downlink IEEE 802.11 traffic such as
streaming audio or video traffic.

With this software release, the bridge does not include any QoS enhancements in Cisco IEEE 802.11
client software.

What is QoS?

OL-1410-07

QoS refers to the ability of a network to provide improvedservice to selected network trafficovervarious
underlying technologies including Ethernet and wireless LANs. In particular, QoS features provide
improved and more predictable network service by providing the following services:

• Improving loss characteristics

Cisco Aironet 350 Series Bridge Software Configuration Guide

1-3

VLAN Support

• Avoiding and managing network congestion

• Prioritizing service to different kinds of network traffic

• Shaping network traffic

• Setting traffic priorities across the network

Limitations and Restrictions

The QoS implementation on the bridge has the following limitations and restrictions:

• Provides only prioritized QoS for downlink traffic on IEEE 802.11 links and does not support a

general purpose QoS signalling protocol, uniform admission control, guaranteed bandwidth, and
other features that are generally associated with parametized QoS.

• Supports rudimentary admission control mechanisms for Spectralink and Symbol VoIP phones.

• Does not provide a method for prioritizing uplink traffic on IEEE 802.11 links.

• Does not offer 802.1X authentication for Symbol VoIP phones because those phones do not support

an 802.1X type such as LEAP or EAP-TLS.

• The DTIM beacon period must be small to support jitter-sensitive streaming multicast audio and

video applications.

• Supports IEEE 802.11e EDCF-like channel access prioritization but does not support IEEE 802.11e

QoS frame formats.

Chapter 1 Overview

Related Documents

The following documents provide more detailed information pertaining to QoS design and
configuration:

• Cisco Internetworking Technology Handbook

• Cisco IOS Quality of Service Solutions Command Reference, Version 12.2

These documents are available on Cisco.com.

VLAN Support

Version 12.01T supports VLAN technology by mapping SSIDs to VLANs. With the multiple-SSID
capability, the bridge can support up to 16 VLAN subnets.

What is a VLAN?

A switched network can be logically segmented into virtual local-area networks (VLANs), on a physical
or geographical basis, or by functions, project teams, or applications. For example, all workstations and
servers used by a particular workgroup team can be connected to the same VLAN regardless of their
physical connections to the network or the fact that they might be intermingled with devices for other
teams. Reconfiguration of VLANs can be done through software rather than physically unplugging and
moving devices or wires.

1-4

Cisco Aironet 350 Series Bridge Software Configuration Guide

OL-1410-07