Manuals
/
Cisco Systems
/
Computer Equipment
/
Network Router
Cisco Systems
OL-8335-02
manual
Models:
OL-8335-02
1
220
256
256
Download
256 pages
25.92 Kb
217
218
219
220
221
222
223
224
Install
Error codes
Default Enable
Cisco Wireless LAN Controllers
Warranty
Configuring Ports
Resetting the Controller
Access Control Lists
Command Line Interface
External Antenna Connectors
Page 220
Image 220
Appendix A Safety Considerations and Translated Safety Warnings
Equipment Installation Warning
Cisco Wireless LAN Controller Configuration Guide
A-22
OL-8335-02
Page 219
Page 221
Page 220
Image 220
Page 219
Page 221
Contents
Cisco Wireless LAN Controller Configuration Guide
Corporate Headquarters
Cisco Wireless LAN Controller Configuration Guide
N T E N T S
Iii
Client Location
Enabling Web and Secure Web Modes
Configuring Ports
Configuring the System for SpectraLink NetLink Telephones
Vii
QoS-Level5-17 ACL-Name5-17 Interface-Name5-18 VLAN-Tag5-18
Viii
Using Dhcp Option 43
Radio Resource Monitoring
Prerequisites
Series Wireless LAN Controllers B-8
Xii
Preface
Xiii
Audience
Purpose
Organization
Xiv
Conventions
Xvi
Related Publications
Obtaining Documentation
Cisco.com
Xvii
Documentation Feedback
Product Documentation DVD
Ordering Documentation
Xviii
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Xix
Obtaining Technical Assistance
Submitting a Service Request
Cisco Technical Support & Documentation Website
Obtaining Additional Publications and Information
Definitions of Service Request Severity
Xxi
Xxii
Overview
Cisco Wireless LAN Solution Overview
Cisco Wlan Solution Components
Single-Controller Deployments
Multiple-Controller Deployments
Single-Controller Deployment
Operating System Software
Operating System Security
Cisco Wlan Solution Wired Security
Cisco Wireless LAN Controllers
Configuration Requirements
Layer 2 and Layer 3 Lwapp Operation
Operational Requirements
Client Roaming
Primary, Secondary, and Tertiary Controllers
Same-Subnet Layer 2 Roaming
Inter-Controller Layer 2 Roaming
Client Location
Inter-Subnet Layer 3 Roaming
Special Case Voice Over IP Telephone Roaming
Per-Wireless LAN Assignment
External Dhcp Servers
Per-Interface Assignment
Security Considerations
Cisco Wlan Solution Wired Connections
Cisco Wlan Solution Wireless LANs
Access Control Lists
Identity Networking
File Transfers
Enhanced Integration with Cisco Secure ACS
Power over Ethernet
Pico Cell Functionality
Intrusion Detection Service IDS
Wireless LAN Controller Platforms
Cisco 2000 Series Wireless LAN Controllers
Cisco 4100 Series Wireless LAN Controllers
Cisco 4400 Series Wireless LAN Controllers
Cisco 2000 Series Wireless LAN Controller Model Numbers
Cisco 4100 Series Wireless LAN Controller Model Numbers
Cisco 4400 Series Wireless LAN Controller Model Numbers
Startup Wizard
Cisco Wireless LAN Controller Memory
Cisco Wireless LAN Controller Failover Protection
Network Connections to Cisco Wireless LAN Controllers
Cisco Wireless LAN Controller Automatic Time Setting
Cisco Wireless LAN Controller Time Zones
Cisco 2000 Series Wireless LAN Controllers
Cisco 4100 Series Wireless LAN Controllers
Cisco 4400 Series Wireless LAN Controllers
6shows connections to the 4100 series controller
Rogue Access Points
Web User Interface and the CLI
Rogue Access Point Location, Tagging, and Containment
Web User Interface
Command Line Interface
Using the Web-Browser and CLI Interfaces
Using the Web-Browser Interface
Guidelines for Using the GUI
Configuring the GUI for Https
Enabling Web and Secure Web Modes
Loading an Externally Generated Https Certificate
Show certificate summary
Web Administration Certificate file webadmincertname.pem
Using the CLI
Using Online Help
Disabling the GUI
Logging into the CLI
Using a Local Serial Connection
Using a Remote Ethernet Connection
Logging Out of the CLI
Command Action
Navigating the CLI
Enter config network mgmt-via-wireless enable
Configuring Ports and Interfaces
Overview of Ports and Interfaces
Ports
Distribution System Ports
Service Port
Interfaces
Management Interface
AP-Manager Interface
Virtual Interface
Service-Port Interface
Dynamic Interface
WLANs
Ports, Interfaces, and WLANs
Configuring Ports and Interfaces
Management Interface
Interfaces
AP-Manager Interface
Service-Port Interface
Virtual Interface
Using the CLI to Configure the AP-Manager Interface
Using the CLI to Configure the Management Interface
Config interface acl management access-control-list-name
Using the CLI to Configure the Virtual Interface
Config interface acl ap-manager access-control-list-name
Using the GUI to Configure Dynamic Interfaces
Configuring Dynamic Interfaces
Using the CLI to Configure the Service-Port Interface
Interfaces New
Using the CLI to Configure Dynamic Interfaces
Configuring Ports
Ports
Parameter Description
Controller Available Data Rates
Default Auto
Default Enable
Controller Supported Data Rates
Configuring Port Mirroring
Configuring Spanning Tree Protocol
Using the GUI to Configure Spanning Tree Protocol
STP State Description
STP Mode Description
Default Off
Default
10 Controller Spanning Tree Configuration
Range Default
Default Disable
Range
Using the CLI to Configure Spanning Tree Protocol
Default 2 seconds
Enabling Link Aggregation
11illustrates LAG
12 Link Aggregation with Catalyst 6500 Neighbor Switch
Link Aggregation Guidelines
Using the GUI to Enable Link Aggregation
13 General
Using the CLI to Enable Link Aggregation
Configuring Neighbor Devices to Support LAG
Using Link Aggregation
Using Multiple AP-Manager Interfaces
Examples
14 Two AP-Manager Interfaces
15 Three AP-Manager Interfaces
16 Four AP-Manager Interfaces
17 Interfaces New
Connecting Additional Ports
Configuring Controller Settings
Using the Configuration Wizard
Before You Start
Resetting the Device to Default Settings
Resetting to Default Settings Using the CLI
Resetting to Default Settings Using the GUI
Browse to the Commands/Reset to Factory Defaults
Running the Configuration Wizard on the CLI
Configuring a Country Code
Configuring Time and Date Manually
Configuring NTP
Managing the System Time and Date
Enabling and Disabling 802.11 Bands
Country Code Bands Allowed
Configuring Radius Settings
Configuring Administrator Usernames and Passwords
Configuring Snmp Settings
Enabling Dynamic Transmit Power Control
Config 802.11a 802.11bg dtpc enable disable
Enabling 802.3x Flow Control
Enabling System Logging
Understanding Multicast Mode
Configuring Multicast Mode
Guidelines for Using Multicast Mode
Enabling Multicast Mode
Configuring the Supervisor 720 to Support the WiSM
Command Multicast Mode
Command Purpose
Configuring the Supervisor
General WiSM Guidelines
Switchport mode trunk Channel-group 1 mode on
Wism service-vlan vlan
Interface GigabitEthernet9/1-4
Interface GigabitEthernet9/5-8
Using the Wireless LAN Controller Network Module
Service-module wlan-controller 1/0 reset
OL-8335-02
Configuring Security Solutions
Cisco Wlan Solution Security
Layer 1 Solutions
Layer 2 Solutions
Security Overview
Layer 3 Solutions
Rogue Access Point Solutions
Rogue Access Point Challenges
Tagging and Containing Rogue Access Points
Configuring the System for SpectraLink NetLink Telephones
Integrated Security Solutions
Using the GUI to Enable Long Preambles
Using the CLI to Enable Long Preambles
Using Management over Wireless
Using the GUI to Enable Management over Wireless
Using the CLI to Enable Management over Wireless
Configuring Dhcp
Using the GUI to Configure Dhcp
Customizing the Web Authentication Login Screen
Using the CLI to Configure Dhcp
Config wlan disable wlan-id
Config wlan enable wlan-id
Default Web Authentication Operation
Typical Web-Browser Security Alert
Typical Web Authentication Login Window
Hiding and Restoring the Cisco Wlan Solution Logo
Customizing Web Authentication Operation
Changing the Web Authentication Login Window Title
Config custom-web webmessage message
Changing the Web Message
Changing the Logo
Clear webmessage
Downloading the Logo or Graphic
Config custom-web redirecturl url
Verifying Web Authentication Changes
Creating a Custom URL Redirect
Example Sample Customized Web Authentication Login Window
Example of a Customized Web Authentication Login Window
Configuring Identity Networking
Identity Networking Overview
QoS-Level
Radius Attributes Used in Identity Networking
ACL-Name
Interface-Name
VLAN-Tag
Tunnel Attributes
OL-8335-02
Configuring WLANs
Configuring Wireless LANs
Wireless LAN Overview
Displaying, Creating, Disabling, and Deleting Wireless LANs
Activating Wireless LANs
Assigning a Wireless LAN to a Dhcp Server
Configuring MAC Filtering for Wireless LANs
Enabling MAC Filtering
Assigning Wireless LANs to VLANs
Configuring Layer 2 Security
Configuring a Timeout for Disabled Clients
Dynamic 802.1X Keys and Authorization
WEP Keys
Dynamic WPA Keys and Encryption
Configuring Layer 3 Security
Configuring a Wireless LAN for Both Static and Dynamic WEP
IPSec Authentication
IPSec
IKE Authentication
IKE Phase 1 Aggressive and Main Modes
IKE Lifetime Timeout
IKE Diffie-Hellman Group
Configuring Quality of Service
Web-Based Authentication
IPSec Passthrough
Local Netuser
Configuring QoS Enhanced BSS Qbss
Config wlan wmm disabled allowed required wlan-id
Traffic Type
Ieee 802.11e UP
Enabling 7920 Support Mode
Config wlan 7920-support client-cac-limit enable wlan-id
Controlling Lightweight Access Points
Lightweight Access Point Overview
Cisco 1000 Series Ieee 802.11a/b/g Lightweight Access Points
Cisco 1030 Remote Edge Lightweight Access Points
Typical 1030 Lightweight Access Point Configuration
Cisco 1000 Series Lightweight Access Point Part Numbers
External Antenna Connectors
Cisco 1000 Series Lightweight Access Point LEDs
Antenna Sectorization
Cisco 1000 Series Lightweight Access Point Connectors
Cisco 1000 Series Lightweight Access Point Mounting Options
Using the DNS for Controller Discovery
Cisco 1000 Series Lightweight Access Point Monitor Mode
Dynamic Frequency Selection
Autonomous Access Points Converted to Lightweight Mode
Reverting from Lightweight Mode to Autonomous Mode
Using a Controller to Return to a Previous Release
Using Dhcp Option
Access Point VCI String
Converted Access Points Send Radio Core Dumps to Controller
Enabling Memory Core Dumps from Converted Access Points
Display of MAC Addresses for Converted Access Points
Config ap get-radio-core-dump slot ap-name
Config ap reset-button enable disable ap-nameall
Config ap static-ip enable ap-name ip-address mask gateway
OL-8335-02
Managing Controller Software Configurations
Transferring Files to and from a Controller
Upgrading Controller Software
Transfer download path absolute-tftp-server-path-to-file
Clearing the Controller Configuration
Saving Configurations
Erasing the Controller Configuration
Resetting the Controller
OL-8335-02
Configuring Radio Resource Management
Overview of Radio Resource Management
Radio Resource Monitoring
Dynamic Channel Assignment
Coverage Hole Detection and Correction
Dynamic Transmit Power Control
Client and Network Load Balancing
RRM Benefits
Overview of RF Groups
RF Group Leader
Configuring an RF Group
RF Group Name
Using the GUI to Configure an RF Group
General
Using the GUI to View RF Group Status
Using the CLI to Configure RF Groups
Viewing RF Group Status
Global Parameters
Global Parameters Auto RF
Using the CLI to View RF Group Status
Auto
Enabling Rogue Access Point Detection
Using the GUI to Enable Rogue Access Point Detection
All APs Details
AP Authentication Policy
Configuring Dynamic RRM
Using the CLI to Enable Rogue Access Point Detection
Default Enabled
Using the GUI to Configure Dynamic RRM
RF Group
Default Automatic
You click Invoke Channel Update Now
RF Channel Assignment
Channel Assignment Method Description
Default Disabled
Click Invoke Power Update Now
Tx Power Level Assignment
Assignment Method Description
Default 10%
Default -70 dBm
Default 80%
Default 25%
Default Noise/Interference/Rogue Monitoring Channels
Monitor Intervals
Using the CLI to Configure Dynamic RRM
Config 802.11a disable Config 802.11b disable
Overriding Dynamic RRM
Radios
Cisco APs Configure
Config 802.11a txPower AP1
Config 802.11a disable Config 802.11b disable
Viewing Additional RRM Settings Using the CLI
Configuring Mobility Groups
10-1
Overview of Mobility
10-2
10-3
Inter-Controller Roaming
10-4
Inter-Subnet Roaming
Overview of Mobility Groups
10-5
10-6
Two Mobility Groups
Configuring Mobility Groups
Determining When to Include Controllers in a Mobility Group
Prerequisites
10-7
Using the GUI to Configure Mobility Groups
10-8
10-9
Mobility Group Member New
10-10
Mobility Group Members Edit All
Using the CLI to Configure Mobility Groups
Configuring Auto-Anchor Mobility
10-11
Using the GUI to Configure Auto-Anchor Mobility
Guidelines for Using Auto-Anchor Mobility
10-12
10-13
WLANs
Using the CLI to Configure Auto-Anchor Mobility
10-14
Safety Considerations Translated Safety Warnings
Safety Considerations
Bewaar Deze Instructies
Warnung Wichtige Sicherheitshinweise
Avvertenza Importanti Istruzioni Sulla Sicurezza
Aviso Instruções Importantes DE Segurança
Guarde Estas Instruções
Class 1 Laser Product Warning
Aviso Produto a laser de classe
Ground Conductor Warning
Cisco Wireless LAN Controller Configuration Guide
Chassis Warning for Rack-Mounting and Servicing
Cisco Wireless LAN Controller Configuration Guide
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
Cisco Wireless LAN Controller Configuration Guide
Page
OL-8335-02
Page
OL-8335-02
Page
Battery Handling Warning for 4400 Series Controllers
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
Equipment Installation Warning
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
OL-8335-02
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
Cisco Wireless LAN Controller Configuration Guide
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
OL-8335-02
Declarations of Conformity and Regulatory Information
Regulatory Information for 1000 Series Access Points
Model
FCC Certification number
Manufacturer
Canadian Compliance Statement
Department of Communications-Canada
Certification number
EMC
Declaration of Conformity for RF Exposure
03-5549-6500
Access Points with Ieee 802.11a Radios
All Access Points
Declaration of Conformity Statements
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
OL-8335-02
End User License and Warranty
End User License Agreement
Cisco Wireless LAN Controller Configuration Guide OL-8335-02
Limited Warranty
Appendix C End User License and Warranty Limited Warranty
Disclaimer of Warranty
Additional Open Source Terms
OL-8335-02
System Messages and Access Point LED Patterns
Error Message Description
System Messages
Lradifcurrentchannelchanged
Client Reason Codes
Using Client Reason and Status Codes in Trap Logs
Client Reason Code Description Meaning
Client Status Codes
Client Status Code Description Meaning
Using Lightweight Access Point LEDs
LED Conditions Status
Numerics
IN-1
IN-2
DFS Dhcp
IN-3
Help Hold Time parameter
IN-4
Physical Mode parameter Physical Status parameter
IN-5
IN-6
IN-7
IN-8
Top
Page
Image
Contents