Cisco OL-29225-01 User Manual
Cisco IOS Configuration Guide for
Autonomous Cisco Aironet Access Points
Cisco IOS Release 15.3(3)JAB
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.
Text Part Number: OL-31535-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points
© 1992-2014 Cisco Systems, Inc. All rights reserved.
1
Preface xix
Audience i-xix
Purpose i-xix
Configuration Procedures and Examples i-xx
Organization i-xx
Conventions i-xxii
Related Publications i-xxii
CONTENTS
CHAPTER
Obtaining Documentation, Obtaining Support, and Security Guidelines i-xxiii
1 Overview of Access Point Features 1-1
Radios in Access Points 1-1
New Features and Platforms in this Release 1-2
New Access Point Platforms Supported 1-2
Support for Cisco Aironet 3700 Series access point 1-2
Support for Cisco Aironet 2700 Series access point 1-2
Support for Cisco Aironet 1700 Series access point 1-3
New Features 1-3
Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points 1-3
Automatic Configuring of the Access Point 1-4
Support for L2TPv3 1-4
Configuration and CLI Changes in this Release 1-4
Management Options 1-4
Roaming Client Devices 1-5
Network Configuration Examples 1-5
Root Access Point 1-5
Repeater Access Point 1-6
Bridges 1-7
Workgroup Bridge 1-7
Central Unit in an All-Wireless Network 1-8
CHAPTER
OL-29225-01
2 Using the Web-Browser Interface 2-1
Using the Web-Browser Interface for the First Time 2-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1
Contents
Using the Management Pages in the Web-Browser Interface 2-2
Using Action Buttons 2-3
Character Restrictions in Entry Fields 2-4
Enabling HTTPS for Secure Browsing 2-5
Deleting an HTTPS Certificate 2-7
Using Online User Guides 2-7
Disabling the Web-Browser Interface 2-7
CHAPTER
3 Using the Command-Line Interface 3-1
Cisco IOS Command Modes 3-2
Getting Help 3-3
Abbreviating Commands 3-3
Using the no and Default Forms of Commands 3-4
Understanding CLI Messages 3-4
Using Command History 3-4
Changing the Command History Buffer Size 3-5
Recalling Commands 3-5
Disabling the Command History Feature 3-5
Using Editing Features 3-6
Enabling and Disabling Editing Features 3-6
Editing Commands Through Keystrokes 3-6
Editing Command Lines that Wrap 3-7
Searching and Filtering Output of show and more Commands 3-8
Accessing the CLI 3-9
Opening the CLI with Telnet 3-9
Opening the CLI with Secure Shell 3-9
CHAPTER
2
4 Configuring the Access Point for the First Time 4-1
Before You Start 4-1
Resetting the Device to Default Settings 4-2
Resetting to Default Settings Using the MODE Button 4-2
Resetting to Default Settings Using the GUI 4-2
Resetting to Default Settings Using the CLI 4-3
Logging into the Access Point 4-3
Obtaining and Assigning an IP Address 4-4
Default IP Address Behavior 4-5
Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points Locally 4-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Connecting to the 1550 Series Access Point Locally 4-5
Default Radio Settings 4-6
Assigning Basic Settings 4-6
Default Settings on the Easy Setup Page 4-10
Understanding the Security Settings 4-11
Using VLANs 4-12
Security Types for an SSID 4-12
Limitations of Security Settings 4-14
CLI Configuration Examples 4-15
Configuring System Power Settings Access Points 4-21
Using the AC Power Adapter 4-21
Using a Switch Capable of IEEE 802.3af Power Negotiation 4-21
Using a Switch That Does Not Support IEEE 802.3af Power Negotiation 4-22
Using a Power Injector 4-22
dot11 extension power native Command 4-22
Contents
Support for 802.11n Performance on 1250 Series Access Points with Standard 802.3af PoE 4-22
1250 Series Power Modes 4-22
Support for 802.11ac 4-23
Channel Widths for 802.11ac 4-23
Power Management for 802.11ac 4-24
Assigning an IP Address Using the CLI 4-25
Using a Telnet Session to Access the CLI 4-25
Configuring the 802.1X Supplicant 4-26
Creating a Credentials Profile 4-26
Applying the Credentials to an Interface or SSID 4-27
Applying the Credentials Profile to the Wired Port 4-27
Applying the Credentials Profile to an SSID Used For the Uplink 4-27
Creating and Applying EAP Method Profiles 4-28
Configuring IPv6 4-28
Configuring DHCPv6 address 4-30
IPv6 Neighbor Discovery 4-30
Configuring IPv6 Access Lists 4-32
RADIUS Configuration 4-32
IPv6 WDS Support 4-32
CDPv6 Support: 4-33
RA filtering 4-34
OL-29225-01
Automatic Configuring of the Access Point 4-34
Enabling Autoconfig 4-34
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
3
Contents
Prepare a Configuration Information File 4-34
Enable environmental variables 4-35
Schedule the Configuration Information File Download 4-35
Enabling Autoconfig via a Boot File 4-36
Checking the Autoconfig Status 4-36
Debugging Autoconfig 4-37
CHAPTER
5 Administrating the Access Point 5-1
Disabling the Mode Button 5-2
Preventing Unauthorized Access to Your Access Point 5-3
Protecting Access to Privileged EXEC Commands 5-3
Default Password and Privilege Level Configuration 5-4
Setting or Changing a Static Enable Password 5-4
Protecting Enable and Enable Secret Passwords with Encryption 5-6
Configuring Username and Password Pairs 5-7
Configuring Multiple Privilege Levels 5-8
Setting the Privilege Level for a Command 5-9
Logging Into and Exiting a Privilege Level 5-9
Configuring Easy Setup 5-10
Configuring Spectrum Expert Mode 5-11
Controlling Access Point Access with RADIUS 5-12
Default RADIUS Configuration 5-12
Configuring RADIUS Login Authentication 5-12
Defining AAA Server Groups 5-14
Configuring RADIUS Authorization for User Privileged Access and
Network Services
5-16
Displaying the RADIUS Configuration 5-17
Controlling Access Point Access with TACACS+ 5-17
Default TACACS+ Configuration 5-17
Configuring TACACS+ Login Authentication 5-17
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-19
Displaying the TACACS+ Configuration 5-19
Configuring Ethernet Speed and Duplex Settings 5-20
Configuring the Access Point for Wireless Network Management 5-20
Configuring the Access Point for Local Authentication and Authorization 5-21
Configuring the Authentication Cache and Profile 5-22
Configuring the Access Point to Provide DHCP Service 5-24
Setting up the DHCP Server 5-24
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
4
OL-29225-01
Monitoring and Maintaining the DHCP Server Access Point 5-26
Show Commands 5-26
Clear Commands 5-26
Debug Command 5-27
Configuring the Access Point for Secure Shell 5-27
Understanding SSH 5-27
Configuring SSH 5-27
Support for Secure Copy Protocol 5-28
Configuring Client ARP Caching 5-28
Understanding Client ARP Caching 5-28
Optional ARP Caching 5-29
Configuring ARP Caching 5-29
Managing the System Time and Date 5-29
Understanding Simple Network Time Protocol 5-30
Configuring SNTP 5-30
Configuring Time and Date Manually 5-30
Setting the System Clock 5-31
Displaying the Time and Date Configuration 5-32
Configuring the Time Zone 5-32
Configuring Summer Time (Daylight Saving Time) 5-33
Contents
CHAPTER
Defining HTTP Access 5-35
Configuring a System Name and Prompt 5-35
Default System Name and Prompt Configuration 5-35
Configuring a System Name 5-36
Understanding DNS 5-36
Default DNS Configuration 5-37
Setting Up DNS 5-37
Displaying the DNS Configuration 5-38
Creating a Banner 5-38
Default Banner Configuration 5-38
Configuring a Message-of-the-Day Login Banner 5-38
Configuring a Login Banner 5-40
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode 5-41
6 Configuring Radio Settings 6-1
Enabling the Radio Interface 6-2
Configuring the Role in Radio Network 6-3
Universal Workgroup Bridge Mode 6-6
Point-to-point and Multi Point bridging support for 802.11n platforms 6-6
OL-29225-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
5
Contents
Configuring Dual-Radio Fallback 6-7
Radio Tracking 6-8
Fast Ethernet Tracking 6-8
MAC-Address Tracking 6-8
Configuring Radio Data Rates 6-9
Access Points Send Multicast and Management Frames at Highest Basic Rate 6-9
Configuring MCS Rates 6-12
Configuring Radio Transmit Power 6-13
Limiting the Power Level for Associated Client Devices 6-15
Configuring Radio Channel Settings 6-15
Channel Widths for 802.11n 6-16
Dynamic Frequency Selection 6-17
Radar Detection on a DFS Channel 6-19
CLI Commands 6-19
Confirming that DFS is Enabled 6-19
Configuring a Channel 6-20
Blocking Channels from DFS Selection 6-20
Setting the 802.11n Guard Interval 6-21
Enabling and Disabling World Mode 6-22
Disabling and Enabling Short Radio Preambles 6-22
Configuring Transmit and Receive Antennas 6-23
Enabling and Disabling Gratuitous Probe Response 6-25
Disabling and Enabling Aironet Extensions 6-25
Configuring the Ethernet Encapsulation Transformation Method 6-26
Enabling and Disabling Reliable Multicast to Workgroup Bridges 6-27
Enabling and Disabling Public Secure Packet Forwarding 6-29
Configuring Protected Ports 6-30
Configuring the Beacon Period and the DTIM 6-31
Configure RTS Threshold and Retries 6-31
Configuring the Maximum Data Packet Retries 6-32
Configuring the Fragmentation Threshold 6-33
Enabling Short Slot Time for 802.11g Radios 6-33
Performing a Carrier Busy Test 6-34
Configuring VoIP Packet Handling 6-34
Configuring ClientLink 6-37
Using the CLI to Configure ClientLink 6-38
Debugging Radio Functions 6-38
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
6
OL-29225-01
802.11r Configuration 6-39
Contents
CHAPTER
7 Configuring Multiple SSIDs 7-1
Understanding Multiple SSIDs 7-2
Configuring Multiple SSIDs 7-3
Creating an SSID Globally 7-3
Viewing SSIDs Configured Globally 7-5
Using a RADIUS Server to Restrict SSIDs 7-5
Configuring Multiple Basic SSIDs 7-6
Requirements for Configuring Multiple BSSIDs 7-6
Guidelines for Using Multiple BSSIDs 7-6
Configuring Multiple BSSIDs 7-7
CLI Configuration Example 7-8
Displaying Configured BSSIDs 7-8
Assigning IP Redirection for an SSID 7-8
Guidelines for Using IP Redirection 7-9
Configuring IP Redirection 7-10
Including SSIDL IE in an SSID Beacon 7-10
NAC Support for MBSSID 7-11
Configuring NAC for MBSSID 7-13
CHAPTER
8 Configuring Spanning Tree Protocol 8-1
Understanding Spanning Tree Protocol 8-2
STP Overview 8-2
Access Point/Bridge Protocol Data Units 8-3
Election of the Spanning-Tree Root 8-4
Spanning-Tree Timers 8-4
Creating the Spanning-Tree Topology 8-5
Spanning-Tree Interface States 8-5
Blocking State 8-6
Listening State 8-7
Learning State 8-7
Forwarding State 8-7
Disabled State 8-7
Configuring STP Features 8-8
Default STP Configuration 8-8
Configuring STP Settings 8-9
STP Configuration Examples 8-10
Root Bridge Without VLANs 8-10
OL-29225-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
7
Contents
Non-Root Bridge Without VLANs 8-11
Root Bridge with VLANs 8-12
Non-Root Bridge with VLANs 8-14
Displaying Spanning-Tree Status 8-16
CHAPTER
CHAPTER
9 Configuring an Access Point as a Local Authenticator 9-1
Understanding Local Authentication 9-2
Configuring a Local Authenticator 9-2
Guidelines for Local Authenticators 9-3
Configuration Overview 9-3
Configuring the Local Authenticator Access Point 9-3
Configuring Other Access Points to Use the Local Authenticator 9-6
Configuring EAP-FAST Settings 9-7
Configuring PAC Settings 9-7
Configuring an Authority ID 9-8
Configuring Server Keys 9-8
Possible PAC Failures Caused by Access Point Clock 9-8
Limiting the Local Authenticator to One Authentication Type 9-9
Unblocking Locked Usernames 9-9
Viewing Local Authenticator Statistics 9-9
Using Debug Messages 9-10
10 Configuring WLAN Authentication and Encryption 10-1
CHAPTER
8
Understanding Authentication and Encryption Mechanisms 10-2
Understanding Encryption Modes 10-6
Configuring Encryption Modes 10-7
Creating Static WEP Keys 10-8
WEP Key Restrictions 10-9
Example WEP Key Setup 10-9
Enabling Cipher Suites 10-10
Matching Cipher Suites with WPA or CCKM 10-11
Enabling and Disabling Broadcast Key Rotation 10-13
11 Configuring Authentication Types 11-1
Understanding Authentication Types 11-2
Open Authentication to the Access Point 11-2
WEP Shared Key Authentication to the Access Point 11-3
EAP Authentication to the Network 11-4
MAC Address Authentication to the Network 11-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Combining MAC-Based, EAP, and Open Authentication 11-6
Using CCKM for Authenticated Clients 11-6
Using WPA Key Management 11-7
Configuring Authentication Types 11-9
Assigning Authentication Types to an SSID 11-9
Configuring WPA Migration Mode for Legacy WEP SSIDs 11-13
Configuring Additional WPA Settings 11-14
Configuring MAC Authentication Caching 11-15
Configuring Authentication Holdoffs, Timeouts, and Intervals 11-16
Creating and Applying EAP Method Profiles for the 802.1X Supplicant 11-17
Creating an EAP Method Profile 11-18
Applying an EAP Profile to the Fast Ethernet Interface 11-18
Applying an EAP Profile to an Uplink SSID 11-20
Matching Access Point and Client Device Authentication Types 11-20
Guest Access Management 11-23
Guest Account Creation 11-24
Customized Guest Access Pages 11-25
Contents
CHAPTER
12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection
Services
12-1
Understanding WDS 12-2
Role of the WDS Device 12-2
Role of Access Points Using the WDS Device 12-3
Understanding Fast Secure Roaming 12-3
Understanding Wireless Intrusion Detection Services 12-4
Configuring WDS 12-5
Guidelines for WDS 12-6
Requirements for WDS 12-6
Configuration Overview 12-6
Configuring Access Points as Potential WDS Devices 12-7
CLI Configuration Example 12-9
Configuring Access Points to use the WDS Device 12-10
CLI Configuration Example 12-11
Configuring the Authentication Server to Support WDS 12-12
Configuring WDS Only Mode 12-14
Viewing WDS Information 12-15
Using Debug Messages 12-16
OL-29225-01
Configuring Fast Secure Roaming 12-17
Requirements for Fast Secure Roaming 12-17
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
9
Contents
Configuring Access Points to Support Fast Secure Roaming 12-18
CLI Configuration Example 12-20
Support for 802.11r 12-20
Configuring Management Frame Protection 12-21
Management Frame Protection 12-21
Client MFP Overview 12-21
Client MFP For Access Points in Root mode 12-22
Configuring Client MFP 12-23
Protection of Management Frames with 802.11w 12-24
Configuring Radio Management 12-25
CLI Configuration Example 12-25
Configuring Access Points to Participate in WIDS 12-26
Configuring the Access Point for Scanner Mode 12-26
Configuring the Access Point for Monitor Mode 12-26
Displaying Monitor Mode Statistics 12-27
Configuring Monitor Mode Limits 12-28
Configuring an Authentication Failure Limit 12-28
CHAPTER
13 Configuring RADIUS and TACACS+ Servers 13-1
Configuring and Enabling RADIUS 13-1
Understanding RADIUS 13-2
RADIUS Operation 13-2
Configuring RADIUS 13-4
Default RADIUS Configuration 13-4
Identifying the RADIUS Server Host 13-5
Configuring RADIUS Login Authentication 13-7
Defining AAA Server Groups 13-9
Configuring RADIUS Authorization for User Privileged Access and Network Services 13-11
Configuring Packet of Disconnect 13-12
Selecting the CSID Format 13-13
Starting RADIUS Accounting 13-14
Configuring Settings for All RADIUS Servers 13-15
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes 13-16
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication 13-17
Configuring WISPr RADIUS Attributes 13-18
Displaying the RADIUS Configuration 13-19
RADIUS Attributes Sent by the Access Point 13-20
10
Configuring and Enabling TACACS+ 13-23
Understanding TACACS+ 13-23
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
TACACS+ Operation 13-24
Configuring TACACS+ 13-24
Default TACACS+ Configuration 13-25
Identifying the TACACS+ Server Host and Setting the Authentication Key 13-25
Configuring TACACS+ Login Authentication 13-26
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 13-27
Starting TACACS+ Accounting 13-28
Displaying the TACACS+ Configuration 13-29
Contents
CHAPTER
CHAPTER
14 Configuring VLANs 14-1
Understanding VLANs 14-2
Incorporating Wireless Devices into VLANs 14-3
Configuring VLANs 14-4
Configuring a VLAN 14-5
Assigning Names to VLANs 14-7
Guidelines for Using VLAN Names 14-7
Creating a VLAN Name 14-7
Using a RADIUS Server to Assign Users to VLANs 14-8
Viewing VLANs Configured on the Access Point 14-8
VLAN Configuration Example 14-10
15 Configuring QoS 15-1
Understanding QoS for Wireless LANs 15-2
QoS for Wireless LANs Versus QoS on Wired LANs 15-2
Impact of QoS on a Wireless LAN 15-2
Precedence of QoS Settings 15-3
Using Wi-Fi Multimedia Mode 15-4
Using Band Select 15-5
OL-29225-01
Configuring QoS 15-6
Configuration Guidelines 15-6
Configuring QoS Using the Web-Browser Interface 15-7
The QoS Policies Advanced Page 15-10
QoS Element for Wireless Phones 15-10
IGMP Snooping 15-11
AVVID Priority Mapping 15-11
WiFi Multimedia (WMM) 15-11
Rate Limiting 15-12
Adjusting Radio Access Categories 15-12
Configuring Nominal Rates 15-13
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
11
Contents
Optimized Voice Settings 15-14
CHAPTER
CHAPTER
16 Configuring Filters 16-1
Understanding Filters 16-2
Configuring Filters Using the CLI 16-2
Configuring Filters Using the Web-Browser Interface 16-3
Configuring and Enabling MAC Address Filters 16-3
Creating a MAC Address Filter 16-4
Using MAC Address ACLs to Block or Allow Client Association to the Access Point 16-6
Configuring MAC Address Authentication 16-8
Determining the source of MAC Authentication 16-9
Configuring the SSID for MAC Authentication 16-11
Creating a Time-Based ACL 16-12
ACL Logging 16-13
Configuring and Enabling IP Filters 16-13
Creating an IP Filter 16-14
Configuring and Enabling EtherType Filters 16-15
Creating an EtherType Filter 16-16
17 Configuring CDP 17-1
CHAPTER
Understanding CDP 17-2
Configuring CDP 17-2
Default CDP Configuration 17-2
Configuring the CDP Characteristics 17-2
Disabling and Enabling CDP 17-3
Disabling and Enabling CDP on an Interface 17-4
Monitoring and Maintaining CDP 17-5
Enabling CDP Logging 17-7
18 Configuring SNMP 18-1
Understanding SNMP 18-2
SNMP Versions 18-2
SNMP Manager Functions 18-3
SNMP Agent Functions 18-4
SNMP Community Strings 18-4
Using SNMP to Access MIB Variables 18-4
Configuring SNMP 18-5
Default SNMP Configuration 18-5
12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Enabling the SNMP Agent 18-6
Configuring Community Strings 18-6
Specifying SNMP-Server Group Names 18-8
Configuring SNMP-Server Hosts 18-8
Configuring SNMP-Server Users 18-8
Configuring Trap Managers and Enabling Traps 18-8
Setting the Agent Contact and Location Information 18-10
Using the snmp-server view Command 18-11
SNMP Examples 18-11
Displaying SNMP Status 18-12
Contents
CHAPTER
19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode 19-1
Understanding Repeater Access Points 19-2
Configuring a Repeater Access Point 19-3
Default Configuration 19-4
Guidelines for Repeaters 19-4
Setting Up a Repeater 19-5
Aligning Antennas 19-6
Verifying Repeater Operation 19-7
Setting Up a Repeater As a WPA2 Client 19-7
Setting Up a Repeater As a EAP-FAST Client 19-8
Understanding Hot Standby 19-9
Configuring a Hot Standby Access Point 19-10
Verifying Standby Operation 19-12
Understanding Workgroup Bridge Mode 19-13
Treating Workgroup Bridges as Infrastructure Devices or as Client Devices 19-14
Configuring a Workgroup Bridge for Roaming 19-15
Configuring a Workgroup Bridge for Limited Channel Scanning 19-16
Configuring the Limited Channel Set 19-16
Ignoring the CCX Neighbor List 19-16
Configuring a Client VLAN 19-17
OL-29225-01
Workgroup Bridge VLAN Tagging 19-17
Configuring Workgroup Bridge Mode 19-17
Using Workgroup Bridges in a Lightweight Environment 19-21
Guidelines for Using Workgroup Bridges in a Lightweight Environment 19-22
Sample Workgroup Bridge Association Verification 19-23
Enabling VideoStream Support on Workgroup Bridges 19-23
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
13
Contents
CHAPTER
20 Managing Firmware and Configurations 20-1
Working with the Flash File System 20-1
Displaying Available File Systems 20-2
Setting the Default File System 20-3
Displaying Information About Files on a File System 20-4
Changing Directories and Displaying the Working Directory 20-4
Creating and Removing Directories 20-4
Copying Files 20-5
Deleting Files 20-6
Creating, Displaying, and Extracting tar Files 20-6
Creating a tar File 20-6
Displaying the Contents of a tar File 20-7
Extracting a tar File 20-8
Displaying the Contents of a File 20-8
Working with Configuration Files 20-8
Guidelines for Creating and Using Configuration Files 20-9
Configuration File Types and Location 20-10
Creating a Configuration File by Using a Text Editor 20-10
Copying Configuration Files by Using TFTP 20-10
Preparing to Download or Upload a Configuration File by Using TFTP 20-11
Downloading the Configuration File by Using TFTP 20-11
Uploading the Configuration File by Using TFTP 20-11
Copying Configuration Files by Using FTP 20-12
Preparing to Download or Upload a Configuration File by Using FTP 20-13
Downloading a Configuration File by Using FTP 20-13
Uploading a Configuration File by Using FTP 20-14
Copying Configuration Files by Using RCP 20-15
Preparing to Download or Upload a Configuration File by Using RCP 20-16
Downloading a Configuration File by Using RCP 20-16
Uploading a Configuration File by Using RCP 20-17
Clearing Configuration Information 20-18
Deleting a Stored Configuration File 20-18
14
Working with Software Images 20-18
Image Location on the Access Point 20-19
tar File Format of Images on a Server or Cisco.com 20-19
Copying Image Files by Using TFTP 20-20
Preparing to Download or Upload an Image File by Using TFTP 20-20
Downloading an Image File by Using TFTP 20-20
Uploading an Image File by Using TFTP 20-22
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Copying Image Files by Using FTP 20-22
Preparing to Download or Upload an Image File by Using FTP 20-23
Downloading an Image File by Using FTP 20-24
Uploading an Image File by Using FTP 20-26
Copying Image Files by Using RCP 20-27
Preparing to Download or Upload an Image File by Using RCP 20-27
Downloading an Image File by Using RCP 20-29
Uploading an Image File by Using RCP 20-31
Reloading the Image Using the Web Browser Interface 20-32
Browser HTTP Interface 20-32
Browser TFTP Interface 20-33
Contents
CHAPTER
CHAPTER
21 Configuring L2TPv3 Over UDP/IP 21-1
Prerequisites 21-1
Configuring L2TP Class 21-2
Configuring Pseudowire Class 21-3
Relationship between L2TP Class and Pseudowire Class 21-4
Configuring the Tunnel interface 21-4
Configure Tunnel management Interface 21-4
Mapping SSID to the Tunnel/Xconnect 21-5
Configuring TCP mss adjust 21-6
Configuring UDP checksum 21-6
22 Configuring System Message Logging 22-1
Understanding System Message Logging 22-2
Configuring System Message Logging 22-2
System Log Message Format 22-2
Default System Message Logging Configuration 22-3
Disabling and Enabling Message Logging 22-4
Setting the Message Display Destination Device 22-5
Enabling and Disabling Timestamps on Log Messages 22-6
Enabling and Disabling Sequence Numbers in Log Messages 22-6
Defining the Message Severity Level 22-7
Limiting Syslog Messages Sent to the History Table and to SNMP 22-8
Setting a Logging Rate Limit 22-9
Configuring the System Logging Facility 22-10
OL-29225-01
Displaying the Logging Configuration 22-11
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
15
Contents
CHAPTER
23 Troubleshooting 23-1
Checking the LED Indicators 23-2
Checking Power 23-2
Low Power Condition 23-2
Checking Basic Settings 23-3
SSID 23-3
WEP Keys 23-3
Security Settings 23-3
Resetting to the Default Configuration 23-4
Using the MODE Button 23-4
Using the Web Browser Interface 23-5
Using the CLI 23-5
Reloading the Access Point Image 23-6
Using the MODE button 23-7
Using the Web Browser Interface 23-7
Browser HTTP Interface 23-8
Browser TFTP Interface 23-8
Using the CLI 23-9
Obtaining the Access Point Image File 23-11
Obtaining TFTP Server Software 23-11
APPENDIX
APPENDIX
APPENDIX
Image Recovery on the 1520 Access Point 23-11
A Protocol Filters A-1
B Supported MIBs B-1
MIB List B-1
Using FTP to Access the MIB Files B-2
C Error and Event Messages C-1
Conventions C-2
Software Auto Upgrade Messages C-3
Association Management Messages C-5
Unzip Messages C-6
System Log Messages C-7
802.11 Subsystem Messages C-8
Inter-Access Point Protocol Messages C-21
Local Authenticator Messages C-21
16
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
G
LOSSARY
Contents
WDS Messages C-24
Mini IOS Messages C-25
Access Point/Bridge Messages C-26
Cisco Discovery Protocol Messages C-26
External Radius Server Error Messages C-26
LWAPP Error Messages C-27
Sensor Messages C-28
SNMP Error Messages C-29
SSH Error Messages C-30
OL-29225-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
17
Contents
18
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Audience
Preface
This guide is for the networking professional who installs and manages Cisco Aironet Access Points in
Autonomous mode. To use this guide, you should have experience working with the Cisco IOS software
and be familiar with the concepts and terminology of wireless local area networks.
The guide covers Cisco IOS Releases 15.3(3)JAB. The following access point platforms are supported:
• AP 802
• AP 1040
• AP 1140
• AP 1260
• AP 1530
• AP 1550
• AP 1600
• AP 1700
• AP 2600
• AP 2700
• AP 3500
• AP 3600
• AP 3700
Note This guide does not cover lightweight access points. Configuration for these devices can be found in the
appropriate installation and configuration guides on Cisco.com.
Purpose
OL-30644-01
This guide provides the information you need to install and configure your access point. This guide
provides procedures for using the Cisco IOS software commands that have been created or changed for
use with the access point. It does not provide detailed information about these commands. For detailed
information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
-xix
Configuration Procedures and Examples
Points and Bridges for this release. For information about the standard Cisco IOS software commands,
refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support
> Documentation.
This guide also includes an overview of the access point web-based interface (APWI), which contains
all the functionality of the command-line interface (CLI). This guide does not provide field-level
descriptions of the APWI windows nor does it provide the procedures for configuring the access point
from the APWI. For all APWI window descriptions and procedures, refer to the access point online help,
which is available from the Help buttons on the APWI pages.
Configuration Procedures and Examples
The procedures and examples given in this guide have been documented as seen on the Cisco Aironet
3600 Series Access Points.
To view the latest configuration examples, visit Cisco Tech Zone(https://techzone.cisco.com). In the
Tech Zone Navigator, browse to Wireless LAN > Autonomous APs (IOS) - Knowledge base for
Autonomous (IOS) Wireless Deployments.
Note You need to have an account on Cisco.com to access Cisco Tech Zone. If you do not have an account,
you can create one by clicking Register Now on the Log In page.
Organization
This guide is organized into these chapters:
Chapter 1, “Overview of Access Point Features,” lists the software and hardware features of the access
point and describes the access point role in your network.
Chapter 2, “Using the Web-Browser Interface,” describes how to use the web-browser interface to
configure the access point.
Chapter 3, “Using the Command-Line Interface,” describes how to use the command-line interface (CLI)
to configure the access point.
Chapter 4, “Configuring the Access Point for the First Time,”describes how to configure basic settings
on a new access point.
Chapter 5, “Administrating the Access Point,” describes how to perform one-time operations to
administer your access point, such as preventing unauthorized access to the access point, setting the
system date and time, and setting the system name and prompt.
Chapter 6, “Configuring Radio Settings,” describes how to configure settings for the access point radio
such as the role in the radio network, transmit power, channel settings, and others.
Chapter 7, “Configuring Multiple SSIDs,” describes how to configure and manage multiple Service Set
Identifiers (SSIDs) and multiple basic SSIDs (BSSIDs) on your access point. You can configure up to
16 SSIDs and up to eight BSSIDs on your access point.
Chapter 8, “Configuring Spanning Tree Protocol,”describes how to configure Spanning Tree Protocol
(STP) on your access point, bridge, or access point operating in a bridge mode. STP prevents bridge
loops from occurring in your network.
-xx
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Organization
Chapter 9, “Configuring an Access Point as a Local Authenticator,” describes how to configure the
access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your
main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices.
Chapter 10, “Configuring WLAN Authentication and Encryption,” describes how to configure the cipher
suites required to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP
features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation.
Chapter 11, “Configuring Authentication Types,” describes how to configure authentication types on the
access point. Client devices use these authentication methods to join your network.
Chapter 12, “Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion
Detection Services,” describes how to configure the access point to participate in WDS, to allow fast
reassociation of roaming client services, and to participate in radio management.
Chapter 13, “Configuring RADIUS and TACACS+ Servers,” describes how to enable and configure the
RADIUS and Terminal Access Controller Access Control System Plus (TACACS+), which provide
detailed accounting information and flexible administrative control over authentication and
authorization processes.
Chapter 14, “Configuring VLANs,” describes how to configure your access point to interoperate with
the VLANs set up on your wired LAN.
Chapter 15, “Configuring QoS,” describes how to configure and manage MAC address, IP, and
EtherType filters on the access point using the web-browser interface.
Chapter 16, “Configuring Filters,” describes how to configure and manage MAC address, IP, and
EtherType filters on the access point using the web-browser interface.
Chapter 17, “Configuring CDP,” describes how to configure Cisco Discovery Protocol (CDP) on your
access point. CDP is a device-discovery protocol that runs on all Cisco network equipment.
Chapter 18, “Configuring SNMP,” describes how to configure the Simple Network Management
Protocol (SNMP) on your access point.
Chapter 19, “Configuring Repeater and Standby Access Points and Workgroup Bridge Mode,” describes
how to configure your access point as a hot standby unit or as a repeater unit.
Chapter 20, “Managing Firmware and Configurations,” describes how to manipulate the Flash file
system, how to copy configuration files, and how to archive (upload and download) software images.
Chapter 21, “Configuring L2TPv3 Over UDP/IP,” describes how to configure the Layer 2 Tunneling
Protocol (L2TPv3), which is a tunneling protocol that enables tunneling of Layer 2 packets over IP core
networks.
Chapter 22, “Configuring System Message Logging,” describes how to configure system message
logging on your access point.
Chapter 23, “Troubleshooting,”provides troubleshooting procedures for basic problems with the access
point.
Appendix A, “Protocol Filters,” lists some of the protocols that you can filter on the access point.
Appendix B, “Supported MIBs,” lists the Simple Network Management Protocol (SNMP) Management
Information Bases (MIBs) that the access point supports for this software release.
Appendix C, “Error and Event Messages,” lists the CLI error and event messages and provides an
explanation and recommended action for each message.
OL-30644-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
-xxi
Conventions
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Interactive examples use these conventions:
Notes, cautions, and timesavers use these conventions and symbols:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result equipment damage
or loss of data.
Tip Means the following will help you solve a problem. The tips information might not be troubleshooting
or even an action, but could be useful information.
Related Publications
• Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.3(3)JAB.
• For each of the supported access points, the following types of guides have been provided as
required on its respective support page on Cisco.com:
–
Access Point Getting Started Guide
–
Access Point Hardware Installation Guide (Only in cases where hardware installation is not
covered in the Getting Started Guide)
–
Installation Instructions for Cisco Aironet Power Injectors
–
Access Point Deployment Guide
-xxii
–
Cisco Aironet 802.11 a/b/g/n/ac Radio Installion and Upgrade Instructions
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Obtaining Documentation, Obtaining Support, and Security Guidelines
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly
What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
OL-30644-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
-xxiii
Obtaining Documentation, Obtaining Support, and Security Guidelines
-xxiv
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
CHA P T ER
1
Overview of Access Point Features
Cisco Aironet Access Points (hereafter called access points, or abbreviated as APs) provide a secure,
affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the
enterprise-class features required by networking professionals. With a management system based on
Cisco IOS software, Cisco Aironet access points are Wi-Fi certified, and depending on the specific
model are 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, 802.11n-compliant, and
802.11ac-compliant wireless LAN transceivers.
Note When booting up a 1530, 1700, or a 2700 series AP for the first time, it will boot up with a unified mode
software image. To deploy the AP in an autonomous network, use following command from the AP
console or telnet to force AP to reboot using autonomous mode software image.
capwap ap autonomous
For more information on software images on the AP, see Working with Software Images, page 20-18.
You can configure and monitor the wireless device using the command-line interface (CLI), the
browser-based management system, or Simple Network Management Protocol (SNMP).
This chapter contains the following sections:
• Radios in Access Points, page 1-1
• New Features and Platforms in this Release, page 1-2
• Management Options, page 1-4
• Roaming Client Devices, page 1-5
• Network Configuration Examples, page 1-5
Radios in Access Points
An access point serves as the connection point between wireless and wired networks or as the center
point of a stand-alone wireless network. In large installations, wireless users within the radio range of
an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the
network.
Each access point platform contains one, two, or three radios. For more information on the radios
supported by each access point model, see the corresponding Access Point Data Sheet.
OL-30644-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-1
New Features and Platforms in this Release
New Features and Platforms in this Release
For full information on the new features and updates to existing features in this release, see the Release
Notes for Autonomous Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.3(3)JA.
For the full list of CLI commands supported in this release, see the Cisco IOS Command Reference for
Autonomous Cisco Aironet Access Points and Bridges, Cisco IOS Release 15.3(3)JA.
Note The proxy Mobile-IP feature is not supported in Cisco IOS Release 12.3(2)JA and later.
New Access Point Platforms Supported
This release supports the following new access point platforms:
Support for Cisco Aironet 3700 Series access point
Chapter 1 Overview of Access Point Features
• This access point is built on 4x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, with integrated and
external antenna options, and supports 802.11a,b,g,n,ac.
• Supported models are 3700E and 3700I
• Supported operating modes are:
–
Root
–
Root Bridge
–
Non Root Bridge
–
Workgroup Bridge
–
Scanner
–
Spectrum
–
Repeater
Support for Cisco Aironet 2700 Series access point
• This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, with integrated and
external antenna options, and supports 802.11a,b,g,n,ac. This access point has both primary and
secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port.
The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access
port. You can configure the secondary port to a VLAN ID using the interface configuration
command bridge multiple-port client-vlan vlan-id
• Supported models are 2700E and 2700I
1-2
• Supported operating modes are:
–
Root
–
Root Bridge
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 1 Overview of Access Point Features
–
Non Root Bridge
–
Workgroup Bridge
–
Scanner
–
Spectrum
–
Repeater
Support for Cisco Aironet 1700 Series access point
• This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, and comes with
integrated antennas, and supports 802.11a,b,g,n,ac. This access point has both primary and
secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port.
The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access
port. You can configure the secondary port to a VLAN ID using the interface configuration
command bridge multiple-port client-vlan vlan-id
• Supported model is 1700I
• Supported operating modes are:
New Features and Platforms in this Release
–
Root
–
Root Bridge
–
Non Root Bridge
–
Workgroup Bridge
–
Scanner
–
Spectrum
–
Repeater
New Features
Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points
The 1550 series has four Ethernet ports – PoE-In port, PoE-Out port, Auxiliary port, and SFP Port. All
four ports are supported in the current release. This series also has an internal cable modem in the 1552C
and 1552CU models. The cable modem connects to the Auxiliary port.
You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You can set the
primary Ethernet port using the configuration command:
dot11 primary-ethernet-port port-number-0to3
You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary ports
can be set as access ports only. To configure the vlan-id in secondary ports, use the interface
configuration command bridge multiple-port client-vlan vlan-id
OL-30644-01
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
1-3
Management Options
Automatic Configuring of the Access Point
The Autoconfig feature of autonomous access points allows the AP to download its configuration,
periodically, from a Secure Copy Protocol (SCP) server. For more information, see Automatic
Configuring of the Access Point, page 4-34
Support for L2TPv3
Layer 2 Tunneling Protocol (L2TPv3), is a tunneling protocol that enables tunneling of Layer 2 packets
over IP core networks.
For detailed information, see Chapter 21, “Configuring L2TPv3 Over UDP/IP.”
Configuration and CLI Changes in this Release
The following updates and new additions have been made:
• For Cisco Aironet 2700 series access points, you can configure the secondary port to a VLAN ID
using the interface configuration command bridge multiple-port client-vlan vlan-id
• For Cisco Aironet 1550 series outdoor access points:
Chapter 1 Overview of Access Point Features
–
You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You
can set the primary Ethernet port using the configuration command:
dot11 primary-ethernet-port port-number-0to3
–
You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary
ports can be set as access ports only. To configure the vlan-id in secondary ports, use the
interface configuration command bridge multiple-port client-vlan vlan-id
• Removal of WPA/TKIP Configuration—Wi-Fi certified access points no longer support a
WPA/TKIP configuration. TKIP is only allowed in combination with WPA2/AES for backward
compatibility to allow older TKIP-only devices to associate.
–
Authentication key-management WPA version 1 will be changed to authentication
key-management WPA. The following message will be displayed:
Warning: WPA Version 1 no longer permitted by itself - WPA2 has been enabled
–
WPA version 1 option has been removed from the authentication key-management WPA CLI
and configuring TKIP only under this interface is not supported. It will be changed to aes-ccm
tkip to work on mixed mode with the following message on the ap console:
Warning: TKIP encryption no longer permitted by itself - AES-CCM has been enabled
Management Options
1-4
You can use the wireless device management system through the following interfaces:
• The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet
session. Use the interface dot11radio global configuration command to place the wireless device
into the radio configuration mode. Most of the examples in this manual are taken from the CLI.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Loading...