Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC
May 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-14209-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Obtaining Documentation, Obtaining Support, and Security Guidelines1-xxiv
Overview1-1
Features1-2
Features Introduced in This Release1-2
Management Options1-2
Roaming Client Devices1-3
Network Configuration Examples1-3
Root Access Point1-3
Repeater Access Point1-4
Bridges1-5
Workgroup Bridge1-5
Central Unit in an All-Wireless Network1-6
Using the Web-Browser Interface2-1
Using the Web-Browser Interface for the First Time2-3
Using the Management Pages in the Web-Browser Interface2-3
Using Action Buttons2-4
Character Restrictions in Entry Fields2-5
Enabling HTTPS for Secure Browsing2-5
CLI Configuration Example2-13
Deleting an HTTPS Certificate2-13
Using Online Help2-14
Changing the Location of Help Files2-14
Disabling the Web-Browser Interface2-15
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
iii
Contents
Using the Command-Line Interface3-1
Cisco IOS Command Modes3-2
Getting Help3-3
Abbreviating Commands3-3
Using no and default Forms of Commands3-4
Understanding CLI Messages3-4
Using Command History3-4
Changing the Command History Buffer Size3-5
Recalling Commands3-5
Disabling the Command History Feature3-5
Using Editing Features3-6
Enabling and Disabling Editing Features3-6
Editing Commands Through Keystrokes3-6
Editing Command Lines that Wrap3-7
Searching and Filtering Output of show and more Commands3-8
Accessing the CLI3-9
Opening the CLI with Telnet3-9
Opening the CLI with Secure Shell3-9
Configuring the Access Point for the First Time4-1
Before You Start4-2
Resetting the Device to Default Settings4-2
Resetting to Default Settings Using the MODE Button4-2
Resetting to Default Settings Using the GUI4-2
Resetting to Default Settings Using the CLI4-3
Obtaining and Assigning an IP Address4-4
Default IP Address Behavior4-4
Connecting to the 1100 Series Access Point Locally4-5
Connecting to the 1130 Series Access Point Locally4-6
Connecting to the 1200, 1230, 1240, and 1250 Series Access Points Locally4-6
Connecting to the 1300 Series Access Point/Bridge Locally4-7
Default Radio Settings4-7
Assigning Basic Settings4-8
Default Settings on the Express Setup Page4-14
Configuring Basic Security Settings4-16
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
iv
OL-14209-01
Understanding Express Security Settings4-18
Using VLANs4-18
Express Security Types4-19
Express Security Limitations4-21
Using the Express Security Page4-21
CLI Configuration Examples4-22
Configuring System Power Settings for 1130 and 1240 Series Access Points4-27
Assigning an IP Address Using the CLI4-28
Using a Telnet Session to Access the CLI4-28
Configuring the 802.1X Supplicant4-29
Creating a Credentials Profile4-29
Applying the Credentials to an Interface or SSID4-30
Applying the Credentials Profile to the Wired Port4-30
Applying the Credentials Profile to an SSID Used For the Uplink4-31
Creating and Applying EAP Method Profiles4-32
Contents
Administering the Access PointWireless Device Access5-1
Disabling the Mode Button5-2
Preventing Unauthorized Access to Your Access Point5-3
Protecting Access to Privileged EXEC Commands5-3
Default Password and Privilege Level Configuration5-4
Setting or Changing a Static Enable Password5-4
Protecting Enable and Enable Secret Passwords with Encryption5-6
Configuring Username and Password Pairs5-7
Configuring Multiple Privilege Levels5-8
Setting the Privilege Level for a Command5-8
Logging Into and Exiting a Privilege Level5-9
Controlling Access Point Access with RADIUS5-9
Default RADIUS Configuration5-10
Configuring RADIUS Login Authentication5-10
Defining AAA Server Groups5-12
Configuring RADIUS Authorization for User Privileged Access and
Network Services
5-14
Displaying the RADIUS Configuration5-15
Controlling Access Point Access with TACACS+5-15
Default TACACS+ Configuration5-15
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
v
Contents
Configuring TACACS+ Login Authentication5-15
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services5-17
Displaying the TACACS+ Configuration5-17
Configuring Ethernet Speed and Duplex Settings5-18
Configuring the Access Point for Wireless Network Management5-18
Configuring the Access Point for Local Authentication and Authorization5-19
Configuring the Authentication Cache and Profile5-20
Configuring the Access Point to Provide DHCP Service5-22
Setting up the DHCP Server5-22
Monitoring and Maintaining the DHCP Server Access Point5-24
Show Commands5-24
Clear Commands5-25
Debug Command5-25
Configuring the Access Point for Secure Shell5-25
Understanding SSH5-25
Configuring SSH5-26
Configuring Client ARP Caching5-26
Understanding Client ARP Caching5-26
Optional ARP Caching5-26
Configuring ARP Caching5-27
Managing the System Time and Date5-27
Understanding Simple Network Time Protocol5-27
Configuring SNTP5-28
Configuring Time and Date Manually5-28
Setting the System Clock5-28
Displaying the Time and Date Configuration5-29
Configuring the Time Zone 5-29
Configuring Summer Time (Daylight Saving Time)5-30
Defining HTTP Access5-32
Configuring a System Name and Prompt5-32
Default System Name and Prompt Configuration5-32
Configuring a System Name5-32
Understanding DNS5-33
Default DNS Configuration5-33
Setting Up DNS5-34
Displaying the DNS Configuration5-35
Creating a Banner5-35
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
vi
OL-14209-01
Default Banner Configuration5-35
Configuring a Message-of-the-Day Login Banner5-35
Configuring a Login Banner5-37
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode5-37
Migrating to Japan W52 Domain5-37
Verifying the Migration5-39
Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging5-39
CLI Command5-40
Configuring Radio Settings6-1
Enabling the Radio Interface6-2
Configuring the Role in Radio Network6-2
Universal Workgroup Bridge Mode6-5
Configuring Dual-Radio Fallback6-5
Radio Tracking6-6
Fast Ethernet Tracking6-6
MAC-Address Tracking6-6
Bridge Features Not Supported6-7
Contents
Configuring Radio Data Rates6-7
Access Points Send Multicast and Management Frames at Highest Basic Rate6-8
Configuring MCS Rates6-10
Configuring Radio Transmit Power6-11
Limiting the Power Level for Associated Client Devices6-13
Configuring Radio Channel Settings6-14
802.11n Channel Widths6-15
Dynamic Frequency Selection6-16
CLI Commands6-18
Confirming that DFS is Enabled6-18
Configuring a Channel6-19
Blocking Channels from DFS Selection6-19
Setting the 802.11n Guard Interval6-20
Configuring Location-Based Services6-21
Understanding Location-Based Services6-21
Configuring LBS on Access Points6-21
Enabling and Disabling World Mode6-22
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
vii
Contents
Disabling and Enabling Short Radio Preambles6-23
Configuring Transmit and Receive Antennas6-24
Enabling and Disabling Gratuitous Probe Response6-25
Disabling and Enabling Aironet Extensions6-26
Configuring the Ethernet Encapsulation Transformation Method6-27
Enabling and Disabling Reliable Multicast to Workgroup Bridges6-28
Enabling and Disabling Public Secure Packet Forwarding6-29
Default SSID Configuration7-4
Creating an SSID Globally7-4
Viewing SSIDs Configured Globally7-6
Using Spaces in SSIDs7-6
Using a RADIUS Server to Restrict SSIDs7-7
Configuring Multiple Basic SSIDs7-8
Requirements for Configuring Multiple BSSIDs7-8
Guidelines for Using Multiple BSSIDs7-8
Configuring Multiple BSSIDs7-8
CLI Configuration Example7-10
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
viii
OL-14209-01
Displaying Configured BSSIDs7-10
Assigning IP Redirection for an SSID7-11
Guidelines for Using IP Redirection7-12
Configuring IP Redirection7-12
Including an SSID in an SSIDL IE7-13
NAC Support for MBSSID7-13
Configuring NAC for MBSSID7-16
Configuring Spanning Tree Protocol8-1
Understanding Spanning Tree Protocol8-2
STP Overview8-2
1300 and 350 Series Bridge Interoperability8-3
Access Point/Bridge Protocol Data Units8-3
Election of the Spanning-Tree Root8-4
Spanning-Tree Timers8-5
Creating the Spanning-Tree Topology8-5
Spanning-Tree Interface States8-5
Root Bridge Without VLANs8-10
Non-Root Bridge Without VLANs8-11
Root Bridge with VLANs8-11
Non-Root Bridge with VLANs8-13
Displaying Spanning-Tree Status8-14
Configuring an Access Point as a Local Authenticator9-1
Understanding Local Authentication9-2
Configuring a Local Authenticator9-2
Guidelines for Local Authenticators9-3
Configuration Overview9-3
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
ix
Contents
Configuring the Local Authenticator Access Point9-3
Configuring Other Access Points to Use the Local Authenticator9-6
Configuring EAP-FAST Settings9-7
Configuring PAC Settings9-7
Configuring an Authority ID9-8
Configuring Server Keys9-8
Possible PAC Failures Caused by Access Point Clock9-8
Limiting the Local Authenticator to One Authentication Type9-9
Unblocking Locked Usernames9-9
Viewing Local Authenticator Statistics9-9
Using Debug Messages9-11
Configuring Cipher Suites and WEP10-1
Understanding Cipher Suites and WEP10-2
Configuring Cipher Suites and WEP10-3
Creating WEP Keys10-3
WEP Key Restrictions10-5
Example WEP Key Setup10-5
Enabling Cipher Suites and WEP10-6
Matching Cipher Suites with WPA and CCKM10-7
Enabling and Disabling Broadcast Key Rotation10-7
Configuring Authentication Types11-1
Understanding Authentication Types11-2
Open Authentication to the Access Point11-2
Shared Key Authentication to the Access Point11-3
EAP Authentication to the Network11-4
MAC Address Authentication to the Network11-5
Combining MAC-Based, EAP, and Open Authentication11-6
Using CCKM for Authenticated Clients11-6
Using WPA Key Management11-7
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP11-8
Configuring Authentication Types11-10
Assigning Authentication Types to an SSID11-10
Configuring WPA Migration Mode11-13
Configuring Additional WPA Settings11-14
Configuring MAC Authentication Caching11-15
Configuring Authentication Holdoffs, Timeouts, and Intervals11-16
Creating and Applying EAP Method Profiles for the 802.1X Supplicant11-17
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
x
OL-14209-01
Contents
Creating an EAP Method Profile11-18
Applying an EAP Profile to the Fast Ethernet Interface11-18
Applying an EAP Profile to an Uplink SSID11-19
Matching Access Point and Client Device Authentication Types11-19
Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection
Services
Role of the WDS Device12-2
Role of Access Points Using the WDS Device12-3
Guidelines for WDS12-8
Requirements for WDS12-8
Configuration Overview12-8
Configuring Access Points as Potential WDS Devices12-9
CLI Configuration Example12-13
Configuring Access Points to use the WDS Device12-14
CLI Configuration Example12-15
Configuring the Authentication Server to Support WDS12-15
Configuring WDS Only Mode12-19
Viewing WDS Information12-20
Using Debug Messages12-21
Configuring Fast Secure Roaming12-21
Requirements for Fast Secure Roaming12-21
Configuring Access Points to Support Fast Secure Roaming12-22
CLI Configuration Example12-24
Configuring Management Frame Protection12-24
Management Frame Protection12-24
Overview12-25
Protection of Unicast Management Frames12-25
Protection of Broadcast Management Frames12-25
Client MFP For Access Points in Root mode12-25
Configuring Client MFP12-26
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xi
Contents
Configuring Radio Management12-28
CLI Configuration Example12-29
Configuring Access Points to Participate in WIDS12-30
Configuring the Access Point for Scanner Mode12-30
Configuring the Access Point for Monitor Mode12-30
Displaying Monitor Mode Statistics12-31
Configuring Monitor Mode Limits12-32
Default RADIUS Configuration13-4
Identifying the RADIUS Server Host 13-4
Configuring RADIUS Login Authentication13-7
Defining AAA Server Groups13-9
Configuring RADIUS Authorization for User Privileged Access and Network Services13-11
Configuring Packet of Disconnect13-12
Starting RADIUS Accounting m13-13
Selecting the CSID Format13-14
Configuring Settings for All RADIUS Servers13-15
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes13-16
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication13-17
Configuring WISPr RADIUS Attributes13-18
Displaying the RADIUS Configuration13-19
RADIUS Attributes Sent by the Access Point13-20
Identifying the TACACS+ Server Host and Setting the Authentication Key13-25
Configuring TACACS+ Login Authentication13-26
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xii
OL-14209-01
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services13-27
Starting TACACS+ Accounting13-28
Displaying the TACACS+ Configuration13-29
Configuring VLANs14-1
Understanding VLANs14-2
Related Documents14-3
Incorporating Wireless Devices into VLANs14-4
Configuring VLANs14-4
Configuring a VLAN14-5
Assigning Names to VLANs14-7
Guidelines for Using VLAN Names14-7
Creating a VLAN Name14-8
Using a RADIUS Server to Assign Users to VLANs14-8
Using a RADIUS Server for Dynamic Mobility Group Assignment14-9
Viewing VLANs Configured on the Access Point14-9
Contents
VLAN Configuration Example14-10
Configuring QoS15-1
Understanding QoS for Wireless LANs15-2
QoS for Wireless LANs Versus QoS on Wired LANs15-2
Impact of QoS on a Wireless LAN15-2
Precedence of QoS Settings15-3
Using Wi-Fi Multimedia Mode15-4
Configuring QoS15-5
Configuration Guidelines15-5
Configuring QoS Using the Web-Browser Interface15-5
The QoS Policies Advanced Page15-9
QoS Element for Wireless Phones15-9
IGMP Snooping15-10
AVVID Priority Mapping15-10
WiFi Multimedia (WMM)15-10
Adjusting Radio Access Categories15-10
Configuring Nominal Rates15-12
Optimized Voice Settings15-12
Configuring Call Admission Control15-12
QoS Configuration Examples15-14
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xiii
Contents
Giving Priority to Voice Traffic15-14
Giving Priority to Video Traffic15-15
Configuring Filters16-1
Understanding Filters16-2
Configuring Filters Using the CLI16-2
Configuring Filters Using the Web-Browser Interface16-3
Configuring and Enabling MAC Address Filters16-3
Creating a MAC Address Filter16-4
Using MAC Address ACLs to Block or Allow Client Association to the Access Point16-6
Creating a Time-Based ACL16-8
ACL Logging16-9
CLI Configuration Example16-9
Configuring and Enabling IP Filters16-9
Creating an IP Filter16-11
Configuring and Enabling Ethertype Filters16-12
Creating an Ethertype Filter16-13
Configuring CDP17-1
Understanding CDP17-2
Configuring CDP17-2
Default CDP Configuration17-2
Configuring the CDP Characteristics17-2
Disabling and Enabling CDP17-3
Disabling and Enabling CDP on an Interface17-4
Monitoring and Maintaining CDP17-4
Configuring SNMP18-1
Understanding SNMP18-2
SNMP Versions18-2
SNMP Manager Functions18-3
SNMP Agent Functions18-4
SNMP Community Strings18-4
Using SNMP to Access MIB Variables 18-4
Configuring SNMP18-5
Default SNMP Configuration18-5
Enabling the SNMP Agent18-5
Configuring Community Strings18-6
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xiv
OL-14209-01
Specifying SNMP-Server Group Names18-7
Configuring SNMP-Server Hosts18-8
Configuring SNMP-Server Users18-8
Configuring Trap Managers and Enabling Traps18-8
Setting the Agent Contact and Location Information18-10
Using the snmp-server view Command18-10
SNMP Examples18-10
Displaying SNMP Status18-12
Configuring Repeater and Standby Access Points and Workgroup Bridge Mode19-1
Understanding Repeater Access Points19-2
Configuring a Repeater Access Point19-3
Default Configuration19-4
Guidelines for Repeaters19-4
Setting Up a Repeater19-5
Contents
Aligning Antennas19-6
Verifying Repeater Operation19-6
Setting Up a Repeater As a LEAP Client19-7
Setting Up a Repeater As a WPA Client19-8
Understanding Hot Standby19-9
Configuring a Hot Standby Access Point19-9
Verifying Standby Operation19-12
Understanding Workgroup Bridge Mode19-13
Treating Workgroup Bridges as Infrastructure Devices or as Client Devices19-14
Configuring a Workgroup Bridge for Roaming19-15
Configuring a Workgroup Bridge for Limited Channel Scanning19-15
Configuring the Limited Channel Set19-15
Ignoring the CCX Neighbor List19-16
Configuring a Client VLAN19-16
Configuring Workgroup Bridge Mode19-16
The Workgroup Bridge in a Lightweight Environment19-18
Guidelines for Using Workgroup Bridges in a Lightweight Environment19-18
Sample Workgroup Bridge Configuration19-20
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xv
Contents
Managing Firmware and Configurations20-1
Working with the Flash File System20-1
Displaying Available File Systems20-2
Setting the Default File System20-3
Displaying Information About Files on a File System20-3
Changing Directories and Displaying the Working Directory20-3
Creating and Removing Directories20-4
Copying Files20-4
Deleting Files20-5
Creating, Displaying, and Extracting tar Files20-5
Creating a tar File20-5
Displaying the Contents of a tar File20-6
Extracting a tar File20-7
Displaying the Contents of a File20-7
Working with Configuration Files20-7
Guidelines for Creating and Using Configuration Files20-8
Configuration File Types and Location20-9
Creating a Configuration File by Using a Text Editor20-9
Copying Configuration Files by Using TFTP20-9
Preparing to Download or Upload a Configuration File by Using TFTP20-10
Downloading the Configuration File by Using TFTP20-10
Uploading the Configuration File by Using TFTP20-11
Copying Configuration Files by Using FTP20-11
Preparing to Download or Upload a Configuration File by Using FTP20-12
Downloading a Configuration File by Using FTP20-12
Uploading a Configuration File by Using FTP20-13
Copying Configuration Files by Using RCP20-14
Preparing to Download or Upload a Configuration File by Using RCP20-15
Downloading a Configuration File by Using RCP20-16
Uploading a Configuration File by Using RCP20-17
Clearing Configuration Information20-17
Deleting a Stored Configuration File20-18
Working with Software Images20-18
Image Location on the Access Point20-18
tar File Format of Images on a Server or Cisco.com20-19
Copying Image Files by Using TFTP20-19
Preparing to Download or Upload an Image File by Using TFTP20-19
Downloading an Image File by Using TFTP20-20
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xvi
OL-14209-01
Uploading an Image File by Using TFTP20-22
Copying Image Files by Using FTP20-22
Preparing to Download or Upload an Image File by Using FTP20-23
Downloading an Image File by Using FTP20-24
Uploading an Image File by Using FTP20-26
Copying Image Files by Using RCP20-27
Preparing to Download or Upload an Image File by Using RCP20-27
Downloading an Image File by Using RCP20-29
Uploading an Image File by Using RCP20-31
Reloading the Image Using the Web Browser Interface20-32
Browser HTTP Interface20-32
Browser TFTP Interface20-33
Configuring System Message Logging21-1
Understanding System Message Logging21-2
Contents
Configuring System Message Logging21-2
System Log Message Format21-2
Default System Message Logging Configuration21-3
Disabling and Enabling Message Logging21-4
Setting the Message Display Destination Device21-5
Enabling and Disabling Timestamps on Log Messages21-6
Enabling and Disabling Sequence Numbers in Log Messages21-6
Defining the Message Severity Level21-7
Limiting Syslog Messages Sent to the History Table and to SNMP21-8
Setting a Logging Rate Limit21-9
Configuring UNIX Syslog Servers21-10
Logging Messages to a UNIX Syslog Daemon21-10
Configuring the UNIX System Logging Facility21-10
Displaying the Logging Configuration21-12
Wireless Device Troubleshooting22-1
Checking the Top Panel Indicators22-2
Indicators on 1130 Series Access Points22-6
Indicators on 1240 Series Access Points22-9
Indicators on 1250 Access Points22-11
Indicators on 1300 Outdoor Access Point/Bridges22-14
Normal Mode LED Indications22-14
Power Injector22-16
Checking Power22-17
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xvii
Contents
Low Power Condition22-17
Checking Basic Settings22-18
SSID22-18
WEP Keys22-18
Security Settings22-18
Resetting to the Default Configuration22-19
Using the MODE Button22-19
Using the Web Browser Interface22-20
Using the CLI22-20
Reloading the Access Point Image22-21
Using the MODE button22-22
Using the Web Browser Interface22-22
Browser HTTP Interface22-23
Browser TFTP Interface22-23
Using the CLI22-24
Obtaining the Access Point Image File22-25
Obtaining TFTP Server Software22-26
APPENDIX
APPENDIX
APPENDIX
AProtocol FiltersA-1
BSupported MIBsB-1
MIB ListB-1
Using FTP to Access the MIB FilesB-2
CError and Event MessagesC-1
ConventionsC-2
Software Auto Upgrade MessagesC-3
Association Management MessagesC-5
Unzip MessagesC-6
802.11 Subsystem MessagesC-7
Inter-Access Point Protocol MessagesC-20
Local Authenticator MessagesC-21
WDS MessagesC-23
Mini IOS MessagesC-24
Access Point/Bridge MessagesC-25
Cisco Discovery Protocol MessagesC-25
External Radius Server Error MessagesC-26
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xviii
OL-14209-01
G
LOSSARY
I
NDEX
Contents
LWAPP Error MessagesC-26
Sensor MessagesC-27
SNMP Error MessagesC-28
SSH Error MessagesC-29
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xix
Contents
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xx
OL-14209-01
Audience
Preface
This guide is for the networking professional who installs and manages Cisco Aironet Access Points. To
use this guide, you should have experience working with the Cisco IOS software and be familiar with
the concepts and terminology of wireless local area networks.
The guide covers two Cisco IOS releases: 12.4(10b)JA and 12.3(8)JEC. Cisco IOS Release 12.4(10b)JA
supports the following autonomous 32 Mb platforms:
• 1130 series access point
• 1240 series access point
NoteThis guide does not cover lightweight access points. Configuration for these devices can be found in the
Purpose
• 1250 series access point
• 1300 outdoor access point/bridge
Cisco IOS Release 12.3(8)JEC is a maintenance release and supports the following autonomous 16 Mb
platforms:
• 1100 series access point
• 1200 series access point
• 1230 series access point
appropriate installation and configuration guides on cisco.com.
This guide provides the information you need to install and configure your access point. This guide
provides procedures for using the Cisco IOS software commands that have been created or changed for
use with the access point. It does not provide detailed information about these commands. For detailed
information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release. For information about the standard Cisco IOS software commands,
refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support > Documentation. On the Cisco Support Documentation home page, select Release 12.4 from the Cisco
IOS Software drop-down list. Select wireless in the left frame to view the Wireless Support Resources
page, then navigate to the access point or bridge for you are using.
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xix
Organization
This guide also includes an overview of the access point web-based interface (APWI), which contains
all the functionality of the command-line interface (CLI). This guide does not provide field-level
descriptions of the APWI windows nor does it provide the procedures for configuring the access point
from the APWI. For all APWI window descriptions and procedures, refer to the access point online help,
which is available from the Help buttons on the APWI pages.
Organization
This guide is organized into these chapters:
Chapter 1, “Overview,” lists the software and hardware features of the access point and describes the
access point’s role in your network.
Chapter 2, “Using the Web-Browser Interface,” describes how to use the web-browser interface to
configure the access point.
Chapter 3, “Using the Command-Line Interface,” describes how to use the command-line interface (CLI)
to configure the access point.
Chapter 4, “Configuring the Access Point for the First Time,” describes how to configure basic settings
on a new access point.
Chapter 5, “Administering the Access PointWireless Device Access,” describes how to perform one-time
operations to administer your access point, such as preventing unauthorized access to the access point,
setting the system date and time, and setting the system name and prompt.
Chapter 6, “Configuring Radio Settings,” describes how to configure settings for the access point radio
such as the role in the radio network, transmit power, channel settings, and others.
Preface
Chapter 7, “Configuring Multiple SSIDs,” describes how to configure and manage multiple service set
identifiers (SSIDs) and multiple basic SSIDs (BSSIDs) on your access point. You can configure up to 16
SSIDs and up to eight BSSIDs on your access point.
Chapter 8, “Configuring Spanning Tree Protocol,”describes how to configure Spanning Tree Protocol
(STP) on your access point, bridge, or access point operating in a bridge mode. STP prevents bridge
loops from occurring in your network.
Chapter 9, “Configuring an Access Point as a Local Authenticator,” describes how to configure the
access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your
main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices.
Chapter 10, “Configuring Cipher Suites and WEP,” describes how to configure the cipher suites required
to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including
MIC, CMIC, TKIP, CKIP, and broadcast key rotation.
Chapter 11, “Configuring Authentication Types,” describes how to configure authentication types on the
access point. Client devices use these authentication methods to join your network.
Chapter 12, “Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion
Detection Services,” describes how to configure the access point to participate in WDS, to allow fast
reassociation of roaming client services, and to participate in radio management.
Chapter 13, “Configuring RADIUS and TACACS+ Servers,” describes how to enable and configure the
RADIUS and Terminal Access Controller Access Control System Plus (TACACS+), which provide
detailed accounting information and flexible administrative control over authentication and
authorization processes.
Chapter 14, “Configuring VLANs,” describes how to configure your access point to interoperate with
the VLANs set up on your wired LAN.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xx
OL-14209-01
Preface
Conventions
Chapter 15, “Configuring QoS,” describes how to configure and manage MAC address, IP, and Ethertype
filters on the access point using the web-browser interface.
Chapter 16, “Configuring Filters,” describes how to configure and manage MAC address, IP, and
Ethertype filters on the access point using the web-browser interface.
Chapter 17, “Configuring CDP,” describes how to configure Cisco Discovery Protocol (CDP) on your
access point. CDP is a device-discovery protocol that runs on all Cisco network equipment.
Chapter 18, “Configuring SNMP,” describes how to configure the Simple Network Management
Protocol (SNMP) on your access point.
Chapter 19, “Configuring Repeater and Standby Access Points and Workgroup Bridge Mode,” describes
how to configure your access point as a hot standby unit or as a repeater unit.
Chapter 20, “Managing Firmware and Configurations,” describes how to manipulate the Flash file
system, how to copy configuration files, and how to archive (upload and download) software images.
Chapter 21, “Configuring System Message Logging,” describes how to configure system message
logging on your access point.
Chapter 22, “Wireless Device Troubleshooting,” provides troubleshooting procedures for basic
problems with the access point.
Appendix A, “Protocol Filters,” lists some of the protocols that you can filter on the access point.
Information Bases (MIBs) that the access point supports for this software release.
Appendix C, “Error and Event Messages,” lists the CLI error and event messages and provides an
explanation and recommended action for each message.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Interactive examples use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and timesavers use these conventions and symbols:
TipMeans the following will help you solve a problem. The tips information might not be troubleshooting
or even an action, but could be useful information.
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xxi
Conventions
Preface
NoteMeans reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
CautionMeans reader be careful. In this situation, you might do something that could result equipment damage
or loss of data.
Warning
Waarschuwing
Varoitus
Attention
Warnung
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar
with standard practices for preventing accidents. (To see translations of the warnings that appear
in this publication, refer to the appendix “Translated Safety Warnings.”)
Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan
veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij
elektrische schakelingen betrokken risico’s en dient u op de hoogte te zijn van standaard
maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze
publicatie verschijnen, kunt u het aanhangsel “Translated Safety Warnings” (Vertalingen van
veiligheidsvoorschriften) raadplegen.)
Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen
kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja
tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten
käännökset löydät liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat
varoitukset).)
Ce symbole d’avertissement indique un danger. Vous vous trouvez dans une situation pouvant
entraîner des blessures. Avant d’accéder à cet équipement, soyez conscient des dangers posés par
les circuits électriques et familiarisez-vous avec les procédures courantes de prévention des
accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez
consulter l’annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité).
Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer
Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie
sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur
Vermeidung von Unfällen bewußt. (Übersetzungen der in dieser Veröffentlichung enthaltenen
Warnhinweise finden Sie im Anhang mit dem Titel “Translated Safety Warnings” (Übersetzung der
Warnhinweise).)
Avvertenza
Questo simbolo di avvertenza indica un pericolo. Si è in una situazione che può causare infortuni.
Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti
elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione
delle avvertenze riportate in questa pubblicazione si trova nell’appendice, “Translated Safety
Warnings” (Traduzione delle avvertenze di sicurezza).
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xxii
OL-14209-01
Preface
Related Publications
Advarsel
Aviso
¡Advertencia!
Varning!
Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du
utfører arbeid på utstyr, må du være oppmerksom på de faremomentene som elektriske kretser
innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. (Hvis du vil se
oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated
Safety Warnings" [Oversatte sikkerhetsadvarsler].)
Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos
fisicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos
relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir
possíveis acidentes. (Para ver as traduções dos avisos que constam desta publicação, consulte o
apêndice “Translated Safety Warnings” - “Traduções dos Avisos de Segurança”).
Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular
cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los
procedimientos estándar de prevención de accidentes. (Para ver traducciones de las advertencias
que aparecen en esta publicación, consultar el apéndice titulado “Translated Safety Warnings.”)
Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada.
Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och
känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som
förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta
säkerhetsvarningar].)
Related Publications
These documents provide complete information about the access point:
• Quick Start Guide: Cisco Aironet 1100 Series Access Points
• Quick Start Guide: Cisco Aironet 1130AG Series Access Point
• Quick Start Guide: Cisco Aironet 1200 Series Access Points
• Quick Start Guide: Cisco Aironet 1240 Series Access Point
• Quick Start Guide: Cisco Aironet 1250 Series Access Point
Related documents from the Cisco TAC Web pages include:
• Antenna Cabling
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly
What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
xxiv
OL-14209-01
CHA P T ER
1
Overview
Cisco Aironet Access PointsCisco wireless devices (hereafter called access points or wireless devices)
provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and
flexibility with the enterprise-class features required by networking professionals. With a management
system based on Cisco IOS software, Cisco Aironet access pointwireless devices are Wi-Fi certified,
802.11a-compliant, 802.11b-compliant, 802.11g-compliant, and pre-802.11n-compliant wireless LAN
transceivers.
NoteThe 802.11n standard has not been ratified. Therefore, references to 802.11n throughout this document
refer to 802.11n Draft 2.0.
An access pointwireless device serves as the connection point between wireless and wired networks or
as the center point of a stand-alone wireless network. In large installations, wireless users within radio
range of an access pointwireless device can roam throughout a facility while maintaining seamless,
uninterrupted access to the network.
You can configure and monitor the wireless device using the command-line interface (CLI), the
browser-based management system, or Simple Network Management Protocol (SNMP). Use the
interface dot11radio global configuration CLI command to place the wireless device into the radio
configuration mode.
Each access point platform contains one or two radios:
• The 1100 series access point uses a single, 802.11b, 2.4-GHz mini-PCI radio that can be upgraded
to an 802.11g, 2.4-GHz radio.
• The 1130 series access point has integrated 802.11g and 802.11a radios and antennas.
• The 1200 series access point can contain two radios: a 2.4-GHz radio in an internal mini-PCI slot
and a 5-GHz radio module in an external, modified cardbus slot. The 1200 series access point
supports one radio of each type, but it does not support two 2.4-GHz or two 5-GHz radios.
• The 1230 series access point is pre-configured to include both an 802.11g and an 802.11a radio. It
has antenna connectors for externally attached antennas for both radios.
• The 1240 series access point uses two externally connected antennas for each band instead of
built-in antennas.
• The 1250 series access point uses three externall connected antennas for its pre-802.11n radios
operating on the 2.4- or 5-GHz frequency bands.
• The 1300 series outdoor access point/bridge uses an integrated antenna and can be configured to use
external, dual-diversity antennas.
This chapter provides information on the following topics:
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-1
Features
Features
NoteThe proxy Mobile-IP feature is not supported in Cisco IOS Releases 12.3(2)JA and later.
NoteCisco IOS Release 12.3(8)JEC is a maintenance release only. No new features are included in this
Chapter 1 Overview
• Features, page 1-2
• Management Options, page 1-2
• Roaming Client Devices, page 1-3
• Network Configuration Examples, page 1-3
This section lists features supported on access pointWireless devices running Cisco IOS software.
release.
Features Introduced in This Release
Table 1-1 lists the new features in Cisco IOS Release 12.4(10b)JA and the supported platforms.
Table 1-1New Cisco IOS Software Features for Cisco IOS Release 12.4(10b)JA
Feature
J52 to W52 migration on the RM20 radio
for Japan.
Support for Cisco Aironet 1250 Series
Access Points
Support for the Cisco 1250 802.11n radio –x–
Management Options
You can use the wireless device management system through the following interfaces:
• The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet
session. Use the interface dot11radio global configuration command to place the wireless device
into the radio configuration mode. Most of the examples in this manual are taken from the CLI.
Chapter 3, “Using the Command-Line Interface,” provides a detailed description of the CLI.
• A web-browser interface, which you use through a Web browser. Chapter 2, “Using the
Web-Browser Interface,” provides a detailed description of the web-browser interface.
Cisco
Cisco
Aironet 1100
Series
Access
Points
xx––
–x––
Cisco
Aironet 1240
Series
Access
Points
Aironet 1300
Series
Outoor
Access
Point/Bridge
Cisco
Aironet 1400
Series
Wireless
Bridge
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-2
OL-14209-01
Chapter 1 Overview
• Simple Network Management Protocol (SNMP). Chapter 18, “Configuring SNMP,” explains how to
configure the wireless device for SNMP management.
Roaming Client Devices
If you have more than one wireless device in your wireless LAN, wireless client devices can roam
seamlessly from one wireless device to another. The roaming functionality is based on signal quality, not
proximity. When a client’s signal quality drops, it roams to another access point.
Wireless LAN users are sometimes concerned when a client device stays associated to a distant access
point instead of roaming to a closer access point. However, if a client’s signal to a distant access point
remains strong and the signal quality is high, the client will not roam to a closer access point. Checking
constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput
on the wireless LAN.
Using CCKM and a device providing WDS, client devices can roam from one access point to another so
quickly that there is no perceptible delay in voice or other time-sensitive applications.
Roaming Client Devices
Network Configuration Examples
This section describes the access point’s role in common wireless network configurations. The access
point’s default configuration is as a root unit connected to a wired LAN or as the central unit in an
all-wireless network. Access points can also be configured as repeater access points, bridges, and
workgroup bridges. These roles require specific configurations.
Root Access Point
An access point connected directly to a wired LAN provides a connection point for wireless users. If
more than one access point is connected to the LAN, users can roam from one area of a facility to another
without losing their connection to the network. As users move out of range of one access point, they
automatically connect to the network (associate) through another access point. The roaming process is
seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.
OL-14209-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-3
Network Configuration Examples
Access point
Access point
135445
Access pointRepeater
135444
Figure 1-1Access Points as Root Units on a Wired LAN
Chapter 1 Overview
Repeater Access Point
An access point can be configured as a stand-alone repeater to extend the range of your infrastructure or
to overcome an obstacle that blocks radio communication. The repeater forwards traffic between
wireless users and the wired LAN by sending packets to either another repeater or to an access point
connected to the wired LAN. The data is sent through the route that provides the best performance for
the client. Figure 1-2 shows an access point acting as a repeater. Consult the “Configuring a Repeater
Access Point” section on page 19-3 for instructions on setting up an access point as a repeater.
NoteNon-Cisco client devices might have difficulty communicating with repeater access points.
Figure 1-2Access Point as Repeater
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-4
OL-14209-01
Loading...
+ 490 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.