Chapter 6 Configuring WLANs

Configuring Wireless LANs

Configuring a Timeout for Disabled Clients

You can configure a timeout for disabled clients. Clients who fail to authenticate three times when attempting to associate are automatically disabled from further association attempts. After the timeout period expires, the client is allowed to retry authentication until it associates or fails authentication and is excluded again. Use these commands to configure a timeout for disabled clients:

Enter config wlan blacklist wlan-id timeout to configure the timeout for disabled clients. Enter a timeout from 1 to 65535 seconds, or enter 0 to permanently disable the client.

Use the show wlan command to verify the current timeout.

Assigning Wireless LANs to VLANs

Use these commands to assign a wireless LAN to a VLAN:

Enter this command to assign a wireless LAN to a VLAN:

config wlan vlan wlan-id { default untagged vlan-id controller-vlan-ip-address vlan-netmask vlan-gateway }

Use the default option to assign the wireless LAN to the VLAN configured on the network port.

Use the untagged option to assign the wireless LAN to VLAN 0.

Use the vlan-id, controller-vlan-ip-address, vlan-netmask, and vlan-gateway options to assign the wireless LAN to a specific VLAN and to specify the controller VLAN IP address, the local IP netmask for the VLAN, and the local IP gateway for the VLAN.

Enter show wlan to verify VLAN assignment status.

Note Cisco recommends that you assign one set of VLANs for wireless LANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic.

To remove a VLAN assignment from a wireless LAN, use this command: config wlan vlan wlan-iduntagged

Configuring Layer 2 Security

This section explains how to assign Layer 2 security settings to wireless LANs.

Dynamic 802.1X Keys and Authorization

Cisco Wireless LAN Controllers can control 802.1X dynamic WEP keys using EAP (extensible authentication protocol) across access points, and support 802.1X dynamic key settings for wireless LANs.

Enter show wlan wlan-idto check the security settings of each wireless LAN. The default security setting for new wireless LANs is 802.1X with dynamic keys enabled. To maintain robust Layer 2 security, leave 802.1X configured on your wireless LANs.

To disable or enable the 802.1X configuration, use this command: config wlan security 802.1X {enable disable} wlan-id

Cisco Wireless LAN Controller Configuration Guide

6-4

OL-8335-02

 

 

Page 130
Image 130
Cisco Systems 3.2 Assigning Wireless LANs to VLANs, Configuring Layer 2 Security, Dynamic 802.1X Keys and Authorization