Main
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
              Preface
Audience                
Purpose
              Organization
              Conventions
              Related Publications
Obtaining Documentation, Obtaining Support, and Security  Guidelines            
Page
            Page
              Overview 
              Features
Features Introduced in This Release                
Support for IPv6
Support for Guest Access                
Support for 802.11w
              Management Options
Roaming Client Devices                
Network Configuration Examples
Root Access Point              
Repeater Access Point
              Bridges
              Workgroup Bridge
              Central Unit in an All-Wireless Network
Access point            
Page
              Using the Web-Browser Interface
              Using the Web-Browser Interface for the First Time
Using the Management Pages in the Web-Browser Interface              
Using Action Buttons
Character Restrictions in Entry Fields              
Enabling HTTPS for Secure Browsing
            Page
            Page
            Page
            Page
            Page
            Page
            Page
              Deleting an HTTPS Certificate
              Using Online Help
Changing the Location of Help Files              
Disabling the Web-Browser Interface
              Using the Command-Line Interface
              Cisco IOS Command Modes
              Getting Help
Abbreviating Commands              
Using the no and Default Forms of Commands
Understanding CLI Messages                
Using Command History
              Changing the Command History Buffer Size
Recalling Commands                
Disabling the Command History Feature
              Using Editing Features
Enabling and Disabling Editing Features                
Editing Commands Through Keystrokes
              Editing Command Lines that Wrap
              Searching and Filtering Output of show and more Commands
              Accessing the CLI
Opening the CLI with Telnet                
Opening the CLI with Secure Shell
            Page
              Configuring the Access Point for the First Time
              Before You Start
Resetting the Device to Default Settings                
Resetting to Default Settings Using the MODE Button
Resetting to Default Settings Using the GUI              
Resetting to Default Settings Using the CLI
              Logging into the Access Point
Obtaining and Assigning an IP Address                
Default IP Address Behavior
              Connecting to the 1100 Series Access Point Locally
              Connecting to the 1130 Series Access Point Locally
Connecting to the 1040, 1140,1200, 1230, 1240, 1250, 1260, and 2600  Series Access Points Locally              
Connecting to the 1300 Series Access Point/Bridge Locally
              Default Radio Settings
Assigning Basic Settings            
Page
            Page
            Page
            Page
            Page
              Default Settings on the Express Setup Page
            Page
              Configuring Basic Security Settings
              Understanding Express Security Settings
Using VLANs              
Express Security Types
            Page
              Express Security Limitations
Using the Express Security Page              
CLI Configuration Examples
              4-22
              4-23
Example: EAP Authentication                
Note The following warning message appears if your radio clients are using EAP-FAST and you do not 
              4-24
Example: WPA              
4-25
              Configuring System Power Settings Access Points
Using the AC Power Adapter                
Using a Switch Capable of IEEE 802.3af Power Negotiation
Using a Switch That Does Not Support IEEE 802.3af Power Negotiation                
Using a Power Injector
              Support for 802.11n Performance on 1250 Series Access Points with Standard  802.3af PoE
1250 Series Power Modes              
Assigning an IP Address Using the CLI
Using a Telnet Session to Access the CLI              
Configuring the 802.1X Supplicant
Creating a Credentials Profile              
Applying the Credentials to an Interface or SSID
Applying the Credentials Profile to the Wired Port              
Applying the Credentials Profile to an SSID Used For the Uplink
Creating and Applying EAP Method Profiles              
Configuring IPv6
              Configuring DHCPv6 address
              IPv6 Neighbor Discovery
              Configuring IPv6 Access Lists
RADIUS Configuration                
IPv6 WDS Support
              CDPv6 Support:
              RA filtering
            Page
              Administering the Access Point
              Disabling the Mode Button
              Preventing Unauthorized Access to Your Access Point
Protecting Access to Privileged EXEC Commands              
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password            
Page
              Protecting Enable and Enable Secret Passwords with Encryption
              Configuring Username and Password Pairs
              Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command                
Logging Into and Exiting a Privilege Level
              Configuring Easy Setup
              Configuring Spectrum Expert Mode
              Controlling Access Point Access with RADIUS 
              Default RADIUS Configuration
Configuring RADIUS Login Authentication            
Page
              Defining AAA Server Groups
            Page
              Configuring RADIUS Authorization for User Privileged Access and  Network Services
Displaying the RADIUS Configuration              
Controlling Access Point Access with TACACS+ 
Default TACACS+ Configuration                
Configuring TACACS+ Login Authentication
            Page
              Configuring TACACS+ Authorization for Privileged EXEC Access and Network  Services
Displaying the TACACS+ Configuration              
Configuring Ethernet Speed and Duplex Settings
Configuring the Access Point for Wireless Network  Management              
Configuring the Access Point for Local Authentication and  Authorization
              Configuring the Authentication Cache and Profile
              5-23
              Configuring the Access Point to Provide DHCP Service
Setting up the DHCP Server            
Page
              Monitoring and Maintaining the DHCP Server Access Point
Show Commands                
Clear Commands
Debug Command              
Configuring the Access Point for Secure Shell
Understanding SSH                 
Configuring SSH
Support for Secure Copy Protocol              
Configuring Client ARP Caching
Understanding Client ARP Caching                
Optional ARP Caching
Configuring ARP Caching              
Managing the System Time and Date
              Understanding Simple Network Time Protocol
Configuring SNTP                
Configuring Time and Date Manually
              Setting the System Clock
              Displaying the Time and Date Configuration
Configuring the Time Zone               
Configuring Summer Time (Daylight Saving Time)
            Page
              Defining HTTP Access
Configuring a System Name and Prompt                
Default System Name and Prompt Configuration
Configuring a System Name              
Understanding DNS
Default DNS Configuration              
Setting Up DNS
Displaying the DNS Configuration              
Creating a Banner
Default Banner Configuration                
Configuring a Message-of-the-Day Login Banner
            Page
Configuring a Login Banner              
Upgrading Autonomous Cisco Aironet Access Points to  Lightweight Mode
              Migrating to Japan W52 Domain
            Page
Verifying the Migration              
Configuring Multiple VLAN and Rate Limiting for  Point-to-Multipoint Bridging
              CLI Command
              Configuring Radio Settings
              Enabling the Radio Interface
Configuring the Role in Radio Network            
Page
            Page
              Universal Workgroup Bridge Mode
Point-to-point and Multi Point bridging support for 802.11n platforms              
Configuring Dual-Radio Fallback
              Radio Tracking
Fast Ethernet Tracking                
MAC-Address Tracking
Bridge Features Not Supported              
Configuring Radio Data Rates
              Access Points Send Multicast and Management Frames at Highest Basic Rate
            Page
              Configuring MCS Rates
              Configuring Radio Transmit Power
            Page
            Page
              Limiting the Power Level for Associated Client Devices
              Configuring Radio Channel Settings
              Channel Widths for 802..11n
              Dynamic Frequency Selection
Radar Detection on a DFS Channel              
CLI Commands
              Confirming that DFS is Enabled
Configuring a Channel              
Blocking Channels from DFS Selection
Setting the 802.11n Guard Interval              
Configuring Location-Based Services
Understanding Location-Based Services              
Configuring LBS on Access Points
              Enabling and Disabling World Mode
              Disabling and Enabling Short Radio Preambles
              Configuring Transmit and Receive Antennas
              Enabling and Disabling Gratuitous Probe Response
              Disabling and Enabling Aironet Extensions
              Configuring the Ethernet Encapsulation Transformation Method
Enabling and Disabling Reliable Multicast to Workgroup  Bridges              
Enabling and Disabling Public Secure Packet Forwarding
              Configuring Protected Ports
              Configuring the Beacon Period and the DTIM
Configure RTS Threshold and Retries              
Configuring the Maximum Data Retries
Configuring the Fragmentation Threshold              
Enabling Short Slot Time for 802.11g Radios
Performing a Carrier Busy Test                
Configuring VoIP Packet Handling
              Viewing VoWLAN Metrics
              Viewing Voice Reports
            Page
              Viewing Wireless Client Reports
              Viewing Voice Fault Summary
              Configuring Voice QoS Settings
              Configuring Voice Fault Settings
              Configuring ClientLink
Using the CLI to Configure ClientLink                
Debugging Radio Functions
            Page
            Page
              Configuring Multiple SSIDs
              Understanding Multiple SSIDs
Effect of Software Versions on SSIDs            
Page
              Configuring Multiple SSIDs
Default SSID Configuration                
Creating an SSID Globally
            Page
              Viewing SSIDs Configured Globally
Using Spaces in SSIDs              
Using a RADIUS Server to Restrict SSIDs
              Configuring Multiple Basic SSIDs
Requirements for Configuring Multiple BSSIDs                
Guidelines for Using Multiple BSSIDs
Configuring Multiple BSSIDs            
Page
              Displaying Configured BSSIDs
              Assigning IP Redirection for an SSID
              Guidelines for Using IP Redirection
Configuring IP Redirection              
Including an SSID in an SSIDL IE
              NAC Support for MBSSID
            Page
              Configuring NAC for MBSSID
              7-17
            Page
              Configuring Spanning Tree Protocol
              Understanding Spanning Tree Protocol
STP Overview              
1300 and 350 Series Bridge Interoperability
Access Point/Bridge Protocol Data Units              
Election of the Spanning-Tree Root
              Spanning-Tree Timers
Creating the Spanning-Tree Topology              
Spanning-Tree Interface States
              Blocking State
Listening State                
Learning State
Forwarding State                
Disabled State
              Configuring STP Features
Default STP Configuration              
Configuring STP Settings
8-10              
STP Configuration Examples
Root Bridge Without VLANs                
This example shows the configuration of a root bridge with no VLANs configured and with STP enabled:
8-11              
Non-Root Bridge Without VLANs
Root Bridge with VLANs                
This example shows the configuration of a root bridge with VLANs configured with STP enabled:
              8-12
8-13              
Non-Root Bridge with VLANs
This example shows the configuration of a non-root bridge with VLANs configured with STP enabled:              
Displaying Spanning-Tree Status
              Configuring an Access Point as a Local  Authenticator
              Understanding Local Authentication
Configuring a Local Authenticator              
Guidelines for Local Authenticators
Configuration Overview                
Configuring the Local Authenticator Access Point
            Page
            Page
              Configuring Other Access Points to Use the Local Authenticator
              Configuring EAP-FAST Settings
Configuring PAC Settings                
PAC Expiration Times
Generating PACs Manually              
Configuring an Authority ID
Configuring Server Keys                
Possible PAC Failures Caused by Access Point Clock
              Limiting the Local Authenticator to One Authentication Type
Unblocking Locked Usernames                
Viewing Local Authenticator Statistics
              Using Debug Messages
              Configuring Cipher Suites and WEP
              Understanding Cipher Suites and WEP
              Configuring Cipher Suites and WEP
Creating WEP Keys            
Page
              WEP Key Restrictions 
Example WEP Key Setup              
Enabling Cipher Suites and WEP
              Matching Cipher Suites with WPA or CCKM
              Enabling and Disabling Broadcast Key Rotation
            Page
            Page
              Configuring Authentication Types
              Understanding Authentication Types
Open Authentication to the Access Point              
Shared Key Authentication to the Access Point
              EAP Authentication to the Network
              MAC Address Authentication to the Network
              Combining MAC-Based, EAP, and Open Authentication
Using CCKM for Authenticated Clients              
Using WPA Key Management
11-8                
Figure 11-6 shows the WPA key management process.
              Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP
            Page
              Configuring Authentication Types
Assigning Authentication Types to an SSID            
Page
            Page
              Configuring WPA Migration Mode
              Configuring Additional WPA Settings
Setting a preshared Key                
Configuring Group Key Updates
              Configuring MAC Authentication Caching
              Configuring Authentication Holdoffs, Timeouts, and Intervals
              Creating and Applying EAP Method Profiles for the 802.1X Supplicant
              Creating an EAP Method Profile
Applying an EAP Profile to the Fast Ethernet Interface                
Applying an EAP Profile to an Uplink SSID
              Matching Access Point and Client Device Authentication Types 
            Page
            Page
              Guest Access Management
            Page
              Guest Account Creation 
            Page
            Page
              Configuring WDS, Fast Secure Roaming, Radio  Management, and Wireless Intrusion Detection  Services
              Understanding WDS
Role of the WDS Device                
Role of Access Points Using the WDS Device
              Understanding Fast Secure Roaming
            Page
              Understanding Radio Management
Understanding Layer 3 Mobility              
Understanding Wireless Intrusion Detection Services
              Configuring WDS
              Guidelines for WDS
Requirements for WDS                
Configuration Overview
              Configuring Access Points as Potential WDS Devices
            Page
            Page
            Page
            Page
              Configuring Access Points to use the WDS Device
              Configuring the Authentication Server to Support WDS
            Page
            Page
            Page
              Configuring WDS Only Mode
              Viewing WDS Information
Using Debug Messages              
Configuring Fast Secure Roaming
Requirements for Fast Secure Roaming              
Configuring Access Points to Support Fast Secure Roaming
            Page
              CLI Configuration Example
Support for 802.11r              
Configuring Management Frame Protection
Management Frame Protection              
Overview
Protection of Unicast Management Frames                
Protection of Broadcast Management Frames
Client MFP For Access Points in Root mode              
Configuring Client MFP
              Management Frame Protection with 802.11w
            Page
              Configuring Radio Management
              CLI Configuration Example
              Configuring Access Points to Participate in WIDS
Configuring the Access Point for Scanner Mode                
Configuring the Access Point for Monitor Mode
              Displaying Monitor Mode Statistics
              Configuring Monitor Mode Limits
Configuring an Authentication Failure Limit              
Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS              
Understanding RADIUS
RADIUS Operation              
Configuring RADIUS
              Default RADIUS Configuration
Identifying the RADIUS Server Host             
Page
            Page
              Configuring RADIUS Login Authentication
            Page
              Defining AAA Server Groups
            Page
              Configuring RADIUS Authorization for User Privileged Access and Network Services
              Configuring Packet of Disconnect
              Starting RADIUS Accounting m
              Selecting the CSID Format
              Configuring Settings for All RADIUS Servers
              Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
              Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
              Configuring WISPr RADIUS Attributes
              Displaying the RADIUS Configuration
              RADIUS Attributes Sent by the Access Point
            Page
            Page
              Configuring and Enabling TACACS+
Understanding TACACS+              
TACACS+ Operation
Configuring TACACS+              
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key              
Configuring TACACS+ Login Authentication
              Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
              Starting TACACS+ Accounting
              Displaying the TACACS+ Configuration
            Page
              Configuring VLANs
              Understanding VLANs
              Related Documents
Incorporating Wireless Devices into VLANs              
Configuring VLANs
              Configuring a VLAN
            Page
              Assigning Names to VLANs
Guidelines for Using VLAN Names                
Creating a VLAN Name
              Using a RADIUS Server to Assign Users to VLANs
              Using a RADIUS Server for Dynamic Mobility Group Assignment
Viewing VLANs Configured on the Access Point              
VLAN Configuration Example
            Page
              14-12
Table14-3 Results of Example Configuration Commands                
VLAN 1 Interfaces VLAN 2 Interfaces VLAN 3 Interfaces
              Configuring QoS
              Understanding QoS for Wireless LANs
QoS for Wireless LANs Versus QoS on Wired LANs                
Impact of QoS on a Wireless LAN
              Precedence of QoS Settings
              Using Wi-Fi Multimedia Mode
              Using Band Select
              Configuring QoS
Configuration Guidelines                
Configuring QoS Using the Web-Browser Interface
            Page
            Page
            Page
              The QoS Policies Advanced Page
QoS Element for Wireless Phones              
IGMP Snooping
AVVID Priority Mapping                
WiFi Multimedia (WMM)
Rate Limiting               
Adjusting Radio Access Categories
              Configuring Nominal Rates
              Optimized Voice Settings
Configuring Call Admission Control                
Configuring the Radio
Troubleshooting Admission Control              
QoS Configuration Examples
Giving Priority to Voice Traffic              
Giving Priority to Video Traffic
            Page
            Page
              Configuring Filters
              Understanding Filters
Configuring Filters Using the CLI              
Configuring Filters Using the Web-Browser Interface
Configuring and Enabling MAC Address Filters              
Creating a MAC Address Filter
            Page
              Using MAC Address ACLs to Block or Allow Client Association to the Access Point
            Page
              Creating a Time-Based ACL
ACL Logging              
Configuring and Enabling IP Filters
            Page
              Creating an IP Filter
              Configuring and Enabling EtherType Filters
              Creating an EtherType Filter
            Page
              Configuring CDP
              Understanding CDP
Configuring CDP                
Default CDP Configuration
Configuring the CDP Characteristics              
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface              
Monitoring and Maintaining CDP
            Page
              17-6
              17-7
            Page
              Configuring SNMP
              Understanding SNMP
SNMP Versions              
SNMP Manager Functions
              SNMP Agent Functions
SNMP Community Strings                
Using SNMP to Access MIB Variables 
              Configuring SNMP
Default SNMP Configuration                
Enabling the SNMP Agent
              Configuring Community Strings
              Specifying SNMP-Server Group Names 
              Configuring SNMP-Server Hosts 
Configuring SNMP-Server Users                 
Configuring Trap Managers and Enabling Traps
            Page
              Setting the Agent Contact and Location Information
Using the snmp-server view Command                
SNMP Examples
            Page
              Displaying SNMP Status
              Configuring Repeater and Standby Access Points  and Workgroup Bridge Mode
              Understanding Repeater Access Points
              Configuring a Repeater Access Point
              Default Configuration
Guidelines for Repeaters              
Setting Up a Repeater
              Aligning Antennas
              Verifying Repeater Operation
Setting Up a Repeater As a LEAP Client              
Setting Up a Repeater As a WPA Client
              Understanding Hot Standby
              Configuring a Hot Standby Access Point
            Page
              Verifying Standby Operation
              Understanding Workgroup Bridge Mode
            Page
              Treating Workgroup Bridges as Infrastructure Devices or as Client Devices
              Configuring a Workgroup Bridge for Roaming
Configuring a Workgroup Bridge for Limited Channel Scanning                
Configuring the Limited Channel Set
Ignoring the CCX Neighbor List                
Configuring a Client VLAN
              Workgroup Bridge VLAN Tagging
              Configuring Workgroup Bridge Mode
            Page
              Using Workgroup Bridges in a Lightweight Environment
Guidelines for Using Workgroup Bridges in a Lightweight Environment            
Page
              Sample Workgroup Bridge Configuration
              Enabling VideoStream Support on Workgroup Bridges
            Page
              Managing Firmware and Configurations
Working with the Flash File System              
Displaying Available File Systems
              Setting the Default File System
Displaying Information About Files on a File System                
Changing Directories and Displaying the Working Directory
              Creating and Removing Directories
Copying Files              
Deleting Files
Creating, Displaying, and Extracting tar Files                
Creating a tar File
              Displaying the Contents of a tar File
Extracting a tar File                
Displaying the Contents of a File
              Working with Configuration Files
              Guidelines for Creating and Using Configuration Files
              Configuration File Types and Location
Creating a Configuration File by Using a Text Editor                
Copying Configuration Files by Using TFTP
              Preparing to Download or Upload a Configuration File by Using TFTP
Downloading the Configuration File by Using TFTP                
Uploading the Configuration File by Using TFTP
              Copying Configuration Files by Using FTP
              Preparing to Download or Upload a Configuration File by Using FTP
Downloading a Configuration File by Using FTP              
Uploading a Configuration File by Using FTP
              Copying Configuration Files by Using RCP
              Preparing to Download or Upload a Configuration File by Using RCP
              Downloading a Configuration File by Using RCP
Uploading a Configuration File by Using RCP              
Clearing Configuration Information
Deleting a Stored Configuration File              
Working with Software Images
Image Location on the Access Point              
tar File Format of Images on a Server or Cisco.com
Copying Image Files by Using TFTP                
Preparing to Download or Upload an Image File by Using TFTP
              Downloading an Image File by Using TFTP
            Page
Uploading an Image File by Using TFTP              
Copying Image Files by Using FTP
              Preparing to Download or Upload an Image File by Using FTP
              Downloading an Image File by Using FTP
            Page
              Uploading an Image File by Using FTP
              Copying Image Files by Using RCP
Preparing to Download or Upload an Image File by Using RCP            
Page
              Downloading an Image File by Using RCP
            Page
              Uploading an Image File by Using RCP
              Reloading the Image Using the Web Browser Interface
Browser HTTP Interface              
Browser TFTP Interface
            Page
              Configuring System Message Logging
              Understanding System Message Logging
Configuring System Message Logging                
System Log Message Format
              Default System Message Logging Configuration
              Disabling and Enabling Message Logging
              Setting the Message Display Destination Device
              Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages              
Defining the Message Severity Level
              Limiting Syslog Messages Sent to the History Table and to SNMP
              Setting a Logging Rate Limit
              Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon                
Configuring the UNIX System Logging Facility
            Page
              Displaying the Logging Configuration
              Troubleshooting
              Checking the Top Panel Indicators
              22-3
            Page
              Indicators on 1130 Series Access Points
            Page
            Page
              Indicators on 1040 or 1140 Series Access Point
              2 3 41
            Page
              Indicators on 1240 Series Access Points
            Page
              Indicators on 1250 Access Points
            Page
              Indicators on 1260 Series Access Points
            Page
              Indicators on 1300 Outdoor Access Point/Bridges
              Normal Mode LED Indications
            Page
              Power Injector
              Checking Power
Low Power Condition              
Checking Basic Settings
SSID                
WEP Keys
Security Settings              
Resetting to the Default Configuration
Using the MODE Button              
Using the Web Browser Interface
Using the CLI              
Reloading the Access Point Image
              Using the MODE button
Using the Web Browser Interface              
Browser HTTP Interface
Browser TFTP Interface              
Using the CLI
              Obtaining the Access Point Image File
Obtaining TFTP Server Software              
Image Recovery on the 1520 Access Point
            Page
              22-32
Note If the ENABLE_BREAK=no environmental variable is set, you will not be able to escape to                 
the bootloader.
tftpd32 installed.                
Step9 Copy the image using TFTP to the 1520 access points flash:
              22-33
            Page
              A
Protocol Filters            
Page
            Page
            Page
            Page
            Page
              B
Supported MIBs                
MIB List
              Using FTP to Access the MIB Files
              C
Error and Event Messages              
Conventions
              Software Auto Upgrade Messages
            Page
              Association Management Messages
              Unzip Messages
              System Log Messages
              802.11 Subsystem Messages
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
              Inter-Access Point Protocol Messages
Local Authenticator Messages            
Page
            Page
              WDS Messages
              Mini IOS Messages
              Access Point/Bridge Messages
Cisco Discovery Protocol Messages                
External Radius Server Error Messages
              LWAPP Error Messages
              Sensor Messages
              SNMP Error Messages
              SSH Error Messages
            Page
            Page
               
GLOSSARY                
A
B              
 
C                
D
               
E                
F
G                
I
               
M                
O
P                
Q
               
S                
T
U              
 
W