1-2
Cisco Aironet 350 Series Bridge Software Configuration Guide
OL-1410-07
Chapter1 Overview
Key Features
Key FeaturesThis section describes the key features of the bridge firmware. The following are the key features of
version 12.01T:
•Multiple IEEE 802.11 service set identifiers(SSIDs) to create different levels of network access and
to access virtual LANs (VLANs)—You can configure up to 16 separate SSIDs to support up to 16
VLANs on your network. Each VLAN can have a different wireless security configuration so that
the devices that support the latest Cisco security enhancements can exist alongside legacydevices.
This additional bridge functionality enables a variety of users having different security levels to
access different parts of the network.
•Quality of service (QoS) to allow various devices on the network to communicate more
effectively—The bridge now supports QoS for wireless Voice over IP (VoIP) telephones and
downlink prioritized channel access for streaming audio and video traffic.Filters can also be set to
prioritize traffic based on VLAN, VoIP address-based filters, protocol, or port.
•Centralized administrator authentication uses an AAA server to authenticate users if the user
administration feature is enabled on the bridge. The AAA server verifies the user login and passes
back the appropriate privileges for the user or an administrator.
•Best handling of lost Ethernet links allows a number of actions to be executed when a bridge loses
backbone connectivity:
–
No action—the bridge continues to maintain associations with clients and manages traffic
between them, but traffic to the backbone is not passed. When the backbone is restored, the
bridge begins passing traffic to and from the wired network.
–
Switch to repeater mode—the bridge tries to connect to a root access point using any of the
configuredSSIDs. If it cannot connect, all clients are disassociated and the bridge removes itself
from the wireless network until connectivity is restored.
–
Shut the radio off—all clients are disassociated and the bridge removesitself from the wireless
network until backbone connectivity is restored.
–
Restrict to SSID—the bridge allows association using a restricted SSID (for administrator
troubleshooting and diagnosis purposes).
•Authentication server management includes two new features in release 12.01T:
–
Display of activeauthentication servers—for each authentication type: 802.1x/LEAP, MAC, or
Admin Authentication (if enabled), the active server is identified by a green color.
–
Automatic return to primary authentication server—if the selected RADIUS server(primary) is
not reachable after a predetermined period of time-out and retries, the bridge uses the next
server listed.
Reporting bridges that fail authentication with LEAP provide a passive method of detecting rogue
bridges in a LEAP enabled network. It is passive because bridges do not activelylook for or detect
a rogue bridge in the wireless network. Instead, the bridge depends on LEAP enabled clients to
report rouge bridges.
•Secure Shell (SSH) support for providing a strong user authentication and encryption of
managementtraffic. SSH is a software package that provides a cryptographically secure replacement
for or an alternative to Telnet. It provides strong host-to-host and user authentication as well as
secure encrypted communications over a non secure network. The feature operates as follows:
–
The SSH server on the access point listens to its TCP port 22 for requests.
–
When a request from a client is received, the access point sends a public key,supported cipher
specification details, and supported authentication type (password only) to the client.