Text Part Number OL-2159-05
Corporate Headquarters
Copyright 2001-2003, Cisco Systems, Inc All rights reserved
Iii
N T E N T S
Navigating Using the Map Windows
Native Vlan ID
WEP Not Set on the Wireless Phone
Vii
Settings on the Authenticator Configuration
Viii
Event Notifications Setup
Setting Up Administrator Authorization
Snmp Setup
Ssid
Xii
Xiii
Audience and Scope
Organization
Xiv
Conventions
Tip Means the following are useful tips
Cisco.com
Related Publications
Obtaining Documentation
Ordering Documentation
Documentation CD-ROM
Documentation Feedback
Xvi
Cisco TAC Website Opening a TAC Case
Obtaining Technical Assistance
TAC Case Priority Definitions
Xvii
Xviii
Obtaining Additional Publications and Information
A P T E R
Overview
Key Features
Roaming Client Devices
Quality of Service Support
Management Options
Limitations and Restrictions
What is QoS?
Related Documents
These documents are available on Cisco.com
Vlan Support
What is a VLAN?
Incorporating Wireless Devices into VLANs
Vlan Example
Level of Access
Root Unit on a Wired LAN
Network Configuration Examples
Access Points as Root Units on a Wired LAN
Repeater Unit that Extends Wireless Range
Access Point as Repeater
Central Unit in an All-Wireless Network
Using the Management Interfaces
Using the Web-Browser Interface for the First Time
Using the Web-Browser Interface
Using the Management Pages in the Web-Browser Interface
Button/Link Description
Map Window with Network Ports Pages Expanded
Navigating Using the Map Windows
Preparing to Use a Terminal Emulator
Using the Command-Line Interface
Setting Up the Terminal Emulator
Changing Settings with the CLI
Connecting the Serial Cable
Function Description
Selecting Pages and Settings
Applying Changes to the Configuration
Using Snmp
Using a Telnet Session
Supported MIBs
Radio Configuration and Basic Settings
Express Setup
Basic Settings
Express Setup page contains the following settings
Entering Basic Settings
System Name
MAC Address
Default IP Address
Configuration Server Protocol
Default IP Subnet Mask
Default Gateway
Root-Unit Access Points
Radio Network Optimization Optimize Radio Network For
Security Setup Link
Radio Network Compatibility Ensure Compatibility With
Radio Configuration
Snmp Admin. Community
Entering Identity Information
Settings on the AP Radio Identification
Default IP Address
Primary Port Settings
Default IP Subnet Mask
Service Set ID Ssid
Entering Radio Hardware Information
Leap Password
Allow Broadcast Ssid to Associate?
Settings on the AP Radio Hardware
AP Radio Hardware page contains the following settings
Data Rates
Enable World Mode
Frag. Threshold
Transmit Power
RTS Threshold
Max. RTS Retries
Restrict Searched Channels
Default Radio Channel
Search for Less-Congested Radio Channel
Receive Antenna and Transmit Antenna
Entering Advanced Configuration Information
AP Radio Advanced Page for Internal Radio
AP Radio Advanced pages contain the following settings
Settings on the AP Radio Advanced
Requested Status
Packet Forwarding
Maximum Multicast Packets/Second
Default Multicast Address Filters
Radio Cell Role
Ssid For Use By Infrastructure Stations
Classify Workgroup Bridges as Network Infrastructure
Use Aironet Extensions
Vlan Setup Link
Quality of Service Setup Link
Require Use of Radio Firmware
Ethernet Encapsulation Transform
Preferred Access Points
Advanced Primary Ssid Setup Link
Temporal Key Integrity Protocol
Broadcast WEP Key rotation interval sec
Radio Preamble
Radio Modulation
Non-Root Mobility
Ethernet Configuration
Entering Ethernet Hardware Information
Settings on the Ethernet Identification
Speed
Settings on the Ethernet Hardware
Ethernet Hardware page contains the following settings
Loss of Backbone Connectivity Ssid
Loss of Backbone Connectivity # of Secs
Loss of Backbone Connectivity Action
Ethernet Advanced page contains the following settings
Settings on the Ethernet Advanced
Default Unicast and Multicast Address Filters
Optimize Ethernet for
Default Unicast Address Filter
Always Unblock Ethernet When STP is Disabled
OL-2159-05
Configuring VLANs
Entering Vlan Information
Settings on the Vlan Setup
Vlan setup page contains the following settings
Maximum Number of Enabled Vlan IDs
802.1Q Encapsulation Mode
Vlan Summary Status Link
Vlan 802.1Q Tagging
Single Vlan ID which allows Unencrypted packets
Vlan Security Policy
Optionally allow Encrypted packets on the unencrypted Vlan
Vlan Name
Broadcast Domain Segmentation
Native Vlan Configuration
Parameter
TKIP/MIC
Deployment of Infrastructure and Non infrastructure Devices
Primary and Secondary SSIDs
Vlan ID
RADIUS-Based Vlan Access Control
Vlan
Criteria for Deploying Wireless VLANs
Wireless Vlan Deployment Example
5shows the wireless Vlan deployment scenario described above
Obtaining and Recording Vlan ID and Setup Information
Using the Configuration Screens
Creating and Configuring VLANs on the Access Point
Creating the Native Vlan
Vlan Setup
Vlan ID #1 Setup
Creating the Full- and Part-Time VLANs
Creating the Guest Vlan
Creating the Maintenance Vlan
Creating and Configuring the SSIDs
AP Radio Internal Service Sets
Configuring VLANs Wireless Vlan Deployment Example
Enabling Vlan 802.1Q Tagging and Identifying the Native Vlan
11 AP Radio Service Sets
Creating an Ssid for Infrastructure Devices
Guidelines for Wireless Vlan Deployment
OL-2159-05
Configuring Filters and QoS
Protocol Filtering
Filter Setup
Enter a descriptive filter set name in the Set Name field
Creating a Protocol Filter
Filter Set
Enabling a Protocol Filter
Address Filters
MAC Address Filtering
Creating a MAC Address Filter
AP Radio Advanced
AP Radio Primary Ssid
QoS Configuration
Generate Qbss Element
Settings on the Quality of Service Setup
Use Symbol Extensions
By Station
Applying QoS
Send Igmp General Query
Traffic Category
10 Protocol Filters Setup
12 Vlan ID
By Vlan
By Filter
13 Filters Priority Setting
By Dscp Value
By CoS Value
17 Vlan Setup
Wireless QoS Deployment Example
18 Vlan ID #xx
WEP Not Set on the Wireless Phone
WEP Set on the Wireless Phone
20 AP Radio Internal Service Sets
21 AP Radio Internal Service Sets
OL-2159-05
Configuring Proxy Mobile IP
Introduction to Mobility in IP
Proxy Mobile IP
Mobile IP Explained
Nomadic Approach
Mobile Approach
Mobile IP Environment
Mobile IP Traffic Pattern
Proxy Mobile IP Explained
Before Deploying Proxy Mobile IP
Components of a Proxy Mobile IP Network
Issues to Consider While Deploying Proxy Mobile IP
Agent Discovery
How Proxy Mobile IP Works
Home Agent Subnet Mask
Subnet Map Exchange
Tunneling
Registration
Proxy Mobile IP Security
Proxy Mobile IP Setup
General
Proxy Mobile IP Setup
Settings on the Proxy Mobile IP General
Authentication Server
Enable Proxy Mobile IP
Authoritative AP n
Settings on the Authenticator Configuration
Local SA Bindings
Settings on the Local SA Bindings
Statistics
Settings on the Proxy Mobile IP Statistics
Authentication Failures for FA
Authentication Failures for HA
Active AAP
MN IP Addresses
View Subnet Map Table
Configuring Proxy Mobile IP
Settings on the Subnet Map Table
Configuring Proxy Mobile IP on Your Wired LAN
11 a Sample Network
13 AP Radio Internal Service Sets
15 Proxy Mobile IP General
17 Subnet Map Table
18 Authenticator Configuration
20 Network Configuration Screen for an Access Point Client
22 Passed Authentication Screen
Configuring Other Settings
Entering Time Server Settings
Server Setup
Settings on the Time Server Setup
Boot Server Setup page contains the following settings
Entering Boot Server Settings
Settings on the Boot Server Setup
Use Previous Configuration Server Settings
Configuration Server Protocol
Bootp Server Timeout sec
Dhcp Multiple-Offer Timeout sec
Dhcp Minimum Lease Duration min
Dhcp Requested Lease Duration min
Dhcp Client Identifier Type
Option Definition
Web Server Setup page contains the following settings
Settings on the Web Server Setup
Dhcp Client Identifier Value
Dhcp Class Identifier
Default Web Root URL
Default Help Root URL
Allow Non-Console Browsing
Http Port
Settings on the Name Server Setup
Entering Name Server Settings
Default Domain
Domain Name System
Settings on the FTP Setup
Entering FTP Settings
FTP Setup page contains the following settings
Domain Name Servers
Routing Setup
Routing Setup page contains the following settings
Entering Routing Settings
New Network Route Settings
Association Table Filters
Association Table Display Setup
Installed Network Routes list
Configuring Other Settings Association Table Display Setup
Fields to Show
Settings on the Association Table Filters
Stations to Show
Packets To/From Station
Association Table Advanced
Bytes To/From Station
Primary Sort
Association Table Advanced
Settings on the Association Table Advanced
Handle Station Alerts as Severity Level
Rogue AP Alert Timeout minutes
Maximum number of bytes stored per Station Alert packet
Maximum Number of Forwarding Table Entries
Event Display Setup
Event Notification Setup
Settings on the Event Display Setup
Default Activity Timeout seconds Per Device Class
How should Event Elapsed non-wall-clock Time be displayed?
How should time generally be displayed?
Severity Level at which to display events
Severity Level Description
Event Handling Setup
10 The Event Handling Setup
Disposition of Events
Settings on the Event Handling Setup
Handle Station Events as Severity Level
Maximum number of bytes stored per Alert packet
Purge Trace Buffer
Event Notifications Setup
Clear Alert Statistics
Should Notify-Disposition Events generate Snmp Traps?
Settings on the Event Notifications Setup
Snmp Trap Destination
Snmp Trap Community
Syslog Destination Address
Should Syslog Messages use the Cisco Emblem Format?
Syslog Facility Number
Ieee Snmp Traps Should Generate the Following Notifications
Security Setup
Levels of Security
Encrypting Radio Signals with WEP
Security Overview
Network Authentication Types
Additional WEP Security Features
Sequence for EAP Authentication
Wired LAN Client
Sequence for Open Authentication
Combining MAC-Based, EAP, and Open Authentication
Protecting the Access Point Configuration with User Manager
Setting Up WEP
Transmit? Key Contents
Key Access Point Associated Device
Not set
Using Snmp to Set Up WEP
Enabling Additional WEP Security Features
Enabling Message Integrity Check MIC
Snmp Variable WEP Full WEP Off
AP Radio Advanced Page for Internal Radio
Enabling Temporal Key Integrity Protocol Tkip
Enabling Broadcast WEP Key Rotation
Setting Up Open or Shared Key Authentication
Enabling EAP on the Access Point
Setting Up EAP Authentication
Firmware Version Draft 802.1x-2001
Access Point EAP Settings for Various Client Configurations
Enabling EAP in Cisco Secure ACS
Click Add New Access Server
Setting a Session-Based WEP Key Timeout
Setting Up a Repeater Access Point As a Leap Client
AP Radio Identification Page for Internal Radio
Enabling MAC-Based Authentication on the Access Point
Setting Up MAC-Based Authentication
11 Authenticator Configuration
Security Setup Setting Up MAC-Based Authentication
12 AP Radio Advanced
Authenticating Client Devices Using MAC Addresses or EAP
Enabling MAC-Based Authentication in Cisco Secure ACS
Leap
Summary of Settings for Authentication Types
Authentication Types Required Settings
EAP-TLS, EAP-MD5
Attribute ID Description
Radius Attributes Sent by the Access Point
Acct-Session-Id
Acct-Delay-Time
Acct-Authentic
VSA attribute Nas-location Vlan-id Auth-algo-type
Acct-Terminate-Cause
Setting Up Backup Authentication Servers
Setting Up Administrator Authorization
Creating a List of Authorized Management System Users
14 Security Setup
16 User Management Window
Click User Information. The User Information page appears
Setting up Centralized Administrator Authentication
Click Add New User. The User Management window appears
Click Apply. You are returned to the User Information
18 Authenticator Configuration
System Flow Notes
Authorization Parameters
Network Management
Browsing to Network Devices
Using the Association Table
Setting the Display Options
Station
Using Station Pages
Station Identification and Status
Information on Station Pages
From Station Information
Rate, Signal, and Status Information
To Station Information
Performing a Ping
Performing Pings and Link Tests
Hops and Timing Information
Click Link Test
Performing a Link Test
Clearing and Updating Statistics
Using the Network Map Window
Deauthenticating and Disassociating Client Devices
Using Cisco Discovery Protocol
MIB for CDP
Settings on the CDP Setup
Port Assignments
Assigning Network Ports
Settings on the Port Assignments
Enabling Wireless Network Accounting
Accounting Setup
Settings on the Accounting Setup
Attribute Definition
Accounting Attributes
Radiusipadr
OL-2159-05
10-1
Managing Firmware and Configurations
Updating Firmware
Full Update of the Firmware Components
Updating with the Browser from a Local Drive
10-2
10-3
Selective Update of the Firmware Components
10-4
Updating from a File Server
10-5
Update All Firmware From File Server
10-6
Update Firmware From File Server
10-7
Retrieving Firmware and Web Page Files
10-8
Distributing Firmware
10-9
Distributing a Configuration
10-10
Limiting Distributions
10-11
Downloading the Current Configuration
Uploading from a Local Drive
Uploading a Configuration
Uploading from a File Server
10-12
10-13
Resetting the Configuration
10-14
Restarting the Access Point
11-1
Management System Setup
11-2
Snmp Setup
Settings on the Snmp Setup
11-3
Using the Database Query
Settings on the Database Query
11-4
Console and Telnet Setup
Changing Settings with the Database Query
11-5
Settings on the Console/Telnet
Using Secure Shell
11-6
12-1
Special Configurations
12-2
Setting Up a Repeater Access Point
12-3
12-4
12-5
Using Hot Standby Mode
12-6
12-7
12-8
13-1
Sections in this chapter include
Network Diagnostics
Using Diagnostic Pages
Selections on the Network Diagnostics
13-2
13-3
Radio Diagnostics Tests
13-4
Vlan Summary Status
SSIDs Int, Mod
13-5
Network Ports
13-6
Identifying Information and Status
Data Received
13-7
Data Transmitted
Ethernet Port
13-8
Configuration Information
Receive Statistics
13-9
AP Radio
Transmit Statistics
AP Radio Port
13-10
13-11
13-12
Display Options
13-13
Display Settings
Event Log
Saving the Log
Log Headings
Event Log Summary
13-14
13-15
Using Command-Line Diagnostics
Command Information Displayed
13-16
Entering Diagnostic Commands
13-17
Diagnostic Command Results
Eapdiag1on
13-18
Eapdiag2on
Vxdiagarpshow
13-19
13-20
Vxdiagcheckstack
13-21
Vxdiaghostshow
13-22
Vxdiagi
13-23
Vxdiagipstatshow
13-24
Vxdiagmemshow
13-25
Vxdiagmuxshow
13-26
Vxdiagrouteshow
13-27
Vxdiagtcpstatshow
Tracing Packets
Reserving Access Point Memory for a Packet Trace Log File
Vxdiagudpstatshow
13-28
13-29
Tracing Packets for Specific Devices
Viewing Packet Trace Data
Tracing Packets for Ethernet and Radio Ports
Packets Stored in a Log File
13-30
13-31
Checking the Top Panel Indicators
Packets Displayed on the CLI
13-32
Message Ethernet Status Radio Meaning Type Indicator
13-33
Finding an Access Point by Blinking the Top Panel Indicators
EAP Authentication Requires Matching 802.1x Protocol Drafts
Checking Basic Settings
WEP Keys
13-34
13-35
Firmware Version Draft
13-36
Resetting to the Default Configuration
13-37
13-38
Channels, Power Levels, and Antenna Gains
Regulatory Domains
Channels
Ieee 802.11a
Ieee 802.11b
Maximum Power Levels and Antenna Gains
Regulatory Domain Antenna Gain dBi Maximum Power Level mW
Maximum Power Level mW
Regulatory Domain With 6-dBi Antenna Gain
Americas -A 100 Eirp maximum 13.5 Emea -E MW Eirp maximum
Regulatory Domain Antenna Gain dBi Maximum Power Level mW
OL-2159-05
Protocol Filter Lists
ISO Designator
Protocol
Vines
UDP XNS-IDP ISO-TP4 ISO-CNLP Cnlp
SVP
Smtp
Http
Tftp
Tsap
POP2
BGP
Cmot
IRC
RIP
RFE
Radius
CVS
Event Log Messages
Message Formats
Default Format
Cisco Emblem Format
With a timestamp, messages look like this example
Syslog Severity Emblem Severity
Loginfo
Logemerg
Logalert
Possible Cause or
Message Descriptions
Severity Event Description Mnemonic Recommended Action
Reason
Host
Device
IfDescr
Newaddr
Srchost
Srchost to port ifDescr
Desthost length pktLen
Reqlen bytes
Desthost on port ifDescr
IfDescr error= errornum
Packet from srchost to desthost
For procedure on port ifDescr
IfDescr error=erronum
Srchost to desthost on port
From srchost to desthost on port
Srchost on port ifDescr
Desthost
Version
Srchost to desthost of unknown
Rebootinf
Sysreboot
Admin
Prtrarpip
Port device
Status
PktLen
IfDescr errno=errno
Unenc
ENC WEP
Xidexp
Ethercon
Media port
Frame
Frame bytes
Username
Username Failed
Port devName unit
Unit
Hstndbyen
1XVER
Assoclost
Hstndbyeth
Acctcon
Instkey
Amngrreq
Nulses
Nosbuf
Norbuf
Noaserv
Open
VlanID
IfIndex Awcmib
IfIndex MIB
Badsize
Nomibdkey
Taskfailed
Taskstarted
SsidIdx
Statuses and Reasons
Appendix C Event Log Messages Statuses and Reasons
OL-2159-05
IN-1
Numerics
Dhcp
CDP MIB
CLI
Dtim
IN-3
IN-4
Ethernet Locate unit by flashing LEDs
Radio traffic
IN-5
Pspf
IN-6
SSH
Vlan
IN-7
Warm restart
IN-8
