Chapter 6 Configuring WLANs

Configuring Wireless LANs

IPSec Passthrough

IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other IPSec equipment. IPSec Passthrough is also known as VPN Passthrough. Enter this command to enable IPSec Passthrough for a wireless LAN:

config wlan security passthru {enable disable} wlan-id gateway

For gateway, enter the IP address of the IPSec (VPN) passthrough gateway.

Enter show wlan to verify that the passthrough is enabled.

Web-Based Authentication

Wireless LANs can use web authentication if IPSec is not enabled on the controller. Web Authentication is simple to set up and use, and can be used with SSL to improve the overall security of the wireless LAN. Enter these commands to enable web authentication for a wireless LAN:

config wlan security web {enable disable} wlan-id

Enter show wlan to verify that web authentication is enabled.

Local Netuser

Cisco Wireless LAN Controllers have built-in network client authentication capability, similar to that provided by a RADIUS authentication server. Enter these commands to create a list of usernames and passwords allowed access to the wireless LAN:

Enter show netuser to display client names assigned to wireless LANs.

Enter config netuser add username password wlan-idto add a user to a wireless LAN.

Enter config netuser wlan-idusername wlan-idto add a user to a wireless LAN without specifying a password for the user.

Enter config netuser password username password to create or change a password for a particular user.

Enter config netuser delete username to delete a user from the wireless LAN.

Configuring Quality of Service

Cisco WLAN Solution wireless LANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic wireless LAN to use Platinum QoS, assign the low-bandwidth wireless LAN to use Bronze QoS, and assign all other traffic between the remaining QoS levels. Enter these commands to assign a QoS level to a wireless LAN:

config wlan qos wlan-id{bronze silver gold platinum}

Enter show wlan to verify that you have QoS properly set for each wireless LAN.

The wireless LAN QoS level (platinum, gold, silver, or bronze) defines a specific 802.11e user priority (UP) for over-the-air traffic. This UP is used to derive the over-the-wire priorities for non-WMM traffic, and it also acts as the ceiling when managing WMM traffic with various levels of priorities. The access point uses this QoS-profile-specific UP in accordance with the values in Table 6-1to derive the IP DSCP value that is visible on the wired LAN.

Cisco Wireless LAN Controller Configuration Guide

6-8

OL-8335-02

 

 

Page 134
Image 134
Cisco Systems 3.2 manual Configuring Quality of Service, IPSec Passthrough, Web-Based Authentication, Local Netuser