Cisco Systems OL-7426-03 - page 141

5/26/05 Local MAC Filter

OL-7426-03

•To remove a VLAN assignment from a WLAN, use the following command:

>config wlan vlan <WLAN id> untagged

where <WLAN id> = 1 through 16.

•Use the show wlan <wlan id> command to verify that you have correctly assigned a VLAN to

the WLAN.

Layer 2 SecurityLayer2 Security

Dynamic 802.1X Keys and AuthorizationDynamic 802.1X Keys and Authorization

Cisco Wireless LAN Controllers can control 802.1X dynamic keys using EAP (extensible authentication

protocol) across Cisco 1000 Series lightweight access points, and supports 802.1X dynamic key

settings for the Cisco 1000 Series lightweight access point WLAN(s).

•Use the show wlan <wlan id> command to check the security settings of each WLAN. The

default for new WLANs is 802.1X with dynamic keys enabled. If you want to keep a robust

Layer 2 policy, leave 802.1X on.

•If you want to change the 802.1X configuration, use the following commands:

>config wlan security 802.1X [enable/disable] <wlan id>

where <WLAN id> = 1 through 16.

•If you want to change the 802.1X encryption for a Cisco 1000 Series lightweight access point

WLAN, use the following command:

>config wlan security 802.1X encryption <wlan id> [40/104/128]

where <WLAN id> = 1 through 16, and [40/104/128] = 40/64, 104/128 (default) or 128/152

encryption bits (default = 104/128).

WEP KeysWEP Keys

Cisco Wireless LAN Controllers can control WEP keys across Cisco 1000 Series lightweight access

points.

•Use the show wlan <wlan id> command to check the security settings of each WLAN. The

default is 802.1X with dynamic keys enabled.

•If you want to configure the less-robust WEP (Wired Equivalent Privacy) authorization policy,

turn 802.1X off:

>config wlan security 802.1X disable <wlan id>

where <wlan id> = 1 through 16.

•Then configure 40/64, 104/128 or 128/152 bit WEP keys on 802.1X disabled WLANs using the

following command:

>config wlan security static-wep-key encryption <wlan id> [40/104/128] [hex/

ascii] <key> <key-index>

where:

-<wlan id> = 1 through 16;

-[hex/ascii] = key character format;

-<key> = Ten hexadecimal digits (any combination of 0-9, a-f, or A-F), or five printable

ASCII characters for 40-bit/64-bit WEP keys, 26 hexadecimal or 13 ASCII characters

Note: WLANs are created in disabled mode; leave them disabled until you have

finished configuring them.

Contents

Main Welcome to the Product Guide! Cisco WLAN Solution 3.0: Last Updated May 26, 2005 Legal Information Products End User License Agreement Page Page Limited Warranty Disclaimer of Warranty General Terms Applicable to the Limited Warranty Statement and End User License Agreement Additional Open Source Terms Trademarks and Service Marks Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco ProductsReporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Note: Definitions of Service Request Severity Obtaining Additional Publications and Information FCC Statements for Cisco 1000 Series Lightweight Access PointsFCC Statements for Cisco 1000 Class A Statement RF Radiation Hazard Warning Non-Modification Statement Page FCC Statements for Cisco 2000 Series Wireless LAN ControllersFCC Statements for Cisco 2000 Series Page Safety Considerations Page Page Page Page Page Page Page Page Page Page Page Page Page Page Table of Contents Welcome to the Product Guide! OVERVIEWS About Cisco Wireless LAN Controllers About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points SOLUTIONS Configuring a WLAN for a DHCP Server Customizing the Web Auth Login Screen Configuring Identity Networking for Operating System TASK S Using the Cisco WLAN Solution CLI Configuring the Cisco Wireless LAN Controller Using the Cisco Wireless Control System Starting and Stopping Windows Cisco WCS Starting and Stopping Linux Cisco WCS Starting and Stopping the Cisco WCS Web Interface Using Cisco WCS Troubleshooting with Cisco WCS Using the Web User Interface Configuring and Operating Cisco 2700 Series Location Appliances Configuring Location Appliances Operating Location Appliances Troubleshooting Tips REFERENCES Glossary Cisco WLAN Solution Supported Country Codes Page OVERVIEWS Page About the Cisco Wireless LAN Solution Note: Page Single-Cisco Wireless LAN Controller DeploymentsSingle-Cisco Wireless LAN Controller Deployments Multiple-Cisco Wireless LAN Controller Deployments Figure - Note: About the Operating System Software About Operating System Security About Cisco WLAN Solution Wired Security Layer 2 and Layer 3 LWAPP Operation Operational Requirements Configuration Requirements About Radio Resource Management (RRM)Radio Resource Management (RRM) About the Master Cisco Wireless LAN ControllerMaster Cisco Wireless LAN Controller Note: About Client Roaming Same-Cisco Wireless LAN Controller (Layer2) Roaming Inter-Subnet (Layer3 ) Roaming Special Case: Voice Over IP Telephone Roaming About Client Location About External DHCP Servers Per-WLAN Assignment Per-Interface Assignment Security Considerations About Cisco WLAN Solution Mobility Groups Figure - About Cisco WLAN Solution Wired Connections CAUTION: Note: About Cisco WLAN Solution WLANs About Access Control Lists About Identity Networking CAUTION: About File Transfers About Power Over Ethernet Note: Pico Cell Functionality Intrusion Detection Service (IDS) About Cisco Wireless LAN Controllers Cisco 2000 Series Wireless LAN ControllersCisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN ControllersCisco 4100 Series Wireless LAN Controllers Figure - Cisco 4400 Series Wireless LAN ControllersCisco 4400 Series Wireless LAN Controllers Page About Distribution System Ports Note: About the Management Interface About the AP-Manager Interface About Operator-Defined Interfaces About the Virtual Interface About the Service Port About the Service-Port Interface About the Startup Wizard About Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection Note: Cisco Wireless LAN Controller Time Zones Page Page Page Page About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access PointsCisco Figure - Page About Cisco 1000 Series Lightweight Access Point External and Internal Antennas Note: External Antenna Connectors Antenna Sectorization 802.11a Internal Antenna Patterns Note: Page Page Page Figure - About Cisco 1000 Series Lightweight Access Point LEDsCisco 1000 Series Lightweight Access Point LEDs Page Note: Figure - Page About Rogue Access Points - - - - Page About the Web User Interface Note: About the Command Line Interface About the Cisco Wireless Control System About Cisco WCS Base - - About Cisco WCS Location About the Cisco WCS User Interface About the Floor Plan Editor Note: About Cisco WCS Alarm Email Notification About Cisco WCS Location CalibrationCisco WCS Location Calibration About Cisco 2700 Series Location AppliancesCisco 2700 Series Location Appliances SOLUTIONS Cisco WLAN Solution Security Overview Layer 1 Solutions Layer 2 Solutions Layer 3 Solutions Rogue Access Point Solutions Rogue Access Point Challenges Tagging and Containing Rogue Access Points Integrated Security Solutions Simple, Cost-Effective Solutions Converting a Cisco WLAN Solution from Layer 2 to Layer 3 ModeConverting a Cisco WLAN Solution 1. 2. 3. Page 14. Using the Cisco WCS User Interface 1. 2. 3. 4. Page Page Converting a Cisco WLAN Solution from Layer 3 to Layer 2 ModeConverting a Cisco WLAN Solution Using the Cisco WCS User Interface Configuring a Firewall for Cisco WCS Page Using the Cisco Wireless Control System Page Using Management over Wireless Configuring a WLAN for a DHCP Server Customizing the Web Auth Login Screen Default Web Auth Operation Figure - Customizing Web Auth Operation Page Note: Creating a Custom URL Redirect Verifying your Web Auth Changes Sample Customized Web Auth Login Page Figure - RADIUS Attributes Note: Page Page Page TASK S Page Using the Cisco WLAN Solution CLI Logging Into the CLI Page Page Logging Out of the CLI CLI Tree Structure Note: Navigating the CLI Viewing Network Status Configuring the Cisco Wireless LAN ControllerConfiguring the Cisco Wireless LAN Controller Collecting Cisco Wireless LAN Controller Parameters Configuring System Parameters Page Supported 802.11a and 802.11b/g Protocols Use the Use the show sysinfo command to verify that the Cisco Wireless LAN Controller has stored Users and Passwords Page Creating and Assigning the AP-Manager Interface Creating, Assigning and Deleting Operator-Defined Interfaces Note: CAUTION: Verifying and Changing the Virtual Interface Page Creating Access Control Lists Configuring WLANs Page Page Page Page Page Page Configuring Mobility Groups Configuring RADIUS Configuring SNMP Configuring Other Ports and Parameters Service Port Page Adding SSL to the Web User InterfaceAdding SSL to the Web User Interface Locally-Generated Certificate Page Page Updating the Operating System Software - - CAUTION: Note: Using the Startup Wizard Note: Adding SSL to the Web User InterfaceAdding SSL to the Web User Interface Page CAUTION: Note: Adding SSL to the 802.11 Interface Locally-Generated Certificate Page Note: Saving Configurations Clearing Configurations Resetting the Cisco Wireless LAN ControllerResetting the Cisco Wireless LAN Controller Using the Cisco Wireless Control System Page Starting and Stopping Windows Cisco WCS Starting Cisco WCS as a Windows ApplicationStarting Cisco WCS as a Windows Application CAUTION: Starting Cisco WCS as a Windows Service Note: Stopping the Cisco WCS Windows ApplicationStopping the Cisco WCS Windows Application Stopping the Cisco WCS Windows ServiceStopping the Cisco WCS Windows Service Checking the Cisco WCS Windows Service StatusChecking the Cisco WCS Windows Service Status Starting and Stopping Linux Cisco WCS Starting the Linux Cisco WCS Application Stopping the Linux Cisco WCS ApplicationStopping the Linux Cisco WCS Application Checking the Linux Cisco WCS Status Starting and Stopping the Cisco WCS Web Interface Starting a Cisco WCS User Interface Stopping a Cisco WCS User Interface Using Cisco WCS Checking the Cisco WLAN Solution Network SummaryChecking the Cisco WLAN Solution Network Summary Figure - Page Page Creating an RF Calibration ModelCreating an RF Calibration Model Note: Adding a Campus Map to the Cisco WCS Database Adding a Building to a Campus Page Page Page Adding an Outdoor Area to a Campus Page Page Adding Floor Plans to a Campus BuildingAdding Floor Plans to a Campus Building Page Page Using Map Editor Adding Floor Plans to a Standalone BuildingAdding Floor Plans to a Standalone Building Page Page Page Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Outdoor Area Maps Page Page Page Page Page Monitoring Predicted Coverage (RSSI) Monitoring Channels on a Floor Map Monitoring Transmit Power Levels on a Floor MapMonitoring Transmit Power Levels on a Floor Map Monitoring Coverage Holes on a Floor Map Monitoring Users on a Floor Map Monitoring Clients on a Floor Map Table - Troubleshooting with Cisco WCS Detecting and Locating Rogue Access PointsDetecting and Locating Rogue Access Points Page Page Page Acknowledging Rogue Access Points Locating Clients Note: Page Finding Coverage Holes Figure - Viewing Cisco WCS Statistics Reports Updating OS Software from Cisco WCS CAUTION: Managing Cisco WCS and Database Installing Cisco WCS Updating the Windows Cisco WCS Updating the Linux Cisco WCS Page Reinitializing the Windows Cisco WCS Database Reinitializing the Linux Cisco WCS DatabaseReinitializing the Linux Cisco WCS Database Administering Cisco WCS Users and Passwords Page Using the Web User Interface Note: Note: Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller Note: CAUTION: Page Configuring and Operating Cisco 2700 Series Location AppliancesConfiguring and Configuring Location Appliances Editing a Location Appliance Contact, User Name, Password, and HTTP/HTTPS Selection Page Editing Location Appliance Polling ParametersEditing Location Appliance Polling Parameters 1. 2. 3. 4. - - Editing Location Appliance History ParametersEditing Location Appliance History Parameters 1. 2. 3. 4. - - Editing Location Appliance Location ParametersEditing Location Appliance Location Parameters Adding Location Appliance User GroupsAdding Location Appliance User Groups Changing Location Appliance User Group PermissionsChanging Location Appliance User Group Permissions Deleting Location Appliance User GroupsDeleting Location Appliance User Groups Adding Location Appliance UsersAdding Location Appliance Users Changing Location Appliance User Passwords, Group Names, and PermissionsChanging Deleting Location Appliance Users Adding Location Appliance Host AccessAdding Location Appliance Host Access Deleting Location Appliance Host Access Editing Location Appliance Advanced ParametersEditing Location Appliance Advanced Parameters Clearing Location Appliance ConfigurationsClearing the Location Appliance Configurations Operating Location Appliances Viewing Location Appliance AlarmsViewing Location Appliance Alarms Deleting and Clearing Location Appliance AlarmsDeleting and Clearing Location Appliance Alarms Viewing Location Appliance Alarm EventsViewing Location Appliance Alarm Events Viewing Location Appliance Events Backing Up Location Appliance Historical DataBacking Up Location Appliance Historical Data Restoring Location Appliance Historical DataRestoring Location Appliance Historical Data Viewing Cisco Wireless LAN Controller and Location Appliance Synchronization Status Re-Synchronizing Cisco Wireless LAN Controller and Location Appliance Databases Viewing Location Appliance Current StatusViewing Location Appliance Current Status Page Defragmenting the Location Appliance DatabaseDefragmenting the Location Appliance Database Running Java GC on the Location Appliance MemoryRunning Java GC on the Location Appliance Memory Rebooting the Location ApplianceRebooting the Location Appliance Troubleshooting Tips Using Error Messages Table - Page Page Using Client Reason and Status Codes in the Trap LogUsing Reason and Status Codes in the Trap Log Client Reason Codes Table - Client Status Codes Table - Page REFERENCES Glossary Page Page Page Page Page Page Page Page Page Page Page Page Page Page Cisco WLAN Solution Supported Country CodesCisco WLAN Solution Supported Country Codes