Page 1
User Guide for the CiscoWorks 1105
Wireless LAN Solution Engine
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814947=
Text Part Number: 78-14947-01
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR T HE A CCOMPANYING PRODUCT ARE SET FOR TH IN T HE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header com pression i s an adap tati on o f a pr ogr am d eveloped by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDIN G ANY OTHER WA RRANTY HEREIN, AL L DOCUMENT FILE S AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICU LAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
CIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of
isco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST,
PX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
isco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch,
ast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers
ogo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet,
trataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of
isco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
ll other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a
artnership relationship between Cisco and any other company. (0304R)
User Guide for t he CiscoWorks 1105 Wireless LAN Solu tion Engine
Copyright ©2002, Cisco Sy stems , Inc.
All rights reserved.
Page 3
Preface xiii
Audience xiii
Conventions xiii
Related Documentation xiv
Obtaining Documentation xv
World Wide Web xv
Ordering Documentation xvi
Documentation Feedback xvi
Obtaining Technical Assistance xvi
CONTENTS
CHAPTER
CHAPTER
Cisco.com xvii
Technical Assistance Center xvii
1 Getting Started 1-1
Overview of the Wireless LAN Solution Engine 1-1
Understanding the WLSE User Interface 1-2
The WLSE Dashboard 1-2
Device Name and IP Address Display 1-5
Time Display 1-5
Logging In and Out 1-6
Getting Started with Device Management 1-7
2 Fault Monitoring 2-1
Displaying F aults 2-1
Viewing Fault Details 2-5
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
iii
Page 4
Contents
Managing Profiles 2-7
Creating a Pr of ile 2-8
Copying a Profile 2-8
Renaming a Pr ofile 2-9
Editing a Profile 2-9
Deleting a Pr of ile 2-10
Assigning a Profile to a Device 2-10
Viewing Devices 2-11
Profile Choices 2-12
Notification Settings 2-20
Setting Trap Notification 2-21
Setting Syslog Notification 2-22
Emailing Fa u lts 2-23
CHAPTER
3 Configuring Devices 3-1
Using the Templa tes 3-1
Template Choices 3-2
Creating a Template 3-132
Copying a Templa te 3-133
Editing a Template 3-134
Deleting a Te mp late 3-134
Importing a Template 3-135
Exporting a Template 3-137
Managing Configuration Jobs 3-137
Job Choices 3-138
Creating a Configuration Job 3-144
Viewing Configuration Job Status 3-144
Automating Configurations 3-151
Assigning a Sta rtup Configuration 3-151
Creating a St a rt up Configuration Templa te 3-153
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
iv
78-14947-01
Page 5
Assigning an Auto-Managed Configuration 3-154
Contents
CHAPTER
CHAPTER
4 Updating Device Firm ware 4-1
Managing Firmware Images 4-1
Viewing Images on the WLSE 4-2
Editing Image Details on the WLSE 4-3
Deleting Imag es from the WLSE 4-4
Importing Images 4-4
Using a Remote TFTP Server for Image Upload 4-9
Managing Firmware Jobs 4-9
Job Choices 4-10
Creating a Fi rmware Job 4-18
Using the Job Functions 4-18
5 Using Reports 5-1
Using the Devic e Center 5-1
Viewing the Fa ult Summary Re po rt 5-3
78-14947-01
Viewing Device History 5-4
Viewing Con fig History 5-4
Viewing Firm w a re His to r y 5-5
Displaying Wireless Client Reports 5-6
Displaying a Client Detail Report 5-6
Displaying a Client Statistics Report 5-8
Displaying a Client Historical Association Report 5-9
Displaying Cu rrent Reports 5-11
Displaying a Group Report 5-12
Displaying a Group Security Report 5-14
Displaying a Group SSID Report 5-16
Displaying a Group VLAN Report 5-18
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
v
Page 6
Contents
Displaying a Per VLAN Client Report 5-20
Displaying a Group Policy Report 5-21
Displaying an AP Summary Report 5-24
Displaying a Detailed Report 5-26
Displaying a Current Client Association Report 5-29
Displaying an EAP Authentication Report 5-30
Displaying a n AP Ethertype Protocol Filters Report 5-32
Displaying a n AP IP Protocol Filt ers Report 5-33
Displaying an AP IP Port Filters Report 5-35
Displaying an AP Policy Report 5-36
Displaying an AP QBSS QoS Report 5-38
Displaying an AP SSID Report 5-40
Displaying an AP VLAN Report 5-42
Displaying a Per VLAN Client Report 5-43
Displaying a Switch Summary Report 5-45
Displaying an AP and Bridge Connected to Switch Report 5-46
Displaying a Router Summary Report 5-47
Displaying an AP and Bridge Connected to Router Report 5-48
Displaying a Server Summary Report 5-49
Displaying T rends 5-50
Displaying a Group Performance Report: RF Utilization 5-51
Displaying a Group Performance Report: Ethernet Ut ilization 5-53
Displaying a Top N Number of Associations Report 5-54
Displaying a Top N Percentage Errors 5-55
Displaying an AP and Bridge RF Transmission Statistics Report 5-56
Displaying a n AP and Bridge Ethernet Transmission Statistics Report 5-58
Displaying an AP and Bridge Performance Graph 5-60
Displaying a n AP and Bridge Performance: Tabular 5-61
Displaying Top N Busiest Clients 5-62
Displaying T op N Client Error Rate 5-64
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
vi
78-14947-01
Page 7
Displaying a Server Response Time Graph 5-65
Exporting a Report 5-66
Emailing a R ep or t 5-66
Scheduling Email Jobs 5-68
Viewing Email Job Details 5-69
Contents
CHAPTER
6 Performing Administrative Tasks 6-1
Using Discovery and Managing Devices 6-2
Managing Devices 6-2
Specifying Device Credentials 6-6
Managing Device Discovery 6-10
Running Invent ories 6-24
Viewing Inventor y and Discovery Task History 6-27
Importing Devices 6-28
Exporting Devices 6-31
Adding, Modifying and Deleting AAA Servers 6-33
Managing Groups 6-37
Overview: Groups 6-37
Creating, Editing, and Dele ting Groups 6-39
Managing the Appliance 6-44
Viewing WLSE Status 6-45
Managing the Software 6-47
Overview: Security 6-55
Managing Security 6-56
Backing Up and Restoring Data 6-61
Using Diagnostics 6-64
Setting Up the Splash Screen Message 6-69
Setting the Current Time and Date on the WLSE 6-69
Specifying NTP Time Servers 6-70
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
vii
Page 8
Contents
Specifying Name Servers 6-71
Specifying an SMTP Mail Server 6-71
Using Connectivity Tools 6-72
Managing System Parameters 6-73
Administering Users 6-75
Managing Roles 6-75
Managing Users 6-77
Modifying Your Profile 6-80
Linking to a CiscoWorks2000 Server 6-81
CHAPTER
CHAPTER
APPENDIX
APPENDIX
7 Frequently Asked Questions 7-1
8 Troubleshooting 8-1
A Naming Guidelines A-1
B Command Reference B-1
Using the CLI B-2
CLI Conventio ns B-2
Command Privileges B-2
Checking Command Syntax B-2
Command History Feature B-3
Help for CLI Co m mands B-3
Command Summary B-4
Command Description Conventions B-9
Privilege Level 0 Commands B-10
exit B-10
ping B-10
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
viii
78-14947-01
Page 9
show clock B-11
show domain-name B-12
show interfac es B-13
show process B-13
show version B-14
traceroute B-15
Privilege Le v el 15 Co m m a nd s B-17
auth B-17
backup B-18
backupconfig B-19
cdp B-20
clock B-21
df B-22
Contents
erase config B-23
firewall B-24
gethostbyname B-25
hostname B-25
import B-26
install configure B-27
install list B-28
install update B-29
interface B-30
ip domain-name B-31
ip name-server B-32
listbackup B-33
mail B-34
mailcntrl clear B-35
mailcntrl list B-35
mailroute B-36
nslookup B-36
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
ix
Page 10
Contents
ntp server B-37
reload B-39
reinitdb B-40
repository B-40
repository add B-41
repository delete B-42
repository list B-43
repository server B-44
restore B-45
route B-46
services B-46
show anilog B-48
show auth-cli B-49
show auth-http B-49
show backupconf ig B-50
show bootlog B-51
show cdp neighbor B-52
show cdp run B-52
show collectorlog B-53
show config B-54
show daemonslog B-55
show dmgtdlog B-56
show webaccesslog B-57
show weberrorlog B-58
show websslaccesslog B-59
show import B-59
show install logs B-60
show ipchains B-60
show hosts B-61
show maillog B-62
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
x
78-14947-01
Page 11
show proc B-62
show repositor y B-63
show route B-64
show securitylog B-64
show snmp-server B-66
show ssh-version B-66
show syslog B-67
show tech B-68
show telnetenable B-68
show tomcatlog B-69
shutdown B-70
snmp-server B-71
ssh B-71
Contents
G
LOSSARY
I
NDEX
ssh-version B-72
telnet B-72
telnetenable B-73
username B-74
Maintenance Image Commands B-75
erase config B-75
fsck B-76
reload B-76
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xi
Page 12
Contents
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xii
78-14947-01
Page 13
Audience
Preface
This manual desc ribe s the Wireless LAN So luti on Engi n e (WL SE) an d provides
instructions for usi ng it.
This docume nt is for sy stem a dmin istr ato rs re spon sibl e fo r m anag i ng a w ire less
network who are familiar with some of the concepts and terminology of Ethernet
and wireless local area networking.
Conventions
This docu me nt u ses the f oll owing conventions:
Item Convention
Commands and keywords boldface font
Variables for wh ich you supply values italic font
Displayed session and system inform ation
Information you enter
Variables you enter
screen font
boldface screen font
italic screen
font
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xiii
Page 14
Related Documentation
Note Means reader take note. Notes contain helpful suggestions or references to
Caution Means rea de r b e ca ref ul. In this situation, you might do something that could
Preface
Item Convention
Menu items a nd button na mes boldface font
Selecting a menu item Option>Network Preferences
material not covered in th e publica tion.
result in equipment dam age or loss of dat a.
Related Documentation
Note Although every effort has been made to validate the a ccuracy of th e info rmati on
in the printed and electronic documentation, you should also review the Wireless
LAN Solution Engi ne do cu me ntation o n C is co.c om fo r a ny up dates.
The following additional documentation is available:
Paper Docu m entation
• Installation and Configuration Guide for the CiscoWorks 1105 Wireless LAN
Solution Engine
• Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
• Regulatory Compliance and Safety In format ion for the Cisco Works 1105
Wireless LAN Solution Engine
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xiv
78-14947-01
Page 15
Preface
Obtaining Documentation
Online Documentation
• Online help—Access the online help by clicking on the Help tab.
• Release Notes for the Ci sco Works 1105 Wireless LAN Solution Engine
• Integrating Cisco Applications with CiscoWorks2000 Management
Connection (CMC)
• PDF for:
–
Installation and Configuration Guide fo r the CiscoWorks 1105 Warless
LAN Solution Engine
–
Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution
Engine
–
Regulatory Compliance and Safety Information for the CiscoW orks 1105
Wireless LAN Solution Engine
Note Adobe Acrobat Reader 4.0 is required.
Obtaining Documentation
These sections explain how to obtain do cumentat ion from Cisco Systems.
World Wide Web
You can access the most current Cisco do cumentation on the World Wide Web at
this URL:
http://www.cisco.com
Translated documentation is available at this URL:
http://www.cisco.com/public/countries_languages.shtml
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xv
Page 16
Obtaining Technical Assistance
Ordering Documentation
Cisco documentation is available in these ways:
• Register ed Cisco.co m users (Cis co direct cus tomers) can order Cisco product
documentation from the Ne twork ing Prod ucts Mar ketPlac e:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com users can orde r the Document ation CD-ROM through
the online Subscriptio n Stor e:
http://www.cisco.com/go/subscription
• Nonregistered Cisco.com users can orde r documen tation thro ugh a loca l
account represent ative by calling Cisco corp orate he adquar ters (Cal ifornia ,
USA) at 408 526-7208 or, elsewhere in North America, by calling
800 553-NETS (6387).
Preface
Documentation Feedback
You can e-mai l your comm ents t o bug-doc@c isco.com.
You can submit yo ur comm ents by mail by using the respon se card beh ind the
front cover of your document or by writing to the following address:
Cisco Systems
Attn: Document Re source Conn ectio n
170 West Tasman Drive
San Jose, CA 951 34- 988 3
We ap prec iate yo ur comm ents .
Obtaining Technical Ass istance
Cisco provides Cisco.com as a starting point for all technical assistance.
Customers and partner s can obta in online do cume ntation , troubl eshooting tips,
and sample configurations from online tools by using the Cisco Technical
Assistance Center (TAC) Web Site. Cisco.com registered users have complete
access to the technical support resources on the Cisco TAC Web Site.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xvi
78-14947-01
Page 17
Preface
Cisco.com
Obtaining Technical Assistance
Cisco.com is the found ation of a suite of inter active, networked service s that
provides immediate, ope n acces s to Cisco infor matio n, networking solutions,
services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Interne t application and a powerful, easy-to-use
tool that provides a broa d range of fe atures and services t o help you to
• Streamline business processes and impr ove productivity
• Resolve technical issues with online support
• Download and t e st so ft ware pa ck ag es
• Order Cisco lea rning m ateria ls and merc handi se
• Register for online skill assessment, training, and certification programs
You can self-register on Cisco.c om to obtain custo mized information a nd service.
To access Cisco.com, go to this URL:
http://www.cisco.com
Technical Assistance Center
The Cisco Technical Assista nce Cent er (TAC) is available to all custom ers wh o
need technical assistance with a Cisc o product , technolo gy, or solution. Two
levels of support are available: the Cisco TAC We b Site and the Cisco TAC
Escalation Center.
Cisco TAC inquires are categorized according to the urgency of the issue:
• Priority level 4 (P4)—You need information or assistance concerning Cisco
product capabilitie s, product installati on, or basi c product con figuration.
• Priority level 3 (P3)—You r network perf ormance is degraded. Network
functionality is noticeably impaired, but most business operations continue.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xvii
Page 18
Obtaining Technical Assistance
• Priority level 2 (P2)—You r produc tion netwo rk is severely degraded,
• Priority lev el 1 (P1)—Your production network is down, and a critical impact
Which Cisco T AC resource you choose is based on the priority of the problem and
the conditions of service contracts, when applicable.
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving
both cost and time. The site provides around-the-clock access to online tools,
knowledge bases, and software. To access the Cisco TAC Web Site, go to this
URL:
Preface
affecting significant aspects of busine ss operatio ns. No workar ound is
available.
to business operations will occur if serv ice is not rest ored quickl y. No
workaround is available.
http://www.cisco.com/tac
All customers, p art ners, and rese llers who have a valid Cisco serv ice cont ract
have complete access to the technical support resour ces on the Cisco TAC Web
Site. The Cisco TAC Web Site requires a Cisco .com login ID and pa ssword. If
you have a valid service cont rac t but do not have a login I D or pa ssword, g o to
this URL to register:
http://www.cisco.com/register/
If you are a Cisco.com registered use r, and you cannot resolve your tec hnica l
issues by usin g the Cis co TA C Web Site, you can open a cas e on lin e by using the
TAC Case Open tool at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is rec ommende d that you open P3 and P4 ca ses
through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2
issues. These classifications are assigned when severe network degradation
significantly impacts business opera tions . When you conta ct the TAC Esca lati on
Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a
case.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xviii
78-14947-01
Page 19
Preface
Obtaining Technical Assistance
To obtain a directory of toll-free Cisco TAC telephone numbers for your country,
go to this URL :
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determ ine the
level of Cisco support services to which your company is entitled: for example,
SMARTnet, SMARTne t Onsite , or Network Supp orted Acc ounts (NSA). When
you call the center , pl ease hav e ava ilable your service agreement numbe r and your
product serial n umb er.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xix
Page 20
Obtaining Technical Assistance
Preface
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
xx
78-14947-01
Page 21
CHAPTER
1
Getting Started
The following topics provid e an overview of the Wireless LAN Solution En gine
(WLSE), information about WLSE displays, and assistance with getting started:
• Overview of the Wireless LAN Solution Engine, pa ge 1-1
• Understanding the WLSE User In terface, pa ge 1-2
• Logging In and O ut, pa ge 1-6
• Getting Started with Device Manageme nt, page 1 -7
Overview of the Wireless LAN Solution Engine
The WLSE is a hardware and software sol ution for man aging Cisco wireless
devices. The WLSE has the fo llowing m ajor fea ture s:
• Configuration and Firmware
The configuration fe ature allows you to apply a set of configuration changes
to access points and bridges. Using the firmware feature, you can upgrade the
firmware on access points and bridges.
• Reporting
Allows you to display reports for tracking dev ice, client and security
information. R eports can be emailed , printed, and exported.
• Fault and Policy Mo nito ring
Provides device monitoring for fault and performance conditions, monitoring
of LEAP server re sp onses, a nd mon i toring of p olicy misc onfiguration s.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
1-1
Page 22
Understanding the WLSE User Interface
The WLSE works by gathering fault, performance, and configuration information
about Cisco d evices that it dis covers in your n etwor k. T he devices mu st be
properly configured fo r disc overy. After devices are discovered, yo u deci de
which devices to manage with the WLSE.
Understanding the WLSE User Interfac e
When you log into the WLSE through the World Wide Web, the set of features
(tabs and subtabs) displ ayed in the UI depends on t he roles assigned to your user
login. A user wi th syst em admin istrato r pri vile ges can acces s the featu res in all of
the tabs and subtabs, while other users may see only a subset of features. For more
information about user roles, se e Managi n g R oles, pag e 6-75 .
Chapter 1 Getting Started
Note The WLSE UI times out after 30 minutes of inactivity and you must log in again.
The timeout is not co nfigurab le.
This section describes the following aspects of the UI :
• The dashboar d, i ncl uding the tabs, su bt abs, a nd buttons in the u pper ri ght
corner—See The W LSE D ashbo ar d, pa ge 1-2.
• How device names and IP a ddres ses ar e disp layed in t he WLSE GU I —See
Device Name and IP Address Display, page 1-5.
• The way the WLSE displays timestamps—See Time Display, page 1-5.
The WLSE Dashboard
The WLSE dashboar d consist s of:
• Tabs and subtabs that provide access to specific functions (see Tabs and
Subtabs, page 1-3).
• Buttons in the upper right corner that provide general functions (see Buttons,
page 1-4).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-2
78-14947-01
Page 23
Chapter 1 Getting Started
Understanding the WLSE User Interface
Tabs and Subtabs
The dashboard co ntains the following tabs and subta bs:
Table 1-1 Tabs and Subtabs
Main Tab Subtabs For information, see...
Faults Display faults—display device faults.
Manage Profiles—u se profiles to set thresholds and policies.
Fault Forwarding—send fault i nfo rm ation (t rap s, sysl og
messages, and emails)
Configure Templates—create configuration templates.
Jobs—apply c onfigura tion t emp lates t o devices.
Auto update—automate initial configuration.
Firmware Images—import firmware for access points and bridges from
the desktop or f rom Cisc o.co m to t he WLSE .
Jobs—upload firmware to devices.
Reports Device Center—quickly view report s for a parti cular device.
Wireless Clients—view reports about client associations with
access points.
Current—view, export, and email report s abo ut eac h t ype of
monitored device.
Trends—view , e xport, and email reports about current trends
for monitored devices.
Fault Monitoring,
page 2-1.
Configuring Devices,
page 3-1.
Updating Device
Firmware, page 4-1
Using Rep ort s,
page 5-1.
Scheduled email jobs—manage email jobs.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-3
Page 24
Chapter 1 Getting Started
Understanding the WLSE User Interface
Table 1-1 Tabs and Subtabs (continued)
Main Tab Subtabs For information, see...
Administration Discover—run discoveries, enter device credentials, put
devices under management, run immediate inventories, view
task history for inventory and discovery, import and export
devices, and enter AAA servers (LEAP, RADIUS, and
EAP-MD5) to be moni tored.
Group Management—view and manage device grouping.
Appliance—manage the WLSE syst em (vi ew diagnost ics,
manage WLSE software, manage WLSE secur ity, backup
and restore data, configure the login screen, set current time,
specify NTP servers and name servers, and set up routing for
email jobs).
System Parameters—set global parameters for inventory and
polling.
User Admin—manage users and use r pro files.
My Profile—reset your password.
Connectivity Tools—use the connectivity tools (ping,
traceroute, nslo oku p, TC P po rt sca n, a nd SNMP
reachability).
Performing
Administrative T asks,
page 6-1.
Buttons
1-4
The four button s in the upper rig ht corner of the user in terf ace ha v e the f ollo win g
functions:
• Help—Displays online help for the subtab or option you are using and a table
of contents and i nd ex for o nl ine hel p.
• About—Displa ys informa tion ab out the WLSE version.
• Logout—Lo gs you out of th e WLSE and di splays th e login scre en.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Page 25
Chapter 1 Getting Started
Device Name and IP Address Display
Many WLSE displays include a field for the device name. Th e data displa yed in
this field differs depending up on the fo llowing:
• If rever se DNS lookup is enabled on the WLSE, the de vice na me is displayed
in this field if the lookup succeeds. If the lookup fails, the device IP address
is displayed.
• If you do not enable reverse DNS lookup an d device’s sysName is set, the
sysName SNMP variable is displayed. If sysNam e is no t set, th e device IP
address is displayed.
In some displays there are separate fields for device name, sysName, and IP
address.
To e nabl e D NS lo okup o n th e WL SE, se lec t Administration > Discover >
DISCOVER > Disco very Optio ns and select Use reverse DNS lookup. For more
information, see E nabl e D iscovery O ptio ns , pa ge 6- 18 .
Understanding the WLSE User Interface
Time Display
The WLSE uses browser (client) time in most of its displays. The format of
timestamps depends on th e browser you are using :
• In Internet Explorer, the timestamp usually consists of the browser time
(hours:minutes: seconds) and date ; for example:
14:17:16 10/12/200 2
In some displays the timestamp is the day of the week, month and day,
browser time, timezone, and year; for example:
Sat Oct 12 11:15:01 PDT 2002
• In Netscape Navigator, the timestamp usually consists of the browser time
(hours:minutes: seconds) and date ; for example:
14:17:16 10/12/200 2
In some displays the timestamp is the day of the week, time, offset from
GMT/UTC, timez one, and ye ar; fo r example:
Mon Mar 25 13:29:21 GMT-0800 (Pacific Standard Time) 2002
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-5
Page 26
Logging In and Out
It is recomm ended th at you ch eck the cu rrent tim e on the W LSE and res et it to the
correct time the first time you log in. For more information about setting the
current t ime, s ee Setting the Current Time and Date on the WLSE, page 6-69.
The WLSE’s system time is Universal Coor dinated T ime (UTC), and UTC is used
in certain logs, such as the Discov ery Run Log. To display or reset the UTC time,
use the CLI clock command. For more information on this comma nd and othe r
CLI command s, see the co mman d refe rence i n the Hardware Installation and
Configuration Guide for the CiscoWorks 1105 Wireless LAN S olution
Engine—click the PDF button in the online help.
Logging In and Out
When user logins are set up, users are a ssigned one or mor e roles. Roles de fine
which tabs and su bt ab s a re vi sib le t o th e use r an d, the re for e, w hi ch fe atu re s c an
be accessed. There are predefined roles, which can be edited but not removed; and
you can create new roles. After initial setup, only the admin user can log into the
WLSE, using th e reser ved u ser name admin and the password specified du ring
initial setup. To set up access for other users, see Managing Users, page 6-77 and
Managing Roles, p ag e 6-75.
Chapter 1 Getting Started
1-6
Procedure
To log into the GUI:
Step 1 Access the WLSE through a browser by entering the WLSE’s IP address,
followed by :1741 (for example: http://209.165 .128:174 1).
For information on suppor ted browsers, see th e Quick Start Guide for the
CiscoWorks 110 5 Wireless LAN Solution Engine.
Step 2 Enter your username an d password and clic k Login.
If you do not see f eat ur es you n ee d to u se , log out a nd lo g ba ck i n as a use r wi th
those privileges. Contact the system ad ministra tor for in format ion about th e
features you can ac cess.
To log out from the WLSE, click Logout in the upper right corner of the window.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Page 27
Chapter 1 Getting Started
Getting Started with Device Management
Note Login sessions automatically time out after 30 minutes of inactivity.
Getting Started with Device Manageme nt
Before you can use WLSE mo nitoring , configur ation, firm ware upgradi ng (or
downgradin g), and reporting, you must set up your de vices, initiate disco very , and
move devices into the ma naged sta te. To get started, follow th e dir ec tions in the
Quick Start Guide for the CiscoWorks 1105 Wir eless LAN Solution Engine or use
the following task list as a general guide.
Table 1-2 Basic Initial Tasks
Task Description and References
1. Set up devices (access points, br idges,
See Set Up Devices, page 6-12 for details.
routers, switches, and AAA servers).
2. Log into the WLSE u sin g a Web brow ser. Enter the WLSE’s IP address, followed by:1741; for
example, http:/ /209 .1 65. 202.12 8: 174 1. Use the ad mi n
username and the password you created during initial
setup of the WLSE.
3. Enter device creden tials. Device community strings for all managed devices must
be entered on the WLSE. See Specifying Device
Credentials, pa ge 6-6.
For access point configuration t asks, HTTP user names
and passwords mu st be ent ere d on t he WL SE. See
Specify the H TTP U serna me and Password, p age 6- 9.
4. Initiate discovery from the WLSE or
import devices from a file or from a
CiscoWorks2000 server.
If you are using discovery from the WL SE, add seed
devices and enable discovery. You can initiate an
immediate o ne-time discov er y or sche du le discovery fo r
a later time. See Managing Device Discovery , page 6-10.
5. Verify the discovery. On the WLSE, verify that devices were discovered. See
Viewing Inventory and Discovery Task History,
page 6-27.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-7
Page 28
Getting Started wi th D evice Management
Table 1-2 Basic Initial Tasks (continued)
Task Description and References
Chapter 1 Getting Started
6. Move devices to the m ana ged sta te a n d
run inventory.
7. Create other users and user roles as
needed.
You must m ove devices to the mana ged st ate on t he
WLSE before you c an use configura tion, r eport ing , an d
monitoring fe atures; or you ca n specif y that all
discovered devices be automatically ma naged (see
Managing Devices, pa ge 6-2). After m oving devices to
the managed state , you can run an immediat e inventory
to obtain device informati on needed to use such WLSE
features as reports and automatic grouping (see Running
Inventories, page 6-24).
The WLSE has one predefined user (the system
administrat or w ith the u ser name a dm in) an d four
predefined user roles. User roles are used to specify the
WLSE functions a given user ca n have access to. To
allow other users access to the WLSE, the system
administrator must add users. The system adminis trator
can also create roles to customize user access. See
Administering Us ers, page 6 -75.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
1-8
78-14947-01
Page 29
CHAPTER
Fault Monitoring
The Faults tab displays info rmat ion to help you monito r your devices. All the
device information shown under this tab is polled from the devices in your
network.
Following are the subtabs under Faults:
Note Some of the subtabs m ay no t be v isible to some users.
• Display Faults—See Displaying Faults, page 2-1
2
• Manage Profiles—See Managing Pro files, pa ge 2-7
• Notification Se tting s —See Notification Settings, page 2-20
Displaying Faults
This window displays device fault information. A fault is an abnormal condition
that occurs when a system component exceeds a performance threshold or is not
functioning pro perly. (See Specifying Fault Thresholds , page 2-15 to set
threshold levels.)
A fault can also occur when a system policy is violated. (See Notification
Settings, page 2-20 to set policies.)
Displayed fault information is retained by default for 30 days. To change the
default, see Managin g Syste m Para mete rs , pag e 6- 73.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-1
Page 30
Displaying Faults
Note Your login deter mine s whet her yo u ca n use t his opti on.
Step 1 Select Faults > D isplay Fa ul ts. The Fault window appears.
Step 2 Use the Filter: bar to display the faults you want to view:
Chapter 2 Fault Monitoring
Procedure
Table 2-1 Display Fa ults Filter Bar
Field Description
Devices From the list, select the device type
whose fault summary you want to
display.
Severity From the list, select the severity from
P1, which is the highest severity level
to P5, which is the lowest severity
level, to di sp la y :
• P1—Severity P1 faults.
• P1-P2—Severity P1 and P2 faults.
• P1-P3—Severity P1 through P3
faults.
• P1-P4—Severity P1 through P4
faults.
• P1-P5—Severity P1 through P5
faults.
• All—Severity P1 through P5
faults, and faults that have been
cleared.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-2
78-14947-01
Page 31
Chapter 2 Fault Monitoring
Table 2-1 Display Faults Filter Bar (continued)
Field Description
State From the list, select a states to display:
Displaying Faults
• All—Faults in all states are
displayed.
• Active—Faults are active (cur rent)
and have not been acknowledged.
• Acknowledged—Faults that ar e
active and have been
acknowledged.
• Cleared—Faults t ha t have be en
cleared (no longe r in an Active or
Acknowledged stat e).
Name/IP Enter a complete or partial device
name or IP a ddress.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-3
Page 32
Displaying Faults
Step 3 Click Apply. The following table appears:
Chapter 2 Fault Monitoring
Note If no data is displayed in the table, there are no faults for your filtering
selection to report.
Table 2-2 Display Faults Table
Column Description
IP Address The device IP addr es s.
Click to see various re por ts a bout the
device. For information on the reports,
see Using the Device Center, page 5-1.
Hostname The device for which the fault is
reported.
Click to see various re por ts a bout the
device. For information on the reports,
see Using the Device Center, page 5-1.
Family The product family.
Product The product name.
Ty pe The device or the sub- device
component.
Description A description of the fault.
Click to see fault details. See Viewing
Fault Details, page 2-5.
Severity The fault severity level.
State The operational state of the device.
Timestamp Indicates the time, based on the client
browser , that the state of the de vice last
changed. See Time Display, page 1-5.
Click to see fault details. See Viewing
Fault Details, page 2-5.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-4
78-14947-01
Page 33
Chapter 2 Fault Monitoring
Step 4 To sort table data, click on the column heading you want to use to sort the data:
Step 5 To a cknowledg e (cha nge th e state f rom Ac tive to Acknowledge d) :
Step 6 To unacknowledge (change the state from Acknowledged to Active):
Displaying Faults
• A triangle ind ica tes as cend in g ord er.
• An upside-down triangl e i ndicate s d escendi ng orde r.
• No triangle indicates that the data is not sorted.
• A single fault, select it, then click Acknowledge.
• All faults, click Select All, then click Acknowledge.
• A single fault, select it, then click Unacknowledged.
• All faults, click Select All, then click Unacknowledged.
Related Topics
• Managing Profiles, page 2-7
• Notification Settings, page 2-20
Viewing Fault Details
The following tables are displayed in the Fault Details window.
To sort table data, click on the column heading you want to use to sort the data:
• A triangle ind ica tes as cend in g ord er.
• An upside-down triangl e i ndicate s d escendi ng orde r.
• No triangle indicates that the data is not sorted.
Fault details for
Table 2-3 Fault Details Table
Column Description
IP The device IP addr es s.
Name The device hostname.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-5
Page 34
Displaying Faults
Chapter 2 Fault Monitoring
Table 2-3 Fault Details Table (continued)
Column Description
Family The device family.
Product The product name.
Ty pe The device or the device sub-entit y
(which could incl ude a logi cal en tity,
such as softw are or a servi ce) in wh ich
the fault is found.
Note If the Type is a sub-entity,
additional columns appear with
keys and va lues to help identify
the precis e sub -ent ity. These
additiona l keys and values ar e
MIB variables .
ifIndex A unique number that identifies the
interfa ce .
Conditions
Table 2-4 Conditions Table
Column Description
Name The fault condition.
State The state of the device.
Severity The fault severity level.
Description A description of the fault.
Timestamp Indicates the time, based on the client
browser , that the state of the de vice last
changed.
See Time Display, page 1- 5.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-6
78-14947-01
Page 35
Chapter 2 Fault Monitoring
Fault History
Table 2-5 Fault History Table
Column Description
State The state of the device.
Severity The fault severity level.
Description A description of the fault.
Change A description of the state chan ge.
Timestamp Indicates the time, based on the client
By Displays the userna me of the person
Managing Profiles
browser , that the state of the de vice last
changed.
See Time Display, page 1- 5.
who changed the fault state.
Managing Profiles
Every de vice managed b y the WLSE has a pr ofile assigned to it. A prof ile is made
up of threshold values and policy settings.
If you have not assigned a specific profile to a device it has the system Default
profile. The default p rofile c an be edite d, but it c anno t be d ele ted .
The topics covered in this section ar e:
• Creating a Profile, p age 2-8
• Copying a Profile, page 2-8
• Renaming a Profile, page 2 -9
• Editing a Profile, page 2 -9
• Deleting a Profile, page 2-10
If the fault state has not been
acknowledged, nothing is displayed in
this co lu m n.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-7
Page 36
Managing Profiles
• Assigning a Profile to a D evice, pa ge 2-10
• Viewing Devices, page 2-11
Creating a Profile
Use this option to create a profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Chapter 2 Fault Monitoring
Step 2 Enter a un ique n ame. ( See Na min g G u idel ine s, page A - 1 for details.)
Step 3 Click Create New. The new name appears in the Existing Profiles list.
Note The new profile is a copy of the Default pr ofile.
Step 4 Select the name, then click Edit. The Editing Profile window appears. (See
Editing a Profile, page 2 -9 .)
Copying a Profile
Use this option to copy a profile that you ca n use as a base fo r anot her profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-8
78-14947-01
Page 37
Chapter 2 Fault Monitoring
Step 2 Select the profile you want to copy from the Existing Profiles b ox, then click
Create Copy. A dial og b ox ap pe ar s aski ng yo u to en te r a na me f or the co py.
Step 3 Enter a un ique n ame. ( See Na min g G u idel ine s, page A - 1 for details.)
Step 4 Click OK. The new name appears in the Existing Profiles list.
Step 5 Select the name, then click Edit. The Editing Profile window appears. (See
Editing a Profile, page 2 -9 .)
Renaming a Profile
Use this option to rename a profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Managing Profiles
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to rena me from th e Existin g Profiles box, th en click
Rename. A dialog b ox ap pe ar s aski ng yo u to ent er a new name .
Step 3 Enter a un ique n ame. ( See Na min g G u idel ine s, page A - 1 for details.)
Step 4 Click OK. The new name appears in the Existing Profiles list.
Editing a Profile
Use this option to edit a profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-9
Page 38
Managing Profiles
Step 2 Select the policy you want to edit from the Existing Policies box, then click Edit.
The Editing Pr ofile wi ndow appe ars.
Step 3 Select the policies and thresholds in the left pane that you want to assign to the
profile. For a description, see Profile Choic es, p age 2-12.
Deleting a Profile
Use this option to delete a profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Chapter 2 Fault Monitoring
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to delete from the Existing Profiles box, then click
Delete. A window appears asking if you want to dele te the profile.
Note Any devices that were a ssign ed thi s delet ed p rofile will be assi gned the
Default profile.
Step 3 Click OK to delete it .
Assigning a Profile to a Device
Use this option to assign a profile to a single device or a group of devices. Devices
can only have one profile assigned to them at a time.
Note Your login deter mine s whet her yo u ca n use t his opti on.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-10
78-14947-01
Page 39
Chapter 2 Fault Monitoring
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select the profile you want to assign to the devices from the Existing Profiles box,
then click Assign to Devices. The Assigning Profiles window appears.
Step 3 If you want to se a rch for devices, use the dia log bo x in the le ft pan e a bove the
device selector:
a. From the list, sel ect t he me thod yo u want to u se t o sea rch for the d evice: by
b. Enter the IP addr es s or n ame, or use an ast erisk (*) a s a w ildca rd to de note
Step 4 If you know which device you want, use the device selector to select the devices.
They are added to the list of Available Devices.
Managing Profiles
name or by IP address.
numbers and letters, then click Go. The requested device appears in the
Search Results folder.
Step 5 From the list of Available Devices, select the device to which you want to apply
the profile and click >>. The devices are moved to the Selected Devices list.
Step 6 Click Continue. A confirmation d ial og bo x app ea rs for th e device assi gnme nt.
Step 7 Click OK to accept the device assignment or Cancel to cancel the device
assignment.
Viewing Devices
Use this option to view the devices that have been assigned to a profile.
Note Your login deter mine s whet her yo u ca n use t his opti on.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-11
Page 40
Managing Profiles
Procedure
Step 1 Select Faults > Manage Profiles. The Profiles dialog box appears.
Step 2 Select a profile from Existing Profiles box, then click View Devices. A window
appears listing the devices that are assigned to th at profile.
Profile Choices
When you create or edit a profile, the following choices appear in the left pane of
the Editing Profile window:
Chapter 2 Fault Monitoring
• Security Policies—See Specifying Security Policies, page 2-12
• Thresholds—See Specifying Fault Thresholds, pag e 2-15
Specifying Security Policies
This is option allows you to activate or deactivate a set of pre-defined policies for
access points.
The policies you set in this window will determine how some of the faults are
displayed in the Fau l ts > D i sp l ay Fau l ts subta b.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Procedure
Step 1 In the left pane, select the variable for which you want to set a policy.
• SSID—Go to Step 2
• Firmware Versi on—Go to Step 5
• Broadcast SSID Disabled—Go to Step 8
• WEP Enabled—Go t o Step 8
• LEAP Enab led —Go to Step 8
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-12
78-14947-01
Page 41
Chapter 2 Fault Monitoring
Step 2 To activate the policy, do the following:
Field Description
Verify Select if you want to verify that SSID is enabled.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity le vel to associate
Managing Profiles
• WEP Key Length—Go to Step 10
• HTTP Disabled—Go to Step 8
• Te lnet Disabled—Go to Step 8
• PSPF Enabled—Go to Step 8
• User Mana ger E nf orc e d—Go to Step 8
• HTTP Authentication—Go to Step 8
with this policy.
Enter ssid Enter the unique identifier used by client
devices to associate with the access point. Any
alphanumeric character up to 32 characters
long.
Step 3 Click Add to add the SSID to the list, then go to Step 11.
Step 4 To remove an SSID from the list, select it, click Remove, then go to Step 11.
Step 5 To activate the policy, do the following:
Field Description
Verify Select if you want to verify that firmware
version is enabled.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity le vel to associate
with this policy.
Enter Firmware Version Enter the firmware version.
Step 6 Click Add to add the firmware version to the list, then go to Step 11.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-13
Page 42
Managing Profiles
Step 7 To remove a firmware version from the list, select it, click Remove, t h en go to
Step 8 Comple te th e fo llowi ng:
Chapter 2 Fault Monitoring
Step 11.
Field Description
Verify Select if you want to veri fy one of t he follo wing:
• Broadcast SSID is di sable d
• WEP is enabled
• LEAP is enabled
• HTTP is disab led
• Telnet is disabled
• PSPF is enabled
Polling Interval From the list, select the polling interval.
Severity From the list, select a severity le vel to associate
Step 9 Go to Step 11.
Step 10 Complete the f oll owing :
Field Description
Verify Select if you want to verify the WEP key length.
Poll Interval From the list, select the polling interval.
Severity From the list, select a severity le vel to associate
WEP Key Length Select to indicate the bit length.
• User Manager Capabilities are enforced
• HTTP authentication
with this policy.
with this policy.
Step 11 Click Reset to refresh any fields you have changed but want to restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-14
78-14947-01
Page 43
Chapter 2 Fault Monitoring
Specifying Fault Thresholds
This option allows you to set polling and exception threshold values collected
from the devices you are monitoring.
The threshold values you set in th is window will determine how the faults are
displayed in the Fau l ts > D i sp l ay Fau l ts subta b.
Note Your login deter mine s whet her yo u ca n use t his opti on.
Threshold choices include the following options:
• Access Point—See Setting Access Point Fault Threshol ds, pa ge 2-1 5.
• Switch—See Setting Switch Fault Thresholds, page 2-17.
• Router—See Setting Router Fault Thresholds, page 2-1 9.
Managing Profiles
• LEAP—See Setting Ser ver Re sponse Time, page 2- 19 .
• Radius—See Setting Ser ver R esponse Time, page 2 -19.
• EAP-MD5—See Setting Server Response Time, page 2-19
Setting Access Point Fault Thresholds
Using this op tio n, yo u c an s et up th reshol ds for ac cess po int faults . W he n the
thresholds are exceeded, faults are generated and can be viewed under Fault s >
Display Faults.
Procedure
Step 1 Select any of the following to set values for:
• SNMP Reachable—Go to Step 2.
• RF Port Status—Go to Step 2.
• RF Port Utilization—Go to Step 4.
• RF Port Packet Errors—Go to Step 4.
• RF Port WEP Errors—Go to Step 4.
• RF Port FCS Errors—Go to Step 4.
• Ethernet Port Status—Go to Step 2.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-15
Page 44
Managing Profiles
Step 2 Comple te th e fo llowi ng:
Chapter 2 Fault Monitoring
• Ethernet Port Utilization—Go to Step 4.
• Ethernet Port Packet Errors—Go to Step 4.
• Associated Clients—Go toStep 4.
• SSID Mismatch Rate—Go toStep 4.
• Association Rate—Go to Step 4.
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
number of polling cycles before th e status is
Down.
Up From the list, select the number of polling
Step 3 Continue to Step 5.
Step 4 Comple te th e fo llowi ng:
Field Description
Enable Select to enable a threshold for this
Poll Interval From the list, select the polling
Settings
Overloaded From the list, select the severity level,
cycles before the fault is cleared and the status
is Up.
component.
interval.
the percent ag e, a nd the nu mb er of
polling cycles before the status i s
Overloaded.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-16
78-14947-01
Page 45
Chapter 2 Fault Monitoring
Field Description
Degraded From the list, select the severity level,
OK From the list, select the severity level,
Step 5 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to set the new entries.
Managing Profiles
the percent ag e, a nd the nu mb er of
polling cycles before the status i s
Degraded.
the percent ag e, a nd the nu mb er of
polling cycles before the st atu s is OK.
Setting Switch Fault Thresholds
Using this option, you can set up thresholds for switch faults. When the thresholds
are exceeded, fault s are ge nerat ed and can be viewed under Fault s > Disp l ay
Faults.
Procedure
Step 1 Select any of the following to set values for:
• SNMP Reachable —Go to Step 2.
• CPU Utilization—Go to Step 4.
• Memory Utilization—Go to Step 4.
• Port Status—Go to Step 2.
• Port Utilization—Go to Step 4.
• Module Status—Step 2.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-17
Page 46
Managing Profiles
Step 2 Comple te th e fo llowi ng:
Chapter 2 Fault Monitoring
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Down From the list, select the severity level and the
number of polling cycles before th e status is
Down.
Up From the list, select the number of polling
cycles before the fault is cleared and the status
is Up.
Step 3 Go to step Step 5.
Step 4 Comple te th e fo llowi ng:
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
Degraded From the list, select the severity level, the
OK From the list, select the severity level, the
percentage, and th e numbe r of polling cycles
before the status is Overloaded.
percentage, and th e numbe r of polling cycles
before the status is Degraded.
percentage, and th e numbe r of polling cycles
before the status is OK.
Step 5 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to set the new entries.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-18
78-14947-01
Page 47
Chapter 2 Fault Monitoring
Setting Router Fault Thresholds
Using this option , you can set up the rout er’s SNMP reachable threshold. When
the threshold i s exc eede d, a fau lt is ge ne rat ed a nd can be viewed und er Fa u lts >
Display Faults.
Procedure
Step 1 Comple te th e fo llowi ng:
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Managing Profiles
Down From the list, select the severity level and the
Up From the list, select the number of polling
Step 2 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to set the new entries.
Setting Server Response Time
Using this option, you can set up a threshold for LEAP , RADIUS, and EAP-MD5
server response time. When the thre shold is exceeded, a f ault is generated and can
be viewed under Faults > Display Faults.
number of polling cycles before th e status is
Down.
cycles before the fault is cleared and the status
is Up.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-19
Page 48
Notification Settings
Step 1 Comple te th e fo llowi ng:
Chapter 2 Fault Monitoring
Procedure
Field Description
Enable Select to enable a threshold for this component.
Poll Interval From the list, select the polling interval.
Settings
Overloaded From the list, select the severity level, the
response time, and the n umber of p olling c ycle s
before the status is Overloaded.
Degraded From the list, select the severity level, the
response time, and the n umber of p olling c ycle s
before the status is Degraded.
OK From the list, select the severity level, the
Step 2 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to set the new entries.
Notification Settings
The WLSE has the capability to send traps, syslog messages, and emails when a
fault is detected.
This section has the following options:
• Setting Trap Notification
• Setting Syslog Notification
• Emailing Faults
response time, and the n umber of p olling c ycle s
before the status is OK.
Note Your login deter mine s whet her yo u ca n use t his opti on.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-20
78-14947-01
Page 49
Chapter 2 Fault Monitoring
Related Topics
• Displaying Faults, page 2-1
• Specifying Fault Thresholds, page 2-15
• Notification Settings, page 2-20
Setting Trap Notification
This option a ll ows you t o ena ble the W LSE t o se nd nor th-b oun d excep tion
notification to one or more SNMP trap receivers. The exception notification
contains information such as device name and IP, fault number, timestamp,
exception severity, and a message describin g th e prob lem.
The MIB that defines the trap and the varbinds can be found at the following URL:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-DEVICE-EXCEPTION-REPORTINGMIB.my
Notification Settings
Before You Begin
Make sure your SNMP trap receiver’s trap receiving daemon is set to the correct
port. The default port is set to 162.
Procedure
Step 1 Select Faults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message forma t for the notificati on: Plain Text or XML.
Step 3 Comple te th e fo llowi ng:
Field Description
Trap Select to enable trap notification.
Port Enter the port number if diff erent from the
default of 162.
Host Enter the hostname/IP of the SNMP trap
receiver to which you want to send SNMP trap
notification.
Community Enter the community string.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-21
Page 50
Notification Settings
Step 4 If you want a different host to receive trap notification, click add row. There i s no
limit to the number you can enter.
To delete a row, click delete, next to th e row yo u want to rem ove.
Step 5 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to save your settings.
Related Topics
• Setting Syslog Notification, page 2-22
• Emailing Faults, page 2-23
Setting Syslog Notification
Chapter 2 Fault Monitoring
This option allows you to send syslog messages to selecte d syslog servers. The
messages contain information such as device name and IP , fault number, date and
time, exception severity, and a message about what is wrong.
Before You Begin
Make sure your syslog server is turned on to be able to receive messages from the
Wireless LAN Solution Engine. Also make sure that the receiving process is
configured to receive messages from remote hosts (for example, start syslogd with
-r option on some UNI X versions).
Procedure
Step 1 Select Faults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message forma t for the notificati on: Plain Text or XML.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-22
78-14947-01
Page 51
Chapter 2 Fault Monitoring
Step 3 Comple te th e fo llowi ng:
Field Description
Syslog Select to send syslog messages to d esignated
Enter Syslog host names Enter the hostname/IP for the syslog servers.
Step 4 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to save your settings.
Notification Settings
syslog servers.
Names must be separated by a space, a comma,
a semicolon, or a new line .
Related Topics
Emailing Faults
The emailed exception notification contains the following information:
Attribute Description
FaultId A unique identifier for the fault.
DeviceId A unique identifier used by the WLSE for the
DeviceIp The IP address of the device with the fault.
DeviceName The name of the device with th e fault.
MOId The id en ti fier u s ed by t he W LS E f or the
• Setting Trap Notification, page 2-21
• Emailing Faults, page 2-23
device with the fault.
subcomponent of the d evice wit h the fault.
AlarmState The state of the Alarm (Active or Cleared).
Description A descr iption of the last updated t o the fault.
Severity The severity of the fault.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-23
Page 52
Notification Settings
Chapter 2 Fault Monitoring
You have the option of se nding the em ail no tificati on as pla in text or in an X ML
format.
• An example of a me ssage us in g pl ain text w ill a pp ear as fo llows:
FaultId 19
DeviceId 106
DeviceIp 172.20.29. 118
DeviceName sj-W- 10- AP-118
MOId {MOID[c=101 3,d =106,i =37 9]}
AlarmState Activ e
Description SSID po licy v iol ation
Severity P1
• An example of the same message sent in an XML format will appear as
follows:
<Msg><FaultId>19 </F aultId ><D eviceId >10 6</ DeviceI d>< Device IP> 172.
20.29.118</Devic eIP ><Devi ceN ame>sj- W-1 0-A P-118<D evi ceName ><M OId>
{MOID[c=1013,d=1 06, i=379] }</ MOId><A lar mSt ate>Act ive </Alar mSt ate>
<Description>SSI D p olicy vio lation
</Description><S eve rity>P 1</ Severit y>< /Ms g>
Procedure
Step 1 Select Faults > Notification Settings. The Fault Notification Settings dialog box
appears.
Step 2 Select the message forma t for the notificati on: Plain Text or XML.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-24
78-14947-01
Page 53
Chapter 2 Fault Monitoring
Step 3 Comple te th e fo llowi ng:
Field Description
Email Select to enable email notification of exception
Enter email ad dresses Ent er the emai l addresses of use rs you want to
Priority From the list, select the priority of the
Notification Settings
information.
receive exception notification.
Addresses must be separated by a space, a
comma, a semicolon, or a new line.
exceptions you want to email.
Tip If email notification is not working , you may nee d to configure the
mailroute by selecting Administration > Appliance > Configure
Mailroute.
Step 4 If you want a different group of users to receive different priority level exceptions,
click add row to add another set of email addresses. There is no limit to the
number of email addresse s you can enter.
Step 5 Click Reset to refresh any fields you have changed but wa nt to restore, or Apply
to save your settings.
Related Topics
• Setting Trap Notification, page 2-21
• Setting Syslog Notification, page 2-22
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-25
Page 54
Notification Settings
Chapter 2 Fault Monitoring
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
2-26
78-14947-01
Page 55
CHAPTER
Configuring Devices
The Configure tab allows you to view, create, copy, edit, and delete configuration
templates and ap ply th em to lar g e numbe rs of devices at a time.It also allo ws you
to schedule a configurat ion job and t o check on th e job’s status.
Following are the subtabs under Configure:
Note Some of the subtabs m ay no t be v isible to some users.
• Templates—See Using the Templates, page 3-1.
3
• Jobs—See Managing Configuratio n Jobs, pa ge 3-13 7.
• Auto Update—See Automating Configura tions, page 3 -151.
Using the Templates
This is window allows you to create, modify, and delete configuratio n templates.
The topics covered in this section ar e:
• Creating a Template, page 3-132
• Copying a Template, page 3-133
• Editing a Template, page 3-134
• Deleting a Template, page 3-134
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
3-1
Page 56
Using the Templates
• Importing a Template, page 3-135
• Exporting a Template, page 3-137
Related Topic
Managing Configurati on Jo bs, pa ge 3-13 7
Template Choices
Note Clicking Clear removes a ll the cu r rent ent rie s in the window and any entries you
have made in other Template windows up until that point.
When you create or edit a configuration template, the following choices appear in
the left pane of the Templates window:
Chapter3 Configuring Devices
1. Template Name—See Naming the Template, page 3-3.
2. Template Categories
Note Any or all of the template categories can be completed in any order.
–
Express Template—See Usi ng Express Template, page 3-3.
–
Association—See Setting Up Association, page 3-8.
–
Ethernet—See Configuring the Ether net Port, page 3-4 9.
–
11b Radio—See Configuring the 1 1b Ra dio, page 3-56.
–
11a Radio—See Configuring the 11a Radio, page 3-73 .
–
Security—See Defining the Security Se tting s, page 3- 92 .
–
Services —See Configuring Services, page 3-102.
–
Events—See Configuring Events, page 3-124.
–
Custom Values—See Configuring Custom Va lues, pa ge 3-130.
3. Previe w —See Previewing the Template, page 3-131.
4. Fi ni sh—See Finishing the Template, page 3-132.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-2
78-14947-01
Page 57
Chapter 3 Configuring Devices
Naming the Template
This option enables to you to name the template.
Procedure
Note Clicking Clear removes all the entries you have made.
Step 1 Select Template Name. The Template Name dial og box appea rs:
Field Description
Using the Templates
Name
Description Enter a descri ption of the p urpose of the
Step 2 Select a template cate gory. (For additional informatio n, see Template Categories,
page 3-2.)
Using Express Template
Use this option if you need to set up an access point quickly w ith a simple
configuration. T hi s will allow you to e nter al l th e acc ess p o int's e ssent ial settin g s
for basic operation.
Enter a name for the template.
See Naming Guideline s, page A-1 .
template.
See Naming Guideline s, page A-1
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-3
Page 58
Using the Templates
Step 1 Select Express Template. The Express dia log box disp lays in the righ t pane :
Chapter3 Configuring Devices
Procedure
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
Table 3-1 Express Template Settings
Field Description
Reboot Device From the list, select Yes if you want to allow
device reboots.
SysName Enter a system name.
The system name appears in the titles of the
management system pa ges and in the acce ss
point's Associatio n Table page.
This is not an essential setting, but it helps
identify the acc ess point on your network.
SysLocation Enter the system’s location.
This is not an essential setting, but it helps
identify the acc ess point on your network.
SysContact Enter a c ontact name .
This is not an essential setting but it helps
identify the person responsible for the access
point on your network.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-4
78-14947-01
Page 59
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Configuration Server Protocol Set this entry to match the network’s method
Using the Templates
of IP address assignment.
From the list, select one of the following
options:
• None-Static IP—Use this if you r
network does not have an automatic
system for IP address assignment.
• BOOTP—Use this if your network uses
Bootstrap Protoco l, in w hich I P
addresses are hard-coded based on MAC
addresses.
• DHCP—U se this i f your n etwork use s
Dynamic Host Configura tio n Prot ocol,
in which IP addresses are “leased” for
predetermined peri od s of t ime .
Default Subnet Mask Enter an IP subnet mask to id entif y the
subnetwork so the IP address can be
recognized on th e L AN .
If DHCP or BOOTP is not enabled, th is field
is the subnet mask.
If DHCP or BOOTP is enabled, this field
provides the subnet mask on ly if no server
responds to the ac cess point 's D HCP or
BOOTP request.
Default Gateway Enter the IP address of your default Inte rnet
gateway.
The entry 255. 25 5.255. 255 ind ica tes no
gateway.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-5
Page 60
Using the Templates
Chapter3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Radio Serv ice Se t I D (SSI D) Enter any alphanu me ric , case -se nsit ive
string, from 2 to 32 ch arac te rs long.
The SSID is a unique identifier that client
devices use to asso cia te wit h the acce ss
point. The SSID he lps cli ent devices
distinguish between multiple wireless
networks in the same vicinity and provides
access to VLANs by wireless client devices.
Several access points on a network or
subnetwork can share an SSID.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-6
78-14947-01
Page 61
Chapter 3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Role in Network From the list, select one of the following:
Using the Templates
• Access Point—Use this setting if the
access point is connec ted to the wired
LAN.
• Repeater—Use this setting for access
points not connected t o the wired LAN.
• Survey Clie n t—Use this setting when
performing a site survey for a repeater
access point. When you sel ect this
setting, clients are not allowed to
associate an d the bri dge 's STP fun ction
is disabled.
• Root Bridge—Use this setting to set a
bridge as the root bridge. (One bridge in
each group o f bridges must be set as the
root bridge). The ro ot b ri dg e ca nn ot
associate with anot her root bridge.
• Non-Root Bridge w/ Clien t—Use th is
setting for n on-roo t bri dges t h at acce pt
associations from cl ient devices and for
bridges acting as repeat ers. A non-r oot
bridge will only as sociate t o anothe r
bridge (root or non-ro ot).
• Non-Root Bridg e w/o Cli ent —Use this
setting for non- roo t br idge s th at shou ld
not accept associat ions from cli ent
devices. A non-root bridge (wi thout
clients) can connect to a wired LAN and
only associates to another bridge (root or
non-root).
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-7
Page 62
Using the Templates
Chapter3 Configuring Devices
Table 3-1 Express Template Settings (continued)
Field Description
Ensure Compatibility with Cisco From the list, select one of the following:
• Enable—Use this setting to
automatically configure the device to be
compatible with othe r Ci sco devices o n
your wireless LAN .
• Disable —Use this setting to not
automatically configure the device to be
compatible with othe r Ci sco devices o n
your wireless LAN .
Ensure Compatibility with
2MB/sec Clients
Step 2 Select one of the following:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
From the list, select one of the following:
• Enable— Use this setting to operate at a
maximum speed of two megabits pe r
second.
• Disable —Use this set ting i f yo u do not
want devices to operate at a maximu m
speed of two megabits per second.
Setting Up Association
Use this opt ion to se t u p sp an ning tre e pr otoc ol ( STP) o n b ridg es and t o set up
filtering to control the flow of data thro ugh the ac cess point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-8
78-14947-01
Page 63
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association. The menu expands and the Association dialog box displays in
the right pane.
Step 2 Select one of the following from th e Associati on menu:
• Spanning Tree—See Defining Spanning Tree Protocol, page 3-9.
• Address Filters—See Defining Address Filters, page 3-12.
• Ethertype Filters—See Defining Ethertype Filters , page 3- 14.
• IP Protocol Filters—See Defining IP Protocol Filters, page 3-18.
• IP Port Filters—See Defining IP Port Fil ter s, pa ge 3-23 .
• Policy Groups—See Configuring Pol icy Gr oups , page 3- 28.
• VLANs—See Configuring VLANs, page 3-31 .
Using the Templates
• Quality of Service—See Configuring Quality of Service, page 3-36.
• Service Sets—See Configuring Service Sets, page 3- 38.
• Advanced—See Defining Advanced Associations, page 3-42 .
• Port Assignments—See Configuring Port Assignme nts, page 3-4 7.
• DSCP to CoS—See Configuring DSCP t o CoS, page 3-48.
Defining Spanning Tree Protocol
This option is used for only bridges.
Procedure
Step 1 Select Association > Spanning Tree. The Association: Spanning Tree Protocol
dialog box appears.
Step 2 Click see details for information on which bridges this configuration is valid.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-9
Page 64
Using the Templates
Step 3 Comple te th e fo llowi ng:
Chapter3 Configuring Devices
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
Table 3-2 Spanning Tr ee Protocol Settings
Field Description
Spanning Tree Protocol
(STP)
From the list, select one of the following:
• Enable—Use this setting to enable STP on the
bridge.
• Disable —If you do not want STP enable d the
bridge.
Always Unblock
Ethernet w h en ST P is
disabled
From the list, select one of the following:
• Yes—Use this setting to maintain a bridge link
when STP is disabled
• No—Use this setting to not maintain a bridge
link when STP is disabled.
Click see details to see which version s this settin g is
valid for.
Root Configuration
Priority (0-65 535) Enter a number to influenc e which bridge is
designated the root bridge in the spanning tree.
When bridges have the same priority setting, STP
uses the MAC addresses as a tiebreaker.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-10
The bridge with the lowest priority setting is likely
to be designated the root bridge in the tree.
78-14947-01
Page 65
Chapter 3 Configuring Devices
Table 3-2 Spanning Tree Protocol Settings (continued)
Field Description
Max Age (6-40 Seconds) Enter the number of seconds to define how long the
Using the Templates
bridge waits before deciding the network has
changed and the spanning tree needs to be rebuilt.
For example, wi th Ma x Ag e set to 2 0, the br idge
attempts to rebuild the spanning tree if it does not
receive a hello BDPU from th e root b ridge in the
spanning tree within 20 seconds.
Hello Time (1-10
Seconds)
Enter the number of seconds to define how often the
root bridge in the spanning tree sends out a hello
BPDU telling the other bridge s that the ne twork
topology has not changed and that the spanning tree
should remain the sa me.
Forward Delay (4-30
Seconds)
Enter the number of seconds to define how long the
bridge’s ports should stay in the listening and
learning transition states if there is a change in the
spanning tree .
Port Configuration
Path Cost (1-65535) Enter a number to indicates the relati v e ef fi cienc y of
a port’s network link.
A port with a high path cost is less likely to become
a bridge’s ro ot port.
Priority (0-255) Enter a number to influence whether STP designates
a port as a bridge’s r oot port.
A port with a low priority setting is more likely to
become a br idge’s root port.
Enable From the list, select one of the following for each
78-14947-01
port configured :
• Enable—Use this setting to indicate whether the
port participates in STP. (This determines
whether the port bloc ks or forwar ds traffic.)
• Disable —Use this setting to indicate that the
port does not participate i n STP.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-11
Page 66
Using the Templates
Step 4 Select one of the following:
Defining Address Filt ers
Chapter3 Configuring Devices
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Using this option, yo u can:
• Create a MAC address filter
• Remove a MAC add ress filter
Procedure
Step 1 Select Association > Address Filters. The Association: Address Filters dialo g
box appears.
Step 2 To add a new MAC address filter complete the following fields:
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-12
78-14947-01
Page 67
Chapter 3 Configuring Devices
Field Description
Using the Templates
Lookup MAC
address on
Authen ti cation
Server if not in an
Existing Filter List?
Is MAC
Authentication alone
suffic ient for a c lient
to be fully
authenticated?
New Destination
MAC Address
Click one of the following:
• Yes—Use this setting to allow looking up a MAC
address on the authenticatio n server.
• No—Use this settin g to disallow looking up a
MAC address.
From the list, select one of the following:
• Yes—Use this setting to specify that client de vices
that associat e to the acc ess point using 802.11
open authentication, first attempt MAC
authentication.
• No—Use this setting to specify that MAC
authentication alone is not sufficient.
Click see details to see which versions this setting is
valid for.
Enter a destination MAC address by entering the
address in one of the following ways:
• With colons separating the character pairs
(00:40:96:1 2:34:56, for example)
78-14947-01
• Without any intervening characters
(004096123456 , for example )
Allowed Click to pass traffic to the MAC address.
Disallowed Click to discard traffic to the MAC address.
Step 3 Click Add to add the MAC address to the Current MAC Address Filters list.
Step 4 To remove a MAC Address, select it from the Current MAC Address Filters list,
then click Remove.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-13
Page 68
Using the Templates
Step 5 Select one of the following:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Defining Ethertype Filters
Procedure
Step 1 Select Association > Ethertype Filters. The Association: Ethertype Filters
dialog box appears.
Chapter3 Configuring Devices
Template, page 3-131.)
Categories, page 3-2.)
Step 2 Using th is optio n:
• Create new filters—See Creating New Ethertype Filters, page 3-14.
• Delete the Filters—See Deleting Ethertype Filters, page 3-16.
Using this op tion you c an a lso :
• Create Special Cases—See Creating Special Cases, page 3-16.
• Delete Special Cases—See Deleting Special Cases, page 3-18.
Creating New Ethertype Filters
Procedure
Step 1 To create and enable protocol f ilters f or t he access p oint’s Ethernet port, e nt er th e
following:
Note Refer to the following URL for a list of Eth ertype protocols:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350 ax b.htm#85314
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-14
78-14947-01
Page 69
Chapter 3 Configuring Devices
Table 3-3 Creating New Ethertype Filters Settings
Field Description
Add New Ethertype Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
Default Disposition From the list, select one of the following:
Default Time to Live (msec)
Using the Templates
See Naming Guideline s, page A -1 .
• Forward—Use this setting to forward protocol
traffic.
• Block—Use t his se tt ing to blo ck prot ocol traffic.
unicast Enter the number of milliseconds unicast packets
should stay in the access point’s buffer before they are
discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the access point’s buffer before they are
discarded.
Step 2 Click Add. The new name is added to the Ethertyp e Filters lis t.
Step 3 Select one of the following:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-15
Page 70
Using the Templates
Step 1 To delete protocol filters for the access point's Ethernet port, select the set name
Step 2 Select one of the following:
Chapter3 Configuring Devices
Deleting Ethertype Filters
Procedure
from the Current Ethertype Filters list, then click Delete.
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-4 Ethertype Filter Special Cases Settings
Field Description
Special Cases
Ethertype Enter the Ethertype filter name.
Disposition From the list, select one of the following:
• Default—Use the disposition you se t f or t he E ther type
filter.
• Forward —Use this setting to forward protocol traffic.
• Block—Use this setting to blo ck prot ocol tr affic.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-16
78-14947-01
Page 71
Chapter 3 Configuring Devices
Table 3-4 Ethertype Filter Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
Using the Templates
• Default—This setting is the same as best effort, which
applie s to n orm al LAN traffic.
• Background—Use this setting for bulk transfers and other
activities that are allowed on the network but should not
impact network use by o ther u s ers a nd appl ic ation s.
• Excellent Effort—Use this setting for a network’s most
important users.
• Controlled Load —Use this setting for important business
applications th at are subj ect to some form of ad mission
control.
• Interactive Video—Use this setting for traffic with less
than 100 m s dela y.
• Interactiv e Voice—Use this setting for traf fic with l ess than
10 ms delay.
• Networ k Co ntr ol —Use this setting for traf f ic th at must get
through to maintain and support th e network infrastructure.
Tim e t o L iv e (ms e c )
unicast Enter the number of milliseconds unicast pack ets should stay in
the access poin t’s buffer before they are discar ded.
multicast Enter the number of milliseconds multic ast packets sh ould stay
in the access point’s buffer before they are discarded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the ev ent log when
a user transmits or re cei ves the prot ocol thr ough the ac cess
point.
• no—Use this setting to not send an alert to the event log.
Step 3 Click Add. The new name is added to the list box.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-17
Page 72
Using the Templates
Step 4 Select one of the following:
Step 1 To delete special cases for the access point's Ethernet port, select the Ethertype
Chapter3 Configuring Devices
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Deleting Special Cases
Procedure
name from the list box , then cl ick Delete.
Step 2 Select one of the following:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Defining IP Protocol Filters
Procedure
Step 1 Select Association > IP Protocol Filters. The Association: IP Protocol Filters
dialog box appears.
Step 2 With this option you ca n:
• Create new filters—See Creating New IP Protocol Filters, page 3-19.
• Delete the filters—See Deleting IP Protocol Filters, page 3-2 0.
Template, page 3-131.)
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-18
78-14947-01
Page 73
Chapter 3 Configuring Devices
Using this op tion you c an a lso :
• Create Special Cases —See Creating Specia l Cases, pag e 3-21.
• Delete Special Cases—See Deleting Special Cases, page 3-23.
Creating New IP Protocol Filters
Procedure
Step 1 To create and enable IP protocol filters, enter the following:
Note Refer to the following URL for a list of IP pro tocol s:
Using the Templates
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350 ax b.htm#85314
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
See Naming Guideline s, page A -1 .
Default Disposition From the list, select one of the following:
• Forward—Use this setting to forward protocol
traffic.
• Block—Use t his se tt ing to blo ck prot ocol traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the access point’s buffer before they are
discarded.
multicast Enter the number of milliseconds multicast packets
should stay in the access point’s buffer before they are
discarded.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-19
Page 74
Using the Templates
Step 2 Click Add. The new name is added to the Current Protocol Filters list.
Step 3 Select one of the following in the left pane:
Chapter3 Configuring Devices
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Deleting IP Protocol Filters
Procedure
Step 1 To delete an IP protocol filter, select the name from the Current Protocol Filters
list, then click Delete.
Step 2 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-20
78-14947-01
Page 75
Chapter 3 Configuring Devices
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-5 IP Protocol Filters Special Cases Settings
Field De scription
Special Cases
Protocol Enter the IP protocol name.
Disposition From the list, select one of the following:
Using the Templates
• Default—Use the disposition you se t f or t he pr otoc ol
filter.
• Forward —Use this setting to forward traffic.
• Block—Use this setting to block traffic.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-21
Page 76
Using the Templates
Chapter3 Configuring Devices
Table 3-5 IP Protocol Filters Special Cases Settings (continued)
Field De scription
Priority From the list, select one of the following:
• Default—This setting is the same as best ef fo rt, which
applie s to n orm al LAN traffic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not imp ac t n etwork use by ot her use rs an d
applications.
• Excellent Ef fort—Use this setting for a network's most
important users.
• Controlled Load —Use this setting for important
business applications that are subject to some form of
admission contro l.
• Interacti ve V ide o—Use this setting for traffic with less
than 100 m s dela y.
• Interactiv e Voice—Use this setting for traffic with less
than 10 ms delay.
• Networ k Contro l—Use this setting for traff ic that must
get through to maintain and support the network
infrastructur e .
Tim e t o L iv e (ms e c )
unicast Enter the number of milliseconds unicast packets should
stay in the access point’s buffer before they are dis carde d.
multicast Enter the number of mill isecon ds m ult icast p ack et s sh o uld
stay in the access point’s buffer before they are dis carde d.
Alert From the list, select one of the followin g:
• yes—Use this setting to send an alert to the event log
when a user transmits or receives the protocol through
the access point.
• no—Use this setting to not send an alert to the event
log.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-22
78-14947-01
Page 77
Chapter 3 Configuring Devices
Step 3 Click Add. The new name is added to the list box.
Step 4 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Deleting Special Cases
Procedure
Using the Templates
Template, page 3-131.)
Categories, page 3-2.)
Step 1 To delete special cases, select the protocol name from the list box, then click
Step 2 Select one of the following in the left pane:
Defining IP Port Filters
Step 1 Select Association > IP P ort Filt ers . The Asso ciation: IP Port Filters dialo g box
Step 2 With this option you ca n:
Delete.
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Procedure
appears.
• Create new filters—See Creating New Port Filters, page 3-24.
• Delete the filters—See Deleting Port Filters, page 3-25.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-23
Page 78
Using the Templates
Step 1 To create and enable port filters, enter the following:
Chapter3 Configuring Devices
Using this op tion you c an a lso :
• Create Special Cases —See Creating Specia l Cases, pag e 3-26.
• Delete Special Cases—See Deleting Special Cases, page 3-28.
Creating New Port Filters
Procedure
Note Refer to the following URL for a list of IP por t protocols:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/acc
sspts/ap350scg/ap350 ax b.htm#85314
Field Description
Add New Protocol Filter
Set ID Enter an identification number for the filter set.
Set Name Enter a descriptive filter set name.
See Naming Guideline s, page A -1 .
Default Disposition From the list, select one of the following:
• Forward—Use this setting to forward traffic.
• Block—Use this setting to block traffic.
Default Time to Live (msec)
unicast Enter the number of milliseconds unicast packets
should stay in the a cce ss poi nt’s buffer before they
are discarded.
multicast E nter the number of milliseconds multicast packets
should stay in the a cce ss poi nt’s buffer before they
are discarde d.
Step 2 Click Add. The new name is added to the Current Port Filters list.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-24
78-14947-01
Page 79
Chapter 3 Configuring Devices
Step 3 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Deleting Port Filters
Procedure
Step 1 To de lete a protocol filter, select the name from the Current Port Filters list, then
click Delete.
Using the Templates
Template, page 3-131.)
Categories, page 3-2.)
Step 2 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-25
Page 80
Using the Templates
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Chapter3 Configuring Devices
Creating Special Cases
Procedure
Table 3-6 IP Port Filters Special Cases Settings
Field Description
Special Cases
Port Enter the IP Por t filter name.
Disposition From the list, select one of the following:
• Default—Use the disposition you set for the port filter.
• Forward —Use this setting to forward protocol traffic.
• Block—Use this setting to blo ck prot ocol tr affic.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-26
78-14947-01
Page 81
Chapter 3 Configuring Devices
Table 3-6 IP Port Filters Special Cases Settings (continued)
Field Description
Priority From the list, select one of the following:
Using the Templates
• Default—This setting is the same as best effort, which
applie s to n orm al LAN traffic.
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not imp ac t n etwork use by ot her use rs an d
applications.
• Excellent Effort—Use this setting for a network's most
important users.
• Controlled Load —Use this setting for important
business applications that are subject to some form of
admission contro l.
• Interactive Video—Use this setting for traffic with less
than 100 m s dela y.
• Interactive Voice—Use this setting for traffic with less
than 10 ms delay.
• Network Contro l—Use this setting for traffic that must
get through to maintain and support the network
infrastructur e .
Tim e t o L iv e (ms e c )
unicast Enter the number of milliseconds unicast packe ts should stay
in the buffer before they are discarded.
multicast Enter the number of milliseconds multicast packets should
stay in the buffer before they are discarded.
Alert From the list, select one of the following:
• yes—Use this setting to send an alert to the event log
when a us er t ransm i ts or r ece ives the prot ocol thr oug h
the access point.
• no—Use this setting to not send an aler t to the e v ent log .
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-27
Page 82
Using the Templates
Step 3 Select one of the following in the left pane:
Step 1 To delete special cases, select the port name from the list box, then click Delete.
Chapter3 Configuring Devices
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Deleting Special Cases
Procedure
Step 2 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Configuring Poli c y Groups
Policy groups are u sed to co nfigure ac cess pa rame te rs to a l og ica l gr oup o f
stations in a consis te nt manne r fr om a single plac e. For example , pr otocol filters
can be applie d to f rame s f or a se lect ed g rou p o f stati ons.
Template, page 3-131.)
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-28
78-14947-01
Page 83
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association > Po licy Group. The Association: Policy Grou p dialog box
appears.
Step 2 Click see details to see whic h versions th is o p ti o n i s vali d fo r.
Note Clicking Clear removes all the current entries in the window and any
Step 3 Using this op tio n y ou c an:
• Add and delete a policy group—See Adding or Deleting a New Policy Group,
• Delete an exitin g Policy Group From a Device—See Deleting an Existing
Using the Templates
entries you have made in other Template windows up until that point.
page 3-29.
Policy Group from a Device, page 3-30.
Adding or Deleting a New Policy Group
Step 1 To add a new policy group, enter the following:
Field De scription
GroupID Enter an identification number for the policy group.
Group Name Enter a na me f or the p oli cy group.
Ethertype
Receive Enter the ID of a defined Ethertype filter, or select one of
the filters you created using Association > Ethertype
Filters.
Transmit Enter the ID of a defined Ethertype filter, or select one of
the filters you created using Association > Ethertype
Filters.
IP Protocol
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-29
Page 84
Using the Templates
Chapter3 Configuring Devices
Field De scription
Receive Enter the ID of a defined IP protocol filter, or select one
of the filters you created using Associat ion > IP
Protocol Filters.
Transmit Enter the ID of a defined IP protocol filter, or select one
of the filters you created using Associat ion > IP
Protocol Filters.
IP Port
Receive Enter the ID of a defined IP port filter, or select one of
the filters you created using Association > IP Port
Filters.
Transmit Enter the ID of a defined IP port filter, or select one of
the filters you created using Association > IP Port
Filters.
Step 2 Click Add to add the group to the Policy Groups to Add list.
Step 3 To delete a group from the Policy Groups to Add list, select the group name, then
click Delete.
Step 4 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Deleting an Existing Policy Group from a Device
Step 1 Enter the g rou p id en tificat ion num ber i n the Group ID text bo x, the n clic k Add
to add it to the Poli cy Groups t o De lete list.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-30
78-14947-01
Page 85
Chapter 3 Configuring Devices
Step 2 To delete an identification number f rom the Polic y Groups to Delet e list, select it,
Step 3 Select one of the following in the left pane:
Configuring VLANs
Using the Templates
then click Delete.
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Access points a nd br i dges in a VL AN ne twork, w hic h are ru nning sp eci fic
software versions, can provide a wireless VLAN trunk link between two wired
segments of the network.
Using this opt ion, yo u ca n con figure V LA Ns on the ac cess point .
Procedure
Step 1 Select Association > VLANs. The Association: VLA N dial og b ox ap pe ar s.
Step 2 Click see details to see whi c h ve rsions th is option i s vali d fo r.
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-31
Page 86
Using the Templates
Step 3 Enter the following information:
Chapter3 Configuring Devices
Field De scription
VLAN (802.1Q)
Tagging
From the list, select one of the following:
• Enabled—Use this setting to allow IEEE 802.1Q
protocol tagging on VLAN packets.
The IEEE 802.1Q protocol is use d to interc onnect
multiple switches and routers, and for defining
VLAN topologies .
• Disabled—Use this setting to not allow tagging.
Native VLAN ID Enter identification number of the access point’s native
VLAN.
Note This setting must agree with the nati ve VLAN ID
setting on the switch.
Single VLAN ID
which allows
unencrypted
Enter an identification number to allow unencrypted
packets. An entry with a v alue of 0 (zero) re quires the use
of encrypti on.
packets
Optionally allow
Point-to-point
Packet Encrypt ion
From the list, select one of the following:
• Yes—Use this setting to allow point-to-point
encryption.
3-32
• No—Use this setting to not allow point-to-point
encryption.
Step 4 Using this op tio n y ou c an:
• Add a new VLAN—See Adding a New VLAN, page 3- 33 .
• Delete an exiting VLAN from a Device—See Deleting an Existing VLAN,
page 3-36.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Page 87
Chapter 3 Configuring Devices
Adding a New VLA N
Step 1 To add a new VLAN, enter the following:
Table 3-7 Adding a New VLAN Settings
Field De scription
VLAN ID Enter the identification number of the VLAN.
VLAN Name Enter the a unique name for the VLAN conf igured on the
VLAN Enable From the list, select one of the following:
Using the Templates
Note This setting must match t he setting on the sw itch.
access point.
• Enabled—Use this setting to enable the VLAN.
• Disabled—Use this setting to disable the VLAN.
Default Priority From the list, select one of the following:
• Background—Use this setting for bulk transfers and
other activities that are allowed on the network but
should not imp ac t n etwork use by ot her use rs an d
applications.
• Default—Use this setting for normal LAN traffic.
• Excellent Effort—Use this setting for the network’s
most important users.
• Controlled Load —Use this setting for important
business applications that are subject to some form
of admission contro l.
• Interactive Video—Use this setting for traffic with
less than 100 ms delay.
• Interactive Voice—Use this setting for traffic with
less than 10ms delay.
• Network Contro l—Use this setting for traffic that
must get through to maint ain and suppor t the
network infrastructure.
Default Policy
Group
78-14947-01
Enter the default policy group number, or select one you
created using Association > Policy Groups.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-33
Page 88
Using the Templates
Chapter3 Configuring Devices
Table 3-7 Adding a New VLAN Settings (continued)
Field De scription
Enhanced MIC
verify WEP
Temp Ke y
Integrity Protocol
WEP Key Rotation
Interval
From the list, select one of the following:
• None—Use this sett ing if you do not want Messag e
Integrity Check (MIC) enabled.
• MMH—Use this setting if you want MIC enabl ed to
protect WEP keys.
Note When you enable MIC, only MIC-capable client
devices can communicate with the access point.
From the list, select one of the following:
• None—Use this setting if you do not want to enable
the tempor al key integrity pr otoc ol ( TKIP, or WEP
key hashing.)
• Cisco—Use this setting to enable TKIP.
Note When TKIP is enabled, all WEP-enabled client
devices associated to the access point must
support WEP key hashing, or they will not be
able to communicate with the access point.
Use this setting to e nable or disa ble br oa dcast key
rotation.
3-34
• To enable it, enter the rotation interval in seconds.
If you enter 900 , for e xample, the acces s point se nds
a new broadcast WEP key to all associated client
devices every 15 minutes.
Note When you enable broadcast key rotation , only
wireless cli ent de vi ces usi ng LE AP or EAP -TLS
authentication can use the access point. Client
devic es usi ng static WEP (with open, shared ke y,
or EAP-MD5) cann ot use the a ccess po in t whe n
you enable broadcast key rotation .
• To disable it, enter 0 (zero).
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Page 89
Chapter 3 Configuring Devices
Table 3-7 Adding a New VLAN Settings (continued)
Field De scription
Alert From the list, select one of the followin g:
Using the Templates
• Yes—Use this set ting if you ar e not ad ding an
encrypted VLAN.
• No—Use this setting if you are adding an encr y pt ed
VLAN.
WEP Keys 1
through 4
Enter the encryp tion keys used: 40 bit or 128 bi t
hexadecimal digits.
Size For each WEP key, select one of the following: Not set,
40 bit, or 128 bit.
Step 2 Click Add to add the VLAN to the VLANs to Add list.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-35
Page 90
Using the Templates
Step 3 To delete a group from the VLANs to Add list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
Chapter3 Configuring Devices
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Deleting an Existing VLAN
Procedure
Step 1 Enter the VLAN identif ica tio n nu mber in the VLAN ID text box, then click Add
to add it to the VLANs to Delete list.
Step 2 To delete an identification number from the VLANs to Delete list, select it, then
click Delete.
Step 3 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Configuring Quality of Service
This option is used to configure the access point’s Quality of Service feature.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-36
78-14947-01
Page 91
Chapter 3 Configuring Devices
Procedure
Step 1 Select Association > Quality of Service. The Association: Quality of Service
dialog box appears.
Note Clicking Clear removes all the current entries in the window and any
Step 2 Click see details to see whi c h ve rsions th is option i s vali d fo r.
Step 3 Enter the following information:
Table 3-8 Quality of Service Settings
Field De scription
Using the Templates
entries you have made in other Template windows up until that point.
Generate QBBS
Element
User Symbol
Extensions
Send IGMP
General Query
From the list, select one of the following:
• Yes—Use this setting to enable support for basic
802.11 Quality of Serv ice .
• No—Use thi s set ting t o di sable sup port for ba sic
802.11 Quality of Serv ice .
From the list, select one of the following:
• Yes—Use this setting enables support for Symbol
Voice over IP (VoIP) ph one s.
• No—Use this settin g to disa ble suppor t f or Symb ol
VoIP phones.
From the list, select one of the following:
• Yes—Use this setting to allow the access point to
send an IGMP General Query to all associated
stations when they complete all required high-level
authentication.
• No—Use this setting to not allow the access point to
send an IG MP Ge ne ral Que ry.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-37
Page 92
Using the Templates
Chapter3 Configuring Devices
Table 3-8 Quality of Service Settings (continued)
Field De scription
Background From the CWmin and CWmax lists, select the minimum
(spare)
Best Effort
(default)
Excellent Effort
Controlled Lo ad
Interactive Video
Interactive Voice
Network Contro l
and maximum contention window values for each traffic
category.
Step 4 Select one of the following in the left pane:
Configuring Service Sets
This option allows you to define service sets.
Procedure
Step 1 Select Association > Service Sets. The Association: Service Sets dialog box
appears.
Step 2 Click see details to see whi c h ve rsions th is option i s vali d fo r.
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-38
78-14947-01
Page 93
Chapter 3 Configuring Devices
Step 3 Using this op tio n y ou c an:
• Add a new Service Set—See Adding a New Service Se t, page 3-39 .
• Delete an exiting Service Set from a device—See Deleting an Existing
Adding a New Servi ce Set
Procedure
Step 1 To add a new Service set, enter the following:
Table 3-9 New Service Set Settings
Using the Templates
Service Set, page 3-4 2.
Field De scription
Service Set ID
Enter an identification number for your SSID.
(1-24)
Service Set Name Enter a unique name for the wireless VLAN.
Maximum Number
of Associations
Proxy Mobile I P
Enabled
Enter a number to limit the maxim um number of wireless
clients per SSID.
From the list, select one of the following:
• Yes—This setting allows proxy mobile IP use by all
stations associated to this access point.
• No—This setting does not allow proxy mobile IP
use.
Default VLAN ID Enter the identification number for a defined VLAN, or
select one o f th e V LAN I Ds yo u c rea ted usin g
Association >VLANs.
Default Policy
Group
Enter the identification number of a defined policy
group, or sel ect on e o f th e poli cy group s y ou cr eat ed
using Association > Policy Groups.
Accept Authentication Type
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-39
Page 94
Using the Templates
Chapter3 Configuring Devices
Table 3-9 New Service Set Settings (continued)
Field De scription
Open From the list, select one of the following:
• Yes—Allows any device, regardless of its WEP
keys, to auth enticate and attempt to associ ate. This is
the recommen ded sett ing.
• No—Does not allow any device, regardless of its
WEP keys, to authenticate and attempt to associate.
Shared From the list, select one of the following:
• Yes—Tells the access point to send a p lain- text,
shared key quer y to a ny device at tem pti ng t o
associate with the access point. This query can leave
the access point open to a known-text attack from
intruders. This is not as secure as the Open setting.
• No—Does not allow the access point to send a
plain-text, shared key query to any device attempting
to associate with the access point.
Network-EAP From the list, select one of the following:
• Yes—Allows EAP-enabled client devices to
authenticate through the access point.
• No—Does not allow EAP-enabled client devices to
authenticate through the access point.
Require EAP
Open From the list, select one of the following:
• Yes—Use thi s op tion if you use op en and E AP
authentication to block client devices that are not
using EAP from auth entic ating th rough the a ccess
point.
• No—Use this option if you do not use open and EAP
authentication.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-40
78-14947-01
Page 95
Chapter 3 Configuring Devices
Table 3-9 New Service Set Settings (continued)
Field De scription
Shared From the list, select one of the following:
Default Unicast Address Filter
Open From the list, select one of the following:
Using the Templates
• Yes—Use thi s op tio n if y ou use sh ar ed and EAP
authentication to block client devices that are not
using EAP from auth entic ating th rough the a ccess
point.
• No—Use th is op tio n if yo u do not use sh ar ed and
EAP authentication.
Shared
Network-EAP
• Allowed—The access point forwards all traffic
except packets sent to the MAC addresses set as
disallowed with the Address Filters.
• Disallowed—The access point discards all traffic
except packets sent to the MAC addresses set as
allowed with the Address Filters or on your
authentication server.
Select Disallowed for each authentication type that
also uses MAC-based authentication.
Step 2 Click Add to add the Service Set to the Service Sets to Add list.
Step 3 To delete a group from the list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-41
Page 96
Using the Templates
Step 1 Enter the Service Set number in the Service Set ID text box, then click Add to
Step 2 To delete an identification number from the list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
Chapter3 Configuring Devices
Deleting an Existing Service Set
Procedure
add it to the Service Sets to Delete list.
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
Defining Advanced Associations
Use this option to control the total number of devices an access point can list in
the Association Table and the amount of time the acc ess poi nt con tin ues to trac k
each device clas s when a device is ina ctive.
Procedure
Step 1 Select As soci at io n > Adv a nced . The Association: Advanced dialog box appears.
Step 2 To define advanced associations, enter the following:
Note Clicking Clear removes all the current entries in the window and any
entries you have made in other Template windows up until that point.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-42
78-14947-01
Page 97
Chapter 3 Configuring Devices
Using the Templates
Table 3-10 Advanced Association Settings
Field Description
Alert Severity Level From the list select one of the following:
• systemFatal—Indicates an event that prevents
operation of the port or device.
• protocolFatal—Indicates an event that prevents
operation of the port or device
• portFatal—Indicates an event that prevents
operation of the port or device
• systemAlert—Indicates th at you ne ed t o take
action to correct the condition.
• protocolAlert—Indicates that you need t o take
action to correct the condition.
• portAlert—Indicates that you need to take
action to correct the condition.
• externalAlert—Indicates th at you nee d to t ake
action to correct the condition.
78-14947-01
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-43
Page 98
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
• systemWarning—Indicates th at an erro r or
failure may have occu rred.
• protocolWarning—Indicates that an error or
failure may have occu rred.
• portWa rning —Indicates that an error or failure
may have occurred.
• externalWarning—Indicates that an error or
failure may have occu rred.
• systemInfo—Notification that some sort of
event has occurred.
• protocolInfo—Notification that some sort of
event has ocurred.
• portInfo—Notification that some sort of event
has ocurred.
• externalInfo—Notification that some sort of
event has ocurred.
Max Bytes Stored Pe r
Alert Packet
Enter the maximum number of bytes the access point
stores for each Station Alert packet when packet
tracing is enabled.
If you use 0, the access point does not store bytes for
Station Alert packets; it only l ogs the event.
Max Fwd Table Entries From the list, select one of the follo wing to designate
the maximum num ber of devices that ca n appear in
the Association Table:
1024, 2048, 4096, 8192, 1638 4, 32768, 6553 6.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-44
78-14947-01
Page 99
Chapter 3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
Using the Templates
Enable Extended Stats
in MIB
From the list, select one of the following:
• Enable—Use this setting to enable the storage
of detailed statistics in the device’s memory.
• Disable —Use this setting to disable the storage
of detailed statistics in the device’s memory.
When you disable extended st at istics you
conserve memory, and the device can include
more devices in the Association Table.
Enable PSPF From the list, select one of the following:
• Enable—Use this setting to enable Publicly
Secure Packet Forwarding, which ensures th at
client devices cannot communicate with other
client devices on the wi rel ess ne twor k. This
feature is useful for public wi reless net works
like those installed in airports or on college
campuses.
• Disable —Use this setting to disable Publicly
Secure Packet Forwarding.
78-14947-01
Click see details to see which version s this settin g is
valid for.
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
3-45
Page 100
Using the Templates
Chapter3 Configuring Devices
Table 3-10 Advanced Association Settings (continued)
Field Description
Unknown Class
Timeout
Multicast Addresses
Timeout
Infrastructure Hosts
Timeout
Client Stations
Enter the number of seconds the access point
continues to track an inactive device depending on
its class.
A setting of zero tells the access point to track a
device indefinitely no matter how long it is inactive.
A setting of 300 equals 5 minutes; 1800 equals 30
minutes; 28800 equ als 8 h our s.
Timeout
Repeaters Timeout
Access Points Timeout
Across Bridge Hosts
Timeout
Non-Root Bridg es
Timeout
Root Bridges Timeout
Step 3 Select one of the following in the left pane:
3-46
• Preview to see y our c hange s befor e you a pp ly t hem. (S ee Previewing the
Template, page 3-131.)
• Finish to save the template. (See Finishing the Template, page 3-132.)
• Another template category to con figure more opti ons. (Se e Template
Categories, page 3-2.)
User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine
78-14947-01
Loading...