Acct-Delay-Time, Acct-Session-Id | Cisco Systems DL-2159-05 specification

Chapter 8 Security Setup

RADIUS Attributes Sent by the Access Point

Table 8-8 Attributes Sent in Accounting-Request (start) Packets

Attribute ID	Description

1	User-Name

4	NAS-IP-Address

5	NAS-Port

31	Calling-Station-ID (MAC address)

32	NAS-Identifier

41	Acct-Delay-Time

44	Acct-Session-Id

45	Acct-Authentic

VSA (attribute 26)	SSID

VSA (attribute 26)	nas-location

VSA (attribute 26)	vlan-id

VSA (attribute 26)	auth-algo-type

Table 8-9 Attributes Sent in Accounting-Request (update) Packets

Attribute ID	Description

1	User-Name

4	NAS-IP-Address

5	NAS-Port

41	Acct-Delay-Time

42	Acct-Input-Octets

43	Acct-Output-Octets

44	Acct-Session-Id

45	Acct-Authentic

46	Acct-Session-Time

47	Acct-Input-Packets

48	Acct-Output-Packets

Cisco Aironet 1200 Series Access Point Software Configuration Guide

8-30	OL-2159-05

Image 192

Cisco Systems DL-2159-05 manual Acct-Delay-Time, Acct-Session-Id, Acct-Authentic, Acct-Input-Octets, Acct-Output-Octets

Contents

Corporate Headquarters Text Part Number OL-2159-05 Copyright 2001-2003, Cisco Systems, Inc All rights reserved N T E N T S Iii Navigating Using the Map Windows Native Vlan ID WEP Not Set on the Wireless Phone Settings on the Authenticator Configuration Vii Event Notifications Setup Viii Setting Up Administrator Authorization Snmp Setup Ssid Xii Audience and Scope OrganizationXiii Conventions Tip Means the following are useful tipsXiv Related Publications Obtaining DocumentationCisco.com Documentation CD-ROM Ordering DocumentationDocumentation Feedback Xvi Obtaining Technical Assistance Cisco TAC Website Opening a TAC CaseTAC Case Priority Definitions Xvii Obtaining Additional Publications and Information Xviii Overview A P T E R Key Features Quality of Service Support Management OptionsRoaming Client Devices What is QoS? Limitations and RestrictionsRelated Documents These documents are available on Cisco.com What is a VLAN? Vlan Support Incorporating Wireless Devices into VLANs Level of Access Vlan Example Network Configuration Examples Root Unit on a Wired LAN Repeater Unit that Extends Wireless Range Access Points as Root Units on a Wired LAN Central Unit in an All-Wireless Network Access Point as Repeater Using the Management Interfaces Using the Web-Browser Interface Using the Web-Browser Interface for the First TimeUsing the Management Pages in the Web-Browser Interface Button/Link Description Navigating Using the Map Windows Map Window with Network Ports Pages Expanded Using the Command-Line Interface Preparing to Use a Terminal Emulator Changing Settings with the CLI Connecting the Serial CableSetting Up the Terminal Emulator Selecting Pages and Settings Function Description Using Snmp Using a Telnet SessionApplying Changes to the Configuration Supported MIBs Radio Configuration and Basic Settings Basic Settings Express Setup Entering Basic Settings Express Setup page contains the following settingsSystem Name MAC Address Configuration Server Protocol Default IP AddressDefault IP Subnet Mask Default Gateway Root-Unit Access Points Security Setup Link Radio Network Optimization Optimize Radio Network For Radio Configuration Snmp Admin. CommunityRadio Network Compatibility Ensure Compatibility With Settings on the AP Radio Identification Entering Identity Information Primary Port Settings Default IP AddressDefault IP Subnet Mask Service Set ID Ssid Leap Password Entering Radio Hardware Information Settings on the AP Radio Hardware AP Radio Hardware page contains the following settingsAllow Broadcast Ssid to Associate? Enable World Mode Data Rates Transmit Power Frag. ThresholdRTS Threshold Max. RTS Retries Default Radio Channel Search for Less-Congested Radio ChannelRestrict Searched Channels Entering Advanced Configuration Information Receive Antenna and Transmit Antenna AP Radio Advanced Page for Internal Radio Settings on the AP Radio Advanced AP Radio Advanced pages contain the following settingsRequested Status Packet Forwarding Default Multicast Address Filters Maximum Multicast Packets/SecondRadio Cell Role Ssid For Use By Infrastructure Stations Use Aironet Extensions Classify Workgroup Bridges as Network Infrastructure Quality of Service Setup Link Vlan Setup LinkRequire Use of Radio Firmware Ethernet Encapsulation Transform Advanced Primary Ssid Setup Link Preferred Access PointsTemporal Key Integrity Protocol Broadcast WEP Key rotation interval sec Radio Modulation Radio Preamble Ethernet Configuration Non-Root Mobility Settings on the Ethernet Identification Entering Ethernet Hardware Information Settings on the Ethernet Hardware Ethernet Hardware page contains the following settingsSpeed Loss of Backbone Connectivity # of Secs Loss of Backbone Connectivity ActionLoss of Backbone Connectivity Ssid Settings on the Ethernet Advanced Ethernet Advanced page contains the following settings Default Unicast and Multicast Address Filters Default Unicast Address Filter Always Unblock Ethernet When STP is DisabledOptimize Ethernet for OL-2159-05 Configuring VLANs Settings on the Vlan Setup Vlan setup page contains the following settingsEntering Vlan Information 802.1Q Encapsulation Mode Maximum Number of Enabled Vlan IDsVlan Summary Status Link Vlan 802.1Q Tagging Vlan Security Policy Single Vlan ID which allows Unencrypted packetsOptionally allow Encrypted packets on the unencrypted Vlan Vlan Name Native Vlan Configuration Broadcast Domain SegmentationParameter TKIP/MIC Primary and Secondary SSIDs Deployment of Infrastructure and Non infrastructure Devices RADIUS-Based Vlan Access Control Vlan ID Criteria for Deploying Wireless VLANs Vlan Wireless Vlan Deployment Example 5shows the wireless Vlan deployment scenario described above Using the Configuration Screens Obtaining and Recording Vlan ID and Setup InformationCreating and Configuring VLANs on the Access Point Creating the Native Vlan Vlan Setup Vlan ID #1 Setup Creating the Full- and Part-Time VLANs Creating the Maintenance Vlan Creating the Guest Vlan Creating and Configuring the SSIDs AP Radio Internal Service Sets Configuring VLANs Wireless Vlan Deployment Example Enabling Vlan 802.1Q Tagging and Identifying the Native Vlan 11 AP Radio Service Sets Guidelines for Wireless Vlan Deployment Creating an Ssid for Infrastructure Devices OL-2159-05 Configuring Filters and QoS Filter Setup Protocol Filtering Creating a Protocol Filter Enter a descriptive filter set name in the Set Name field Filter Set Enabling a Protocol Filter MAC Address Filtering Address Filters Creating a MAC Address Filter AP Radio Advanced AP Radio Primary Ssid QoS Configuration Settings on the Quality of Service Setup Use Symbol ExtensionsGenerate Qbss Element Applying QoS By StationSend Igmp General Query Traffic Category 10 Protocol Filters Setup By Vlan 12 Vlan ID 13 Filters Priority Setting By Filter By CoS Value By Dscp Value Wireless QoS Deployment Example 17 Vlan Setup 18 Vlan ID #xx WEP Set on the Wireless Phone WEP Not Set on the Wireless Phone 20 AP Radio Internal Service Sets 21 AP Radio Internal Service Sets OL-2159-05 Configuring Proxy Mobile IP Proxy Mobile IP Introduction to Mobility in IP Nomadic Approach Mobile ApproachMobile IP Explained Mobile IP Environment Proxy Mobile IP Explained Mobile IP Traffic Pattern Before Deploying Proxy Mobile IP Issues to Consider While Deploying Proxy Mobile IP Components of a Proxy Mobile IP Network How Proxy Mobile IP Works Agent Discovery Subnet Map Exchange Home Agent Subnet Mask Registration Tunneling Proxy Mobile IP Setup Proxy Mobile IP Security Proxy Mobile IP Setup General Authentication Server Settings on the Proxy Mobile IP GeneralEnable Proxy Mobile IP Authoritative AP n Settings on the Authenticator Configuration Settings on the Local SA Bindings Local SA Bindings Settings on the Proxy Mobile IP Statistics Statistics Authentication Failures for HA Authentication Failures for FAActive AAP MN IP Addresses Configuring Proxy Mobile IP Settings on the Subnet Map TableView Subnet Map Table Configuring Proxy Mobile IP on Your Wired LAN 11 a Sample Network 13 AP Radio Internal Service Sets 15 Proxy Mobile IP General 17 Subnet Map Table 18 Authenticator Configuration 20 Network Configuration Screen for an Access Point Client 22 Passed Authentication Screen Configuring Other Settings Server Setup Entering Time Server Settings Settings on the Time Server Setup Entering Boot Server Settings Settings on the Boot Server SetupBoot Server Setup page contains the following settings Configuration Server Protocol Use Previous Configuration Server SettingsBootp Server Timeout sec Dhcp Multiple-Offer Timeout sec Dhcp Requested Lease Duration min Dhcp Minimum Lease Duration minDhcp Client Identifier Type Option Definition Settings on the Web Server Setup Web Server Setup page contains the following settingsDhcp Client Identifier Value Dhcp Class Identifier Default Help Root URL Default Web Root URLAllow Non-Console Browsing Http Port Entering Name Server Settings Settings on the Name Server SetupDefault Domain Domain Name System Entering FTP Settings Settings on the FTP SetupFTP Setup page contains the following settings Domain Name Servers Routing Setup Entering Routing Settings New Network Route SettingsRouting Setup page contains the following settings Association Table Display Setup Installed Network Routes listAssociation Table Filters Configuring Other Settings Association Table Display Setup Settings on the Association Table Filters Stations to ShowFields to Show Association Table Advanced Packets To/From StationBytes To/From Station Primary Sort Settings on the Association Table Advanced Association Table Advanced Rogue AP Alert Timeout minutes Handle Station Alerts as Severity LevelMaximum number of bytes stored per Station Alert packet Maximum Number of Forwarding Table Entries Event Notification Setup Event Display SetupSettings on the Event Display Setup Default Activity Timeout seconds Per Device Class How should time generally be displayed? How should Event Elapsed non-wall-clock Time be displayed?Severity Level at which to display events Severity Level Description Event Handling Setup 10 The Event Handling Setup Settings on the Event Handling Setup Disposition of EventsHandle Station Events as Severity Level Maximum number of bytes stored per Alert packet Event Notifications Setup Clear Alert StatisticsPurge Trace Buffer Settings on the Event Notifications Setup Should Notify-Disposition Events generate Snmp Traps?Snmp Trap Destination Snmp Trap Community Should Syslog Messages use the Cisco Emblem Format? Syslog Destination AddressSyslog Facility Number Ieee Snmp Traps Should Generate the Following Notifications Security Setup Encrypting Radio Signals with WEP Security OverviewLevels of Security Additional WEP Security Features Network Authentication Types Sequence for EAP Authentication Wired LAN Client Combining MAC-Based, EAP, and Open Authentication Sequence for Open Authentication Setting Up WEP Protecting the Access Point Configuration with User Manager Key Access Point Associated Device Transmit? Key Contents Not set Enabling Additional WEP Security Features Using Snmp to Set Up WEPEnabling Message Integrity Check MIC Snmp Variable WEP Full WEP Off AP Radio Advanced Page for Internal Radio Enabling Temporal Key Integrity Protocol Tkip Enabling Broadcast WEP Key Rotation Setting Up Open or Shared Key Authentication Setting Up EAP Authentication Enabling EAP on the Access Point Firmware Version Draft 802.1x-2001 Access Point EAP Settings for Various Client Configurations Click Add New Access Server Enabling EAP in Cisco Secure ACS Setting Up a Repeater Access Point As a Leap Client Setting a Session-Based WEP Key Timeout AP Radio Identification Page for Internal Radio Setting Up MAC-Based Authentication Enabling MAC-Based Authentication on the Access Point 11 Authenticator Configuration Security Setup Setting Up MAC-Based Authentication 12 AP Radio Advanced Authenticating Client Devices Using MAC Addresses or EAP Enabling MAC-Based Authentication in Cisco Secure ACS Summary of Settings for Authentication Types Authentication Types Required SettingsLeap EAP-TLS, EAP-MD5 Radius Attributes Sent by the Access Point Attribute ID Description Acct-Delay-Time Acct-Session-IdAcct-Authentic VSA attribute Nas-location Vlan-id Auth-algo-type Setting Up Backup Authentication Servers Acct-Terminate-Cause Setting Up Administrator Authorization 14 Security Setup Creating a List of Authorized Management System Users 16 User Management Window Setting up Centralized Administrator Authentication Click User Information. The User Information page appearsClick Add New User. The User Management window appears Click Apply. You are returned to the User Information 18 Authenticator Configuration System Flow Notes Authorization Parameters Network Management Using the Association Table Setting the Display OptionsBrowsing to Network Devices Using Station Pages Station Information on Station Pages Station Identification and Status Rate, Signal, and Status Information To Station InformationFrom Station Information Performing Pings and Link Tests Hops and Timing InformationPerforming a Ping Performing a Link Test Click Link Test Using the Network Map Window Deauthenticating and Disassociating Client DevicesClearing and Updating Statistics Using Cisco Discovery Protocol Settings on the CDP Setup MIB for CDP Assigning Network Ports Port Assignments Enabling Wireless Network Accounting Settings on the Port Assignments Settings on the Accounting Setup Accounting Setup Accounting Attributes Attribute Definition Radiusipadr OL-2159-05 Managing Firmware and Configurations 10-1 Full Update of the Firmware Components Updating FirmwareUpdating with the Browser from a Local Drive 10-2 Selective Update of the Firmware Components 10-3 Updating from a File Server 10-4 Update All Firmware From File Server 10-5 Update Firmware From File Server 10-6 Retrieving Firmware and Web Page Files 10-7 Distributing Firmware 10-8 Distributing a Configuration 10-9 Limiting Distributions 10-10 Downloading the Current Configuration 10-11 Uploading a Configuration Uploading from a Local DriveUploading from a File Server 10-12 Resetting the Configuration 10-13 Restarting the Access Point 10-14 Management System Setup 11-1 Snmp Setup Settings on the Snmp Setup11-2 Using the Database Query Settings on the Database Query11-3 Console and Telnet Setup Changing Settings with the Database Query11-4 Settings on the Console/Telnet Using Secure Shell11-5 11-6 Special Configurations 12-1 Setting Up a Repeater Access Point 12-2 12-3 12-4 Using Hot Standby Mode 12-5 12-6 12-7 12-8 Sections in this chapter include 13-1 Using Diagnostic Pages Network DiagnosticsSelections on the Network Diagnostics 13-2 Radio Diagnostics Tests 13-3 Vlan Summary Status SSIDs Int, Mod13-4 Network Ports 13-5 Identifying Information and Status Data Received13-6 Data Transmitted Ethernet Port13-7 Configuration Information Receive Statistics13-8 AP Radio Transmit Statistics13-9 13-10 AP Radio Port 13-11 Display Options 13-12 Display Settings Event Log13-13 Log Headings Saving the LogEvent Log Summary 13-14 Using Command-Line Diagnostics Command Information Displayed13-15 Entering Diagnostic Commands 13-16 Diagnostic Command Results Eapdiag1on13-17 Eapdiag2on Vxdiagarpshow13-18 13-19 Vxdiagcheckstack 13-20 Vxdiaghostshow 13-21 Vxdiagi 13-22 Vxdiagipstatshow 13-23 Vxdiagmemshow 13-24 Vxdiagmuxshow 13-25 Vxdiagrouteshow 13-26 Vxdiagtcpstatshow 13-27 Reserving Access Point Memory for a Packet Trace Log File Tracing PacketsVxdiagudpstatshow 13-28 Tracing Packets for Specific Devices 13-29 Tracing Packets for Ethernet and Radio Ports Viewing Packet Trace DataPackets Stored in a Log File 13-30 Checking the Top Panel Indicators Packets Displayed on the CLI13-31 Message Ethernet Status Radio Meaning Type Indicator 13-32 Finding an Access Point by Blinking the Top Panel Indicators 13-33 Checking Basic Settings EAP Authentication Requires Matching 802.1x Protocol DraftsWEP Keys 13-34 Firmware Version Draft 13-35 Resetting to the Default Configuration 13-36 13-37 13-38 Channels, Power Levels, and Antenna Gains Channels Ieee 802.11aRegulatory Domains Maximum Power Levels and Antenna Gains Ieee 802.11b Maximum Power Level mW Regulatory Domain Antenna Gain dBi Maximum Power Level mWRegulatory Domain With 6-dBi Antenna Gain Americas -A 100 Eirp maximum 13.5 Emea -E MW Eirp maximum Regulatory Domain Antenna Gain dBi Maximum Power Level mW OL-2159-05 Protocol Filter Lists Protocol ISO Designator UDP XNS-IDP ISO-TP4 ISO-CNLP Cnlp VinesSVP Smtp Tftp HttpTsap POP2 Cmot BGPIRC RIP Radius CVSRFE Event Log Messages Default Format Message FormatsCisco Emblem Format With a timestamp, messages look like this example Loginfo Syslog Severity Emblem SeverityLogemerg Logalert Message Descriptions Possible Cause orSeverity Event Description Mnemonic Recommended Action Reason Device Host Newaddr SrchostIfDescr Desthost length pktLen Srchost to port ifDescr Reqlen bytes IfDescr error= errornum Packet from srchost to desthostDesthost on port ifDescr IfDescr error=erronum For procedure on port ifDescrSrchost to desthost on port From srchost to desthost on port Srchost on port ifDescr Version Srchost to desthost of unknownDesthost Sysreboot RebootinfAdmin Prtrarpip Port device Status IfDescr errno=errno PktLen ENC WEP UnencXidexp Ethercon Media port Frame bytes Frame Username Failed UsernamePort devName unit Unit 1XVER HstndbyenAssoclost Hstndbyeth Instkey AcctconAmngrreq Nulses Norbuf NosbufNoaserv Open VlanID IfIndex MIB IfIndex Awcmib Nomibdkey BadsizeTaskfailed Taskstarted SsidIdx Statuses and Reasons Appendix C Event Log Messages Statuses and Reasons OL-2159-05 Numerics IN-1 CDP MIB DhcpCLI Dtim IN-3 Ethernet Locate unit by flashing LEDs Radio trafficIN-4 Pspf IN-5 SSH VlanIN-6 Warm restart IN-7 IN-8