Cisco Systems OL-17037-01 manual Embedded Access Points, Configuring the Switch for Authentication

Page 14

Chapter 7 Controlling Lightweight Access Points

Embedded Access Points

Configuring the Switch for Authentication

On the switch CLI, enter these commands to enable 802.1X authentication on a switch port:

Switch# configure terminal

Switch(config)# dot1x system-auth-control

Switch(config)# aaa new-model

Switch(config)# aaa authentication dot1x default group radius

Switch(config)# radius-server host ip_addr auth-port port acct-port port key key

Switch(config)# interface fastethernet2/1

Switch(config-if)#switchport mode access

Switch(config-if)#dot1x pae authenticator

Switch(config-if)#dot1x port-control auto

Switch(config-if)# end

Embedded Access Points

Controller software release 5.1 or later supports the AP801, which is the integrated access point on the Cisco 800 Series Integrated Services Routers (ISRs). This access point uses a Cisco IOS software image that is separate from the router Cisco IOS software image. It can operate as an autonomous access point that is configured and managed locally, or it can operate as a centrally managed access point utilizing the CAPWAP or LWAPP protocol. The AP801 is preloaded with both an autonomous Cisco IOS release and a recovery image for the unified mode.

Note Before you use an AP801 Series Lightweight Access Point with controller software release 5.2, you must upgrade the software in the Cisco 800 Series Integrated Services Router (ISR) to Cisco IOS Release 12.4(22)T.

When you want to use the AP801 with a controller, you must enable the recovery image for the unified mode on the access point by entering this CLI command on the router in privileged EXEC mode: service-modulewlan-ap 0 bootimage unified.

Note If the service-modulewlan-ap 0 bootimage unified command does not work successfully, make sure that the software license is still eligible.

After enabling the recovery image, enter this CLI command on the router to shut down and reboot the access point: service-modulewlan-ap 0 reload. After the access point reboots, it discovers the controller, downloads the full CAPWAP or LWAPP software release from the controller, and acts as a lightweight access point.

	Cisco Wireless LAN Controller Configuration Guide
7-14	OL-17037-01

Image 14

Contents Controlling Lightweight Access Points Controller Discovery Process Access Point Communication ProtocolsGuidelines for Using Capwap Page Config network master-base disable Verifying that Access Points Join the ControllerConfig network master-base enable Debugging Capwap Configuring Global Credentials for Access PointsViewing Capwap MTU Information Global Configuration All APs Details for Credentials Show ap summary Save configShow ap config general CiscoAP Configuring Authentication for Access Points Lwapp ap dot1x username username password passwordUsing the GUI to Configure Authentication for Access Points ControllerCisco Wireless LAN Controller Configuration Guide Using the CLI to Configure Authentication for Access Points Config ap dot1xuser add username user password password allConfig ap dot1xuser disable all CiscoAP AP Dot1x User Mode field shows CustomizedEmbedded Access Points Configuring the Switch for AuthenticationDns-server ipaddress Default-router ipaddress Ip dhcp pool poolnameAutonomous Access Points Converted to Lightweight Mode Reverting from Lightweight Mode to Autonomous Mode Using a Controller to Return to a Previous ReleaseAuthorizing Access Points Using MICs Authorizing Access PointsAuthorizing Access Points Using SSCs Authorizing Access Points Using LSCs Using the GUI to Configure LSCConfig certificate lsc ca-cert add delete Config certificate lsc enable disableConfig certificate lsc ca-server http//urlport/path Config certificate lsc other-params keysizeShow certificate lsc summary Config certificate lsc ap-provision auth-list add APmacaddrConfig certificate lsc ap-provision revert-cert retries Using the GUI to Authorize Access Points Show certificate lsc ap-provisionConfig auth-list add mic ssc lsc apmac apkey Using the CLI to Authorize Access PointsConfig auth-list ap-policy mic ssc lsc enable disable Show auth-listUsing Dhcp Option 43 and Dhcp Option Troubleshooting the Access Point Join ProcessControlling Lightweight Access Points Show ap config global Configuring the Syslog Server for Access PointsViewing Access Point Join Information Show ap join stats summary allJoined Converted Access Points Send Radio Core Dumps to Controller Debug ap enable disable command cmd CiscoAPShow ap crash-file Using the CLI to Retrieve Radio Core DumpsUsing the GUI to Upload Radio Core Dumps Using the CLI to Upload Radio Core Dumps Transfer upload startUploading Memory Core Dumps from Converted Access Points Using the GUI to Upload Access Point Core DumpsDisplay of MAC Addresses for Converted Access Points Using the CLI to Upload Access Point Core DumpsSupporting Oversized Access Point Images Config ap reset-button enable disable ap-nameallCisco Workgroup Bridges WGB ExampleGuidelines for Using WGBs Configure terminal Show dot11 association Sample WGB ConfigurationUsing the GUI to View the Status of Workgroup Bridges 11 Clients Detail 12 WGB Wired Clients Debug dhcp message enable Debug dhcp packet enable Using the CLI to View the Status of Workgroup BridgesUsing the CLI to Debug WGB Issues Debug dot11 mobile enable Debug dot11 state enableConfiguring Backup Controllers Using the GUI to Configure Backup Controllers 14 Global Configuration15 All APs Details for High Availability Using the CLI to Configure Backup Controllers Config advanced timers ap-discovery-timeout interval Config advanced timers auth-timeout intervalConfiguring Failover Priority for Access Points 130016 Global Configuration Using the CLI to View Failover Priority Settings EnabledConfiguring Country Codes Guidelines for Configuring Multiple Country CodesUsing the GUI to Configure Country Codes 19 All APs Details for Advanced Show country Using the CLI to Configure Country CodesShow country supported Show country channels Config 802.11a enable network config 802.11b enable network Controlling Lightweight Access Points Guidelines for Migration Migrating Access Points to the -U Regulatory DomainConfig country J3 Show ap migrateConfig ap migrate j52w52 all apname Using the W56 Band in Japan Dynamic Frequency SelectionOptimizing Rfid Tracking on Access Points Using the GUI to Optimize Rfid Tracking on Access Points20 802.11b/g/n Cisco APs Configure Config 802.11b enable CiscoAP Using the CLI to Optimize Rfid Tracking on Access PointsConfig ap monitor-mode tracking-opt CiscoAP Config advanced probe limit numprobes interval Configuring Probe Request ForwardingConfig advanced probe filter enable disable Show ap monitor-mode summaryInventory Performing a Link Test 22 All APs Details for InventoryUsing the GUI to Perform a Link Test Link Test Configuring Link Latency Using the CLI to Perform a Link TestUsing the GUI to Configure Link Latency 25 All APs Details for AdvancedUsing the CLI to Configure Link Latency Config ap link-latency enable disable CiscoAP allConfiguring Power over Ethernet Config ap link-latency reset CiscoAPUsing the GUI to Configure Power over Ethernet EPoE Power EPoE Mode 15.4 W Optimized 20 WCisco Wireless LAN Controller Configuration Guide Config ap power injector enable CiscoAP all override Using the CLI to Configure Power over EthernetConfig ap power injector enable CiscoAP all installed Debug ap command led flash seconds CiscoAP Configuring Flashing LEDsUsing the GUI to View Clients Viewing ClientsControlling Lightweight Access Points Viewing Clients 28 Search Clients 29 Clients Detail Using the CLI to View Clients AP MACS69 OL-17037-01