Cisco Systems OL-17037-01 Authorizing Access Points Using LSCs, Using the GUI to Configure LSC

Page 19

Chapter 7 Controlling Lightweight Access Points

Autonomous Access Points Converted to Lightweight Mode

Authorizing Access Points Using LSCs

You can use an LSC if you want your own public key infrastructure (PKI) to provide better security, to have control of your certificate authority (CA), and to define policies, restrictions, and usages on the generated certificates.

The LSC CA certificate is installed on access points and controllers. You need to provision the device certificate on the access point. The access point gets a signed X.509 certificate by sending a certRequest to the controller. The controller acts as a CA proxy and receives the certRequest signed by the CA for the access point.

Note Access points that are configured for bridge mode are not supported.

Using the GUI to Configure LSC

Using the controller GUI, follow these steps to enable the use of LSC on the controller.

Step 1 Click Security > Certificate > LSC to open the Local Significant Certificates (LSC) page (see Figure 7-5).

Figure 7-5 Local Significant Certificates (LSC) Page

Step 2 Click the General tab.

Step 3 To enable LSC on the system, check the Enable LSC on Controller check box.

Step 4 In the CA Server URL field, enter the URL to the CA server. You can enter either a domain name or an IP address.

Step 5 In the Params fields, enter the parameters for the device certificate. The key size is a value from 384 to 2048 (in bits), and the default value is 2048.

Step 6 Click Apply to commit your changes.

 

 

Cisco Wireless LAN Controller Configuration Guide

 

 

 

 

 

 

OL-17037-01

 

 

7-19

 

 

 

 

 

Image 19
Contents Controlling Lightweight Access Points Guidelines for Using Capwap Access Point Communication ProtocolsController Discovery Process Page Config network master-base enable Verifying that Access Points Join the ControllerConfig network master-base disable Viewing Capwap MTU Information Configuring Global Credentials for Access PointsDebugging Capwap Global Configuration All APs Details for Credentials Show ap config general CiscoAP Save configShow ap summary Lwapp ap dot1x username username password password Configuring Authentication for Access PointsController Using the GUI to Configure Authentication for Access PointsCisco Wireless LAN Controller Configuration Guide Config ap dot1xuser add username user password password all Using the CLI to Configure Authentication for Access PointsAP Dot1x User Mode field shows Customized Config ap dot1xuser disable all CiscoAPConfiguring the Switch for Authentication Embedded Access PointsIp dhcp pool poolname Dns-server ipaddress Default-router ipaddressAutonomous Access Points Converted to Lightweight Mode Using a Controller to Return to a Previous Release Reverting from Lightweight Mode to Autonomous ModeAuthorizing Access Points Using SSCs Authorizing Access PointsAuthorizing Access Points Using MICs Using the GUI to Configure LSC Authorizing Access Points Using LSCsConfig certificate lsc other-params keysize Config certificate lsc enable disableConfig certificate lsc ca-server http//urlport/path Config certificate lsc ca-cert add deleteConfig certificate lsc ap-provision revert-cert retries Config certificate lsc ap-provision auth-list add APmacaddrShow certificate lsc summary Show certificate lsc ap-provision Using the GUI to Authorize Access PointsShow auth-list Using the CLI to Authorize Access PointsConfig auth-list ap-policy mic ssc lsc enable disable Config auth-list add mic ssc lsc apmac apkeyTroubleshooting the Access Point Join Process Using Dhcp Option 43 and Dhcp OptionControlling Lightweight Access Points Show ap join stats summary all Configuring the Syslog Server for Access PointsViewing Access Point Join Information Show ap config globalJoined Debug ap enable disable command cmd CiscoAP Converted Access Points Send Radio Core Dumps to ControllerUsing the GUI to Upload Radio Core Dumps Using the CLI to Retrieve Radio Core DumpsShow ap crash-file Transfer upload start Using the CLI to Upload Radio Core DumpsUsing the GUI to Upload Access Point Core Dumps Uploading Memory Core Dumps from Converted Access PointsUsing the CLI to Upload Access Point Core Dumps Display of MAC Addresses for Converted Access PointsConfig ap reset-button enable disable ap-nameall Supporting Oversized Access Point ImagesWGB Example Cisco Workgroup BridgesGuidelines for Using WGBs Configure terminal Using the GUI to View the Status of Workgroup Bridges Sample WGB ConfigurationShow dot11 association 11 Clients Detail 12 WGB Wired Clients Debug dot11 mobile enable Debug dot11 state enable Using the CLI to View the Status of Workgroup BridgesUsing the CLI to Debug WGB Issues Debug dhcp message enable Debug dhcp packet enableConfiguring Backup Controllers 14 Global Configuration Using the GUI to Configure Backup Controllers15 All APs Details for High Availability Using the CLI to Configure Backup Controllers Config advanced timers auth-timeout interval Config advanced timers ap-discovery-timeout interval1300 Configuring Failover Priority for Access Points16 Global Configuration Enabled Using the CLI to View Failover Priority SettingsGuidelines for Configuring Multiple Country Codes Configuring Country CodesUsing the GUI to Configure Country Codes 19 All APs Details for Advanced Show country supported Using the CLI to Configure Country CodesShow country Show country channels Config 802.11a enable network config 802.11b enable network Controlling Lightweight Access Points Show ap migrate Migrating Access Points to the -U Regulatory DomainConfig country J3 Guidelines for MigrationConfig ap migrate j52w52 all apname Dynamic Frequency Selection Using the W56 Band in JapanUsing the GUI to Optimize Rfid Tracking on Access Points Optimizing Rfid Tracking on Access Points20 802.11b/g/n Cisco APs Configure Config ap monitor-mode tracking-opt CiscoAP Using the CLI to Optimize Rfid Tracking on Access PointsConfig 802.11b enable CiscoAP Show ap monitor-mode summary Configuring Probe Request ForwardingConfig advanced probe filter enable disable Config advanced probe limit numprobes intervalInventory 22 All APs Details for Inventory Performing a Link TestUsing the GUI to Perform a Link Test Link Test Using the CLI to Perform a Link Test Configuring Link Latency25 All APs Details for Advanced Using the GUI to Configure Link LatencyConfig ap link-latency enable disable CiscoAP all Using the CLI to Configure Link LatencyConfig ap link-latency reset CiscoAP Configuring Power over EthernetEPoE Power EPoE Mode 15.4 W Optimized 20 W Using the GUI to Configure Power over EthernetCisco Wireless LAN Controller Configuration Guide Config ap power injector enable CiscoAP all installed Using the CLI to Configure Power over EthernetConfig ap power injector enable CiscoAP all override Viewing Clients Configuring Flashing LEDsUsing the GUI to View Clients Debug ap command led flash seconds CiscoAPControlling Lightweight Access Points Viewing Clients 28 Search Clients 29 Clients Detail AP MAC Using the CLI to View ClientsS69 OL-17037-01