Cisco Systems 3.2 specification

Chapter 2 Using the Web-Browser and CLI Interfaces

Enabling Web and Secure Web Modes

	Follow these steps to load an externally generated HTTPS certificate:

Step 1	Use a password to encrypt the HTTPS certificate in a .PEM-encoded file. The PEM-encoded file is called
	a Web Administration Certificate file (webadmincert_name.pem).
Step 2	Move the webadmincert_name.pem file to the default directory on your TFTP server.
Step 3	In the CLI, enter transfer download start and answer n to the prompt to view the current download
	settings:
	>transfer download start
	Mode	TFTP
	Data Type	Admin Cert
	TFTP Server IP	xxx.xxx.xxx.xxx
	TFTP Path	<directory path>
	TFTP Filename
	Are you sure you want to start? (y/n) n
	Transfer Canceled
Step 4	Use these commands to change the download settings:
	>transfer download mode tftp
	>transfer download datatype webauthcert
	>transfer download serverip TFTP server IP address
	>transfer download path absolute TFTP server path to the update file
	>transfer download filename webadmincert_name.pem
Step 5	Enter the password for the .PEM file so the operating system can decrypt the Web Administration SSL
	key and certificate:

>transfer download certpassword private_key_password >Setting password to private_key_password

Step 6 Enter transfer download start to view the updated settings, and answer y to the prompt to confirm the current download settings and start the certificate and key download:

>transfer download start
Mode	TFTP
Data Type	Site Cert
TFTP Server IP	xxx.xxx.xxx.xxx
TFTP Path	directory path
TFTP Filename	webadmincert_name
Are you sure you want to start? (y/n) y

TFTP Webadmin cert transfer starting.

Certificate installed.

Please restart the switch (reset system) to use the new certificate.

Step 7 Enter this command to enable HTTPS:

>config network secureweb enable

Step 8 Save the SSL certificate, key, and secure web password to NVRAM (non-volatile RAM) so your changes are retained across reboots:

>save config

Are you sure you want to save? (y/n) y

Configuration Saved!

Cisco Wireless LAN Controller Configuration Guide

2-4	OL-8335-02

Image 52

Cisco Systems 3.2 manual Web Administration Certificate file webadmincertname.pem

Contents

Cisco Wireless LAN Controller Configuration Guide Corporate Headquarters Cisco Wireless LAN Controller Configuration Guide N T E N T S Iii Client Location Enabling Web and Secure Web Modes Configuring Ports Configuring the System for SpectraLink NetLink Telephones Vii QoS-Level5-17 ACL-Name5-17 Interface-Name5-18 VLAN-Tag5-18 Viii Using Dhcp Option 43 Radio Resource Monitoring Prerequisites Series Wireless LAN Controllers B-8 Xii Preface Xiii Audience PurposeOrganization Xiv Conventions Xvi Related Publications Obtaining DocumentationCisco.com Xvii Documentation Feedback Product Documentation DVDOrdering Documentation Xviii Cisco Product Security Overview Reporting Security Problems in Cisco ProductsXix Obtaining Technical Assistance Submitting a Service RequestCisco Technical Support & Documentation Website Obtaining Additional Publications and Information Definitions of Service Request SeverityXxi Xxii Overview Cisco Wireless LAN Solution Overview Cisco Wlan Solution Components Single-Controller Deployments Multiple-Controller Deployments Single-Controller Deployment Operating System Software Operating System Security Cisco Wlan Solution Wired Security Cisco Wireless LAN Controllers Configuration RequirementsLayer 2 and Layer 3 Lwapp Operation Operational Requirements Client Roaming Primary, Secondary, and Tertiary ControllersSame-Subnet Layer 2 Roaming Inter-Controller Layer 2 Roaming Client Location Inter-Subnet Layer 3 RoamingSpecial Case Voice Over IP Telephone Roaming Per-Wireless LAN Assignment External Dhcp ServersPer-Interface Assignment Security Considerations Cisco Wlan Solution Wired Connections Cisco Wlan Solution Wireless LANs Access Control Lists Identity Networking File Transfers Enhanced Integration with Cisco Secure ACS Power over Ethernet Pico Cell Functionality Intrusion Detection Service IDS Wireless LAN Controller Platforms Cisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controller Model Numbers Cisco 4100 Series Wireless LAN Controller Model Numbers Cisco 4400 Series Wireless LAN Controller Model Numbers Startup Wizard Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection Network Connections to Cisco Wireless LAN Controllers Cisco Wireless LAN Controller Automatic Time SettingCisco Wireless LAN Controller Time Zones Cisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers 6shows connections to the 4100 series controller Rogue Access Points Web User Interface and the CLI Rogue Access Point Location, Tagging, and ContainmentWeb User Interface Command Line Interface Using the Web-Browser and CLI Interfaces Using the Web-Browser Interface Guidelines for Using the GUIConfiguring the GUI for Https Enabling Web and Secure Web Modes Loading an Externally Generated Https Certificate Show certificate summary Web Administration Certificate file webadmincertname.pem Using the CLI Using Online HelpDisabling the GUI Logging into the CLI Using a Local Serial Connection Using a Remote Ethernet Connection Logging Out of the CLI Command ActionNavigating the CLI Enter config network mgmt-via-wireless enable Configuring Ports and Interfaces Overview of Ports and Interfaces Ports Distribution System Ports Service Port Interfaces Management Interface AP-Manager Interface Virtual Interface Service-Port Interface Dynamic Interface WLANs Ports, Interfaces, and WLANs Configuring Ports and Interfaces Management Interface Interfaces AP-Manager Interface Service-Port InterfaceVirtual Interface Using the CLI to Configure the AP-Manager Interface Using the CLI to Configure the Management InterfaceConfig interface acl management access-control-list-name Using the CLI to Configure the Virtual Interface Config interface acl ap-manager access-control-list-name Using the GUI to Configure Dynamic Interfaces Configuring Dynamic InterfacesUsing the CLI to Configure the Service-Port Interface Interfaces New Using the CLI to Configure Dynamic Interfaces Configuring Ports Ports Parameter Description Controller Available Data Rates Default Auto Default EnableController Supported Data Rates Configuring Port Mirroring Configuring Spanning Tree Protocol Using the GUI to Configure Spanning Tree Protocol STP State Description STP Mode Description Default OffDefault 10 Controller Spanning Tree Configuration Range Default Default DisableRange Using the CLI to Configure Spanning Tree Protocol Default 2 seconds Enabling Link Aggregation 11illustrates LAG 12 Link Aggregation with Catalyst 6500 Neighbor Switch Link Aggregation Guidelines Using the GUI to Enable Link Aggregation 13 General Using the CLI to Enable Link Aggregation Configuring Neighbor Devices to Support LAG Using Link Aggregation Using Multiple AP-Manager Interfaces Examples 14 Two AP-Manager Interfaces 15 Three AP-Manager Interfaces 16 Four AP-Manager Interfaces 17 Interfaces New Connecting Additional Ports Configuring Controller Settings Using the Configuration Wizard Before You Start Resetting the Device to Default Settings Resetting to Default Settings Using the CLIResetting to Default Settings Using the GUI Browse to the Commands/Reset to Factory Defaults Running the Configuration Wizard on the CLI Configuring a Country Code Configuring Time and Date ManuallyConfiguring NTP Managing the System Time and Date Enabling and Disabling 802.11 Bands Country Code Bands Allowed Configuring Radius Settings Configuring Administrator Usernames and PasswordsConfiguring Snmp Settings Enabling Dynamic Transmit Power Control Config 802.11a 802.11bg dtpc enable disableEnabling 802.3x Flow Control Enabling System Logging Understanding Multicast Mode Configuring Multicast ModeGuidelines for Using Multicast Mode Enabling Multicast Mode Configuring the Supervisor 720 to Support the WiSMCommand Multicast Mode Command Purpose Configuring the SupervisorGeneral WiSM Guidelines Switchport mode trunk Channel-group 1 mode on Wism service-vlan vlanInterface GigabitEthernet9/1-4 Interface GigabitEthernet9/5-8 Using the Wireless LAN Controller Network Module Service-module wlan-controller 1/0 reset OL-8335-02 Configuring Security Solutions Cisco Wlan Solution Security Layer 1 SolutionsLayer 2 Solutions Security Overview Layer 3 Solutions Rogue Access Point SolutionsRogue Access Point Challenges Tagging and Containing Rogue Access Points Configuring the System for SpectraLink NetLink Telephones Integrated Security Solutions Using the GUI to Enable Long Preambles Using the CLI to Enable Long Preambles Using Management over Wireless Using the GUI to Enable Management over Wireless Using the CLI to Enable Management over Wireless Configuring DhcpUsing the GUI to Configure Dhcp Customizing the Web Authentication Login Screen Using the CLI to Configure DhcpConfig wlan disable wlan-id Config wlan enable wlan-id Default Web Authentication Operation Typical Web-Browser Security Alert Typical Web Authentication Login Window Hiding and Restoring the Cisco Wlan Solution Logo Customizing Web Authentication OperationChanging the Web Authentication Login Window Title Config custom-web webmessage message Changing the Web MessageChanging the Logo Clear webmessage Downloading the Logo or Graphic Config custom-web redirecturl url Verifying Web Authentication ChangesCreating a Custom URL Redirect Example Sample Customized Web Authentication Login Window Example of a Customized Web Authentication Login Window Configuring Identity Networking Identity Networking Overview QoS-Level Radius Attributes Used in Identity NetworkingACL-Name Interface-Name VLAN-Tag Tunnel Attributes OL-8335-02 Configuring WLANs Configuring Wireless LANs Wireless LAN OverviewDisplaying, Creating, Disabling, and Deleting Wireless LANs Activating Wireless LANs Assigning a Wireless LAN to a Dhcp ServerConfiguring MAC Filtering for Wireless LANs Enabling MAC Filtering Assigning Wireless LANs to VLANs Configuring Layer 2 SecurityConfiguring a Timeout for Disabled Clients Dynamic 802.1X Keys and Authorization WEP Keys Dynamic WPA Keys and Encryption Configuring Layer 3 Security Configuring a Wireless LAN for Both Static and Dynamic WEPIPSec Authentication IPSec IKE Authentication IKE Phase 1 Aggressive and Main ModesIKE Lifetime Timeout IKE Diffie-Hellman Group Configuring Quality of Service Web-Based AuthenticationIPSec Passthrough Local Netuser Configuring QoS Enhanced BSS Qbss Config wlan wmm disabled allowed required wlan-idTraffic Type Ieee 802.11e UP Enabling 7920 Support Mode Config wlan 7920-support client-cac-limit enable wlan-id Controlling Lightweight Access Points Lightweight Access Point Overview Cisco 1000 Series Ieee 802.11a/b/g Lightweight Access Points Cisco 1030 Remote Edge Lightweight Access Points Typical 1030 Lightweight Access Point Configuration Cisco 1000 Series Lightweight Access Point Part Numbers External Antenna Connectors Cisco 1000 Series Lightweight Access Point LEDsAntenna Sectorization Cisco 1000 Series Lightweight Access Point Connectors Cisco 1000 Series Lightweight Access Point Mounting Options Using the DNS for Controller DiscoveryCisco 1000 Series Lightweight Access Point Monitor Mode Dynamic Frequency Selection Autonomous Access Points Converted to Lightweight Mode Reverting from Lightweight Mode to Autonomous Mode Using a Controller to Return to a Previous Release Using Dhcp Option Access Point VCI String Converted Access Points Send Radio Core Dumps to Controller Enabling Memory Core Dumps from Converted Access PointsDisplay of MAC Addresses for Converted Access Points Config ap get-radio-core-dump slot ap-name Config ap reset-button enable disable ap-nameall Config ap static-ip enable ap-name ip-address mask gateway OL-8335-02 Managing Controller Software Configurations Transferring Files to and from a Controller Upgrading Controller Software Transfer download path absolute-tftp-server-path-to-file Clearing the Controller Configuration Saving ConfigurationsErasing the Controller Configuration Resetting the Controller OL-8335-02 Configuring Radio Resource Management Overview of Radio Resource Management Radio Resource Monitoring Dynamic Channel Assignment Coverage Hole Detection and Correction Dynamic Transmit Power ControlClient and Network Load Balancing RRM Benefits Overview of RF GroupsRF Group Leader Configuring an RF Group RF Group Name Using the GUI to Configure an RF Group General Using the GUI to View RF Group Status Using the CLI to Configure RF GroupsViewing RF Group Status Global Parameters Global Parameters Auto RF Using the CLI to View RF Group Status Auto Enabling Rogue Access Point Detection Using the GUI to Enable Rogue Access Point Detection All APs Details AP Authentication Policy Configuring Dynamic RRM Using the CLI to Enable Rogue Access Point Detection Default Enabled Using the GUI to Configure Dynamic RRMRF Group Default Automatic You click Invoke Channel Update NowRF Channel Assignment Channel Assignment Method Description Default Disabled Click Invoke Power Update Now Tx Power Level AssignmentAssignment Method Description Default 10% Default -70 dBmDefault 80% Default 25% Default Noise/Interference/Rogue Monitoring Channels Monitor Intervals Using the CLI to Configure Dynamic RRM Config 802.11a disable Config 802.11b disable Overriding Dynamic RRM Radios Cisco APs Configure Config 802.11a txPower AP1 Config 802.11a disable Config 802.11b disable Viewing Additional RRM Settings Using the CLI Configuring Mobility Groups 10-1 Overview of Mobility 10-2 10-3 Inter-Controller Roaming 10-4 Inter-Subnet Roaming Overview of Mobility Groups 10-5 10-6 Two Mobility Groups Configuring Mobility Groups Determining When to Include Controllers in a Mobility GroupPrerequisites 10-7 Using the GUI to Configure Mobility Groups 10-8 10-9 Mobility Group Member New 10-10 Mobility Group Members Edit All Using the CLI to Configure Mobility Groups Configuring Auto-Anchor Mobility10-11 Using the GUI to Configure Auto-Anchor Mobility Guidelines for Using Auto-Anchor Mobility10-12 10-13 WLANs Using the CLI to Configure Auto-Anchor Mobility 10-14 Safety Considerations Translated Safety Warnings Safety Considerations Bewaar Deze Instructies Warnung Wichtige Sicherheitshinweise Avvertenza Importanti Istruzioni Sulla Sicurezza Aviso Instruções Importantes DE Segurança Guarde Estas Instruções Class 1 Laser Product Warning Aviso Produto a laser de classe Ground Conductor Warning Cisco Wireless LAN Controller Configuration Guide Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Cisco Wireless LAN Controller Configuration Guide Page OL-8335-02 Page OL-8335-02 Page Battery Handling Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Equipment Installation Warning Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 Declarations of Conformity and Regulatory Information Regulatory Information for 1000 Series Access Points ModelFCC Certification number Manufacturer Canadian Compliance Statement Department of Communications-CanadaCertification number EMC Declaration of Conformity for RF Exposure 03-5549-6500 Access Points with Ieee 802.11a Radios All Access Points Declaration of Conformity Statements Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 End User License and Warranty End User License Agreement Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Limited Warranty Appendix C End User License and Warranty Limited Warranty Disclaimer of Warranty Additional Open Source Terms OL-8335-02 System Messages and Access Point LED Patterns Error Message Description System Messages Lradifcurrentchannelchanged Client Reason Codes Using Client Reason and Status Codes in Trap LogsClient Reason Code Description Meaning Client Status Codes Client Status Code Description Meaning Using Lightweight Access Point LEDs LED Conditions Status Numerics IN-1 IN-2 DFS Dhcp IN-3 Help Hold Time parameter IN-4 IN-5 IN-6 IN-7 IN-8