Cisco Systems OL-6217-01 manual Common Tasks

Page 14

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Implementing the Cisco SWAN Framework

When the encryption key negotiations are complete, the WDS reports all its registered infrastructure access points to the CiscoWorks WLSE for management. After the infrastructure access points are managed on the CiscoWorks WLSE, the CiscoWorks WLSE interrogates the infrastructure access points with SNMP to complete its internal inventory tables.

After the interrogation is complete, the Cisco SWAN framework is totally constructed and other advanced features are used.

The following is a check list for implementing the Cisco SWAN framework for the access point-basednWDS solution:

Configure the AAA server for infrastructure authentication

Configure the AAA server for WLAN client authentication

Prepare the CiscoWorks WLSE for managing the WLAN devices

Configure the WDS access point(s)

Configure the infrastructure access points

The following is a check list for implementing the Cisco SWAN framework for the switch-based WDS solution:

Configure the AAA server for infrastructure authentication

Configure the AAA server for WLAN client authentication

Prepare the CiscoWorks WLSE for managing the WLAN devices

Configure the WLSM

Configure the infrastructure access points

The following three subsections provide the details for each of these tasks. The first subsection focuses on the tasks common to both the access point-based WDS architecture and the switch-based WDS architecture. The second subsection covers in detail the tasks required with the access point-based WDS solution. The third subsection covers in detail the tasks required with the switch-based WDS solution.

Common Tasks

The required tasks common to both the switch-based and access point-based WDS solutions are:

Configuring the AAA server to support infrastructure authentication

Configuring the AAA server to support WLAN client authentication

Preparing the CiscoWorks WLSE for managing WLAN devices

Infrastructure authentication currently requires Cisco LEAP. Typically customers use CiscoSecure ACS for LEAP authentication. Both infrastructure and client authentication can use ACS. In many customer environments, AAA support for Cisco LEAP is not available for infrastructure authentication. As an alternative for infrastructure authentication, the local RADIUS server embedded in the access point IOS is used. This document reviews the steps to configure the ACS and the local RADIUS servers on the access point for infrastructure authentication. Other third-party AAA products support Cisco LEAP and may be used for infrastructure authentication. Configuration of third-party AAA products is beyond the scope of this document.

Configuring the CiscoSecure ACS Server for Infrastructure Authentication

To use the CiscoSecure ACS server for infrastructure authentication, you must complete the following tasks:

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

14

OL-6217-01

 

 

Page 13 Page 15
Image 14
Page 13 Page 15
Contents Corporate Headquarters Cisco Aironet 1400 Series Wireless Bridge Deployment Guide N T E N T S Contents Book Title Xxxxx-xx Audience Acroymns and Terms Cisco Swan Framework Overview Cisco Swan Layers Cisco Swan Logical View Shows the access point-based WDS solution Cisco Swan Framework Components WDS WlccpSoftware Components Hardware ComponentsImplementing the Cisco Swan Framework Common Tasks CiscoSecure ACS NAS Setup Adding Username and Password Credentials CiscoSecure ACS User Setup AAA-apconfig#radius-server local AAA-apconfig-radsrvuser username password passwordCiscoWorks Wlse Snmp Community Entry Screen CiscoWorks Wlse Telnet/SSH Credentials Entry Access Point-Based WDS Solution Configuration Configuring the WDS Access PointWds-apconfig#hostname hostname Wds-apconfig#username username password passwordWds-apconfig#wlccp wnm ip address wlse ip address Configuring the Infrastructure Access PointWds-apconfig#wlccp wds priority priority number Infra-apconfig#username username password password Managing the Access Points with the CiscoWorks WlseInfra-apconfig#hostname hostname Infra-apconfig-line#access-class access-list numberConfiguring the Catalyst 6500 Supervisor Switch-Based WDS Solution ConfigurationValidating the Configuration Wds-ap#show wlccp wds apConfiguring the WDS on the Wlsm Create the Vlan between the supervisor and WlsmWlsmconfig#snmp-server view iso iso included Wlsmconfig#hostname hostnameInfra-apconfig#wlccp ap wds ip address wlsm ip address Configuring the Infrastructure Access PointsWlsmconfig# wlccp wnm ip address wlse ip address Wlsm# show wlccp wnm status Validating the SetupWlsm# show wlccp wds ap Sup720# show mobility status Mobility apFast Secure Roaming with Cckm Infra-apconfig-if#encryption mode ciphers cipher-type When Using Multiple Encryption Types or VLANsInfra-apconfig#interface dot11Radio Infra-apconfig-if-ssid#authentication network-eap eap-groupConfiguring ACU to use Cckm Click Profile ManagementCisco Swan Radio Management Features Cisco Swan Framework Radio ManagementPreparing to Use Cisco Swan Radio Management Building Tool Pop-Up WindowCisco Swan Radio Management Features Page OL-6217-01
Top Page Image Contents