Main
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Organization
Conventions
xxii
this manual.
or loss of data.
Related Publications
Page
Overview
Features
Features Introduced in This Release
Japan Upgrade Utility
Multiple VLAN and Rate Limiting Support for Point-to-Multipoint Bridging
Client MFP Support
Regulatory Changes for Taiwan
Universal Workgroup Bridge
Management Options
Roaming Client Devices
Network Configuration Examples
Root Access Point
Repeater Access Point
Bridges
Workgroup Bridge
Central Unit in an All-Wireless Network
Access point
Using the Web-Browser Interface
Page
Using the Web-Browser Interface for the First Time
Using the Management Pages in the Web-Browser Interface
Using Action Buttons
Character Restrictions in Entry Fields
Enabling HTTPS for Secure Browsing
Page
Page
Page
Page
Page
Page
Page
Deleting an HTTPS Certificate
Using Online Help
Changing the Location of Help Files
Disabling the Web-Browser Interface
Page
Using the Command-Line Interface
Cisco IOS Command Modes
Getting Help
Abbreviating Commands
Using no and default Forms of Commands
Understanding CLI Messages
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands Through Keystrokes
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Opening the CLI with Telnet
Opening the CLI with Secure Shell
Page
Configuring the Access Point for the First Time
Before You Start
Resetting the Device to Default Settings
Resetting to Default Settings Using the MODE Button
Resetting to Default Settings Using the GUI
Resetting to Default Settings Using the CLI
Obtaining and Assigning an IP Address
Default IP Address Behavior
Connecting to the 1100 Series Access Point Locally
Connecting to the 1130 Series Access Point Locally
Connecting to the 1200, 1230, and 1240 Series Access Points Locally
Connecting to the 1300 Series Access Point/Bridge Locally
Default Radio Settings
Assigning Basic Settings
Page
Page
Page
Page
Page
Default Settings on the Express Setup Page
Configuring Basic Security Settings
Page
Page
Understanding Express Security Settings
Using VLANs
Express Security Types
Page
Express Security Limitations
Using the Express Security Page
4-22
CLI Configuration Examples
Example: No Security
4-23
Example: Static WEP
4-24
Example: EAP Authentication
4-25
Example: WPA
4-26
Configuring System Power Settings for 1130 and 1240 Series Access Points
Using the AC Power Adapter
Using a Switch Capable of IEEE 802.3af Power Negotiation
Using a Switch That Does Not Support IEEE 802.3af Power Negotiation
Using a Power Injector
Using the IP Setup Utility
Obtaining IPSU
Using IPSU to Find the Access Points IP Address
Assigning an IP Address Using the CLI
Using a Telnet Session to Access the CLI
Configuring the 802.1X Supplicant
Creating a Credentials Profile
Applying the Credentials to an Interface or SSID
Applying the Credentials Profile to the Wired Port
Applying the Credentials Profile to an SSID Used For the Uplink
Creating and Applying EAP Method Profiles
Page
Administering the Access PointWireless Device Access
Disabling the Mode Button
Preventing Unauthorized Access to Your Access Point
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Page
Protecting Enable and Enable Secret Passwords with Encryption
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Logging Into and Exiting a Privilege Level
Controlling Access Point Access with RADIUS
Default RADIUS Configuration
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Displaying the RADIUS Configuration
Controlling Access Point Access with TACACS+
Default TACACS+ Configuration
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Displaying the TACACS+ Configuration
Configuring Ethernet Speed and Duplex Settings
Configuring the Access Point for Wireless Network Management
Configuring the Access Point for Local Authentication and Authorization
Configuring the Authentication Cache and Profile
5-21
Configuring the Access Point to Provide DHCP Service
Setting up the DHCP Server
Page
Monitoring and Maintaining the DHCP Server Access Point
Show Commands
Clear Commands
Debug Command
Configuring the Access Point for Secure Shell
Understanding SSH
Configuring SSH
Configuring Client ARP Caching
Understanding Client ARP Caching
Optional ARP Caching
Configuring ARP Caching
Managing the System Time and Date
Understanding Simple Network Time Protocol
Configuring SNTP
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Page
Defining HTTP Access
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Page
Configuring a Login Banner
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
Migrating to Japan W52 Domain
Page
Verifying the Migration
Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging
CLI Command
Configuring Radio Settings
Enabling the Radio Interface
Configuring the Role in Radio Network
Page
Page
Universal Workgroup Bridge Mode
Configuring Dual-Radio Fallback
Radio Tracking
Fast Ethernet Tracking
MAC-Address Tracking
Bridge Features Not Supported
Configuring Radio Data Rates
Page
Page
Configuring Radio Transmit Power
Page
Limiting the Power Level for Associated Client Devices
Configuring Radio Channel Settings
Page
Page
Page
Dynamic Frequency Selection
CLI Commands
Confirming that DFS is Enabled
Configuring a Channel
Blocking Channels from DFS Selection
Configuring Location-Based Services
Understanding Location-Based Services
Configuring LBS on Access Points
Enabling and Disabling World Mode
Disabling and Enabling Short Radio Preambles
Configuring Transmit and Receive Antennas
Enabling and Disabling Gratuitous Probe Response
Disabling and Enabling Aironet Extensions
Configuring the Ethernet Encapsulation Transformation Method
Enabling and Disabling Reliable Multicast to Workgroup Bridges
Enabling and Disabling Public Secure Packet Forwarding
Configuring Protected Ports
Configuring the Beacon Period and the DTIM
Configure RTS Threshold and Retries
Configuring the Maximum Data Retries
Configuring the Fragmentation Threshold
Enabling Short Slot Time for 802.11g Radios
Performing a Carrier Busy Test
Configuring VoIP Packet Handling
Viewing VoWLAN Metrics
Viewing Voice Reports
Page
Viewing Wireless Client Reports
Viewing Voice Fault Summary
Configuring Voice QoS Settings
Configuring Voice Fault Settings
Page
Configuring Multiple SSIDs
Understanding Multiple SSIDs
Effect of Software Versions on SSIDs
Page
Configuring Multiple SSIDs
Default SSID Configuration
Creating an SSID Globally
Page
Viewing SSIDs Configured Globally
Using Spaces in SSIDs
Using a RADIUS Server to Restrict SSIDs
Configuring Multiple Basic SSIDs
Requirements for Configuring Multiple BSSIDs
Guidelines for Using Multiple BSSIDs
Configuring Multiple BSSIDs
Page
Displaying Configured BSSIDs
Assigning IP Redirection for an SSID
Guidelines for Using IP Redirection
Configuring IP Redirection
Including an SSID in an SSIDL IE
NAC Support for MBSSID
Page
Configuring NAC for MBSSID
7-16
Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol
STP Overview
350 Series Bridge Interoperability
Access Point/Bridge Protocol Data Units
Election of the Spanning-Tree Root
Spanning-Tree Timers
Creating the Spanning-Tree Topology
Spanning-Tree Interface States
Page
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
Configuring STP Features
Default STP Configuration
Configuring STP Settings
8-10
STP Configuration Examples
Root Bridge Without VLANs
8-11
Non-Root Bridge Without VLANs
Root Bridge with VLANs
This example shows the configuration of a root bridge with VLANs configured with STP enabled:
8-12
8-13
Non-Root Bridge with VLANs
This example shows the configuration of a non-root bridge with VLANs configured with STP enabled:
Displaying Spanning-Tree Status
Page
Page
Configuring an Access Point as a Local Authenticator
Understanding Local Authentication
Configuring a Local Authenticator
Guidelines for Local Authenticators
Configuration Overview
Configuring the Local Authenticator Access Point
Page
Page
Configuring Other Access Points to Use the Local Authenticator
Configuring EAP-FAST Settings
Configuring PAC Settings
PAC Expiration Times
Generating PACs Manually
Configuring an Authority ID
Configuring Server Keys
Possible PAC Failures Caused by Access Point Clock
Limiting the Local Authenticator to One Authentication Type
Unblocking Locked Usernames
Viewing Local Authenticator Statistics
Page
Using Debug Messages
Page
Configuring Cipher Suites and WEP
Understanding Cipher Suites and WEP
Configuring Cipher Suites and WEP
Creating WEP Keys
Page
WEP Key Restrictions
Example WEP Key Setup
Enabling Cipher Suites and WEP
Matching Cipher Suites with WPA and CCKM
Enabling and Disabling Broadcast Key Rotation
Page
Configuring Authentication Types
Understanding Authentication Types
Open Authentication to the Access Point
Shared Key Authentication to the Access Point
EAP Authentication to the Network
MAC Address Authentication to the Network
Combining MAC-Based, EAP, and Open Authentication
Using CCKM for Authenticated Clients
Using WPA Key Management
11-8
Figure 11-6 shows the WPA key management process.
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP
Page
Configuring Authentication Types
Assigning Authentication Types to an SSID
Page
Page
Configuring WPA Migration Mode
Configuring Additional WPA Settings
Setting a Pre-Shared Key
Configuring Group Key Updates
Configuring MAC Authentication Caching
Configuring Authentication Holdoffs, Timeouts, and Intervals
Creating and Applying EAP Method Profiles for the 802.1X Supplicant
Creating an EAP Method Profile
Applying an EAP Profile to the Fast Ethernet Interface
Applying an EAP Profile to an Uplink SSID
Matching Access Point and Client Device Authentication Types
Page
Page
Page
Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
Understanding WDS
Role of the WDS Device
Role of Access Points Using the WDS Device
Understanding Fast Secure Roaming
Page
Understanding Radio Management
Understanding Layer 3 Mobility
Understanding Wireless Intrusion Detection Services
Configuring WDS
Guidelines for WDS
Requirements for WDS
Configuration Overview
Configuring Access Points as Potential WDS Devices
Page
Page
Page
Page
Configuring Access Points to use the WDS Device
Configuring the Authentication Server to Support WDS
Page
Page
Page
Page
Configuring WDS Only Mode
Viewing WDS Information
Using Debug Messages
Configuring Fast Secure Roaming
Requirements for Fast Secure Roaming
Configuring Access Points to Support Fast Secure Roaming
Page
CLI Configuration Example
Configuring Management Frame Protection
Management Frame Protection
Overview
Protection of Unicast Management Frames
Protection of Broadcast Management Frames
Client MFP For Access Points in Root mode
Configuring Client MFP
Page
Configuring Radio Management
CLI Configuration Example
Configuring Access Points to Participate in WIDS
Configuring the Access Point for Scanner Mode
Configuring the Access Point for Monitor Mode
Displaying Monitor Mode Statistics
Configuring Monitor Mode Limits
Configuring an Authentication Failure Limit
Configuring WLSM Failover
Resilient Tunnel Recovery
Active/Standby WLSM Failover
Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS
Understanding RADIUS
RADIUS Operation
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Configuring Packet of Disconnect
Starting RADIUS Accounting m
Selecting the CSID Format
Configuring Settings for All RADIUS Servers
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
Configuring WISPr RADIUS Attributes
Displaying the RADIUS Configuration
RADIUS Attributes Sent by the Access Point
Page
Page
Configuring and Enabling TACACS+
Understanding TACACS+
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Page
Configuring VLANs
Understanding VLANs
Related Documents
Incorporating Wireless Devices into VLANs
Configuring VLANs
Configuring a VLAN
Page
Assigning Names to VLANs
Guidelines for Using VLAN Names
Creating a VLAN Name
Using a RADIUS Server to Assign Users to VLANs
Using a RADIUS Server for Dynamic Mobility Group Assignment
Viewing VLANs Configured on the Access Point
VLAN Configuration Example
Page
14-12
Table14-3 Results of Example Configuration Commands
VLAN 1 Interfaces VLAN 2 Interfaces VLAN 3 Interfaces
Page
Page
Configuring QoS
Understanding QoS for Wireless LANs
QoS for Wireless LANs Versus QoS on Wired LANs
Impact of QoS on a Wireless LAN
Precedence of QoS Settings
Using Wi-Fi Multimedia Mode
Configuring QoS
Configuration Guidelines
Configuring QoS Using the Web-Browser Interface
Page
Page
Page
The QoS Policies Advanced Page
QoS Element for Wireless Phones
IGMP Snooping
AVVID Priority Mapping
WiFi Multimedia (WMM)
Adjusting Radio Access Categories
Page
Optimized Voice Settings
Configuring Call Admission Control
Configuring the Radio
Enabling Admission Control
Troubleshooting Admission Control
QoS Configuration Examples
Giving Priority to Voice Traffic
Giving Priority to Video Traffic
Page
Page
Configuring Filters
Understanding Filters
Configuring Filters Using the CLI
Configuring Filters Using the Web-Browser Interface
Configuring and Enabling MAC Address Filters
Creating a MAC Address Filter
Page
Using MAC Address ACLs to Block or Allow Client Association to the Access Point
Page
ACL Logging
Configuring and Enabling IP Filters
Page
Creating an IP Filter
Configuring and Enabling Ethertype Filters
Creating an Ethertype Filter
Page
Page
Configuring CDP
Understanding CDP
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
Page
17-6
17-7
Page
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
Configuring SNMP
Default SNMP Configuration
Enabling the SNMP Agent
Configuring Community Strings
Specifying SNMP-Server Group Names
Configuring SNMP-Server Hosts
Configuring SNMP-Server Users
Configuring Trap Managers and Enabling Traps
Page
Setting the Agent Contact and Location Information
Using the snmp-server view Command
SNMP Examples
Page
Displaying SNMP Status
Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
Understanding Repeater Access Points
Configuring a Repeater Access Point
Default Configuration
Guidelines for Repeaters
Setting Up a Repeater
Aligning Antennas
Verifying Repeater Operation
Setting Up a Repeater As a LEAP Client
Setting Up a Repeater As a WPA Client
Understanding Hot Standby
Configuring a Hot Standby Access Point
Page
Page
Verifying Standby Operation
Understanding Workgroup Bridge Mode
Treating Workgroup Bridges as Infrastructure Devices or as Client Devices
Configuring a Workgroup Bridge for Roaming
Configuring a Workgroup Bridge for Limited Channel Scanning
Configuring the Limited Channel Set
Ignoring the CCX Neighbor List
Configuring a Client VLAN
Configuring Workgroup Bridge Mode
Page
The Workgroup Bridge in a Lightweight Environment
Guidelines for Using Workgroup Bridges in a Lightweight Environment
Page
Sample Workgroup Bridge Configuration
Managing Firmware and Configurations
Working with the Flash File System
Displaying Available File Systems
Setting the Default File System
Displaying Information About Files on a File System
Changing Directories and Displaying the Working Directory
Creating and Removing Directories
Copying Files
Deleting Files
Creating, Displaying, and Extracting tar Files
Creating a tar File
Displaying the Contents of a tar File
Extracting a tar File
Displaying the Contents of a File
Working with Configuration Files
Guidelines for Creating and Using Configuration Files
Configuration File Types and Location
Creating a Configuration File by Using a Text Editor
Copying Configuration Files by Using TFTP
Preparing to Download or Upload a Configuration File by Using TFTP
Downloading the Configuration File by Using TFTP
Uploading the Configuration File by Using TFTP
Copying Configuration Files by Using FTP
Preparing to Download or Upload a Configuration File by Using FTP
Downloading a Configuration File by Using FTP
Uploading a Configuration File by Using FTP
Copying Configuration Files by Using RCP
Preparing to Download or Upload a Configuration File by Using RCP
Downloading a Configuration File by Using RCP
Uploading a Configuration File by Using RCP
Clearing Configuration Information
Deleting a Stored Configuration File
Working with Software Images
Image Location on the Access Point
tar File Format of Images on a Server or Cisco.com
Copying Image Files by Using TFTP
Preparing to Download or Upload an Image File by Using TFTP
Downloading an Image File by Using TFTP
Uploading an Image File by Using TFTP
Copying Image Files by Using FTP
Preparing to Download or Upload an Image File by Using FTP
Downloading an Image File by Using FTP
Page
Uploading an Image File by Using FTP
Copying Image Files by Using RCP
Preparing to Download or Upload an Image File by Using RCP
Page
Downloading an Image File by Using RCP
Page
Uploading an Image File by Using RCP
Reloading the Image Using the Web Browser Interface
Browser HTTP Interface
Browser TFTP Interface
Page
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling and Enabling Message Logging
Setting the Message Display Destination Device
Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Limiting Syslog Messages Sent to the History Table and to SNMP
Setting a Logging Rate Limit
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Page
Displaying the Logging Configuration
Wireless Device Troubleshooting
Checking the Top Panel Indicators
22-3
Page
Page
Indicators on 1130 Series Access Points
Page
Page
Indicators on 1240 Series Access Points
Indicators on 1300 Outdoor Access Point/Bridges
Normal Mode LED Indications
Page
Power Injector
Checking Power
Low Power Condition
Checking Basic Settings
SSID
WEP Keys
Security Settings
Resetting to the Default Configuration
Using the MODE Button
Using the Web Browser Interface
Using the CLI
Reloading the Access Point Image
Using the MODE button
Using the Web Browser Interface
Browser HTTP Interface
Browser TFTP Interface
Using the CLI
Page
Obtaining the Access Point Image File
Obtaining TFTP Server Software
Page
A
Protocol Filters
Page
Page
Page
Page
Page
B
Supported MIBs
MIB List
Using FTP to Access the MIB Files
C
Error and Event Messages
Conventions
Software Auto Upgrade Messages
Association Management Messages
Unzip Messages
802.11 Subsystem Messages
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Inter-Access Point Protocol Messages
Local Authenticator Messages
Page
WDS Messages
Mini IOS Messages
Access Point/Bridge Messages
Cisco Discovery Protocol Messages
External Radius Server Error Messages
Page
GLOSSARY
A
B
C
D
E
F
G
I
M
O
P
Q
S
T
U
W
INDEX
Numerics
A
B
C
Page
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
Page
T
U
V
W
