Text Part Number 0L-6415-04
Corporate Headquarters
Page
N T E N T S
Ssid Configuration Methods Supported by Cisco IOS Releases
Creating Cipher Suites
Protocol Filters
Local Authenticator Messages
Contents Cisco Wireless Router and Hwic Configuration Guide
Audience
Preface
Purpose
Preface provides information on the following topics
Conventions
Organization
Preface Conventions
Cisco Product Document Title
Related Publications
Cisco.com
Obtaining Documentation
Documentation Feedback
Product Documentation DVD
Ordering Documentation
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Submitting a Service Request
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Obtaining Additional Publications and Information
Definitions of Service Request Severity
Preface Obtaining Additional Publications and Information
Overview
Wireless Device Management
Root Unit on a Wired LAN
Network Configuration Example
Features
Overview Features
Overview
Overview Cisco Wireless Router and Hwic Configuration Guide
Configuring Radio Settings
Enabling the Radio Interface
Command Purpose
Roles in Radio Network
Cisco Role in Radio Network Eries ISRs
Configuring Network or Fallback Role
Bridge Features Not Supported
Sample Bridging Configuration
Following is a sample of a Root Bridge Configuration
Following is a sample of Non-Root Bridge Configuration
Interface Dot11Radio0/1/0 no ip address
Configuring Universal Client Mode
Universal Client Mode
Following configuration is supported on NAT
NAT Network Address Translation
Virtual interface to aid NAT translation
No service password-encryption Hostname C1803WUC
Configuring Radio Settings Configuring Radio Data Rates
Configuring Radio Data Rates
Speed
Throughput ofdm default
11.0 2.0 5.5 basic-1.0
2.0 5.5 6.0 9.0
End Return to privileged Exec mode
Configuring Radio Transmit Power
DBm
100 125 150 200 250
Power local
Limiting the Power Level for Associated Client Devices
5 6 7 10 13 15 17
Maximum
Power client
Configuring Radio Channel Settings
20 30 50 100 maximum
10 20 30 50 Maximum
Regulatory Domains
Channel
Center
Identifier MHz
2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467
2472 2484
Channel
GHz Channels on Which DFS is Automatically Enabled
DFS Automatically Enabled on Some 5-GHz Radio Channels
Confirming that DFS is Enabled
Enabling and Disabling World Mode
This example shows how to unblock all frequencies for DFS
Blocking Channels from DFS Selection
Enabling and Disabling Short Radio Preambles
Antenna receive
Configuring Transmit and Receive Antennas
Diversity left right
Antenna transmit
Disabling and Enabling Access Point Extensions
Disable Access Point extensions
No dot11 extension aironet
Payload-encapsulation
Snap or 802.1h dot1h, the default setting
Set the encapsulation transformation method to RFC1042
Snap dot1h
Configure terminal Enter global configuration mode
Enable Pspf
Bridge-group group port-protected
Configuring Protected Ports
Configuring Beacon Period and Dtim
Configuring Maximum Data Retries
Configuring RTS Threshold and Retries
Rts threshold value
Rts retries value
Bytes for the 2.4-GHz radio. Enter a setting from 256 to
Configuring Fragmentation Threshold
Enabling Short Slot Time for 802.11g Radios
Fragment-threshold value
Performing a Carrier Busy Test
OL-6415-04
Configuring Multiple SSIDs
Ssid Configuration Methods Supported by Cisco IOS Releases
Understanding Multiple SSIDs
Vlan
Creating an Ssid Globally
Configuring Multiple SSIDs
Command Purpose
Using a Radius Server to Restrict SSIDs
Viewing SSIDs Configured Globally
Using Spaces in SSIDs
Configuring Multiple Basic SSIDs
Requirements for Configuring Multiple BSSIDs
Guidelines for Using Multiple BSSIDs
Displaying Configured BSSIDs
CLI Configuration Example
Enabling Mbssid and Ssidl at the same time
Information-element ssidl
Use the no form of the command to disable Ssidl IEs
Sample Configuration for Enabling Mbssid and Ssidl
Below is a sample configuration for enabling Mbssid
Below is a sample configuration for enabling Ssidl
Interface Dot11Radio0/0/0 no ip address
OL-6415-04
Configuring an Access Point as a Local Authenticator
Configure a Local Authenticator
Understand Local Authentication
Configuration Overview
Guidelines for Local Authenticators
Configuring the Local Authenticator Access Point
Aaa new-model Enable AAA
Radius-server local
Reauthentication time seconds
Vlan vlan
Ssid ssid
Mac-auth-only
Password nthash password
This example shows how to set up EAP-FAST authentication
End
Routerconfig# aaa new-model
Configuring PAC Settings
Configuring EAP-FAST Settings
Configuring an Authority ID
Configuring Server Keys
Possible PAC Failures Caused by Access Point Clock
Viewing Local Authenticator Statistics
Limiting the Local Authenticator to One Authentication Type
This example shows local authenticator statistics
Unblocking Locked Usernames
Using Debug Messages
Understand Encryption Types, Configure Encryption Types,
Configuring Encryption Types
Understand Encryption Types
Creating WEP Keys
Configure Encryption Types
WEP Key Restrictions
Security Configuration WEP Key Restriction
Encryption
Key
Example WEP Key Setup
Access Point Associated Device Slot Transmit? Key Contents
Creating Cipher Suites
Cipher Suites Compatible with WPA
Enabling and Disabling Broadcast Key Rotation
Compatible Cipher Suites
WPA
Security
Security Type in Universal Client Mode
Universal client configuration
Tkip AES TKIP+AES
WEP 40-bit WEP 128-bit
Caveats
Debugging
WEP
OL-6415-04
Configuring Authentication Types
Open Authentication to Access Point
Understand Authentication Types
Traffic from client
Shared Key Authentication to Access Point
Sequence for EAP Authentication
EAP Authentication to Network
MAC Address Authentication to the Network
Using WPA Key Management
Combining MAC-Based, EAP, and Open Authentication
5shows the WPA key management process
Software and Firmware Requirements for WPA and WPA-TKIP
WPA-PSK Mode Windows XP Yes
Third Party Host Supplicant
Protocol Required? Systems
Assigning Authentication Types to an Ssid
Configure Authentication Types
Optional Set the authentication type to open for this Ssid
Authentication open
Mac-address list-name alternate
Optional eap list-name
Authentication network-eap
Authentication shared
Authentication key-management
Mac-address list-name
Configuring WPA Migration Mode
Wpa-psk hex ascii 0
Configuring Additional WPA Settings
Configuring MAC Authentication Caching
Dot11 holdoff-time seconds
Dot1x client-timeout seconds
Dot1x reauth-period seconds
Server
Security Feature Client Setting Access Point Setting
Detects two MIC failures within 60 seconds, it blocks all
Tkip clients on that interface for the holdtime period
WPA-PSK
Security Feature Client Setting Access Point Setting
Configuring Radius Servers
Understanding Radius
Configuring and Enabling Radius
Radius Operation
Default Radius Configuration
Configuring Radius
Identifying the Radius Server Host
Port for authentication requests.Optional For acct-port
Acct-port port-number timeout
Radius-server timeout command is used
Radius-server host hostname
Show running-config Verify your entries
Configuring Radius Login Authentication
Login authentication default
Aaa authentication login default
Authentication login command
Include-in-access-req format %h
Defining AAA Server Groups
Port for accounting requests
Port for authentication requests
Aaa group server radius group-name
Define the AAA server-group with a group name
Radius
Starting Radius Accounting
Configuring Settings for All Radius Servers
Selecting the Csid Format
Option MAC Address Example
Show running-config Verify your settings
Authentication
Radius-server vsa send accounting
Radius-server host hostname ip-address non-standard
Radius-server key string
Configuring WISPr Radius Attributes
Snmp-server location location
Displaying the Radius Configuration
Attribute ID Description
Radius Attributes Sent by the Access Point
VLAN-ID
VSA attribute NAS-Location Disc-Cause-Ext
Acct-Terminate-Cause
Configuring VLANs
Understanding VLANs
Related Documents
LAN and Vlan Segmentation with Wireless Devices
Incorporating Wireless Devices into VLANs
Configuring VLANs
Interface dot11radio 0.x
Configuring a Vlan
Encapsulation dot1q vlan-id
Guidelines for Using Vlan Names
Using a Radius Server to Assign Users to VLANs
Assigning Names to VLANs
Creating a Vlan Name
Viewing VLANs Configured on the Access Point
Ssid Vlan ID
Vlan Configuration Example
Vlan 1 Interfaces Vlan 2 Interfaces Vlan 3 Interfaces
Configuring Vlan
Configuring VLANs Vlan Configuration Example
OL-6415-04
Understanding QoS for Wireless LANs, Configuring QoS,
Configuring QoS
Understanding QoS for Wireless LANs
QoS for Wireless LANs Versus QoS on Wired LANs
Impact of QoS on a Wireless LAN
Upstream and Downstream Traffic Flow
Precedence of QoS Settings
Using Wi-Fi Multimedia Mode
Configuration Guidelines
Configuring QoS
Adjusting Radio Access Categories
Fixed Slot Time
Disabling Igmp Snooping Helper
Sample Configuration Using the CLI
Ieee 802.11b 2.4-GHz Band
Channel Settings
Center Frequency Americas
Japan
Ieee 802.11a 5-GHz Band
Ieee 802.11g 2.4-GHz Band
Center Regulatory Domains
Americas -A Emea -E Japan -J Frequency
Frequency North America
OL-6415-04
Protocol Filters
Protocol
Igmp
Icmp
TCP
EGP PUP Chaos
ISO Designator
POP2
Tsap
POP3
IMAP2
RPC
RIP
Uucp
CVS
Supported MIBs
MIB List
IEEE802dot11-MIB
RFC1213-MIB RFC1398-MIB SNMPv2-MIB SNMPv2-SMI SNMPv2-TC
Using FTP to Access the MIB Files
How to Read System Messages
Error and Event Messages
This appendix lists the CLI error and event messages
Level Description
Explanation a station disassociated from an access point
Explanation a station associated to an access point
Message Traceback Reports
Association Management Messages
Subsystem Messages
Recommended Action None
Explanation The device has begun its DFS scanning process
Recommended Action None
Error Message DOT11-4-RMINCAPABLE Interface interface
Recommended Action Reload the system
Error Message DOT11-4-CANTASSOC Cannot associate characters
Recommended Action None
Recommended Action
Local Authenticator Messages
Wireless network composed of stations without Access Points
Network with wireless stations
Access Point
Operating in the 2.4-GHz band
GL-2
Hoc mode
Wired Ethernet network
LAN 802.11 specifications
An antenna that radiates its signal in a spherical pattern
Corresponding IP addresses
Transmission at 2 Mbps
Transmission at 6, 9, 12, 18, 24, 36, 48, and 54 Mbps
That of a cable
While maintaining an unbroken connection to the LAN
Wireless MultiMedia
Computing device with an installed client adapter
802.1X for authenticated key management
AES-CCMP
EAP
IN-2
EAP-FAST 1
Leap
FTP
Names, Vlan Network-EAP
Ofdm
Qbss
Local authentication Names Ssid 4 Vlan command 4
Guest mode Multiple SSIDs Support Using spaces
Regulatory Domains
Radius RFC
WPA migration mode Wpa-psk command
World-mode command
IN-7
IN-8
IN-9
IN-10
IN-11
IN-12
IN-13
IN-14
