Corporate Headquarters
Text Part Number OL-2159-05
Copyright 2001-2003, Cisco Systems, Inc All rights reserved
N T E N T S
Iii
Navigating Using the Map Windows
Native Vlan ID
WEP Not Set on the Wireless Phone
Settings on the Authenticator Configuration
Vii
Event Notifications Setup
Viii
Setting Up Administrator Authorization
Snmp Setup
Ssid
Xii
Audience and Scope
Organization
Xiii
Conventions
Tip Means the following are useful tips
Xiv
Related Publications
Obtaining Documentation
Cisco.com
Documentation CD-ROM
Ordering Documentation
Documentation Feedback
Xvi
Obtaining Technical Assistance
Cisco TAC Website Opening a TAC Case
TAC Case Priority Definitions
Xvii
Obtaining Additional Publications and Information
Xviii
Overview
A P T E R
Key Features
Quality of Service Support
Management Options
Roaming Client Devices
What is QoS?
Limitations and Restrictions
Related Documents
These documents are available on Cisco.com
What is a VLAN?
Vlan Support
Incorporating Wireless Devices into VLANs
Level of Access
Vlan Example
Network Configuration Examples
Root Unit on a Wired LAN
Repeater Unit that Extends Wireless Range
Access Points as Root Units on a Wired LAN
Central Unit in an All-Wireless Network
Access Point as Repeater
Using the Management Interfaces
Using the Web-Browser Interface
Using the Web-Browser Interface for the First Time
Using the Management Pages in the Web-Browser Interface
Button/Link Description
Navigating Using the Map Windows
Map Window with Network Ports Pages Expanded
Using the Command-Line Interface
Preparing to Use a Terminal Emulator
Changing Settings with the CLI
Connecting the Serial Cable
Setting Up the Terminal Emulator
Selecting Pages and Settings
Function Description
Using Snmp
Using a Telnet Session
Applying Changes to the Configuration
Supported MIBs
Radio Configuration and Basic Settings
Basic Settings
Express Setup
Entering Basic Settings
Express Setup page contains the following settings
System Name
MAC Address
Configuration Server Protocol
Default IP Address
Default IP Subnet Mask
Default Gateway
Root-Unit Access Points
Security Setup Link
Radio Network Optimization Optimize Radio Network For
Radio Configuration
Snmp Admin. Community
Radio Network Compatibility Ensure Compatibility With
Settings on the AP Radio Identification
Entering Identity Information
Primary Port Settings
Default IP Address
Default IP Subnet Mask
Service Set ID Ssid
Leap Password
Entering Radio Hardware Information
Settings on the AP Radio Hardware
AP Radio Hardware page contains the following settings
Allow Broadcast Ssid to Associate?
Enable World Mode
Data Rates
Transmit Power
Frag. Threshold
RTS Threshold
Max. RTS Retries
Default Radio Channel
Search for Less-Congested Radio Channel
Restrict Searched Channels
Entering Advanced Configuration Information
Receive Antenna and Transmit Antenna
AP Radio Advanced Page for Internal Radio
Settings on the AP Radio Advanced
AP Radio Advanced pages contain the following settings
Requested Status
Packet Forwarding
Default Multicast Address Filters
Maximum Multicast Packets/Second
Radio Cell Role
Ssid For Use By Infrastructure Stations
Use Aironet Extensions
Classify Workgroup Bridges as Network Infrastructure
Quality of Service Setup Link
Vlan Setup Link
Require Use of Radio Firmware
Ethernet Encapsulation Transform
Advanced Primary Ssid Setup Link
Preferred Access Points
Temporal Key Integrity Protocol
Broadcast WEP Key rotation interval sec
Radio Modulation
Radio Preamble
Ethernet Configuration
Non-Root Mobility
Settings on the Ethernet Identification
Entering Ethernet Hardware Information
Settings on the Ethernet Hardware
Ethernet Hardware page contains the following settings
Speed
Loss of Backbone Connectivity # of Secs
Loss of Backbone Connectivity Action
Loss of Backbone Connectivity Ssid
Settings on the Ethernet Advanced
Ethernet Advanced page contains the following settings
Default Unicast and Multicast Address Filters
Default Unicast Address Filter
Always Unblock Ethernet When STP is Disabled
Optimize Ethernet for
OL-2159-05
Configuring VLANs
Settings on the Vlan Setup
Vlan setup page contains the following settings
Entering Vlan Information
802.1Q Encapsulation Mode
Maximum Number of Enabled Vlan IDs
Vlan Summary Status Link
Vlan 802.1Q Tagging
Vlan Security Policy
Single Vlan ID which allows Unencrypted packets
Optionally allow Encrypted packets on the unencrypted Vlan
Vlan Name
Native Vlan Configuration
Broadcast Domain Segmentation
Parameter
TKIP/MIC
Primary and Secondary SSIDs
Deployment of Infrastructure and Non infrastructure Devices
RADIUS-Based Vlan Access Control
Vlan ID
Criteria for Deploying Wireless VLANs
Vlan
Wireless Vlan Deployment Example
5shows the wireless Vlan deployment scenario described above
Using the Configuration Screens
Obtaining and Recording Vlan ID and Setup Information
Creating and Configuring VLANs on the Access Point
Creating the Native Vlan
Vlan Setup
Vlan ID #1 Setup
Creating the Full- and Part-Time VLANs
Creating the Maintenance Vlan
Creating the Guest Vlan
Creating and Configuring the SSIDs
AP Radio Internal Service Sets
Configuring VLANs Wireless Vlan Deployment Example
Enabling Vlan 802.1Q Tagging and Identifying the Native Vlan
11 AP Radio Service Sets
Guidelines for Wireless Vlan Deployment
Creating an Ssid for Infrastructure Devices
OL-2159-05
Configuring Filters and QoS
Filter Setup
Protocol Filtering
Creating a Protocol Filter
Enter a descriptive filter set name in the Set Name field
Filter Set
Enabling a Protocol Filter
MAC Address Filtering
Address Filters
Creating a MAC Address Filter
AP Radio Advanced
AP Radio Primary Ssid
QoS Configuration
Settings on the Quality of Service Setup
Use Symbol Extensions
Generate Qbss Element
Applying QoS
By Station
Send Igmp General Query
Traffic Category
10 Protocol Filters Setup
By Vlan
12 Vlan ID
13 Filters Priority Setting
By Filter
By CoS Value
By Dscp Value
Wireless QoS Deployment Example
17 Vlan Setup
18 Vlan ID #xx
WEP Set on the Wireless Phone
WEP Not Set on the Wireless Phone
20 AP Radio Internal Service Sets
21 AP Radio Internal Service Sets
OL-2159-05
Configuring Proxy Mobile IP
Proxy Mobile IP
Introduction to Mobility in IP
Nomadic Approach
Mobile Approach
Mobile IP Explained
Mobile IP Environment
Proxy Mobile IP Explained
Mobile IP Traffic Pattern
Before Deploying Proxy Mobile IP
Issues to Consider While Deploying Proxy Mobile IP
Components of a Proxy Mobile IP Network
How Proxy Mobile IP Works
Agent Discovery
Subnet Map Exchange
Home Agent Subnet Mask
Registration
Tunneling
Proxy Mobile IP Setup
Proxy Mobile IP Security
Proxy Mobile IP Setup
General
Authentication Server
Settings on the Proxy Mobile IP General
Enable Proxy Mobile IP
Authoritative AP n
Settings on the Authenticator Configuration
Settings on the Local SA Bindings
Local SA Bindings
Settings on the Proxy Mobile IP Statistics
Statistics
Authentication Failures for HA
Authentication Failures for FA
Active AAP
MN IP Addresses
Configuring Proxy Mobile IP
Settings on the Subnet Map Table
View Subnet Map Table
Configuring Proxy Mobile IP on Your Wired LAN
11 a Sample Network
13 AP Radio Internal Service Sets
15 Proxy Mobile IP General
17 Subnet Map Table
18 Authenticator Configuration
20 Network Configuration Screen for an Access Point Client
22 Passed Authentication Screen
Configuring Other Settings
Server Setup
Entering Time Server Settings
Settings on the Time Server Setup
Entering Boot Server Settings
Settings on the Boot Server Setup
Boot Server Setup page contains the following settings
Configuration Server Protocol
Use Previous Configuration Server Settings
Bootp Server Timeout sec
Dhcp Multiple-Offer Timeout sec
Dhcp Requested Lease Duration min
Dhcp Minimum Lease Duration min
Dhcp Client Identifier Type
Option Definition
Settings on the Web Server Setup
Web Server Setup page contains the following settings
Dhcp Client Identifier Value
Dhcp Class Identifier
Default Help Root URL
Default Web Root URL
Allow Non-Console Browsing
Http Port
Entering Name Server Settings
Settings on the Name Server Setup
Default Domain
Domain Name System
Entering FTP Settings
Settings on the FTP Setup
FTP Setup page contains the following settings
Domain Name Servers
Routing Setup
Entering Routing Settings
New Network Route Settings
Routing Setup page contains the following settings
Association Table Display Setup
Installed Network Routes list
Association Table Filters
Configuring Other Settings Association Table Display Setup
Settings on the Association Table Filters
Stations to Show
Fields to Show
Association Table Advanced
Packets To/From Station
Bytes To/From Station
Primary Sort
Settings on the Association Table Advanced
Association Table Advanced
Rogue AP Alert Timeout minutes
Handle Station Alerts as Severity Level
Maximum number of bytes stored per Station Alert packet
Maximum Number of Forwarding Table Entries
Event Notification Setup
Event Display Setup
Settings on the Event Display Setup
Default Activity Timeout seconds Per Device Class
How should time generally be displayed?
How should Event Elapsed non-wall-clock Time be displayed?
Severity Level at which to display events
Severity Level Description
Event Handling Setup
10 The Event Handling Setup
Settings on the Event Handling Setup
Disposition of Events
Handle Station Events as Severity Level
Maximum number of bytes stored per Alert packet
Event Notifications Setup
Clear Alert Statistics
Purge Trace Buffer
Settings on the Event Notifications Setup
Should Notify-Disposition Events generate Snmp Traps?
Snmp Trap Destination
Snmp Trap Community
Should Syslog Messages use the Cisco Emblem Format?
Syslog Destination Address
Syslog Facility Number
Ieee Snmp Traps Should Generate the Following Notifications
Security Setup
Encrypting Radio Signals with WEP
Security Overview
Levels of Security
Additional WEP Security Features
Network Authentication Types
Sequence for EAP Authentication
Wired LAN Client
Combining MAC-Based, EAP, and Open Authentication
Sequence for Open Authentication
Setting Up WEP
Protecting the Access Point Configuration with User Manager
Key Access Point Associated Device
Transmit? Key Contents
Not set
Enabling Additional WEP Security Features
Using Snmp to Set Up WEP
Enabling Message Integrity Check MIC
Snmp Variable WEP Full WEP Off
AP Radio Advanced Page for Internal Radio
Enabling Temporal Key Integrity Protocol Tkip
Enabling Broadcast WEP Key Rotation
Setting Up Open or Shared Key Authentication
Setting Up EAP Authentication
Enabling EAP on the Access Point
Firmware Version Draft 802.1x-2001
Access Point EAP Settings for Various Client Configurations
Click Add New Access Server
Enabling EAP in Cisco Secure ACS
Setting Up a Repeater Access Point As a Leap Client
Setting a Session-Based WEP Key Timeout
AP Radio Identification Page for Internal Radio
Setting Up MAC-Based Authentication
Enabling MAC-Based Authentication on the Access Point
11 Authenticator Configuration
Security Setup Setting Up MAC-Based Authentication
12 AP Radio Advanced
Authenticating Client Devices Using MAC Addresses or EAP
Enabling MAC-Based Authentication in Cisco Secure ACS
Summary of Settings for Authentication Types
Authentication Types Required Settings
Leap
EAP-TLS, EAP-MD5
Radius Attributes Sent by the Access Point
Attribute ID Description
Acct-Delay-Time
Acct-Session-Id
Acct-Authentic
VSA attribute Nas-location Vlan-id Auth-algo-type
Setting Up Backup Authentication Servers
Acct-Terminate-Cause
Setting Up Administrator Authorization
14 Security Setup
Creating a List of Authorized Management System Users
16 User Management Window
Setting up Centralized Administrator Authentication
Click User Information. The User Information page appears
Click Add New User. The User Management window appears
Click Apply. You are returned to the User Information
18 Authenticator Configuration
System Flow Notes
Authorization Parameters
Network Management
Using the Association Table
Setting the Display Options
Browsing to Network Devices
Using Station Pages
Station
Information on Station Pages
Station Identification and Status
Rate, Signal, and Status Information
To Station Information
From Station Information
Performing Pings and Link Tests
Hops and Timing Information
Performing a Ping
Performing a Link Test
Click Link Test
Using the Network Map Window
Deauthenticating and Disassociating Client Devices
Clearing and Updating Statistics
Using Cisco Discovery Protocol
Settings on the CDP Setup
MIB for CDP
Assigning Network Ports
Port Assignments
Enabling Wireless Network Accounting
Settings on the Port Assignments
Settings on the Accounting Setup
Accounting Setup
Accounting Attributes
Attribute Definition
Radiusipadr
OL-2159-05
Managing Firmware and Configurations
10-1
Full Update of the Firmware Components
Updating Firmware
Updating with the Browser from a Local Drive
10-2
Selective Update of the Firmware Components
10-3
Updating from a File Server
10-4
Update All Firmware From File Server
10-5
Update Firmware From File Server
10-6
Retrieving Firmware and Web Page Files
10-7
Distributing Firmware
10-8
Distributing a Configuration
10-9
Limiting Distributions
10-10
Downloading the Current Configuration
10-11
Uploading a Configuration
Uploading from a Local Drive
Uploading from a File Server
10-12
Resetting the Configuration
10-13
Restarting the Access Point
10-14
Management System Setup
11-1
Snmp Setup
Settings on the Snmp Setup
11-2
Using the Database Query
Settings on the Database Query
11-3
Console and Telnet Setup
Changing Settings with the Database Query
11-4
Settings on the Console/Telnet
Using Secure Shell
11-5
11-6
Special Configurations
12-1
Setting Up a Repeater Access Point
12-2
12-3
12-4
Using Hot Standby Mode
12-5
12-6
12-7
12-8
Sections in this chapter include
13-1
Using Diagnostic Pages
Network Diagnostics
Selections on the Network Diagnostics
13-2
Radio Diagnostics Tests
13-3
Vlan Summary Status
SSIDs Int, Mod
13-4
Network Ports
13-5
Identifying Information and Status
Data Received
13-6
Data Transmitted
Ethernet Port
13-7
Configuration Information
Receive Statistics
13-8
AP Radio
Transmit Statistics
13-9
13-10
AP Radio Port
13-11
Display Options
13-12
Display Settings
Event Log
13-13
Log Headings
Saving the Log
Event Log Summary
13-14
Using Command-Line Diagnostics
Command Information Displayed
13-15
Entering Diagnostic Commands
13-16
Diagnostic Command Results
Eapdiag1on
13-17
Eapdiag2on
Vxdiagarpshow
13-18
13-19
Vxdiagcheckstack
13-20
Vxdiaghostshow
13-21
Vxdiagi
13-22
Vxdiagipstatshow
13-23
Vxdiagmemshow
13-24
Vxdiagmuxshow
13-25
Vxdiagrouteshow
13-26
Vxdiagtcpstatshow
13-27
Reserving Access Point Memory for a Packet Trace Log File
Tracing Packets
Vxdiagudpstatshow
13-28
Tracing Packets for Specific Devices
13-29
Tracing Packets for Ethernet and Radio Ports
Viewing Packet Trace Data
Packets Stored in a Log File
13-30
Checking the Top Panel Indicators
Packets Displayed on the CLI
13-31
Message Ethernet Status Radio Meaning Type Indicator
13-32
Finding an Access Point by Blinking the Top Panel Indicators
13-33
Checking Basic Settings
EAP Authentication Requires Matching 802.1x Protocol Drafts
WEP Keys
13-34
Firmware Version Draft
13-35
Resetting to the Default Configuration
13-36
13-37
13-38
Channels, Power Levels, and Antenna Gains
Channels
Ieee 802.11a
Regulatory Domains
Maximum Power Levels and Antenna Gains
Ieee 802.11b
Maximum Power Level mW
Regulatory Domain Antenna Gain dBi Maximum Power Level mW
Regulatory Domain With 6-dBi Antenna Gain
Americas -A 100 Eirp maximum 13.5 Emea -E MW Eirp maximum
Regulatory Domain Antenna Gain dBi Maximum Power Level mW
OL-2159-05
Protocol Filter Lists
Protocol
ISO Designator
UDP XNS-IDP ISO-TP4 ISO-CNLP Cnlp
Vines
SVP
Smtp
Tftp
Http
Tsap
POP2
Cmot
BGP
IRC
RIP
Radius
CVS
RFE
Event Log Messages
Default Format
Message Formats
Cisco Emblem Format
With a timestamp, messages look like this example
Loginfo
Syslog Severity Emblem Severity
Logemerg
Logalert
Message Descriptions
Possible Cause or
Severity Event Description Mnemonic Recommended Action
Reason
Device
Host
Newaddr
Srchost
IfDescr
Desthost length pktLen
Srchost to port ifDescr
Reqlen bytes
IfDescr error= errornum
Packet from srchost to desthost
Desthost on port ifDescr
IfDescr error=erronum
For procedure on port ifDescr
Srchost to desthost on port
From srchost to desthost on port
Srchost on port ifDescr
Version
Srchost to desthost of unknown
Desthost
Sysreboot
Rebootinf
Admin
Prtrarpip
Port device
Status
IfDescr errno=errno
PktLen
ENC WEP
Unenc
Xidexp
Ethercon
Media port
Frame bytes
Frame
Username Failed
Username
Port devName unit
Unit
1XVER
Hstndbyen
Assoclost
Hstndbyeth
Instkey
Acctcon
Amngrreq
Nulses
Norbuf
Nosbuf
Noaserv
Open
VlanID
IfIndex MIB
IfIndex Awcmib
Nomibdkey
Badsize
Taskfailed
Taskstarted
SsidIdx
Statuses and Reasons
Appendix C Event Log Messages Statuses and Reasons
OL-2159-05
Numerics
IN-1
CDP MIB
Dhcp
CLI
Dtim
IN-3
Ethernet Locate unit by flashing LEDs
Radio traffic
IN-4
Pspf
IN-5
SSH
Vlan
IN-6
Warm restart
IN-7
IN-8
