Main
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Configuration Procedures and Examples
Organization
Page
Conventions
Related Publications
Page
Page
Overview of Access Point Features
Radios in Access Points
New Features and Platforms in this Release
New Access Point Platforms Supported
Support for Cisco Aironet 3700 Series access point
Support for Cisco Aironet 2700 Series access point
Support for Cisco Aironet 1700 Series access point
New Features
Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points
Automatic Configuring of the Access Point
Support for L2TPv3
Configuration and CLI Changes in this Release
Management Options
Roaming Client Devices
Network Configuration Examples
Root Access Point
Repeater Access Point
Bridges
Workgroup Bridge
Central Unit in an All-Wireless Network
Access point
Using the Web-Browser Interface
Using the Web-Browser Interface for the First Time
Using the Management Pages in the Web-Browser Interface
Using Action Buttons
Character Restrictions in Entry Fields
Enabling HTTPS for Secure Browsing
CLI Configuration Example
Deleting an HTTPS Certificate
CLI Commands for Deleting an HTTPS Certificate
Using Online User Guides
Disabling the Web-Browser Interface
Page
Using the Command-Line Interface
Cisco IOS Command Modes
Getting Help
Abbreviating Commands
Using the no and Default Forms of Commands
Understanding CLI Messages
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands Through Keystrokes
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Opening the CLI with Telnet
Opening the CLI with Secure Shell
Page
Configuring the Access Point for the First Time
Before You Start
Resetting the Device to Default Settings
Resetting to Default Settings Using the MODE Button
Resetting to Default Settings Using the GUI
Resetting to Default Settings Using the CLI
Logging into the Access Point
Obtaining and Assigning an IP Address
Default IP Address Behavior
Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points Locally
Connecting to the 1550 Series Access Point Locally
Default Radio Settings
Assigning Basic Settings
Page
Page
Page
Default Settings on the Easy Setup Page
Understanding the Security Settings
Using VLANs
Security Types for an SSID
Page
Limitations of Security Settings
4-15
CLI Configuration Examples
Example: No Security for Radio 2.4GHz
4-16
Example: Static WEP for Radio 2.4 GHz
4-17
Example: EAP Authentication
Note The following warning message appears if your radio clients are using EAP-FAST and you do not
4-18
4-19
Example: WPA2 for Radio 2.4GHz
4-20
Configuring System Power Settings Access Points
Using the AC Power Adapter
Using a Switch Capable of IEEE 802.3af Power Negotiation
Using a Switch That Does Not Support IEEE 802.3af Power Negotiation
Using a Power Injector
Support for 802.11n Performance on 1250 Series Access Points with Standard 802.3af PoE
1250 Series Power Modes
Support for 802.11ac
Channel Widths for 802.11ac
Power Management for 802.11ac
Assigning an IP Address Using the CLI
Using a Telnet Session to Access the CLI
Configuring the 802.1X Supplicant
Creating a Credentials Profile
Applying the Credentials to an Interface or SSID
Applying the Credentials Profile to the Wired Port
Applying the Credentials Profile to an SSID Used For the Uplink
Creating and Applying EAP Method Profiles
Configuring IPv6
Page
Configuring DHCPv6 address
IPv6 Neighbor Discovery
Page
Configuring IPv6 Access Lists
RADIUS Configuration
IPv6 WDS Support
CDPv6 Support:
RA filtering
Automatic Configuring of the Access Point
Enabling Autoconfig
Prepare a Configuration Information File
Enable environmental variables
Schedule the Configuration Information File Download
Enabling Autoconfig via a Boot File
Checking the Autoconfig Status
Debugging Autoconfig
Page
Administrating the Access Point
Disabling the Mode Button
Preventing Unauthorized Access to Your Access Point
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Page
Protecting Enable and Enable Secret Passwords with Encryption
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Logging Into and Exiting a Privilege Level
Configuring Easy Setup
Configuring Spectrum Expert Mode
Controlling Access Point Access with RADIUS
Default RADIUS Configuration
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Displaying the RADIUS Configuration
Controlling Access Point Access with TACACS+
Default TACACS+ Configuration
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Displaying the TACACS+ Configuration
Configuring Ethernet Speed and Duplex Settings
Configuring the Access Point for Wireless Network Management
Configuring the Access Point for Local Authentication and Authorization
Configuring the Authentication Cache and Profile
5-23
Configuring the Access Point to Provide DHCP Service
Setting up the DHCP Server
Page
Monitoring and Maintaining the DHCP Server Access Point
Show Commands
Clear Commands
Debug Command
Configuring the Access Point for Secure Shell
Understanding SSH
Configuring SSH
Support for Secure Copy Protocol
Configuring Client ARP Caching
Understanding Client ARP Caching
Optional ARP Caching
Configuring ARP Caching
Managing the System Time and Date
Understanding Simple Network Time Protocol
Configuring SNTP
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Page
Defining HTTP Access
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Page
Configuring a Login Banner
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
Page
Configuring Radio Settings
Enabling the Radio Interface
Configuring the Role in Radio Network
Page
Page
Universal Workgroup Bridge Mode
Point-to-point and Multi Point bridging support for 802.11n platforms
Configuring Dual-Radio Fallback
Radio Tracking
Fast Ethernet Tracking
MAC-Address Tracking
Configuring Radio Data Rates
Access Points Send Multicast and Management Frames at Highest Basic Rate
Page
Page
Configuring MCS Rates
Enabling 11ac MCS rates
Configuring Radio Transmit Power
Page
Limiting the Power Level for Associated Client Devices
Configuring Radio Channel Settings
Channel Widths for 802.11n
Dynamic Frequency Selection
Page
Radar Detection on a DFS Channel
CLI Commands
Confirming that DFS is Enabled
Configuring a Channel
Blocking Channels from DFS Selection
Setting the 802.11n Guard Interval
Enabling and Disabling World Mode
Disabling and Enabling Short Radio Preambles
Configuring Transmit and Receive Antennas
Page
Enabling and Disabling Gratuitous Probe Response
Disabling and Enabling Aironet Extensions
Configuring the Ethernet Encapsulation Transformation Method
Enabling and Disabling Reliable Multicast to Workgroup Bridges
Page
Enabling and Disabling Public Secure Packet Forwarding
Configuring Protected Ports
Configuring the Beacon Period and the DTIM
Configure RTS Threshold and Retries
Configuring the Maximum Data Packet Retries
Configuring the Fragmentation Threshold
Enabling Short Slot Time for 802.11g Radios
Performing a Carrier Busy Test
Configuring VoIP Packet Handling
Page
Page
Configuring ClientLink
Using the CLI to Configure ClientLink
Debugging Radio Functions
802.11r Configuration
Page
Configuring Multiple SSIDs
Understanding Multiple SSIDs
Configuring Multiple SSIDs
Creating an SSID Globally
Page
Viewing SSIDs Configured Globally
Using a RADIUS Server to Restrict SSIDs
Configuring Multiple Basic SSIDs
Requirements for Configuring Multiple BSSIDs
Guidelines for Using Multiple BSSIDs
Configuring Multiple BSSIDs
Displaying Configured BSSIDs
Assigning IP Redirection for an SSID
Guidelines for Using IP Redirection
Configuring IP Redirection
Including SSIDL IE in an SSID Beacon
NAC Support for MBSSID
Page
Configuring NAC for MBSSID
7-14
Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol
STP Overview
Access Point/Bridge Protocol Data Units
Election of the Spanning-Tree Root
Spanning-Tree Timers
Creating the Spanning-Tree Topology
Spanning-Tree Interface States
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
Configuring STP Features
Default STP Configuration
Configuring STP Settings
8-10
STP Configuration Examples
Root Bridge Without VLANs
This example shows the configuration of a root bridge with no VLANs configured and with STP enabled:
8-11
Non-Root Bridge Without VLANs
8-12
Root Bridge with VLANs
This example shows the configuration of a root bridge with VLANs configured with STP enabled:
8-13
8-14
Non-Root Bridge with VLANs
This example shows the configuration of a non-root bridge with VLANs configured with STP enabled:
8-15
Displaying Spanning-Tree Status
Configuring an Access Point as a Local Authenticator
Understanding Local Authentication
Configuring a Local Authenticator
Guidelines for Local Authenticators
Configuration Overview
Configuring the Local Authenticator Access Point
Page
Page
Configuring Other Access Points to Use the Local Authenticator
Configuring EAP-FAST Settings
Configuring PAC Settings
PAC Expiration Times
Generating PACs Manually
Configuring an Authority ID
Configuring Server Keys
Possible PAC Failures Caused by Access Point Clock
Limiting the Local Authenticator to One Authentication Type
Unblocking Locked Usernames
Viewing Local Authenticator Statistics
Using Debug Messages
Configuring WLAN Authentication and Encryption
Understanding Authentication and Encryption Mechanisms
Page
Page
Page
Understanding Encryption Modes
Configuring Encryption Modes
Creating Static WEP Keys
WEP Key Restrictions
Example WEP Key Setup
Enabling Cipher Suites
Matching Cipher Suites with WPA or CCKM
Page
Enabling and Disabling Broadcast Key Rotation
Page
Configuring Authentication Types
Understanding Authentication Types
Open Authentication to the Access Point
WEP Shared Key Authentication to the Access Point
EAP Authentication to the Network
MAC Address Authentication to the Network
Combining MAC-Based, EAP, and Open Authentication
Using CCKM for Authenticated Clients
Using WPA Key Management
Page
Configuring Authentication Types
Assigning Authentication Types to an SSID
Page
Page
Page
Configuring WPA Migration Mode for Legacy WEP SSIDs
Configuring Additional WPA Settings
Setting a pre-shared Key
Configuring Group Key Updates
Configuring MAC Authentication Caching
Configuring Authentication Holdoffs, Timeouts, and Intervals
Creating and Applying EAP Method Profiles for the 802.1X Supplicant
Creating an EAP Method Profile
Applying an EAP Profile to the Fast Ethernet Interface
Page
Applying an EAP Profile to an Uplink SSID
Matching Access Point and Client Device Authentication Types
Page
Page
Guest Access Management
Guest Account Creation
Customized Guest Access Pages
Page
Page
Page
Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
Understanding WDS
Role of the WDS Device
Role of Access Points Using the WDS Device
Understanding Fast Secure Roaming
Understanding Wireless Intrusion Detection Services
Configuring WDS
Guidelines for WDS
Requirements for WDS
Configuration Overview
Configuring Access Points as Potential WDS Devices
Page
Page
Configuring Access Points to use the WDS Device
Page
Configuring the Authentication Server to Support WDS
Page
Configuring WDS Only Mode
Viewing WDS Information
Using Debug Messages
Configuring Fast Secure Roaming
Requirements for Fast Secure Roaming
Configuring Access Points to Support Fast Secure Roaming
Page
CLI Configuration Example
Support for 802.11r
Configuring Management Frame Protection
Management Frame Protection
Client MFP Overview
Client MFP For Access Points in Root mode
Configuring Client MFP
Protection of Management Frames with 802.11w
Configuring Radio Management
CLI Configuration Example
Configuring Access Points to Participate in WIDS
Configuring the Access Point for Scanner Mode
Configuring the Access Point for Monitor Mode
Displaying Monitor Mode Statistics
Configuring Monitor Mode Limits
Configuring an Authentication Failure Limit
Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS
Understanding RADIUS
RADIUS Operation
Page
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Configuring Packet of Disconnect
Selecting the CSID Format
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
Configuring WISPr RADIUS Attributes
Displaying the RADIUS Configuration
RADIUS Attributes Sent by the Access Point
Page
Page
Configuring and Enabling TACACS+
Understanding TACACS+
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Page
Configuring VLANs
Understanding VLANs
Incorporating Wireless Devices into VLANs
Configuring VLANs
Configuring a VLAN
Step 1 - Enabling the VLAN on the radio and Ethernet ports
Step 2 - Creating an SSID and assigning it to a VLAN
Step 3 - Assigning encryption settings to a VLAN on a given radio interface
Assigning Names to VLANs
Guidelines for Using VLAN Names
Creating a VLAN Name
Using a RADIUS Server to Assign Users to VLANs
Viewing VLANs Configured on the Access Point
14-9
VLAN Configuration Example
14-11
Table14-2 shows the commands needed to configure the three VLANs in this example.
Table14-2 Configuration Commands for VLAN Example
Configuring VLAN 1 Configuring VLAN 2 Configuring VLAN 3
Table14-3 Results of Example Configuration Commands
Page
Configuring QoS
Understanding QoS for Wireless LANs
QoS for Wireless LANs Versus QoS on Wired LANs
Impact of QoS on a Wireless LAN
Precedence of QoS Settings
Using Wi-Fi Multimedia Mode
Using Band Select
Configuring QoS
Configuration Guidelines
Configuring QoS Using the Web-Browser Interface
Page
Page
The QoS Policies Advanced Page
QoS Element for Wireless Phones
IGMP Snooping
AVVID Priority Mapping
WiFi Multimedia (WMM)
Rate Limiting
Adjusting Radio Access Categories
Configuring Nominal Rates
Optimized Voice Settings
Configuring Call Admission Control
Configuring the Radio
Enabling Admission Control on the SSID
Troubleshooting Admission Control
Configuring Streams
Page
Configuring Filters
Understanding Filters
Configuring Filters Using the CLI
Configuring Filters Using the Web-Browser Interface
Configuring and Enabling MAC Address Filters
Creating a MAC Address Filter
Creating a MAC Address Filter - Using CLI
Using MAC Address ACLs to Block or Allow Client Association to the Access Point
Using MAC Address ACLs to Block or Allow Client Association to the Access Point via CLI
Configuring MAC Address Authentication
Determining the source of MAC Authentication
Using a local MAC address list
Using the AP internal RADIUS server for MAC address authentication
Using an external RADIUS server for MAC address authentication
Configuring the SSID for MAC Authentication
Creating a Time-Based ACL
ACL Logging
Configuring and Enabling IP Filters
Creating an IP Filter
Configuring and Enabling EtherType Filters
Creating an EtherType Filter
Page
Page
Configuring CDP
Understanding CDP
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
17-6
Enabling CDP Logging
Page
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
Configuring SNMP
Default SNMP Configuration
Enabling the SNMP Agent
Configuring Community Strings
Page
Specifying SNMP-Server Group Names
Configuring SNMP-Server Hosts
Configuring SNMP-Server Users
Configuring Trap Managers and Enabling Traps
Page
Setting the Agent Contact and Location Information
Using the snmp-server view Command
SNMP Examples
Displaying SNMP Status
Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
Understanding Repeater Access Points
Configuring a Repeater Access Point
Default Configuration
Guidelines for Repeaters
Setting Up a Repeater
Aligning Antennas
Verifying Repeater Operation
Setting Up a Repeater As a WPA2 Client
Setting Up a Repeater As a EAP-FAST Client
Understanding Hot Standby
Configuring a Hot Standby Access Point
Page
Verifying Standby Operation
Understanding Workgroup Bridge Mode
Treating Workgroup Bridges as Infrastructure Devices or as Client Devices
Configuring a Workgroup Bridge for Roaming
Configuring a Workgroup Bridge for Limited Channel Scanning
Configuring the Limited Channel Set
Ignoring the CCX Neighbor List
Configuring a Client VLAN
Workgroup Bridge VLAN Tagging
Configuring Workgroup Bridge Mode
Page
Page
Page
Using Workgroup Bridges in a Lightweight Environment
Guidelines for Using Workgroup Bridges in a Lightweight Environment
Sample Workgroup Bridge Association Verification
Enabling VideoStream Support on Workgroup Bridges
Page
Managing Firmware and Configurations
Working with the Flash File System
Displaying Available File Systems
Setting the Default File System
Displaying Information About Files on a File System
Changing Directories and Displaying the Working Directory
Creating and Removing Directories
Copying Files
Deleting Files
Creating, Displaying, and Extracting tar Files
Creating a tar File
Displaying the Contents of a tar File
Extracting a tar File
Displaying the Contents of a File
Working with Configuration Files
Guidelines for Creating and Using Configuration Files
Configuration File Types and Location
Creating a Configuration File by Using a Text Editor
Copying Configuration Files by Using TFTP
Preparing to Download or Upload a Configuration File by Using TFTP
Downloading the Configuration File by Using TFTP
Uploading the Configuration File by Using TFTP
Copying Configuration Files by Using FTP
Preparing to Download or Upload a Configuration File by Using FTP
Downloading a Configuration File by Using FTP
Uploading a Configuration File by Using FTP
Copying Configuration Files by Using RCP
Preparing to Download or Upload a Configuration File by Using RCP
Downloading a Configuration File by Using RCP
Uploading a Configuration File by Using RCP
Clearing Configuration Information
Deleting a Stored Configuration File
Working with Software Images
Image Location on the Access Point
tar File Format of Images on a Server or Cisco.com
Copying Image Files by Using TFTP
Preparing to Download or Upload an Image File by Using TFTP
Downloading an Image File by Using TFTP
Page
Uploading an Image File by Using TFTP
Copying Image Files by Using FTP
Preparing to Download or Upload an Image File by Using FTP
Downloading an Image File by Using FTP
Page
Uploading an Image File by Using FTP
Copying Image Files by Using RCP
Preparing to Download or Upload an Image File by Using RCP
Page
Downloading an Image File by Using RCP
Page
Uploading an Image File by Using RCP
Reloading the Image Using the Web Browser Interface
Browser HTTP Interface
Browser TFTP Interface
Page
Configuring L2TPv3 Over UDP/IP
Prerequisites
Configuring L2TP Class
Configuring Pseudowire Class
Relationship between L2TP Class and Pseudowire Class
Configuring the Tunnel interface
Configure Tunnel management Interface
Mapping SSID to the Tunnel/Xconnect
Configuring TCP mss adjust
Configuring UDP checksum
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling and Enabling Message Logging
Setting the Message Display Destination Device
Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Limiting Syslog Messages Sent to the History Table and to SNMP
Setting a Logging Rate Limit
Configuring the System Logging Facility
Displaying the Logging Configuration
Page
Troubleshooting
Checking the LED Indicators
Checking Power
Low Power Condition
Checking Basic Settings
SSID
WEP Keys
Security Settings
Resetting to the Default Configuration
Using the MODE Button
Using the Web Browser Interface
Using the CLI
Reloading the Access Point Image
Using the MODE button
Using the Web Browser Interface
Browser HTTP Interface
Browser TFTP Interface
Using the CLI
23-10
Step9 Enter the set command to check your bootloader entries.
Obtaining the Access Point Image File
Obtaining TFTP Server Software
Image Recovery on the 1520 Access Point
Page
Page
Page
A
Protocol Filters
Page
Page
Page
Page
Page
B
Supported MIBs
MIB List
Using FTP to Access the MIB Files
C
Error and Event Messages
Conventions
Software Auto Upgrade Messages
Page
Association Management Messages
Unzip Messages
System Log Messages
802.11 Subsystem Messages
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Inter-Access Point Protocol Messages
Local Authenticator Messages
Page
Page
WDS Messages
Mini IOS Messages
Access Point/Bridge Messages
Cisco Discovery Protocol Messages
External Radius Server Error Messages
LWAPP Error Messages
Sensor Messages
SNMP Error Messages
SSH Error Messages
Page
Page
GLOSSARY
A
B
C
D
E
F
G
I
M
O
P
Q
S
T
U
W
