Corporate Headquarters
Text Part Number 0L-6415-04
Page
N T E N T S
Ssid Configuration Methods Supported by Cisco IOS Releases
Creating Cipher Suites
Protocol Filters
Local Authenticator Messages
Contents Cisco Wireless Router and Hwic Configuration Guide
Purpose
Preface
Audience
Preface provides information on the following topics
Organization
Conventions
Preface Conventions
Related Publications
Cisco Product Document Title
Obtaining Documentation
Cisco.com
Documentation Feedback
Product Documentation DVD
Ordering Documentation
Reporting Security Problems in Cisco Products
Cisco Product Security Overview
Submitting a Service Request
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Preface Obtaining Additional Publications and Information
Wireless Device Management
Overview
Network Configuration Example
Root Unit on a Wired LAN
Features
Overview Features
Overview
Overview Cisco Wireless Router and Hwic Configuration Guide
Configuring Radio Settings
Roles in Radio Network
Command Purpose
Enabling the Radio Interface
Cisco Role in Radio Network Eries ISRs
Configuring Network or Fallback Role
Bridge Features Not Supported
Sample Bridging Configuration
Following is a sample of a Root Bridge Configuration
Following is a sample of Non-Root Bridge Configuration
Interface Dot11Radio0/1/0 no ip address
Universal Client Mode
Configuring Universal Client Mode
Following configuration is supported on NAT
NAT Network Address Translation
Virtual interface to aid NAT translation
No service password-encryption Hostname C1803WUC
Configuring Radio Data Rates
Configuring Radio Settings Configuring Radio Data Rates
11.0 2.0 5.5 basic-1.0
Throughput ofdm default
Speed
2.0 5.5 6.0 9.0
DBm
Configuring Radio Transmit Power
End Return to privileged Exec mode
100 125 150 200 250
5 6 7 10 13 15 17
Limiting the Power Level for Associated Client Devices
Power local
Maximum
20 30 50 100 maximum
Configuring Radio Channel Settings
Power client
10 20 30 50 Maximum
Regulatory Domains
Identifier MHz
Center
Channel
2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467
2472 2484
Channel
DFS Automatically Enabled on Some 5-GHz Radio Channels
GHz Channels on Which DFS is Automatically Enabled
This example shows how to unblock all frequencies for DFS
Enabling and Disabling World Mode
Confirming that DFS is Enabled
Blocking Channels from DFS Selection
Enabling and Disabling Short Radio Preambles
Diversity left right
Configuring Transmit and Receive Antennas
Antenna receive
Antenna transmit
Disabling and Enabling Access Point Extensions
Disable Access Point extensions
No dot11 extension aironet
Set the encapsulation transformation method to RFC1042
Snap or 802.1h dot1h, the default setting
Payload-encapsulation
Snap dot1h
Configure terminal Enter global configuration mode
Enable Pspf
Bridge-group group port-protected
Configuring Beacon Period and Dtim
Configuring Protected Ports
Rts threshold value
Configuring RTS Threshold and Retries
Configuring Maximum Data Retries
Rts retries value
Enabling Short Slot Time for 802.11g Radios
Configuring Fragmentation Threshold
Bytes for the 2.4-GHz radio. Enter a setting from 256 to
Fragment-threshold value
Performing a Carrier Busy Test
OL-6415-04
Configuring Multiple SSIDs
Ssid Configuration Methods Supported by Cisco IOS Releases
Understanding Multiple SSIDs
Vlan
Configuring Multiple SSIDs
Creating an Ssid Globally
Command Purpose
Using a Radius Server to Restrict SSIDs
Viewing SSIDs Configured Globally
Using Spaces in SSIDs
Configuring Multiple Basic SSIDs
Requirements for Configuring Multiple BSSIDs
Guidelines for Using Multiple BSSIDs
Enabling Mbssid and Ssidl at the same time
CLI Configuration Example
Displaying Configured BSSIDs
Information-element ssidl
Below is a sample configuration for enabling Mbssid
Sample Configuration for Enabling Mbssid and Ssidl
Use the no form of the command to disable Ssidl IEs
Below is a sample configuration for enabling Ssidl
Interface Dot11Radio0/0/0 no ip address
OL-6415-04
Configuring an Access Point as a Local Authenticator
Understand Local Authentication
Configure a Local Authenticator
Configuring the Local Authenticator Access Point
Guidelines for Local Authenticators
Configuration Overview
Aaa new-model Enable AAA
Vlan vlan
Reauthentication time seconds
Radius-server local
Ssid ssid
Password nthash password
Mac-auth-only
This example shows how to set up EAP-FAST authentication
End
Routerconfig# aaa new-model
Configuring EAP-FAST Settings
Configuring PAC Settings
Configuring an Authority ID
Configuring Server Keys
Possible PAC Failures Caused by Access Point Clock
This example shows local authenticator statistics
Limiting the Local Authenticator to One Authentication Type
Viewing Local Authenticator Statistics
Unblocking Locked Usernames
Using Debug Messages
Configuring Encryption Types
Understand Encryption Types, Configure Encryption Types,
Understand Encryption Types
Configure Encryption Types
Creating WEP Keys
Encryption
Security Configuration WEP Key Restriction
WEP Key Restrictions
Key
Example WEP Key Setup
Access Point Associated Device Slot Transmit? Key Contents
Creating Cipher Suites
Cipher Suites Compatible with WPA
Enabling and Disabling Broadcast Key Rotation
Compatible Cipher Suites
WPA
Security Type in Universal Client Mode
Security
Universal client configuration
Tkip AES TKIP+AES
WEP 40-bit WEP 128-bit
Debugging
Caveats
WEP
OL-6415-04
Configuring Authentication Types
Understand Authentication Types
Open Authentication to Access Point
Shared Key Authentication to Access Point
Traffic from client
EAP Authentication to Network
Sequence for EAP Authentication
MAC Address Authentication to the Network
Combining MAC-Based, EAP, and Open Authentication
Using WPA Key Management
5shows the WPA key management process
Third Party Host Supplicant
WPA-PSK Mode Windows XP Yes
Software and Firmware Requirements for WPA and WPA-TKIP
Protocol Required? Systems
Configure Authentication Types
Assigning Authentication Types to an Ssid
Mac-address list-name alternate
Authentication open
Optional Set the authentication type to open for this Ssid
Optional eap list-name
Authentication key-management
Authentication shared
Authentication network-eap
Mac-address list-name
Configuring WPA Migration Mode
Configuring Additional WPA Settings
Wpa-psk hex ascii 0
Configuring MAC Authentication Caching
Dot1x reauth-period seconds
Dot1x client-timeout seconds
Dot11 holdoff-time seconds
Server
Security Feature Client Setting Access Point Setting
Detects two MIC failures within 60 seconds, it blocks all
Tkip clients on that interface for the holdtime period
WPA-PSK
Security Feature Client Setting Access Point Setting
Configuring Radius Servers
Configuring and Enabling Radius
Understanding Radius
Radius Operation
Configuring Radius
Default Radius Configuration
Identifying the Radius Server Host
Radius-server timeout command is used
Acct-port port-number timeout
Port for authentication requests.Optional For acct-port
Radius-server host hostname
Configuring Radius Login Authentication
Show running-config Verify your entries
Authentication login command
Aaa authentication login default
Login authentication default
Include-in-access-req format %h
Defining AAA Server Groups
Aaa group server radius group-name
Port for authentication requests
Port for accounting requests
Define the AAA server-group with a group name
Radius
Starting Radius Accounting
Configuring Settings for All Radius Servers
Selecting the Csid Format
Option MAC Address Example
Show running-config Verify your settings
Authentication
Radius-server vsa send accounting
Radius-server host hostname ip-address non-standard
Configuring WISPr Radius Attributes
Radius-server key string
Displaying the Radius Configuration
Snmp-server location location
Radius Attributes Sent by the Access Point
Attribute ID Description
VLAN-ID
Acct-Terminate-Cause
VSA attribute NAS-Location Disc-Cause-Ext
Configuring VLANs
Understanding VLANs
LAN and Vlan Segmentation with Wireless Devices
Related Documents
Configuring VLANs
Incorporating Wireless Devices into VLANs
Configuring a Vlan
Interface dot11radio 0.x
Encapsulation dot1q vlan-id
Assigning Names to VLANs
Using a Radius Server to Assign Users to VLANs
Guidelines for Using Vlan Names
Creating a Vlan Name
Viewing VLANs Configured on the Access Point
Vlan Configuration Example
Ssid Vlan ID
Configuring Vlan
Vlan 1 Interfaces Vlan 2 Interfaces Vlan 3 Interfaces
Configuring VLANs Vlan Configuration Example
OL-6415-04
Configuring QoS
Understanding QoS for Wireless LANs, Configuring QoS,
Understanding QoS for Wireless LANs
QoS for Wireless LANs Versus QoS on Wired LANs
Impact of QoS on a Wireless LAN
Precedence of QoS Settings
Upstream and Downstream Traffic Flow
Using Wi-Fi Multimedia Mode
Adjusting Radio Access Categories
Configuring QoS
Configuration Guidelines
Fixed Slot Time
Sample Configuration Using the CLI
Disabling Igmp Snooping Helper
Center Frequency Americas
Channel Settings
Ieee 802.11b 2.4-GHz Band
Japan
Center Regulatory Domains
Ieee 802.11g 2.4-GHz Band
Ieee 802.11a 5-GHz Band
Americas -A Emea -E Japan -J Frequency
Frequency North America
OL-6415-04
Protocol Filters
Protocol
TCP
Icmp
Igmp
EGP PUP Chaos
ISO Designator
POP3
Tsap
POP2
IMAP2
Uucp
RIP
RPC
CVS
Supported MIBs
MIB List
IEEE802dot11-MIB
Using FTP to Access the MIB Files
RFC1213-MIB RFC1398-MIB SNMPv2-MIB SNMPv2-SMI SNMPv2-TC
This appendix lists the CLI error and event messages
Error and Event Messages
How to Read System Messages
Level Description
Message Traceback Reports
Explanation a station associated to an access point
Explanation a station disassociated from an access point
Association Management Messages
Subsystem Messages
Recommended Action None
Explanation The device has begun its DFS scanning process
Recommended Action None
Error Message DOT11-4-RMINCAPABLE Interface interface
Recommended Action Reload the system
Error Message DOT11-4-CANTASSOC Cannot associate characters
Recommended Action None
Recommended Action
Local Authenticator Messages
Access Point
Network with wireless stations
Wireless network composed of stations without Access Points
Operating in the 2.4-GHz band
Hoc mode
GL-2
An antenna that radiates its signal in a spherical pattern
LAN 802.11 specifications
Wired Ethernet network
Corresponding IP addresses
Transmission at 6, 9, 12, 18, 24, 36, 48, and 54 Mbps
Transmission at 2 Mbps
While maintaining an unbroken connection to the LAN
That of a cable
Wireless MultiMedia
Computing device with an installed client adapter
802.1X for authenticated key management
EAP
AES-CCMP
EAP-FAST 1
IN-2
FTP
Leap
Names, Vlan Network-EAP
Ofdm
Qbss
Regulatory Domains
Guest mode Multiple SSIDs Support Using spaces
Local authentication Names Ssid 4 Vlan command 4
Radius RFC
World-mode command
WPA migration mode Wpa-psk command
IN-7
IN-8
IN-9
IN-10
IN-11
IN-12
IN-13
IN-14
