Text Part Number 0L-6415-04
Corporate Headquarters
Page
N T E N T S
Ssid Configuration Methods Supported by Cisco IOS Releases
Creating Cipher Suites
Protocol Filters
Local Authenticator Messages
Contents Cisco Wireless Router and Hwic Configuration Guide
Preface provides information on the following topics
Preface
Audience
Purpose
Conventions
Organization
Preface Conventions
Cisco Product Document Title
Related Publications
Cisco.com
Obtaining Documentation
Product Documentation DVD
Documentation Feedback
Ordering Documentation
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Submitting a Service Request
Cisco Technical Support & Documentation Website
Obtaining Additional Publications and Information
Definitions of Service Request Severity
Preface Obtaining Additional Publications and Information
Overview
Wireless Device Management
Root Unit on a Wired LAN
Network Configuration Example
Features
Overview Features
Overview
Overview Cisco Wireless Router and Hwic Configuration Guide
Configuring Radio Settings
Cisco Role in Radio Network Eries ISRs
Command Purpose
Enabling the Radio Interface
Roles in Radio Network
Configuring Network or Fallback Role
Sample Bridging Configuration
Bridge Features Not Supported
Following is a sample of a Root Bridge Configuration
Following is a sample of Non-Root Bridge Configuration
Interface Dot11Radio0/1/0 no ip address
Configuring Universal Client Mode
Universal Client Mode
NAT Network Address Translation
Following configuration is supported on NAT
Virtual interface to aid NAT translation
No service password-encryption Hostname C1803WUC
Configuring Radio Settings Configuring Radio Data Rates
Configuring Radio Data Rates
2.0 5.5 6.0 9.0
Throughput ofdm default
Speed
11.0 2.0 5.5 basic-1.0
100 125 150 200 250
Configuring Radio Transmit Power
End Return to privileged Exec mode
DBm
Maximum
Limiting the Power Level for Associated Client Devices
Power local
5 6 7 10 13 15 17
10 20 30 50 Maximum
Configuring Radio Channel Settings
Power client
20 30 50 100 maximum
Regulatory Domains
2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467
Center
Channel
Identifier MHz
2472 2484
Channel
GHz Channels on Which DFS is Automatically Enabled
DFS Automatically Enabled on Some 5-GHz Radio Channels
Blocking Channels from DFS Selection
Enabling and Disabling World Mode
Confirming that DFS is Enabled
This example shows how to unblock all frequencies for DFS
Enabling and Disabling Short Radio Preambles
Antenna transmit
Configuring Transmit and Receive Antennas
Antenna receive
Diversity left right
Disable Access Point extensions
Disabling and Enabling Access Point Extensions
No dot11 extension aironet
Snap dot1h
Snap or 802.1h dot1h, the default setting
Payload-encapsulation
Set the encapsulation transformation method to RFC1042
Enable Pspf
Configure terminal Enter global configuration mode
Bridge-group group port-protected
Configuring Protected Ports
Configuring Beacon Period and Dtim
Rts retries value
Configuring RTS Threshold and Retries
Configuring Maximum Data Retries
Rts threshold value
Fragment-threshold value
Configuring Fragmentation Threshold
Bytes for the 2.4-GHz radio. Enter a setting from 256 to
Enabling Short Slot Time for 802.11g Radios
Performing a Carrier Busy Test
OL-6415-04
Configuring Multiple SSIDs
Understanding Multiple SSIDs
Ssid Configuration Methods Supported by Cisco IOS Releases
Vlan
Creating an Ssid Globally
Configuring Multiple SSIDs
Command Purpose
Viewing SSIDs Configured Globally
Using a Radius Server to Restrict SSIDs
Using Spaces in SSIDs
Requirements for Configuring Multiple BSSIDs
Configuring Multiple Basic SSIDs
Guidelines for Using Multiple BSSIDs
Information-element ssidl
CLI Configuration Example
Displaying Configured BSSIDs
Enabling Mbssid and Ssidl at the same time
Below is a sample configuration for enabling Ssidl
Sample Configuration for Enabling Mbssid and Ssidl
Use the no form of the command to disable Ssidl IEs
Below is a sample configuration for enabling Mbssid
Interface Dot11Radio0/0/0 no ip address
OL-6415-04
Configuring an Access Point as a Local Authenticator
Configure a Local Authenticator
Understand Local Authentication
Aaa new-model Enable AAA
Guidelines for Local Authenticators
Configuration Overview
Configuring the Local Authenticator Access Point
Ssid ssid
Reauthentication time seconds
Radius-server local
Vlan vlan
Mac-auth-only
Password nthash password
This example shows how to set up EAP-FAST authentication
End
Routerconfig# aaa new-model
Configuring PAC Settings
Configuring EAP-FAST Settings
Configuring Server Keys
Configuring an Authority ID
Possible PAC Failures Caused by Access Point Clock
Unblocking Locked Usernames
Limiting the Local Authenticator to One Authentication Type
Viewing Local Authenticator Statistics
This example shows local authenticator statistics
Using Debug Messages
Understand Encryption Types, Configure Encryption Types,
Configuring Encryption Types
Understand Encryption Types
Creating WEP Keys
Configure Encryption Types
Key
Security Configuration WEP Key Restriction
WEP Key Restrictions
Encryption
Access Point Associated Device Slot Transmit? Key Contents
Example WEP Key Setup
Creating Cipher Suites
Cipher Suites Compatible with WPA
Compatible Cipher Suites
Enabling and Disabling Broadcast Key Rotation
WPA
Security
Security Type in Universal Client Mode
Tkip AES TKIP+AES
Universal client configuration
WEP 40-bit WEP 128-bit
Caveats
Debugging
WEP
OL-6415-04
Configuring Authentication Types
Open Authentication to Access Point
Understand Authentication Types
Traffic from client
Shared Key Authentication to Access Point
Sequence for EAP Authentication
EAP Authentication to Network
MAC Address Authentication to the Network
Using WPA Key Management
Combining MAC-Based, EAP, and Open Authentication
5shows the WPA key management process
Protocol Required? Systems
WPA-PSK Mode Windows XP Yes
Software and Firmware Requirements for WPA and WPA-TKIP
Third Party Host Supplicant
Assigning Authentication Types to an Ssid
Configure Authentication Types
Optional eap list-name
Authentication open
Optional Set the authentication type to open for this Ssid
Mac-address list-name alternate
Mac-address list-name
Authentication shared
Authentication network-eap
Authentication key-management
Configuring WPA Migration Mode
Wpa-psk hex ascii 0
Configuring Additional WPA Settings
Configuring MAC Authentication Caching
Server
Dot1x client-timeout seconds
Dot11 holdoff-time seconds
Dot1x reauth-period seconds
Detects two MIC failures within 60 seconds, it blocks all
Security Feature Client Setting Access Point Setting
Tkip clients on that interface for the holdtime period
WPA-PSK
Security Feature Client Setting Access Point Setting
Configuring Radius Servers
Understanding Radius
Configuring and Enabling Radius
Radius Operation
Default Radius Configuration
Configuring Radius
Identifying the Radius Server Host
Radius-server host hostname
Acct-port port-number timeout
Port for authentication requests.Optional For acct-port
Radius-server timeout command is used
Show running-config Verify your entries
Configuring Radius Login Authentication
Include-in-access-req format %h
Aaa authentication login default
Login authentication default
Authentication login command
Defining AAA Server Groups
Define the AAA server-group with a group name
Port for authentication requests
Port for accounting requests
Aaa group server radius group-name
Radius
Starting Radius Accounting
Selecting the Csid Format
Configuring Settings for All Radius Servers
Option MAC Address Example
Show running-config Verify your settings
Radius-server vsa send accounting
Authentication
Radius-server host hostname ip-address non-standard
Radius-server key string
Configuring WISPr Radius Attributes
Snmp-server location location
Displaying the Radius Configuration
Attribute ID Description
Radius Attributes Sent by the Access Point
VLAN-ID
VSA attribute NAS-Location Disc-Cause-Ext
Acct-Terminate-Cause
Configuring VLANs
Understanding VLANs
Related Documents
LAN and Vlan Segmentation with Wireless Devices
Incorporating Wireless Devices into VLANs
Configuring VLANs
Interface dot11radio 0.x
Configuring a Vlan
Encapsulation dot1q vlan-id
Creating a Vlan Name
Using a Radius Server to Assign Users to VLANs
Guidelines for Using Vlan Names
Assigning Names to VLANs
Viewing VLANs Configured on the Access Point
Ssid Vlan ID
Vlan Configuration Example
Vlan 1 Interfaces Vlan 2 Interfaces Vlan 3 Interfaces
Configuring Vlan
Configuring VLANs Vlan Configuration Example
OL-6415-04
Understanding QoS for Wireless LANs, Configuring QoS,
Configuring QoS
QoS for Wireless LANs Versus QoS on Wired LANs
Understanding QoS for Wireless LANs
Impact of QoS on a Wireless LAN
Upstream and Downstream Traffic Flow
Precedence of QoS Settings
Using Wi-Fi Multimedia Mode
Fixed Slot Time
Configuring QoS
Configuration Guidelines
Adjusting Radio Access Categories
Disabling Igmp Snooping Helper
Sample Configuration Using the CLI
Japan
Channel Settings
Ieee 802.11b 2.4-GHz Band
Center Frequency Americas
Americas -A Emea -E Japan -J Frequency
Ieee 802.11g 2.4-GHz Band
Ieee 802.11a 5-GHz Band
Center Regulatory Domains
Frequency North America
OL-6415-04
Protocol Filters
Protocol
EGP PUP Chaos
Icmp
Igmp
TCP
ISO Designator
IMAP2
Tsap
POP2
POP3
CVS
RIP
RPC
Uucp
MIB List
Supported MIBs
IEEE802dot11-MIB
RFC1213-MIB RFC1398-MIB SNMPv2-MIB SNMPv2-SMI SNMPv2-TC
Using FTP to Access the MIB Files
Level Description
Error and Event Messages
How to Read System Messages
This appendix lists the CLI error and event messages
Association Management Messages
Explanation a station associated to an access point
Explanation a station disassociated from an access point
Message Traceback Reports
Subsystem Messages
Recommended Action None
Explanation The device has begun its DFS scanning process
Recommended Action None
Error Message DOT11-4-RMINCAPABLE Interface interface
Recommended Action Reload the system
Error Message DOT11-4-CANTASSOC Cannot associate characters
Recommended Action None
Recommended Action
Local Authenticator Messages
Operating in the 2.4-GHz band
Network with wireless stations
Wireless network composed of stations without Access Points
Access Point
GL-2
Hoc mode
Corresponding IP addresses
LAN 802.11 specifications
Wired Ethernet network
An antenna that radiates its signal in a spherical pattern
Transmission at 2 Mbps
Transmission at 6, 9, 12, 18, 24, 36, 48, and 54 Mbps
That of a cable
While maintaining an unbroken connection to the LAN
Computing device with an installed client adapter
Wireless MultiMedia
802.1X for authenticated key management
AES-CCMP
EAP
IN-2
EAP-FAST 1
Leap
FTP
Ofdm
Names, Vlan Network-EAP
Qbss
Radius RFC
Guest mode Multiple SSIDs Support Using spaces
Local authentication Names Ssid 4 Vlan command 4
Regulatory Domains
WPA migration mode Wpa-psk command
World-mode command
IN-7
IN-8
IN-9
IN-10
IN-11
IN-12
IN-13
IN-14
