File Transfers | Cisco Systems OL-8335-02 manual

Chapter 1 Overview

File Transfers

Enhanced Integration with Cisco Secure ACS

The identity-based networking feature uses authentication, authorization, and accounting (AAA) override. When the following vendor-specific attributes are present in the RADIUS access accept message, the values override those present in the wireless LAN profile:

•QoS level

•802.1p value

•VLAN interface name

•Access control list (ACL) name

In this release, support is being added for the AAA server to return the VLAN number or name using the standard “RADIUS assigned VLAN name/number” feature defined in IETF RFC 2868 (RADIUS Attributes for Tunnel Protocol Support). To assign a wireless client to a particular VLAN, the AAA server sends the following attributes to the controller in the access accept message:

•IETF 64 (Tunnel Type): VLAN

•IETF 65 (Tunnel Medium Type): 802

•IETF 81 (Tunnel Private Group ID): VLAN # or VLAN Name String

This enables Cisco Secure ACS to communicate a VLAN change that may be a result of a posture analysis. Benefits of this new feature include:

•Integration with Cisco Secure ACS reduces installation and setup time

•Cisco Secure ACS operates smoothly across both wired and wireless networks

This feature supports 2000, 4100, and 4400 series controllers and 1000, 1130, 1200 and 1500 series lightweight access points.

File Transfers

The Cisco Wireless LAN Solution operator can upload and download operating system code, configuration, and certificate files to and from a Cisco Wireless LAN Controller using CLI commands, Web User Interface commands, or Cisco WCS.

•To use CLI commands, refer to the “Transferring Files to and from a Controller” section on page 8-2.

•To use Cisco WCS to upgrade software, refer to the Cisco Wireless Control System Configuration Guide. Click this URL to browse to this document:

http://www.cisco.com/en/US/products/ps6305/products_installation_and_configuration_guides_lis t.html

Cisco Wireless LAN Controller Configuration Guide

	OL-8335-02	1-13

Image 35

Cisco Systems OL-8335-02 manual File Transfers, Enhanced Integration with Cisco Secure ACS

Contents

Corporate Headquarters Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide Iii N T E N T S Client Location Enabling Web and Secure Web Modes Configuring Ports Vii Configuring the System for SpectraLink NetLink Telephones Viii QoS-Level5-17 ACL-Name5-17 Interface-Name5-18 VLAN-Tag5-18 Using Dhcp Option 43 Radio Resource Monitoring Prerequisites Xii Series Wireless LAN Controllers B-8 Xiii Preface Xiv AudiencePurpose Organization Conventions Xvi Xvii Related PublicationsObtaining Documentation Cisco.com Xviii Documentation FeedbackProduct Documentation DVD Ordering Documentation Xix Reporting Security Problems in Cisco ProductsCisco Product Security Overview Cisco Technical Support & Documentation Website Submitting a Service RequestObtaining Technical Assistance Xxi Definitions of Service Request SeverityObtaining Additional Publications and Information Xxii Overview Cisco Wireless LAN Solution Overview Single-Controller Deployments Cisco Wlan Solution Components Single-Controller Deployment Multiple-Controller Deployments Operating System Security Operating System Software Cisco Wlan Solution Wired Security Operational Requirements Cisco Wireless LAN ControllersConfiguration Requirements Layer 2 and Layer 3 Lwapp Operation Inter-Controller Layer 2 Roaming Client RoamingPrimary, Secondary, and Tertiary Controllers Same-Subnet Layer 2 Roaming Special Case Voice Over IP Telephone Roaming Inter-Subnet Layer 3 RoamingClient Location Security Considerations Per-Wireless LAN AssignmentExternal Dhcp Servers Per-Interface Assignment Cisco Wlan Solution Wireless LANs Cisco Wlan Solution Wired Connections Identity Networking Access Control Lists Enhanced Integration with Cisco Secure ACS File Transfers Pico Cell Functionality Power over Ethernet Wireless LAN Controller Platforms Intrusion Detection Service IDS Cisco 4100 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controller Model Numbers Cisco 4400 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controller Model Numbers Cisco 4100 Series Wireless LAN Controller Model Numbers Startup Wizard Cisco Wireless LAN Controller Failover Protection Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Time Zones Cisco Wireless LAN Controller Automatic Time SettingNetwork Connections to Cisco Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers 6shows connections to the 4100 series controller Cisco 4400 Series Wireless LAN Controllers Rogue Access Points Web User Interface Rogue Access Point Location, Tagging, and ContainmentWeb User Interface and the CLI Command Line Interface Using the Web-Browser and CLI Interfaces Enabling Web and Secure Web Modes Using the Web-Browser InterfaceGuidelines for Using the GUI Configuring the GUI for Https Show certificate summary Loading an Externally Generated Https Certificate Web Administration Certificate file webadmincertname.pem Logging into the CLI Using the CLIUsing Online Help Disabling the GUI Using a Remote Ethernet Connection Using a Local Serial Connection Navigating the CLI Command ActionLogging Out of the CLI Enter config network mgmt-via-wireless enable Configuring Ports and Interfaces Ports Overview of Ports and Interfaces Distribution System Ports Service Port Management Interface Interfaces Virtual Interface AP-Manager Interface Dynamic Interface Service-Port Interface Ports, Interfaces, and WLANs WLANs Configuring Ports and Interfaces Interfaces Management Interface Virtual Interface Service-Port InterfaceAP-Manager Interface Config interface acl management access-control-list-name Using the CLI to Configure the Management InterfaceUsing the CLI to Configure the AP-Manager Interface Config interface acl ap-manager access-control-list-name Using the CLI to Configure the Virtual Interface Using the CLI to Configure the Service-Port Interface Configuring Dynamic InterfacesUsing the GUI to Configure Dynamic Interfaces Interfaces New Using the CLI to Configure Dynamic Interfaces Ports Configuring Ports Controller Available Data Rates Parameter Description Controller Supported Data Rates Default EnableDefault Auto Configuring Port Mirroring Configuring Spanning Tree Protocol STP State Description Using the GUI to Configure Spanning Tree Protocol Default Default OffSTP Mode Description 10 Controller Spanning Tree Configuration Range Default DisableRange Default Default 2 seconds Using the CLI to Configure Spanning Tree Protocol 11illustrates LAG Enabling Link Aggregation Link Aggregation Guidelines 12 Link Aggregation with Catalyst 6500 Neighbor Switch 13 General Using the GUI to Enable Link Aggregation Configuring Neighbor Devices to Support LAG Using the CLI to Enable Link Aggregation Using Multiple AP-Manager Interfaces Using Link Aggregation 14 Two AP-Manager Interfaces Examples 15 Three AP-Manager Interfaces 16 Four AP-Manager Interfaces 17 Interfaces New Connecting Additional Ports Configuring Controller Settings Before You Start Using the Configuration Wizard Browse to the Commands/Reset to Factory Defaults Resetting the Device to Default SettingsResetting to Default Settings Using the CLI Resetting to Default Settings Using the GUI Running the Configuration Wizard on the CLI Managing the System Time and Date Configuring a Country CodeConfiguring Time and Date Manually Configuring NTP Country Code Bands Allowed Enabling and Disabling 802.11 Bands Configuring Snmp Settings Configuring Administrator Usernames and PasswordsConfiguring Radius Settings Enabling System Logging Enabling Dynamic Transmit Power ControlConfig 802.11a 802.11bg dtpc enable disable Enabling 802.3x Flow Control Guidelines for Using Multicast Mode Configuring Multicast ModeUnderstanding Multicast Mode Command Multicast Mode Configuring the Supervisor 720 to Support the WiSMEnabling Multicast Mode General WiSM Guidelines Configuring the SupervisorCommand Purpose Interface GigabitEthernet9/5-8 Switchport mode trunk Channel-group 1 mode onWism service-vlan vlan Interface GigabitEthernet9/1-4 Service-module wlan-controller 1/0 reset Using the Wireless LAN Controller Network Module OL-8335-02 Configuring Security Solutions Security Overview Cisco Wlan Solution SecurityLayer 1 Solutions Layer 2 Solutions Tagging and Containing Rogue Access Points Layer 3 SolutionsRogue Access Point Solutions Rogue Access Point Challenges Integrated Security Solutions Configuring the System for SpectraLink NetLink Telephones Using the CLI to Enable Long Preambles Using the GUI to Enable Long Preambles Using the GUI to Enable Management over Wireless Using Management over Wireless Using the GUI to Configure Dhcp Configuring DhcpUsing the CLI to Enable Management over Wireless Config wlan enable wlan-id Customizing the Web Authentication Login ScreenUsing the CLI to Configure Dhcp Config wlan disable wlan-id Typical Web-Browser Security Alert Default Web Authentication Operation Typical Web Authentication Login Window Changing the Web Authentication Login Window Title Customizing Web Authentication OperationHiding and Restoring the Cisco Wlan Solution Logo Clear webmessage Config custom-web webmessage messageChanging the Web Message Changing the Logo Downloading the Logo or Graphic Creating a Custom URL Redirect Verifying Web Authentication ChangesConfig custom-web redirecturl url Example of a Customized Web Authentication Login Window Example Sample Customized Web Authentication Login Window Identity Networking Overview Configuring Identity Networking ACL-Name Radius Attributes Used in Identity NetworkingQoS-Level VLAN-Tag Interface-Name Tunnel Attributes OL-8335-02 Configuring WLANs Displaying, Creating, Disabling, and Deleting Wireless LANs Wireless LAN OverviewConfiguring Wireless LANs Enabling MAC Filtering Activating Wireless LANsAssigning a Wireless LAN to a Dhcp Server Configuring MAC Filtering for Wireless LANs Dynamic 802.1X Keys and Authorization Assigning Wireless LANs to VLANsConfiguring Layer 2 Security Configuring a Timeout for Disabled Clients Dynamic WPA Keys and Encryption WEP Keys IPSec Configuring Layer 3 SecurityConfiguring a Wireless LAN for Both Static and Dynamic WEP IPSec Authentication IKE Diffie-Hellman Group IKE AuthenticationIKE Phase 1 Aggressive and Main Modes IKE Lifetime Timeout Local Netuser Configuring Quality of ServiceWeb-Based Authentication IPSec Passthrough Ieee 802.11e UP Configuring QoS Enhanced BSS QbssConfig wlan wmm disabled allowed required wlan-id Traffic Type Config wlan 7920-support client-cac-limit enable wlan-id Enabling 7920 Support Mode Controlling Lightweight Access Points Cisco 1000 Series Ieee 802.11a/b/g Lightweight Access Points Lightweight Access Point Overview Typical 1030 Lightweight Access Point Configuration Cisco 1030 Remote Edge Lightweight Access Points Cisco 1000 Series Lightweight Access Point Part Numbers Antenna Sectorization Cisco 1000 Series Lightweight Access Point LEDsExternal Antenna Connectors Cisco 1000 Series Lightweight Access Point Connectors Cisco 1000 Series Lightweight Access Point Monitor Mode Using the DNS for Controller DiscoveryCisco 1000 Series Lightweight Access Point Mounting Options Dynamic Frequency Selection Reverting from Lightweight Mode to Autonomous Mode Autonomous Access Points Converted to Lightweight Mode Using a Controller to Return to a Previous Release Access Point VCI String Using Dhcp Option Config ap get-radio-core-dump slot ap-name Converted Access Points Send Radio Core Dumps to ControllerEnabling Memory Core Dumps from Converted Access Points Display of MAC Addresses for Converted Access Points Config ap static-ip enable ap-name ip-address mask gateway Config ap reset-button enable disable ap-nameall OL-8335-02 Managing Controller Software Configurations Upgrading Controller Software Transferring Files to and from a Controller Transfer download path absolute-tftp-server-path-to-file Erasing the Controller Configuration Saving ConfigurationsClearing the Controller Configuration Resetting the Controller OL-8335-02 Configuring Radio Resource Management Radio Resource Monitoring Overview of Radio Resource Management Dynamic Channel Assignment Client and Network Load Balancing Dynamic Transmit Power ControlCoverage Hole Detection and Correction RF Group Leader Overview of RF GroupsRRM Benefits RF Group Name Configuring an RF Group General Using the GUI to Configure an RF Group Viewing RF Group Status Using the CLI to Configure RF GroupsUsing the GUI to View RF Group Status Global Parameters Global Parameters Auto RF Auto Using the CLI to View RF Group Status Using the GUI to Enable Rogue Access Point Detection Enabling Rogue Access Point Detection All APs Details AP Authentication Policy Using the CLI to Enable Rogue Access Point Detection Configuring Dynamic RRM RF Group Using the GUI to Configure Dynamic RRMDefault Enabled Channel Assignment Method Description Default AutomaticYou click Invoke Channel Update Now RF Channel Assignment Default Disabled Assignment Method Description Tx Power Level AssignmentClick Invoke Power Update Now Default 25% Default 10%Default -70 dBm Default 80% Monitor Intervals Default Noise/Interference/Rogue Monitoring Channels Config 802.11a disable Config 802.11b disable Using the CLI to Configure Dynamic RRM Overriding Dynamic RRM Radios Cisco APs Configure Config 802.11a txPower AP1 Config 802.11a disable Config 802.11b disable Viewing Additional RRM Settings Using the CLI 10-1 Configuring Mobility Groups 10-2 Overview of Mobility Inter-Controller Roaming 10-3 Inter-Subnet Roaming 10-4 10-5 Overview of Mobility Groups Two Mobility Groups 10-6 10-7 Configuring Mobility GroupsDetermining When to Include Controllers in a Mobility Group Prerequisites 10-8 Using the GUI to Configure Mobility Groups Mobility Group Member New 10-9 Mobility Group Members Edit All 10-10 10-11 Configuring Auto-Anchor MobilityUsing the CLI to Configure Mobility Groups 10-12 Guidelines for Using Auto-Anchor MobilityUsing the GUI to Configure Auto-Anchor Mobility WLANs 10-13 10-14 Using the CLI to Configure Auto-Anchor Mobility Safety Considerations Translated Safety Warnings Bewaar Deze Instructies Safety Considerations Avvertenza Importanti Istruzioni Sulla Sicurezza Warnung Wichtige Sicherheitshinweise Guarde Estas Instruções Aviso Instruções Importantes DE Segurança Class 1 Laser Product Warning Aviso Produto a laser de classe Ground Conductor Warning Cisco Wireless LAN Controller Configuration Guide Chassis Warning for Rack-Mounting and Servicing Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Cisco Wireless LAN Controller Configuration Guide Page OL-8335-02 Page OL-8335-02 Page Battery Handling Warning for 4400 Series Controllers Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Equipment Installation Warning Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Cisco Wireless LAN Controller Configuration Guide Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 Declarations of Conformity and Regulatory Information Manufacturer Regulatory Information for 1000 Series Access PointsModel FCC Certification number Certification number Department of Communications-CanadaCanadian Compliance Statement EMC Declaration of Conformity for RF Exposure 03-5549-6500 All Access Points Access Points with Ieee 802.11a Radios Declaration of Conformity Statements Cisco Wireless LAN Controller Configuration Guide OL-8335-02 OL-8335-02 End User License and Warranty End User License Agreement Cisco Wireless LAN Controller Configuration Guide OL-8335-02 Limited Warranty Appendix C End User License and Warranty Limited Warranty Disclaimer of Warranty Additional Open Source Terms OL-8335-02 System Messages and Access Point LED Patterns System Messages Error Message Description Lradifcurrentchannelchanged Client Reason Code Description Meaning Using Client Reason and Status Codes in Trap LogsClient Reason Codes Client Status Code Description Meaning Client Status Codes LED Conditions Status Using Lightweight Access Point LEDs IN-1 Numerics IN-2 IN-3 DFS Dhcp IN-4 Help Hold Time parameter IN-5 Physical Mode parameter Physical Status parameter IN-6 IN-7 IN-8