Cisco DL-2159-05 User Manual
Cisco Aironet 1200 Series Access Point Software Configuration Guide
Software Release 12.03T
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-2159-05
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA,
CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,
Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net
Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Pack et , PIX, Post-Routing, Pre-Routing, RateMUX, Registrar,
ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0304R)
Cisco Aironet 1200 Series Access Point Software Configuration Guide
Copyright © 2001–2003, Cisco Systems, Inc.
All rights reserved.
Preface xiii
Audience and Scope xiii
Organization xiii
Conventions xiv
Related Publications xv
Obtaining Documentation xv
Cisco.com xv
Documentation CD-ROM xvi
Ordering Documentation xvi
Documentation Feedback xvi
Obtaining Technical Assistance xvii
Cisco TAC Website xvii
Opening a TAC Case xvii
TAC Case Priority Definitions xvii
Obtaining Additional Publications and Information xviii
CONTENTS
CHAPTER
1 Overview 1-1
Key Features 1-2
Management Options 1-3
Roaming Client Devices 1-3
Quality of Service Support 1-3
What is QoS? 1-4
Limitations and Restrictions 1-4
Related Documents 1-4
VLAN Support 1-5
What is a VLAN? 1-5
Related Documents 1-6
Incorporating Wireless Devices into VLANs 1-6
Network Configuration Examples 1-8
Root Unit on a Wired LAN 1-8
Repeater Unit that Extends Wireless Range 1-9
Central Unit in an All-Wireless Network 1-10
A VLAN Example 1-7
OL-2159-01
Cisco Aironet 1200 Series Access Point Software Configuration Guide
iii
Contents
CHAPTER
CHAPTER
2 Using the Management Interfaces 2-1
Using the Web-Browser Interface 2-2
Using the Web-Browser Interface for the First Time 2-2
Using the Management Pages in the Web-Browser Interface 2-2
Navigating Using the Map Windows 2-3
Using the Command-Line Interface 2-4
Preparing to Use a Terminal Emulator 2-4
Connecting the Serial Cable 2-5
Setting Up the Terminal Emulator 2-5
Changing Settings with the CLI 2-5
Selecting Pages and Settings 2-6
Applying Changes to the Configuration 2-7
Using a Telnet Session 2-7
Using SNMP 2-7
Supported MIBs 2-8
3 Radio Configuration and Basic Settings 3-1
Basic Settings 3-2
Entering Basic Settings 3-3
System Name 3-3
MAC Address 3-3
System Serial Number 3-3
Configuration Server Protocol 3-4
Default IP Address 3-4
Default IP Subnet Mask 3-4
Default Gateway 3-4
Radio Service Set ID (SSID) 3-4
Role in Radio Network 3-4
Radio Network Optimization (Optimize Radio Network For) 3-6
Security Setup Link 3-6
Radio Network Compatibility (Ensure Compatibility With) 3-7
Security Setup Link 3-7
SNMP Admin. Community 3-7
iv
Radio Configuration 3-7
Entering Identity Information 3-8
Settings on the AP Radio Identification Page 3-8
Entering Radio Hardware Information 3-10
Settings on the AP Radio Hardware Page 3-11
Entering Advanced Configuration Information 3-15
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
Settings on the AP Radio Advanced Page 3-17
Ethernet Configuration 3-23
Entering Identity Information 3-23
Settings on the Ethernet Identification Page 3-24
Entering Ethernet Hardware Information 3-24
Settings on the Ethernet Hardware Page 3-25
Entering Advanced Configuration Information 3-27
Settings on the Ethernet Advanced Page 3-27
Contents
CHAPTER
4 Configuring VLANs 4-1
Entering VLAN Information 4-2
Settings on the VLAN Setup page 4-2
VLAN Summary Status Link 4-3
VLAN (802.1Q) Tagging 4-3
802.1Q Encapsulation Mode 4-3
Maximum Number of Enabled VLAN IDs 4-3
Native VLAN ID 4-3
Single VLAN ID which allows Unencrypted packets 4-4
Optionally allow Encrypted packets on the unencrypted VLAN 4-4
VLAN ID 4-4
VLAN Name 4-4
Existing VLANs 4-4
VLAN Security Policy 4-4
Broadcast Domain Segmentation 4-5
Native VLAN Configuration 4-5
Primary and Secondary SSIDs 4-6
RADIUS-Based VLAN Access Control 4-7
OL-2159-01
Criteria for Deploying Wireless VLANs 4-8
A Wireless VLAN Deployment Example 4-9
Using the Configuration Screens 4-11
Obtaining and Recording VLAN ID and Setup Information 4-11
Creating and Configuring VLANs on the Access Point 4-11
Creating the Native VLAN 4-11
Creating the Full- and Part-Time VLANs 4-14
Creating the Guest VLAN 4-15
Creating the Maintenance VLAN 4-15
Creating and Configuring the SSIDs 4-16
Enabling VLAN (802.1Q) Tagging and Identifying the Native VLAN 4-19
Creating an SSID for Infrastructure Devices 4-21
Cisco Aironet 1200 Series Access Point Software Configuration Guide
v
Contents
Guidelines for Wireless VLAN Deployment 4-21
CHAPTER
5 Configuring Filters and QoS 5-1
Filter Setup 5-2
Protocol Filtering 5-2
Creating a Protocol Filter 5-3
Enabling a Protocol Filter 5-5
MAC Address Filtering 5-6
Creating a MAC Address Filter 5-7
QoS Configuration 5-10
Entering Information on the AP Radio Quality of Service Setup Page 5-10
Settings on the Quality of Service Setup Page 5-11
Generate QBSS Element 5-11
Use Symbol Extensions 5-11
Send IGMP General Query 5-12
Traffic Category 5-12
Applying QoS 5-12
By Station 5-12
By VLAN 5-14
By Filter 5-15
By CoS Value 5-16
By DSCP Value 5-16
CHAPTER
A Wireless QoS Deployment Example 5-17
WEP Set on the Wireless Phone 5-19
WEP Not Set on the Wireless Phone 5-19
6 Configuring Proxy Mobile IP 6-1
Proxy Mobile IP 6-2
Introduction to Mobility in IP 6-2
The Nomadic Approach 6-3
The Mobile Approach 6-3
Mobile IP Explained 6-3
Proxy Mobile IP Explained 6-5
Before Deploying Proxy Mobile IP 6-6
Issues to Consider While Deploying Proxy Mobile IP 6-7
Components of a Proxy Mobile IP Network 6-7
How Proxy Mobile IP Works 6-8
Agent Discovery 6-8
Subnet Map Exchange 6-9
vi
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
Registration 6-10
Tunneling 6-10
Proxy Mobile IP Security 6-11
The Proxy Mobile IP Setup Page 6-11
General 6-12
Settings on the Proxy Mobile IP General Page 6-13
Authentication Server 6-13
Settings on the Authenticator Configuration Page 6-14
Local SA Bindings 6-15
Settings on the Local SA Bindings Page 6-15
Statistics 6-16
Settings on the Proxy Mobile IP Statistics Page 6-16
View Subnet Map Table 6-18
Settings on the Subnet Map Table Page 6-18
Configuring Proxy Mobile IP 6-18
Configuring Proxy Mobile IP on Your Wired LAN 6-19
Configuring Mobile IP Security Associations on a CiscoSecure ACS Server 6-23
Contents
CHAPTER
7 Configuring Other Settings 7-1
Server Setup 7-2
Entering Time Server Settings 7-2
Settings on the Time Server Setup Page 7-3
Entering Boot Server Settings 7-4
Settings on the Boot Server Setup Page 7-4
Entering Web Server Settings and Setting Up Access Point Help 7-7
Settings on the Web Server Setup Page 7-7
Entering Name Server Settings 7-9
Settings on the Name Server Setup Page 7-9
Entering FTP Settings 7-10
Settings on the FTP Setup Page 7-10
Routing Setup 7-11
Entering Routing Settings 7-12
Default Gateway 7-12
New Network Route Settings 7-12
Installed Network Routes list 7-13
Association Table Display Setup 7-13
Association Table Filters Page 7-13
Settings on the Association Table Filters Page 7-15
Association Table Advanced Page 7-16
OL-2159-01
Cisco Aironet 1200 Series Access Point Software Configuration Guide
vii
Contents
Settings on the Association Table Advanced Page 7-17
Event Notification Setup 7-19
Event Display Setup Page 7-19
Settings on the Event Display Setup Page 7-19
Event Handling Setup Page 7-21
Settings on the Event Handling Setup Page 7-23
Event Notifications Setup Page 7-24
Settings on the Event Notifications Setup Page 7-25
Should Notify-Disposition Events generate SNMP Traps? 7-25
SNMP Trap Destination 7-25
SNMP Trap Community 7-25
Should Notify-Disposition Events generate Syslog Messages? 7-25
Should Syslog Messages use the Cisco EMBLEM Format? 7-26
Syslog Destination Address 7-26
Syslog Facility Number 7-26
IEEE SNMP Traps Should Generate the Following Notifications 7-26
CHAPTER
8 Security Setup 8-1
Security Overview 8-2
Levels of Security 8-2
Encrypting Radio Signals with WEP 8-2
Additional WEP Security Features 8-3
Network Authentication Types 8-3
Combining MAC-Based, EAP, and Open Authentication 8-6
Protecting the Access Point Configuration with User Manager 8-7
Setting Up WEP 8-7
Using SNMP to Set Up WEP 8-10
Enabling Additional WEP Security Features 8-10
Enabling Message Integrity Check (MIC) 8-10
Enabling Temporal Key Integrity Protocol (TKIP) 8-12
Enabling Broadcast WEP Key Rotation 8-13
Setting Up Open or Shared Key Authentication 8-14
Setting Up EAP Authentication 8-15
Enabling EAP on the Access Point 8-15
Enabling EAP in Cisco Secure ACS 8-18
Setting a Session-Based WEP Key Timeout 8-19
Setting Up a Repeater Access Point As a LEAP Client 8-19
viii
Setting Up MAC-Based Authentication 8-21
Enabling MAC-Based Authentication on the Access Point 8-21
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
Authenticating Client Devices Using MAC Addresses or EAP 8-25
Enabling MAC-Based Authentication in Cisco Secure ACS 8-26
Summary of Settings for Authentication Types 8-27
RADIUS Attributes Sent by the Access Point 8-29
Setting Up Backup Authentication Servers 8-31
Setting Up Administrator Authorization 8-32
Creating a List of Authorized Management System Users 8-33
Setting up Centralized Administrator Authentication 8-35
System Flow Notes 8-37
Authorization Parameters 8-38
Contents
CHAPTER
9 Network Management 9-1
Using the Association Table 9-2
Browsing to Network Devices 9-2
Setting the Display Options 9-2
Using Station Pages 9-3
Information on Station Pages 9-4
Performing Pings and Link Tests 9-6
Clearing and Updating Statistics 9-8
Deauthenticating and Disassociating Client Devices 9-8
Using the Network Map Window 9-8
Using Cisco Discovery Protocol 9-9
Settings on the CDP Setup Page 9-10
MIB for CDP 9-10
Assigning Network Ports 9-11
Settings on the Port Assignments Page 9-12
Enabling Wireless Network Accounting 9-12
Settings on the Accounting Setup Page 9-13
Accounting Attributes 9-14
CHAPTER
OL-2159-01
10 Managing Firmware and Configurations 10-1
Updating Firmware 10-2
Updating with the Browser from a Local Drive 10-2
Full Update of the Firmware Components 10-2
Selective Update of the Firmware Components 10-3
Updating from a File Server 10-4
Full Update of the Firmware Components 10-4
Selective Update of the Firmware Components 10-6
Cisco Aironet 1200 Series Access Point Software Configuration Guide
ix
Contents
Retrieving Firmware and Web Page Files 10-7
Distributing Firmware 10-8
Distributing a Configuration 10-9
Limiting Distributions 10-10
Downloading, Uploading, and Resetting the Configuration 10-10
Downloading the Current Configuration 10-11
Uploading a Configuration 10-12
Uploading from a Local Drive 10-12
Uploading from a File Server 10-12
Resetting the Configuration 10-13
Restarting the Access Point 10-14
CHAPTER
CHAPTER
CHAPTER
11 Management System Setup 11-1
SNMP Setup 11-2
Settings on the SNMP Setup Page 11-2
Using the Database Query Page 11-3
Settings on the Database Query Page 11-3
Changing Settings with the Database Query Page 11-4
Console and Telnet Setup 11-4
Settings on the Console/Telnet Page 11-5
Using Secure Shell 11-5
12 Special Configurations 12-1
Setting Up a Repeater Access Point 12-2
Using Hot Standby Mode 12-5
13 Diagnostics and Troubleshooting 13-1
Using Diagnostic Pages 13-2
Network Diagnostics Page 13-2
Selections on the Network Diagnostics Page 13-2
Network Ports Page 13-5
Identifying Information and Status 13-6
Data Received 13-6
Data Transmitted 13-7
Ethernet Port Page 13-7
AP Radio Page 13-9
Event Log Page 13-13
Display Settings 13-13
Cisco Aironet 1200 Series Access Point Software Configuration Guide
x
OL-2159-01
Log Headings 13-14
Saving the Log 13-14
Event Log Summary Page 13-14
Using Command-Line Diagnostics 13-15
Entering Diagnostic Commands 13-16
Diagnostic Command Results 13-17
:eap_diag1_on 13-17
:eap_diag2_on 13-18
:vxdiag_arpshow 13-18
:vxdiag_checkstack 13-20
:vxdiag_hostshow 13-21
:vxdiag_i 13-22
:vxdiag_ipstatshow 13-23
:vxdiag_memshow 13-24
:vxdiag_muxshow 13-25
:vxdiag_routeshow 13-26
:vxdiag_tcpstatshow 13-27
:vxdiag_udpstatshow 13-28
Contents
APPENDIX
Tracing Packets 13-28
Reserving Access Point Memory for a Packet Trace Log File 13-28
Tracing Packets for Specific Devices 13-29
Tracing Packets for Ethernet and Radio Ports 13-30
Viewing Packet Trace Data 13-30
Packets Stored in a Log File 13-30
Packets Displayed on the CLI 13-31
Checking the Top Panel Indicators 13-31
Finding an Access Point by Blinking the Top Panel Indicators 13-33
Checking Basic Settings 13-34
SSID 13-34
WEP Keys 13-34
EAP Authentication Requires Matching 802.1x Protocol Drafts 13-34
Resetting to the Default Configuration 13-36
A Channels, Power Levels, and Antenna Gains A-1
Channels A-2
IEEE 802.11a A-2
IEEE 802.11b A-3
OL-2159-01
Maximum Power Levels and Antenna Gains A-3
IEEE 802.11a A-3
Cisco Aironet 1200 Series Access Point Software Configuration Guide
xi
Contents
IEEE 802.11b A-4
APPENDIX
APPENDIX
B Protocol Filter Lists B-1
C Event Log Messages C-1
Message Formats C-2
Default Format C-2
Cisco Emblem Format C-2
Message Descriptions C-4
Statuses and Reasons C-28
xii
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
Preface
The Cisco Aironet 1200 Series Access Point Software Configuration Guide describes how to configure
Cisco Aironet 1200 Series Access Points using the web-based management system. This manual also
briefly describes how to use the console-based management system.
Audience and Scope
This guide is for the network manager responsible for configuring a wireless network. Before using the
material in this guide, you should be familiar with some of the concepts and terminology of Ethernet and
wireless local area networking.
The scope of this guide is to provide the information you need to configure an access point, use the
access point management system to browse to other devices on a wireless network, and troubleshoot
problems with the access point that might arise.
Organization
This guide is organized into the following chapters:
OL-2159-05
Chapter 1, “Overview,” is a functional overview of the access point management system. It describes the
features of the management system and the access point’s role in a wireless network.
Chapter 2, “Using the Management Interfaces,” describes how to use the web-based and console-based
management interfaces.
Chapter 3, “Radio Configuration and Basic Settings,” describes how to configure the radios and basic
settings, including Ethernet.
Chapter 4, “Configuring VLANs,” defines virtual local area networks (VLANs) and provides
information about configuring and using them.
Chapter 5, “Configuring Filters and QoS,” defines quality of service (QoS) and provides information on
configuring QoS on your access point.
Chapter 6, “Configuring Proxy Mobile IP,” defines proxy Mobile IP and provides information on
configuring this feature on your access point.
Chapter 7, “Configuring Other Settings,” identifies and describes other configurable settings including
server and FTP settings.
Chapter 8, “Security Setup,” describes how to set up your access point’s security features.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
xiii
Conventions
Preface
Chapter 9, “Network Management,” describes how to browse to other devices on your network. The
chapter also describes how to use Cisco Discovery Protocol (CDP), assign a specific network port to a
MAC address, and how to enable wireless network accounting.
Chapter 10, “Managing Firmware and Configurations,” describes how to update firmware on your access
point and how to distribute firmware and configurations to other access points.
Chapter 11, “Management System Setup,” explains how to set up your access point to use Simple
Network Management Protocol (SNMP), Telnet, Secure Shell (SSH), or the console port to manage the
access point.
Chapter 12, “Special Configurations,” describes how to set up the access point in network roles other
than a root unit on a wired LAN. The chapter also includes information on Hot Standby mode.
Chapter 13, “Diagnostics and Troubleshooting,” describes the diagnostic pages in the access point’s
management system and provides troubleshooting procedures for basic problems you could encounter.
Appendix A, “Channels, Power Levels, and Antenna Gains,” lists the IEEE 802.11a and IEEE 802.11b
channels supported by the world’s regulatory domains as well as the maximum power levels and antenna
gains allowed per domain.
Appendix B, “Protocol Filter Lists,” lists the protocols you can select for filtering on the management
system’s Protocol Filters pages.
Appendix C, “Event Log Messages,” defines event log error messages and recommends corrective
action.
Conventions
This publication uses the following conventions to convey instructions and information:
Command descriptions use these conventions:
Notes, tips, and cautions use the following conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained
in this manual.
Tip Means the following are useful tips.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
• Commands and keywords are in boldface text.
xiv
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Preface
Related Publications
The following documents provide more information about access points and related products:
• Quick Start Guide: Cisco Aironet 1200 Series Access Points describes how to attach cables, power
on, and assign an IP address and default gateway for the access point.
• Cisco Aironet 1200 Series Access Point Hardware Installation Guide describes the access point’s
hardware features, its physical and performance characteristics, and how to mount the access point
on a wall, ceiling, or desktop. The Cisco Aironet 1200 Series Access Point Hardware Installation
Guide also contains regulatory information for the device.
• Cisco Secure Access Control Server for Windows 2000/NT Servers Version 2.6 User Guide provides
complete instructions for using Cisco Secure ACS, including steps for configuring Cisco Secure
ACS to support access points.
• Quick Start Guide: Cisco Aironet Wireless LAN Adapters describes how to install and configure PC
and PCI client adapter cards for use in a wireless LAN.
• Cisco Aironet Wireless LAN Adapter Installation and Configuration Guide provides hardware
features, physical and performance characteristics, and installation instructions for PC and PCI Card
client adapters. It also provides instructions for installing and using the wireless client adapter
utilities.
Related Publications
• Introduction to Mobile IP is a white paper, available on Cisco.com, that provides an explanation of
Mobile IP and how it is used in wired networks.
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical
resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
xv
Obtaining Documentation
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM
package, which may have shipped with your product. The Documentation CD-ROM is updated regularly
and may be more current than printed documentation. The CD-ROM package is available as a single unit
or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number
DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
Preface
• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
• Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA.) at 408 526-7208 or, elsewhere in
North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click
Feedback at the top of the page.
You can send your comments in e-mail to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
xvi
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Preface
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco
Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online
and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical
assistance.
Cisco TAC Website
The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC
website is available 24 hours a day, 365 days a year.
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you
have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Obtaining Technical Assistance
Opening a TAC Case
The online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and
P4 cases. (Your network is minimally impaired or you require product information). After you describe
your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution.
If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC
engineer.
For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet
access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2
cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is “down” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
OL-2159-05
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
xvii
Obtaining Additional Publications and Information
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as
ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
• Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new
and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking
Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design
Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco quarterly publication that provides the latest networking trends,
technology breakthroughs, and Cisco products and solutions to help industry professionals get the
most from their networking investment. Included are networking deployment and troubleshooting
tips, configuration examples, customer case studies, tutorials and training, certification information,
and links to numerous in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/go/packet
Preface
• iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet
business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
• Training—Cisco offers world-class networking training. Current offerings in network training are
listed at this URL:
http://www.cisco.com/en/US/learning/index.html
xviii
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
CHAPTER
1
Overview
Cisco Aironet access points are wireless LAN transceivers that serve as the center point of a stand-alone
wireless network or as the connection point between wireless and wired networks. In large installations,
wireless users within radio range of an access point can roam throughout a facility while maintaining
seamless, uninterrupted access to the network.
Your access point can contain two radios: a 2.4-GHz radio in an internal mini-PCI slot and a 5-GHz radio
module in an external, modified cardbus slot. The access point supports one radio of each type, but it
does not support two 2.4-GHz or two 5-GHz radios. You can configure the radios separately, using
different settings on each radio.
The access point uses a browser-based management system, but you can also configure the access point
using a terminal emulator, a Telnet session, Secure Shell (SSH), or Simple Network Management
Protocol (SNMP).
This chapter provides information on the following topics:
• Key Features, page 1-2
• Management Options, page 1-3
• Roaming Client Devices, page 1-3
• Network Configuration Examples, page 1-8
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-1
Key Features
Key Features
This section describes the key features of the access point firmware. The following are the key features
of this firmware version:
• Multiple IEEE 802.11 service set identifiers (SSIDs) allow you to create different levels of network
• Quality of service (QoS), which allows various devices on the network to communicate more
• Proxy Mobile IP provides a method for seamless inter-subnet roaming. When you enable proxy
Chapter 1 Overview
access and to access virtual LANs (VLANs).You can configure up to 16 separate SSIDs to support
up to 16 VLANs for each access point radio. Each VLAN can have a different wireless security
configuration so that the devices that support the latest Cisco security enhancements can exist
alongside legacy devices. This additional access point functionality enables a variety of users having
different security levels to access different parts of the network.
effectively. The access point now supports QoS for wireless Voice over IP (VoIP) telephones and
downlink prioritized channel access for streaming audio and video traffic. Filters can also be set to
prioritize traffic based on VLAN, VoIP address-based filters, protocol, or port.
Mobile IP on your access points, client devices that roam from one subnet to the next maintain their
IP address and session. The access point acts as a Mobile IP proxy for client devices that do not have
mobile IP software installed. The access informs the foreign agent router that the client has roamed
to another subnet, while the foreign agent directs the home agent to reroute packets to it.
• Centralized administrator authentication uses an AAA server to authenticate users if the user
administration feature is enabled on the access point. When a login is attempted, the AAA server
verifies the user login and passes back the appropriate privileges for the user or an administrator.
• Better handling of lost Ethernet links causes a number of actions to be executed when an access point
loses backbone connectivity:
–
No action—the access point continues to maintain associations with clients and manages traffic
between them, but traffic to the backbone is not passed. When the backbone is restored, the
access point begins passing traffic to and from the wired network.
–
Switch to repeater mode—the access point tries to connect to a root access point using any of
the configured SSIDs. If it cannot connect, all clients are disassociated and the access point
removes itself from the wireless network until connectivity is restored.
–
Shut the radio off—all clients are disassociated and the access point removes itself from the
wireless network until backbone connectivity is restored.
–
Restrict to SSID—the access point allows association using a restricted SSID (for administrator
troubleshooting and diagnosis purposes).
• Authentication server management includes two new features in release 12.01T1:
–
Display of active authentication servers—for each authentication type: 802.1x/LEAP, MAC, or
Admin Authentication (if enabled), the active server is identified by a green color.
–
Automatic return to primary authentication server—if the selected RADIUS server (primary) is
not reachable after a predetermined period of time-out and retries, the access point uses the next
server listed.
1-2
• Reporting access points that fail authentication with LEAP provides a passive method of detecting
rogue access points in a LEAP enabled network. It is passive because access points do not actively
look for or detect a rogue access point in the wireless network. Instead, the access point depends on
LEAP enabled clients to report rouge access points.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 1 Overview
• Secure Shell (SSH) support for providing a strong user authentication and encryption of
management traffic. SSH is a software package that provides a cryptographically secure
replacement for or an alternative to Telnet. It provides strong host-to-host and user authentication
as well as secure encrypted communications over a non secure network. The feature operates as
follows:
–
The SSH server on the access point listens to its TCP port 22 for requests.
–
When a request from a client is received, the access point sends a public key, supported cipher
specification details, and supported authentication type (password only) to the client.
–
The client generates a double encrypted session key and sends it to the access point along with
the chosen cipher specification.
–
The access point authenticates the client based on a user ID and password when the user
manager feature is enabled.
–
If authentication is successful, all management traffic between the client and access point is
encrypted using the session key.
Management Options
Management Options
You can use the access point management system through the following interfaces:
• A web-browser interface
• A command-line interface (CLI)
• Simple Network Management Protocol (SNMP)
The access point’s management system pages are organized the same way for the web- browser interface
and the CLI. The examples in this manual are all taken from the browser interface. Chapter 2, “Using
the Management Interfaces” provides a detailed description of each management option.
Roaming Client Devices
If you have more than one access point in your wireless LAN, wireless client devices can roam
seamlessly from one access point to another. The roaming functionality is based on signal quality, not
proximity. When a client’s signal quality drops, it roams to another access point.
Wireless LAN users are sometimes concerned when a client device stays associated to a distant access
point instead of roaming to a closer access point. However, if a client’s signal to a distant access point
remains strong, the client will not roam to a closer access point. If client devices checked constantly for
closer access points, the extra radio traffic would slow throughput on the wireless LAN.
Quality of Service Support
OL-2159-05
The access point now supports Cisco’s QoS, primarily in the area of wireless VoIP telephones from
Spectralink and Symbol Technologies Corporation. The access point also provides priority
classification, prioritized queueing, and prioritized channel access for other downlink IEEE 802.11
traffic such as streaming audio or video traffic.
With this software release, the access point does not include any QoS enhancements in Cisco IEEE
802.11 client software.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-3
Quality of Service Support
What is QoS?
QoS refers to the ability of a network to provide improved service to selected network traffic over various
underlying technologies including Ethernet and wireless LANs. In particular, QoS features provide
improved and more predictable network service by providing the following services:
• Improving loss characteristics
• Avoiding and managing network congestion
• Prioritizing service to different kinds of network traffic
• Shaping network traffic
• Setting traffic priorities across the network
Limitations and Restrictions
The QoS implementation on the access point has the following limitations and restrictions:
• Provides only prioritized QoS for downlink traffic on IEEE 802.11 links and does not support a
general purpose QoS signalling protocol, uniform admission control, guaranteed bandwidth, and
other features that are generally associated with parametized QoS.
Chapter 1 Overview
• Supports rudimentary admission control mechanisms for Spectralink and Symbol VoIP phones.
• Does not provide a method for prioritizing uplink traffic on IEEE 802.11 links.
• Does not offer 802.1X authentication for Symbol VoIP phones because those phones do not support
an 802.1X type such as LEAP or EAP-TLS.
• The DTIM beacon period must be small to support jitter-sensitive streaming multicast audio and
video applications.
• Supports IEEE 802.11e EDCF-like channel access prioritization but does not support IEEE 802.11e
QoS frame formats.
Related Documents
The following documents provide more detailed information pertaining to QoS design and
configuration:
• Cisco IOS Switching Services Configuration Guide
• Cisco Internetworking Design Guide
• Cisco Internetworking Technology Handbook
• Cisco IOS Quality of Service Solutions Command Reference, Version 12.2
• Cisco Internetworking Troubleshooting Guide
These documents are available on Cisco.com.
1-4
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 1 Overview
VLAN Support
Version 12.01T1 supports VLAN technology by mapping SSIDs to VLANs. With the multiple-SSID
capability, the access point can support up to 16 VLAN subnets.
What is a VLAN?
A switched network can be logically segmented into virtual local area networks (VLANs), on a physical
or geographical basis, or by functions, project teams, or applications. For example, all workstations and
servers used by a particular workgroup team can be connected to the same VLAN regardless of their
physical connections to the network or the fact that they might be intermingled with devices for other
teams. Reconfiguration of VLANs can be done through software rather than physically unplugging and
moving devices or wires.
A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. A VLAN
consists of a number of end systems, either hosts or network equipment (such as bridges and routers),
connected by a single bridging domain. The bridging domain is supported on various pieces of network
equipment, such as LAN switches that operate bridging protocols between them with a separate group
for each VLAN.
VLANs are created to provide the segmentation services traditionally provided by routers in LAN
configurations. Routers in VLAN topologies provide broadcast filtering, security, address
summarization, and traffic-flow management. None of the switches within the defined group will bridge
any frames, not even broadcast frames, between two VLANs. Several key issues must be considered
when designing and building switched LAN networks.
VLAN Support
• LAN segmentation
• Security
• Broadcast control
• Performance
• Network management
• Communication between VLANs
VLANs are extended into the wireless realm by adding IEEE 802.1Q tag awareness to the access point.
Frames destined for wireless LAN clients on different VLANs are transmitted by the access point
wirelessly on different SSIDs with different WEP keys. The only clients that can receive and process
packets are those with the correct WEP keys. Conversely, packets coming from a client associated with
a certain VLAN are 802.1Q tagged before they are forwarded onto the wired network.
Figure 1-1 illustrates the difference between traditional physical LAN segmentation and logical VLAN
segmentation with wireless devices connected.
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-5
VLAN Support
Figure 1-1 LAN Segmentation and VLAN Segmentation with Wireless Components
LAN 1
Catalyst
VLAN switch
VLAN segmentationTraditional LAN segmentation
VLAN 1
Chapter 1 Overview
VLAN 2 VLAN 3
SSID 0
Related Documents
Shared hub
LAN 2
Shared hub
LAN 3
Shared
hub
SSID 0 SSID 0 SSID 1 SSID 2 SSID 3
Floor 3
Floor 2
Floor 1
Catalyst
VLAN switch
Catalyst
VLAN switch
Trunk
port
SSID 1 = VLAN1
SSID 2 = VLAN2
SSID 3 = VLAN3
81652
The following documents provide more detailed information pertaining to VLAN design and
configuration:
• Cisco IOS Switching Services Configuration Guide
• Cisco Internetworking Design Guide
• Cisco Internetworking Technology Handbook
• Cisco Internetworking Troubleshooting Guide
Incorporating Wireless Devices into VLANs
A WLAN is generally deployed in an enterprise campus or branch office for increased efficiency and
flexibility. WLANs are one of the most effective methods for connecting to an enterprise network. With
version 12.01T1, you can configure your wireless devices to operate in a VLAN.
The basic wireless components of a VLAN consist of an access point and a set of clients associated to it
using wireless technology. The access point is physically connected through a trunk port to the network
switch on which the VLAN is configured. The physical connection to the VLAN switch is through the
access point’s Ethernet port.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-6
OL-2159-05
Chapter 1 Overview
A VLAN Example
VLAN Support
In fundamental terms, the key to configuring an access point to connect to a specific VLAN is by
configuring an SSID to map to that VLAN. Because VLANs are identified by a VLAN ID, it follows that
if an SSID on an access point is configured to map to a specific VLAN ID, a connection to the VLAN is
established. When this connection is made, associated wireless client devices having the same SSID are
able to access the VLAN through the access point. The VLAN processes data to and from the clients the
same way that it processes data to and from wired connections. The fact that the client is wireless has no
impact on the VLAN.
The VLAN feature now enables users to deploy wireless devices with greater efficiency and flexibility.
For example, one access point can now handle the specific requirements of multiple users having widely
varied network access and permissions. Without VLAN capability, multiple access points, one for each
VLAN, would have to be employed to serve classes of users based on the access and permissions they
were assigned.
The following simplified example shows how wireless devices can be used effectively in a VLAN
environment on a college campus. In this example, three levels of access are available through VLANs
configured on the physical network:
• Student access—lowest level of access; ability to access school’s intranet, obtain class schedules
and grades, make appointments, and perform other student-related activities
• Faculty access—medium level of access; ability to access internal files, read to and write from
student databases, access the intranet and Internet, and access internal information such as human
resources and payroll information
• Management access—highest level of access; ability to access all internal drives and files, and
perform management activities
In this scenario, a minimum of three VLAN connections would be required: one for each level of access
discussed above. The access point can handle up to 16 SSIDs; therefore, the following basic design could
be employed as shown in Table 1-1
.
Table 1-1 Access Level SSID and VLAN Assignment
Level of Access SSID VLAN ID
Student Student 01
Faculty Faculty 02
Management Management 03
Using this design, setting up the clients is based on the level of access each user requires. A typical
network diagram using this design would look like the one shown in Figure 1-2.
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-7
Network Configuration Examples
Figure 1-2 VLAN Example
Catalyst
VLAN switch
Catalyst
VLAN switch
Catalyst
VLAN switch
Router
VLAN segmentation
VLAN 01 VLAN 02
Chapter 1 Overview
VLAN 03
Trunk port
Access point SSID Student=VLAN 01,
Students
SSID: Student
Faculty
SSID: Faculty
Management
SSID: Management
Network Configuration Examples
This section describes the access point’s role in three common wireless network configurations. The
access point’s default configuration is as a root unit connected to a wired LAN or as the central unit in
an all-wireless network. The repeater role requires a specific configuration.
SSID Faculty=VLAN 02, and
SSID Management=VLAN 03.
81661
Root Unit on a Wired LAN
An access point connected directly to a wired LAN provides a connection point for wireless users. If
more than one access point is connected to the LAN, users can roam from one area of a facility to another
without losing their connection to the network. As users move out of range of one access point, they
automatically connect to the network (associate) through another access point. The roaming process is
seamless and transparent to the user. Figure 1-3 shows access points acting as root units on a wired LAN.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-8
OL-2159-05
Chapter 1 Overview
Network Configuration Examples
Figure 1-3 Access Points as Root Units on a Wired LAN
Access Point
(Root Unit)
Repeater Unit that Extends Wireless Range
Wired LAN
Access Point
(Root Unit)
65999
An access point can be configured as a stand-alone repeater to extend the range of your infrastructure or
to overcome an obstacle that blocks radio communication. The repeater forwards traffic between
wireless users and the wired LAN by sending packets to either another repeater or to an access point
connected to the wired LAN. The data is sent through the route that provides the best performance for
the client. You can set up either of the radios in your access point as a repeater, but one radio must be
set up as a root unit.
Figure 1-4 shows an access point acting as a repeater. Consult the Setting Up a Repeater Access Point,
chp 11 for instructions on setting up the access point as a repeater.
Note Non-Cisco client devices might have difficulty communicating with repeater access points.
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
1-9
Network Configuration Examples
Figure 1-4 Access Point as Repeater
Chapter 1 Overview
Access Point
(Root Unit)
Wired LAN
Access Point
(Repeater)
Central Unit in an All-Wireless Network
In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not
attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as
the focal point for communications, increasing the communication range of wireless users. Figure 1-5
shows an access point in an all-wireless network.
Figure 1-5 Access Point as Central Unit in All-Wireless Network
Access Point
(Root Unit)
66000
1-10
65998
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
CHAPTER
2
Using the Management Interfaces
This chapter describes the interfaces you can use to configure the access point. You can use a
web-browser interface, a command-line interface through a terminal emulator or a Telnet session, or a
Simple Network Management Protocol (SNMP) application. The access point’s management system
web pages are organized the same way for the web browser and command-line interfaces. The examples
in this manual show the web-browser interface.
This chapter contains the following sections:
• Using the Web-Browser Interface, page 2-2
• Using the Command-Line Interface, page 2-4
• Using SNMP, page 2-7
OL-2159-05
Cisco Aironet 1200 Series Access Point Software Configuration Guide
2-1
Using the Web-Browser Interface
Using the Web-Browser Interface
The web-browser interface contains management pages that you use to change access point settings,
upgrade and distribute firmware, and monitor and configure other wireless devices on the network.
Note The access point management system is fully compatible with Microsoft Internet Explorer versions 4.0
or later and Netscape Communicator versions 4.0 or later. Earlier versions of these browsers cannot use
all features of the management system.
Using the Web-Browser Interface for the First Time
Use the access point’s IP address to browse to the management system. See the Quick Start Guide: Cisco
Aironet 1200 Series Access Points for instructions on assigning an IP address to the access point.
Follow these steps to begin using the web-browser interface:
Step 1 Start the browser.
Chapter 2 Using the Management Interfaces
Step 2 Enter the access point’s IP address in the browser Location field (Netscape Communicator) or Address
field (Internet Explorer) and press Enter.
If the access point has not been configured, the Express Setup page appears. If the access point has been
configured, the Summary Status page appears.
Using the Management Pages in the Web-Browser Interface
The system management pages use consistent techniques to present and save configuration information.
Navigation buttons appear at the top of the page, and configuration action buttons appear at the bottom.
You use the navigation buttons to display other management pages, and you use the configuration action
buttons to save or cancel changes to the configuration.
Note It’s important to remember that clicking your browser’s Back button is the same as clicking Cancel: if
you make changes on a management page, your changes are not applied when you click Back. Changes
are only applied when you click Apply or OK.
Table 2-1 lists the page links and buttons that appear on most management pages.
Table 2-1 Common Buttons on Management Pages
2-2
Button/Link Description
Navigation Links
Home Displays the Summary Status page.
Map Opens the Map window, which contains links to every
management page.
Network Displays the Network Ports page.
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Loading...