Cisco Systems 12.3(8)JEE manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Cisco Systems 12.3(8)JEE. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoCisco Systems 12.3(8)JEE vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Cisco Systems 12.3(8)JEE você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Cisco Systems 12.3(8)JEE, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Cisco Systems 12.3(8)JEE deve conte:
- dados técnicos do dispositivo Cisco Systems 12.3(8)JEE
- nome do fabricante e ano de fabricação do dispositivo Cisco Systems 12.3(8)JEE
- instruções de utilização, regulação e manutenção do dispositivo Cisco Systems 12.3(8)JEE
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Cisco Systems 12.3(8)JEE não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Cisco Systems 12.3(8)JEE e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Cisco Systems na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Cisco Systems 12.3(8)JEE, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Cisco Systems 12.3(8)JEE, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Cisco Systems 12.3(8)JEE. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco we bsite at www.cisco.com/go/ offices. Cisco IOS S of tw are Conf iguration Guide f or Cisco Air o net A ccess P oints Cisco IOS Releases 15.2(4)JA, 1 5.2(2)JB, 15.2(2)JA,1 2.4( 25 d ) JA, and 12.3(8)JEE Tex[...]

  • Página 2

    THE SPECIFICATION S AND INFORMAT ION REGARDING THE PRODUCTS IN THIS MA NUAL ARE SUBJ ECT TO CHANGE WITHOUT NOT ICE. ALL STATEMENTS , INFORMATION , AND RECOMMEN DATIONS I N THIS MANUA L ARE BELIEVE D TO BE ACCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FUL L RESPONSIBILITY FOR THEIR APPLICAT ION OF ANY[...]

  • Página 3

    Contents 1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Audience i-xix Purpose i-xix Organization i-xx Conventi ons i-xxi Related Publication s i-xxii Obtaining Documentation, Obtaining Support, and Security Guid elines i-xxii CHAPTER 1 Overview 1-1 Features 1-2 Features Introduced in This Release 1-2 Support [...]

  • Página 4

    Contents 2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Getting Help 3-3 Abbreviating Command s 3-3 Using the no and Default Forms of Commands 3-4 Understanding CLI Messages 3-4 Using Command History 3-4 Changing the Co mmand History Buffer Size 3-5 Recalling Commands 3-5 Disabling the Command History Feature[...]

  • Página 5

    Contents 3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Using the Express Security Page 4-20 CLI Conf iguratio n Exampl es 4-21 Configuring System Power Settings Access Points 4-26 Using the AC Power Adapter 4-26 Using a Switch Capable of IEEE 802.3af Power Negotiat ion 4-26 Using a Switch That Does Not Suppor[...]

  • Página 6

    Contents 4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Configuring Spectrum Expert Mode 5-10 Controlling Access Point Acce ss with RADIUS 5-11 Default RADIUS Configuration 5-12 Configuring RADIUS Login Authentication 5-12 Defining AAA Server Groups 5-14 Configuring RADIUS Authorization for User Privileged Ac[...]

  • Página 7

    Contents 5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Defining HTTP Access 5-35 Configuring a System Name and Prompt 5-35 Default System Name and Prompt Configuration 5-35 Configuring a System Name 5-35 Understanding DNS 5-36 Default DNS Configuration 5-36 Setting Up DNS 5-37 Displaying the DNS Configuration[...]

  • Página 8

    Contents 6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Confirming th at DFS is Enabled 6-20 Configuring a Channel 6-20 Blocking Chann els from DFS Selection 6-21 Setting the 802.11n Guard Interva l 6-22 Configuring Location-Based Services 6-22 Understanding L ocation-Based Se rvices 6-22 Configuring LBS on A[...]

  • Página 9

    Contents 7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Default SSID Configuration 7-4 Creating an SSID Globally 7-4 Viewing SSIDs Configured Globally 7-6 Using Spaces in SSIDs 7-6 Using a RADIUS Server to Restrict SSIDs 7-7 Configuring Multiple Basic SSIDs 7-8 Requirements for Configuring Multiple BSSIDs 7-8 [...]

  • Página 10

    Contents 8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Non-Root Bridge with VLANs 8-13 Displaying Spannin g-Tree Status 8-14 CHAPTER 9 Configuring an Acc ess Poin t as a Local Authenticator 9-1 Understanding L ocal Authenticatio n 9-2 Configuring a Local Authenticator 9-2 Guidelines for Local Authenticators [...]

  • Página 11

    Contents 9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP 11-8 Configuring Authentication Types 11-10 Assigning Authentication Types to an SSID 11-10 Configuring WPA Migration Mode 11-13 Configuring Additional WPA Settings 11-14 Configuring MAC[...]

  • Página 12

    Contents 10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 CLI Configuration Example 12-24 Support for 802.11r 12-24 Configuring Management Frame Protec tion 12-25 Management Fram e Protection 12-25 Overview 12-26 Protection of Unicast Management Frame s 12-26 Protection of Broadcast Mana gement Frames 12-26 Cl[...]

  • Página 13

    Contents 11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Understanding T ACACS+ 13-23 TACACS+ Operation 13-24 Configuring TACACS+ 13-24 Default TAC ACS+ Config uration 13-25 Identifying the TACACS+ Server Host and Setting the Authenticatio n Key 13-25 Configuring TACACS+ Login Authentication 13-26 Configuring [...]

  • Página 14

    Contents 12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Rate Limiting 15-11 Adjusting Radio Access Categories 15-12 Configuring Nominal Rates 15-13 Optimized Voice Settings 15 -14 Configuring Call Admission Control 15-14 QoS Configuration Examples 15-15 Giving Priority to Voice Traffic 15-15 Giving Priority [...]

  • Página 15

    Contents 13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 SNMP Community Strings 18-4 Using SNMP to Access MIB Variables 18-4 Configuring SNMP 18-5 Default SNMP Configuration 18-5 Enabling the SNMP Agent 18 -5 Configuring Community Strings 18-6 Specifying SNMP-Server Group Names 18-7 Configuring SNMP-Server Hos[...]

  • Página 16

    Contents 14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Guidelines for Using Workgroup Bridges in a Lightweig ht Environment 19-20 Sample Workgroup Bridge Configuratio n 19-22 Enabling VideoStream Sup port on Workgroup Bridges 19-23 CHAPTER 20 Managing Firmware and Configurations 20-1 Working with the Flash [...]

  • Página 17

    Contents 15 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Copying Image Files by Using TFTP 20-19 Preparing to Download or Upload an Image File by Using TFTP 20-19 Downloading an Image F ile by Using TFTP 20-20 Uploading an Image File by Using TFT P 20-22 Copying Image Files by Using FTP 20-22 Preparing to Down[...]

  • Página 18

    Contents 16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Indicators on 1260 Series Access Points 22-15 Indicators on 1300 Outdoor Acces s Point/Bridges 22-17 Normal Mode LED Indications 22-18 Power Injector 22-20 Checking Power 22 -21 Low Power Conditio n 22-21 Checking Basic Settings 22-22 SSID 22-22 WEP Key[...]

  • Página 19

    Contents 17 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Local Authenticator Messages C-21 WDS Messages C-24 Mini IOS Messages C-25 Access Point/Bridge Messages C-26 Cisco Discovery Protocol Messages C-26 External Radius Server Error Messages C-26 LWAPP Error Messages C-27 Sensor Messages C-28 SNMP Error Messa[...]

  • Página 20

    Contents 18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01[...]

  • Página 21

    -xix Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Preface Audience This guide is for the n etworkin g professional who in stalls and manages Cisco Aironet Access Points. T o use this guide, you should ha ve experience w orking with the Cisco IOS softw are and be familiar with the concepts and terminology of w[...]

  • Página 22

    -xx Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Organization This guide also includes an ov ervie w of the acce ss point web-based interface (APWI), wh ich contains all the functionality of th e command-line interf ace (CLI). This guide does not pr ovide f ield-le vel descriptions of the APWI wind ows nor do[...]

  • Página 23

    -xxi Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Conventions Chapter 15, “Conf iguring QoS, ” describes ho w to conf igure and manage MA C address, IP , and EtherT ype filters on the access poi nt using the web-br ow ser interface. Chapter 16, “Conf iguring Filters, ” describes how to config ure and [...]

  • Página 24

    -xxii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Related Publications Caution Means reader be careful. In this situation, yo u mi ght do someth ing that coul d result equipment damage or loss of data. Ti p Means the follo wing will help you sol ve a probl em. The tips information might n ot be troubleshoot [...]

  • Página 25

    -xxiii Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Obtaining Do cumentation, Obta ining Support, and Security Guidelines[...]

  • Página 26

    -xxiv Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Obtaining Documentation, Obtaining Support, and Security G uidelines[...]

  • Página 27

    CH A P T E R 1-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 1 Overview Cisco Aironet Access Poin ts (herea fter called ac cess points ) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and f lexibilit y with the enterprise-class features required b y networking prof[...]

  • Página 28

    1-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 1 Overvi ew Features • The 1300 series o utdoor access point/bridge uses an inte grated antenna and can be config ured to use external, dual-di v ersity antennas. • The 2600 series access point contains dual-band ra dios (2.4 GHz and 5 GHz) with int[...]

  • Página 29

    1-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 1 Overview Management Options Support for 802.11w Cisco IOS Release 15.2(4)J A pro vides support for the 802.11w p rotocol. Unlik e encrypted data tr af fi c, management frames are sent in an unsecure manner while using the 802. 11 protocol for d ata tr[...]

  • Página 30

    1-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 1 Overvi ew Network Config uration Exam ples seamless and transparen t to the user . Figure 1-1 shows access points acting as root units on a wired LAN. Figur e 1 -1 Access P oints as Ro ot Units on a Wired LAN Repeater Access Point An access point can [...]

  • Página 31

    1-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 1 Overview Network Configuration Examp les Figure 1 -2 Access P oint as Repeater Bridges The 1140, 1200, 1240, and 1250 seri es access points and the 1300 access point/b ridge can be configured as root or non-root bri dges. In this role, an access point[...]

  • Página 32

    1-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 1 Overvi ew Network Config uration Exam ples Figur e 1 -4 Access P oints as Root an d Non-r oot Bridg es with Clients Workgroup Bridge Y ou can configure access points as workg roup bridges. I n workgroup bridge mode, the unit asso ciates to another acc[...]

  • Página 33

    1-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 1 Overview Network Configuration Examp les Central Unit in an All-Wireless Network In an all-wireless network, an access point acts as a stand-alone r oot unit. The access point is no t attached to a wired LAN; it functions as a hub linking all stations[...]

  • Página 34

    1-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 1 Overvi ew Network Config uration Exam ples[...]

  • Página 35

    CH A P T E R 2-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 2 Using the Web-Browser Interface This chapter describes the web-brow ser interface that you can use to conf igure the wireless de vice. This chapter contains the following sections: • Using the W eb-Browser Interface for the First T ime, page 2-[...]

  • Página 36

    2-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Using the Web-Browser Inte rf ace for the First Time Using the Web-Browser Interface for the First Time Use the wireless device IP address to br owse to the management system. See t he “Logging into the Access Point?[...]

  • Página 37

    2-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Using the Management Pag es in the Web-Browser Inte rface Using Action Buttons Ta b l e 2 - 1 lists the page links and b uttons that appear on most management pages. T able 2-1 Common Butt ons on Manageme nt P ages But[...]

  • Página 38

    2-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Character Restrictions in Entry Fields Because the 1200 series acce ss point uses Cisco IO S software, there are certain characters that you cannot use in the entry fields on the web[...]

  • Página 39

    2-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-2 Expr ess Setup P age Step 3 Enter a name for the access p oint in the System Name f ield and click Apply . Step 4 Brow se to the Services – DNS page. Figure 2-3 sho ws t[...]

  • Página 40

    2-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Figur e 2-3 Services – DNS P a ge Step 5 Click Enable for DNS. Step 6 In the Domain Name f ield, enter your compan y domain name. Step 7 Enter at least one IP address for your DNS [...]

  • Página 41

    2-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Enabling HTTPS for Secure Browsing Step 10 Browse to the Services: HTTP W eb Server page. Figure 2-4 sho ws the HTTP W eb Serv er page: Figur e 2-4 Services: HTTP W eb Server P age Step 11 Select the Enable Secur e (HT[...]

  • Página 42

    2-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Step 14 Another warn ing appears stating that th e access point securi ty certif icate is valid but is not from a kno wn source. Howe ver , you can accept the certificate with co nf [...]

  • Página 43

    2-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-7 Certificat e Window Step 16 In the Certificate windo w , click Install Certif icate . The Microsoft W indows Cert if icate Import W izard appears. Figure 2-8 sho ws the Ce[...]

  • Página 44

    2-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Figur e 2-8 Certificat e Import Wizar d Step 17 Click Next . The next screen asks where you want to sto r e the certificate. W e recommend that you use the default storage area on y[...]

  • Página 45

    2-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Enabling HTTPS for Secure Browsing Figure 2-1 0 Certificat e Completion Screen Step 19 Click Finish . Windo ws displays a final security warning. Figure 2-11 shows the security w arning. Figur e 2-1 1 Certificat e Sec[...]

  • Página 46

    2-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Figure 2-12 Import Successful Scr een Step 21 Click OK . Step 22 On the Certificate windo w shown in Figure 2-7 , which is still displayed, cli ck OK . Step 23 On the Security Alert[...]

  • Página 47

    2-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 2 Using the W eb-Browser Interface Using Online Help Using Online Help Click the help icon at the top of an y page in the web-bro wser interf ace to display online help . Figure 2-13 sho ws the help and print icons. Figur e 2-13 Help and Print Icons Wh[...]

  • Página 48

    2-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 2 Using th e Web-Browser Interface Disabling the Web-Brow ser Interface Ta b l e 2 - 2 sho ws an e xample help location and He lp Root URL for an 1100 series access poi nt. Step 5 Click A pply . Disabling the Web-Browser Interface T o prevent all use o[...]

  • Página 49

    CH A P T E R 3-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 3 Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless de vice. It contains th e follo wing sections: • Cisco IOS Command Modes, page 3-2 • Getting Help, p[...]

  • Página 50

    3-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 3 Using the Comman d-Line Interface Cisco IOS Command Mode s Cisco IOS Command Modes The Cisco IOS user interface is di vided into many dif f erent modes. The commands av ailable to you depend on which mode y ou are currently in. Enter a quest ion mark [...]

  • Página 51

    3-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 3 Using th e Co mmand-Line Interface Getting Help Getting Help Y ou ca n enter a question mark (?) at the system prompt to display a list of commands a vailable for each command mo de. Y ou can also obtain a list of asso ciated keyw ords and ar guments [...]

  • Página 52

    3-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 3 Using the Comman d-Line Interface Using the no and Default Forms of Com mands Using the no and Default Forms of Commands Most confi guration command s also ha ve a no form. In general, use the no form to disable a feature or function or re verse the a[...]

  • Página 53

    3-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 3 Using th e Co mmand-Line Interface Using Comman d History Changing the Command History Buffer Size By default, the wi reless de vice records ten command lines in i ts history b uf fer . Beginning in pr iv ileged EXEC mode, enter this command to change[...]

  • Página 54

    3-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 3 Using the Comman d-Line Interface Using Editing Features Using Editing Features This section descri bes the editing features that can help you manipu late the command line. It contains these sections: • Enabling and Disabling Edit ing Features, page[...]

  • Página 55

    3-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 3 Using th e Co mmand-Line Interface Using Editing Features Editing Command Lines that Wrap Y ou can use a wraparound feature for commands th at exten d beyond a sin gle line on the screen. When the cursor reaches the right margin, the command line shif[...]

  • Página 56

    3-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 3 Using the Comman d-Line Interface Searching and Filteri ng Output of show and more Commands In this e xample, the access-list global co nfigu ration command entry e xtends be yond one line. When the cursor first reaches the end of the line, the line i[...]

  • Página 57

    3-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 3 Using th e Co mmand-Line Interface Accessing the CLI Accessing the CLI Y ou c an open the wire less device CLI using T elnet or Secure Shell (SSH). Opening the CLI with Telnet Follo w these steps to open the CLI with T elnet. The se steps are for a PC[...]

  • Página 58

    3-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 3 Using the Comman d-Line Interface Accessing the CLI[...]

  • Página 59

    CH A P T E R 4-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 4 Configuring the Access Point for the First Time This chapter describe s how to configure basic settin gs on the wireless de vice for the first time. The contents of this chapter are similar to the instru ct ions in the quick start gui de that shi[...]

  • Página 60

    4-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Before You Start Before You Start Before you install the wireless de vice, make sure you are u sing a comput er connecte d to the same network as t he wireless de vice, and obtain the fo llo wing inform[...]

  • Página 61

    4-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Before You Start Step 5 Click System Software and the System Software screen appears. Step 6 Click System Conf iguration and the System Conf iguration screen appears. Step 7 Click the Reset to Defaults [...]

  • Página 62

    4-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Logging into the Access Point Logging into the Access Point A user can login to the access poin t using one of the follo wing methods: • graphica l user interf ace (GUI) • T elnet (if the AP is conf[...]

  • Página 63

    4-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Connecting to the 1100 Series A ccess Point Locally to the 1040, 1140,1 200, 1230, 1240, 1250 , 1260, and 2600 Series Access Po ints Locally” section on page 4-6 to connect to the consol e port. – P[...]

  • Página 64

    4-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Connecting to the 1130 Seri es Access Point Locally Step 2 Connect your PC to the access point using a Category 5 Ethernet cable. Y ou can use either a c rossov er cable or a straight-t hrough cable. St[...]

  • Página 65

    4-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Connecting to the 1300 Series Access Point/Bridge Locally Step 1 Connect a nine-pin , female DB-9 to RJ-45 serial cable to the RJ-45 se rial port on the access point and to the COM port on a computer . [...]

  • Página 66

    4-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Default Radio Settings Note When you connect your PC to the access point/bridge or reconnect yo ur PC to the wired LAN, you might need to release and renew the IP addr ess on the PC. On most PCs, you ca[...]

  • Página 67

    4-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s Figure 4-1 Summary Status P age Step 5 Click Express Set up . The Express Setup screen appears. Figure 4-2 and Figure 4-3 sho ws the Express Setup page for the 1100 series acce[...]

  • Página 68

    4-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Figur e 4-2 Expr ess Setu p P age for 1 1 00 Ser ies Access P oints Figur e 4-3 Expr ess Setup P age f or 1 130, 120 0, and 1240 Ser ies Access P oints Note Figure 4-3 sho ws t[...]

  • Página 69

    4-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s Figure 4-4 Expr ess Setup P age f or 1 040, 1 140, 1260 and 1260 Ser ies Access P oints[...]

  • Página 70

    4-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Figur e 4-5 Expr ess Setup P age f or the 1300 Ser ies Access P oint/Br idge Step 6 Enter the conf iguration settings you obtained from your system admini strator . The conf ig[...]

  • Página 71

    4-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s • IP Address —Use th is setting to assign or chan ge the wi reless de vice IP address. If DHCP is enabled for your netw ork, lea ve thi s field blank. Note If the wireless[...]

  • Página 72

    4-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings • Optimize Radio Netw ork for —Use t his setting to select either preconf igured settings for the wireless de vice radio or cu stomized se t tings for the wireless de vice [...]

  • Página 73

    4-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s IP Subnet Mask Assigned by DHCP by defa ult; if DHCP is disabled, the def ault setting is 255. 255.255.224 Default Gate way Assigned by DHCP by default ; if DHCP is disabled, [...]

  • Página 74

    4-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basic Security Settings Configuring Basic Security Settings After you assign basic settings to the wireless de vi ce, you must con figure secu rity settings to pre vent unauthorized access [...]

  • Página 75

    4-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Understanding Express Security Settings The SSIDs that you create using the Express security page appear in the SSID ta ble at the bottom of the page. Y ou can crea[...]

  • Página 76

    4-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basic Security Settings Express Security Types Ta b l e 4 - 2 describes the four security t ypes that you can assign t o an SSID. T able 4-2 Securi ty T ypes on Expr ess Security Set up Pag[...]

  • Página 77

    4-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s EAP Authentication This option en ables 802.1X authentication (such as LEA P , PEAP , EAP-TLS, EAP-F AST , EAP-TTLS, EAP-GTC, EAP-SIM, and other 802.1X/EAP based pr[...]

  • Página 78

    4-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basic Security Settings Express Security Limitations Because the Express Security page is designed for simple configuration of basic security , the opti ons av ailable are a subset of the w[...]

  • Página 79

    4-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s CLI Configuration Examples The examples in this section sho w the CLI commands that are equiv alent to creating SSIDs using each security type on the Express Securi[...]

  • Página 80

    4-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basic Security Settings ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 20 key 3 size 128bit 7 FFD518A21653687A4251AEE1230C transmit-key encryption vlan 20 mode we[...]

  • Página 81

    4-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Example: EAP Authentication This example sho ws part of the configurati on that re sults from using the Express Security pa ge to create an SSID called eap_ssid , e[...]

  • Página 82

    4-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basic Security Settings ! interface Dot11Radio0/1.30 encapsulation dot1Q 30 no ip route-cache bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 block-unknown-source no[...]

  • Página 83

    4-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s aaa new-model ! ! aaa group server radius rad_eap server 10.91.104.92 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius rad_[...]

  • Página 84

    4-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring System Powe r Settings Access P oints bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.40 encapsulation dot1Q 40 no ip route-cache[...]

  • Página 85

    4-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring System Power Settings Access Points Using a Power Injector If you use a po wer injector to pro vide po wer to the 1040, 1130, 1140, 1240, 1250, or 1260 access point, select Powe r I n je c [...]

  • Página 86

    4-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning an IP A ddress Using the CLI 1. Maximum transmit power will vary by channel and accordin g to individual country regulations. Refer to the product documentation for specific details. 2. Tx—[...]

  • Página 87

    4-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring the 802.1X Supplicant If T elnet is not listed in your Accessories menu, select Start > Run , type Te l n e t in the entry field, and press Enter . Step 2 When the T elnet windo w appear[...]

  • Página 88

    4-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring the 802.1X Supp licant Use the no form of the dot1x credent ials command to ne gate a parameter . The follo wing example creates a credentials prof ile named test with the username Cisco an[...]

  • Página 89

    4-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring the 802.1X Supplicant The follo wing e xample applies the cred entials prof ile test to the access point Fast Ethernet port: ap1240AG> enable Password: xxxxxxx ap1240AG# config terminal [...]

  • Página 90

    4-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 Creating and Applying EAP Method Profiles Y ou can optionally conf igure an EAP method list to en able the supplicant to recognize a particular EAP method. See the “Creating an d App[...]

  • Página 91

    4-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 The follo wing modes are supp orted • Root • Root bridge • Non Root bridge • Repeater • WGB The follo wing modes are not supp orted • Spectrum mode • Monitor mode Beginni[...]

  • Página 92

    4-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 normal four-message e xchange (so licit, advertise, request, rep ly). By default, the four -message exchange is used. When the rapid-commit option is en abled by both client an d serve[...]

  • Página 93

    4-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 Configuring IPv6 Access Lists IPv6 access lists (ACL) are used to fi lter traf f ic and restrict ac cess to th e router . IPv6 prefix lists are used to fi lter routing pro tocol update[...]

  • Página 94

    4-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 IPv6 WDS AP registration The first acti ve IPv6 address is used to regi ster the WDS. Ta b l e 4 - 5 sho ws different scenarios in the IPv6 WDS AP regi stration process. Note 11r roami[...]

  • Página 95

    4-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 RA filtering RA filterin g increases the security of the IPv6 network by dropp ing RAs coming from wireless clients. RA filt ering pre vents misconf igured or malicious IPv 6 clients f[...]

  • Página 96

    4-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6[...]

  • Página 97

    CH A P T E R 5-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 5 Administering the Access Point This chapter de scribes ho w to administer the wirele ss de vice. This chapter conta ins the follo wing sections: • Disabling the Mo de Button, page 5-2 • Pre venting Unauthorized Access to Y our Access Point, p[...]

  • Página 98

    5-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Disabling the Mode Button Disabling the Mode Button Y ou can disable the mode b utton on access points ha ving a console port by using th e [no] boot mode-button co mmand. This command pre vents password reco very and i[...]

  • Página 99

    5-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Preventing Unauthorized Acc ess to Your Access Po int Preventing Unauthorized Access to Your Access Point Y ou can prev ent unauthorized users from reconfi guring the wireless de vice and vie wing conf iguration informat[...]

  • Página 100

    5-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Protecting Ac cess to Pr ivileged EXEC Commands Default Password and Privilege Level Configuration Ta b l e 5 - 1 sho ws the defa ult password and p riv ilege le vel conf iguration. Setting or Changing a Static Enable P[...]

  • Página 101

    5-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Protecting A ccess to Privile ged EXEC Commands This example sho w s how to ch ange the enable password to l1u2c3k4y5 . The passwo rd is not encrypted and provides access to le vel 15 (tradi tional pri vileg ed EXEC mode[...]

  • Página 102

    5-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Protecting Ac cess to Pr ivileged EXEC Commands Protecting Enable and Enable Secret Passwords with Encryption T o provide an additional layer of securi ty , particular ly for passwords that cross the netw ork or that ar[...]

  • Página 103

    5-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Protecting A ccess to Privile ged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyw ord to def ine a password for a specif ic pri vi[...]

  • Página 104

    5-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Protecting Ac cess to Pr ivileged EXEC Commands T o disa ble username authenticatio n for a specific user , use the no username name global configurat ion command. T o dis able password checking and allo w connections w[...]

  • Página 105

    5-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring Easy Setup When you set a command to a privilege le vel, all commands whose syntax is a subset of that command are also set to that le vel. For e xample, if you set the show ip route command to level 15, the [...]

  • Página 106

    5-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring Spectru m Expert Mode Network Configuration T o c onf igure an access point using the network config uration, enter the v alues for the following f ields: • Hostname • IP Address • Server protocol •[...]

  • Página 107

    5-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Controlling Access Point Access with RADIUS Step 1 Choose Home > Easy Setup > Network Conf iguration . Step 2 From the Role in Radio Netw ork drop-dow n list choose Spectrum . Step 3 Click Apply . Step 4 Launch th[...]

  • Página 108

    5-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Controlling Access Point Access with RADIUS RADIUS provid es detailed accounting in formation and fle x ible administ rati ve control o ver authentication and authorization processes. RADIUS is facilitated thr ough AAA[...]

  • Página 109

    5-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Controlling Access Point Access with RADIUS T o disable AAA, use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [[...]

  • Página 110

    5-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Controlling Access Point Access with RADIUS Defining AAA Server Groups Y ou can configure the wi reless de vice to use AAA serv er groups to group e xisting server hosts for authentication. Y o u select a subset of the[...]

  • Página 111

    5-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Controlling Access Point Access with RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r i e s ] [ key string ] Specify[...]

  • Página 112

    5-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Controlling Access Point Access with RADIUS T o remove the specified RADIUS server , use the no radius-server host hostna me | ip-addr ess glo bal confi guration command. T o remov e a server group from t he config ura[...]

  • Página 113

    5-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Controlling Access Poin t Access with TACACS+ T o dis able authorization, use the no aaa au thorization { network | exec } method1 global configuration command. Displaying the RADIUS Configuration T o display the RADIUS[...]

  • Página 114

    5-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Controlling Access Point Access with TACACS+ authentication met hods are performed. The onl y exceptio n is the default met hod list (which, b y coincidence, is named default ). The default metho d list is automaticall[...]

  • Página 115

    5-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Controlling Access Poin t Access with TACACS+ T o disable AAA, use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1[...]

  • Página 116

    5-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring Ethernet Sp eed and Dupl ex Settings Configuring Ethernet Speed and Duplex Settings Y ou can assign the wireless de vice Ethernet port speed and duple x settings. W e recommend th at you use auto , the defa[...]

  • Página 117

    5-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configu ring the A ccess Poin t for L oca l Authentica tion and Authorization Configuring the Access Point for Local Authentication and Authorization Y ou c an configure AAA to operate without a serv er by configuring t[...]

  • Página 118

    5-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring the Authen tication Cache and Profile T o disable AAA, use the no aaa new-model global confi guration command. T o disable authorizati on, use the no aaa authorization { network | ex ec } method1 global co [...]

  • Página 119

    5-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring the Auth enti cation Cache and Profile ! aaa group server tacacs+ tac_admin server 192.168.133.231 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group [...]

  • Página 120

    5-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring the Access Poin t to Provide DHCP Service ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius sour[...]

  • Página 121

    5-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring the Access Point to Pr ovide DHCP Service http://www .cisco.com/uni vercd/cc/td/doc/product/ sof tware/i os122/122cgcr/f ipr_c/ipcprt1/1cfdhcp.htm Beginning in pri vileged EXEC mode, follo w these steps to c[...]

  • Página 122

    5-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring the Access Poin t to Provide DHCP Service AP(dhcp-config)# end Monitoring and Maintaining the DHCP Server Access Point These sections describe commands you can use to monitor and maintain the DHCP serv er a[...]

  • Página 123

    5-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring the Ac cess Point for Secure Shell Debug Command T o enable DHCP server deb ugging, use this command in pri vileged EXEC mode: debug ip dhcp serv er { even ts | packets | linkage } Use the no form of the com[...]

  • Página 124

    5-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring Client ARP Caching Support for Secure Copy Protocol The Secure Copy Protocol (SCP) supports file transf ers between hosts on a network using Secure Shell (SSH) for security . Cisco IOS Release 15.2(2)JB sup[...]

  • Página 125

    5-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Managing the System Time and Date Optional ARP Caching When a non-Cisco client de vice is associated to an access point and is not passing data, the wireless device might not know the client IP address. If th is situati[...]

  • Página 126

    5-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Managing the System Time and Date Understanding Simple Network Time Protocol Simple Network T ime Protocol (SNTP) is a simplif ied, client-only version of NT P . SNTP can only recei ve the time from NTP ser vers; it ca[...]

  • Página 127

    5-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Managing the System Time and Date • Config uring the T ime Zone, page 5-32 • Config uring Summer T ime (Daylight Savin g T ime), page 5-33 Setting the System Clock If you ha ve an outside source on the net work that[...]

  • Página 128

    5-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Managing the System Time and Date Beginning in privileged EXEC mode, follow these steps to set th e system clock: This exampl e sho ws ho w to manually set the system cl ock to 1:32 p.m. on July 23, 2001: AP# clock set[...]

  • Página 129

    5-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Managing the System Time and Date The minutes-offset variable in the clock timezone global conf iguration command is a vailable for tho se cases where a local time zone is a percentage of an hour dif ferent from UTC. Fo[...]

  • Página 130

    5-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Managing the System Time and Date The first part of the clock summer -time global conf iguration command specifies when su mmer time begins, and t he second part specif ies when it ends. All ti mes are relati ve to the[...]

  • Página 131

    5-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Defining H TTP Access Defining HTTP Access By default, 80 is used fo r HTTP access, and port 443 is used for HTTPS access. These values can be customized by the user . Follo w thes e steps to define the HTTP access. Ste[...]

  • Página 132

    5-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring a System N ame and Prompt When you set the system name, it is also used as the system prompt. T o return to the default host name, use th e no hostname global conf iguration command. Understanding DNS The D[...]

  • Página 133

    5-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring a System Name and Prompt Setting Up DNS Beginning in pri vile ged EXEC mode, follo w these st eps to set up the wireless device to use the DNS: If you use the wireless de vice IP address as its host name, th[...]

  • Página 134

    5-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Creating a Banne r T o remove a do main name, use the no ip domain- name name global conf iguration command. T o remov e a name server address, use the no ip name-server server-addr ess global conf iguration command. T[...]

  • Página 135

    5-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Creating a Banner Beginni ng in pri vile ged EXEC mode, follo w these steps to configure a MO TD login banner: T o delete the MOTD b anner , use the no banner motd global config uration command. This exampl e sho ws ho [...]

  • Página 136

    5-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode Configuring a Login Banner Y ou can configure a login banner to ap pear on all c onnected termin als. This banner appears after the MO TD banner and [...]

  • Página 137

    5-41 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Migrating to Japan W52 Domain Migrating to Japan W52 Domain This utility is used to migrate 802.11a radios fr om the J52 to W52 domains. The utility operates on the 1130, 1200 (with RM2 0, RM21, and RM22A radios), an d [...]

  • Página 138

    5-42 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Migrating to Japan W52 Domain[...]

  • Página 139

    5-43 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 5 Administering the Access Point Configuring Multiple VLAN and Rate Li miting for Point-to-Multipoint Bridging Verifying the Migration Use the show controllers command to conf irm the migration as sho wn in this typical e xample: ap# show controllers d[...]

  • Página 140

    5-44 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 5 Admin istering the Access Point Configuring Multiple VLAN and Rate Limiting for Poin t-to-Multipoint Bridging In a typical scenario, multiple VLAN support perm its users to set u p point-to-mu ltipoint bri dge links with remote sites, with each remot[...]

  • Página 141

    CH A P T E R 6-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 6 Configuring Radio Settings This chapter describes h ow to config ure radio settings for the wireless device. Th is chapter includes the follo wing sections: • Enabling the Radio Inter face, page 6-2 • Config uring the Role in Radi o Network, [...]

  • Página 142

    6-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Enabling the Radio Interface Enabling the Radio Interface The wireless de vice radios are disabled by def ault. Note Beginning wit h Cisco IOS Release 12.3(8)J A there is no SSID. Y ou must create an SSID before you can enab[...]

  • Página 143

    6-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Y ou can also configure a fallback role for root access points. The wi reless de vice automatically assumes the fallback role when it s Ethernet port is disabled or disconnected from [...]

  • Página 144

    6-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Step 3 station-role non-root {bridge | wir eless-clients} rep e a te r root {access-point | ap-only | [bridge | wireless- clients] | [fallback | repeater | shutdo wn]} scanner workgr oup[...]

  • Página 145

    6-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Note When you enable the role in the radio network as a Bridge/w orkg roup bridge and enable the interface using the no shut command, the physical status and t he software status of t[...]

  • Página 146

    6-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Note In point-to-multip oint bridging, WGB i s not recommended wit h the root bridge. WGB sh ould be associated to the root AP i n point-to-multi point bridging setup. Configuring Dual-R[...]

  • Página 147

    6-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Radio Tracking Y ou can configure the access point to track or monitor the status of on e of its radios. It the tracked radio goes down or is disabl ed , the access point shuts do wn [...]

  • Página 148

    6-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates Bridge Features Not Supported The follo wing features are not supported when a 1200 or 1240 series access point is configured as a bridge: • Clear Channel Assessment (CCA) • Interoperability [...]

  • Página 149

    6-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuri ng Radio Data Rates to be made based on reso urces av ailable to the wireless project, typ e of traf f ic the users will be passing , service lev el desired, and as always, the qu ality of the RF en vironment.When[...]

  • Página 150

    6-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates Step 3 speed 802.11b, 2.4-GHz radio: {[ 1.0 ] [ 11.0 ] [ 2.0 ] [ 5.5 ] [ basic-1.0 ] [ basic-11.0 ] [ basic- 2.0 ] [ basic-5.5 ] | range | thro ughput } 802.11g, 2.4-GHz radio: {[ 1.0 ] [ 2.0 ] [...]

  • Página 151

    6-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring MCS Rates Use the no form of the speed command to remov e one or more data rates from the conf iguration. This example sho ws how t o remov e data rates basic-2.0 and basic-5.5 fr om the conf iguration: ap1200#[...]

  • Página 152

    6-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radio Transmit Powe r MCS rates are confi gured using the speed command. The follo wing example sho ws a speed setting for an 802.11n 5-GHz radio: interface Dot11Radio0 no ip address no ip route-cache ! ssid 125[...]

  • Página 153

    6-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Radi o Transmit Power Step 2 Click T echnical Support & Documentation . A small window appears contai ning a list o f technical support links. Step 3 Click T echnical Support & Documentati on . The T ec[...]

  • Página 154

    6-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radio Transmit Powe r Use the no form of the po wer command to return the po wer setting to maximum , the defa ult setting. Step 3 power local These option s are a v ailable for the 802.11b, 2.4-GHz radio (in mW[...]

  • Página 155

    6-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Radi o Transmit Power Limiting the Power Level for Associated Client Devices Y ou can also limit the po wer le vel on client de vices that associate to the wirel ess dev ice. When a client dev ice associates to[...]

  • Página 156

    6-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Use the no form of the client power command to disabl e the maximum po wer level for associat ed clients. Note Aironet extensions must be enabled to limit the po wer lev el on associated [...]

  • Página 157

    6-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s Because they change frequent ly , channel settings are not in cluded in this document. F or up-to-date information on channel settings for your access point or bridge, see the Channels a[...]

  • Página 158

    6-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Dynamic Frequency Selection Access points with 5-GHz radios configured at th e factory for use in the United States, Europe, Singapore, K orea, Japan, Israel, and T aiwan no w comp ly wi [...]

  • Página 159

    6-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s If radar is detected on a manually con figur ed DFS channel, the channel will be cha nged automatically and will not return to the configured channel. Prior to transmitt ing on an y chan[...]

  • Página 160

    6-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Confirming that DFS is Enabled Use the show controllers dot11radio1 command to conf irm that DFS is enabled. The command also includes indicat ions that uniform spreading is requ ired and[...]

  • Página 161

    6-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s The follo wing e xample selects channel 36 and conf igures it to use DFS on a frequency band 1: ap#configure terminal ap(config)interface dot11radio1 ap(config-if) channel 36 ap(config-i[...]

  • Página 162

    6-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Loca tion-Based Services This exampl e sho ws ho w to unb lock all frequencies for DFS: ap(config-if)# no dfs band block Setting the 802.11n Guard Interval The 802.11n guard interv al is the period in nanosecond[...]

  • Página 163

    6-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring Location-Base d Services Figure 6-2 Basic LBS Networ k Configuration The access points that you conf igure for LBS should be in the same vicinity . If only one or two access points report messages from a tag, t[...]

  • Página 164

    6-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Enabling and Disabling World Mode In this e xample, the prof ile southside is enabled on th e access poi nt 802.11g radi o: ap# configure terminal ap(config)# dot11 lbs southside ap(dot11-lbs)# server-address 10.91.105.90 p[...]

  • Página 165

    6-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Disabling and Enabling Short Rad io Preambles Use the no form of the command to disable world mode. Disabling and Enabling Short Radio Preambles The radio preamb le (s ometimes called a header ) is a section of data at the[...]

  • Página 166

    6-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring Transmit and Receive Antenna s Short preambles are enab led by default. Use the pr eamble-short command to enable short preambles if they are disa bled. Configuring Transmit and Receive Antennas Y ou ca n select[...]

  • Página 167

    6-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Enabling and Disab ling Gratuitous Probe Response Enabling and Disabling Gratuitous Probe Response Gratuitous Probe Response (GPR) aids in conservi ng battery po wer in dual mode phones that support cellular and WLAN modes[...]

  • Página 168

    6-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Disabling and Enabling Aironet Extens ions (config-if)# probe-response gratuitous speed 12.0 (config-if)# probe-response gratuitous period 30 speed 12.0 Use the no form of the command to disable the GPR feature. Disabling a[...]

  • Página 169

    6-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuring the Ethernet Encaps ulation Transformation Method Configuring the Ethernet Encapsulation Transformation Method When the wireless device receiv es data packets that are not 802.3 packets, the wireless de vice mu[...]

  • Página 170

    6-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Enabling and Disabling Public Secure Pa cket Forwarding Note This feature is best sui ted for use with stati onary workgroup bridges. Mobile w orkgroup bridges mig ht encounter spots in the wireless device's co verage [...]

  • Página 171

    6-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Enabling and Disabling Pu bl ic Secure Packet Forwa rding PSPF is disabled by default. Be ginning in pri v ileged EXEC mode, follo w these steps to enable PSPF: Use the no form of the command to disable PSPF . Configuring [...]

  • Página 172

    6-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring the Beaco n Period and the DTIM Configuring the Beacon Period and the DTIM The beacon period is the amount of time between acc ess po int beacons in Kilomicroseconds. One Kµsec equals 1,024 m icroseconds. The D[...]

  • Página 173

    6-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Configuri ng the Maxi mum Data Retries Use the no form of the command to reset the R TS settings to def aults. Configuring the Maximum Data Retries The maximum data retries setting determines the nu mber of attempts the wi[...]

  • Página 174

    6-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Enabling Short Slot Tim e for 802.11g Radios Use the no form of the command to reset the setting t o defaults. Enabling Short Slot Time for 802.11g Radios Y ou can increase throughput on the 802.11g, 2 .4-GHz radio by enabl[...]

  • Página 175

    6-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Viewing VoWLAN Metrics The Stream page appears. Step 4 Click the tab for the radio to co nfigu re. Step 5 For both CoS 5 (V ideo) and CoS 6 (V oice) user priorities, ch oose Lo w Latenc y from the P acket Handlin g drop-do[...]

  • Página 176

    6-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Viewing Voice Reports Y ou ca n use a browser to access voice reports listing V oWL AN metrics stored on a WLSE. Y o u can view reports for access point groups and for indi vidual access p oints. T o [...]

  • Página 177

    6-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Viewing VoWLAN Metrics • T o view a graph of v oice bandwidth in use during the last hour , choose Bandwidth In Use (% Allowed) from the Report Name drop-do wn list. • T o view graphs of v oice streams in progress, cho[...]

  • Página 178

    6-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-6 V oice Streaming Pr ogr ess Viewing Wireless Client Reports In addition to vie wing voice reports from an access point perspective, you can vie w them from a client perspective. F or e ver[...]

  • Página 179

    6-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Viewing VoWLAN Metrics Figure 6-7 Wir eless Client Metr ics Viewing Voice Fault Summary The Faults > V oice Summary page in WLSE displays a summary of the faults detected with the follo wing voice fault types: • Exces[...]

  • Página 180

    6-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-8 V oice Fault Summary Configuring Voice QoS Settings Y ou can use WLSE Faults > V oice QoS Settings scre en to define the v oice QoS thresholds for the follo wing parameter s: • Down s[...]

  • Página 181

    6-41 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Viewing VoWLAN Metrics Figure 6-9 V oice QoS Settings Configuring Voice Fault Settings Y ou can use WLSE Faults > Manage F ault Settings sc reen to enab le fault generation and specify the priority of th e faults genera[...]

  • Página 182

    6-42 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Configuring ClientLink Configuring ClientLink Cisco ClientLink (referred to as Beam Fo rming) is an intelligent beamformin g technology that directs the RF signal to 802.11a/g de vices to improv e performance by 65%, impro [...]

  • Página 183

    6-43 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 6 Configuring Radio Settin gs Debugging Radio Functions This exampl e sho ws ho w to beg in debu gging of all radio-related e vents: AP# debug dot11 events This exampl e sho ws how to begin d ebuggi ng of radio packets: AP# debug dot11 packets This exa[...]

  • Página 184

    6-44 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 6 Configuring Radio Settings Debugging Radi o Functions[...]

  • Página 185

    CH A P T E R 7-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 7 Configuring Multiple SSIDs This chapter describe s how to configure and manage multiple Service Set Identif iers (SSIDs) on the access point. This chapter contains the following sections: • Understanding Multiple SSIDs, page 7-2 • Config urin[...]

  • Página 186

    7-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Understanding Multiple SSIDs Understanding Multiple SSIDs The SSID is a unique identif ier that wireless networki ng devices use to esta blish and m aintain wi reless connectivity . Multiple access points on a network or s[...]

  • Página 187

    7-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Understanding Multiple SSIDs Cisco IOS Release 12.3(10b)J A supports conf iguration of SSID parameters at the interface le vel on th e CLI, but t he SSIDs are stored in global mode. Storing all SSI Ds in global mode ensures [...]

  • Página 188

    7-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple SSIDs Configuring Multiple SSIDs These sections contain conf iguration information for multip le SSIDs: • Default SSID Confi guration, page 7-4 • Creating an SSID Globally , page 7-4 • Using a RA[...]

  • Página 189

    7-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple SSIDs Step 3 authentication client username username password passwor d (Optional) Set an authen tication username and password that the access point uses to authenti cate to the network when in repeater[...]

  • Página 190

    7-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple SSIDs Note Y o u use the ssid command authenticatio n options to configure an authen tication type for each SSID. See Chapter 9, “Configuring an Access Point as a Local Authenticator, ” for in stru[...]

  • Página 191

    7-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple SSIDs ssid buffalo vlan 7 authentication open Howe ver , this sample output from a show dot11 associations pri vileged EXEC command sho ws the spaces in the SSIDs: SSID [buffalo] : SSID [buffalo ] : SSID[...]

  • Página 192

    7-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple Basic SSIDs Configuring Multiple Basic SSIDs Access point 802.1 1a, 802.11g, 802.11n radios support up to 8 basic SSIDs (BSSIDs), which are similar to MA C addresses. Y ou use multiple BSSIDs to a ssig[...]

  • Página 193

    7-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple Basic SSIDs Figure 7 -1 Global SSID Manager P age Step 2 Enter the SSID name in the SSID fie l d . Step 3 Use the VLAN drop-do wn list to select the VLAN to which the SSID is assign ed. Step 4 Select the[...]

  • Página 194

    7-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple Basic SSIDs Step 7 (Optiona l) In the Mul tiple BSSI D B eacon Settings section, select the Set SSID as Guest Mode check box to include the SSID in beacons. Step 8 (Optional) T o increase the battery [...]

  • Página 195

    7-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Assigning IP Redirection for an SSID Assigning IP Redirection for an SSID When you conf igure IP redirection for an SSID, the access point redire cts all packets sent from c lient devices associated to that SSID to a specif[...]

  • Página 196

    7-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs Assigning IP Redirection for an SSID Guidelines for Using IP Redirection K eep these guidelines in mind when using IP redirection: • The access point does not redire ct broadcast, unicas t, or multicast BOOTP/DHCP packe[...]

  • Página 197

    7-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs Including an SSID in an SSIDL IE This example sho w s ho w to configure IP redirection only for packets sent to the sp ecific TCP and UDP ports specif ied in an A CL applied to the BVI1 inte rface. When the access point rec[...]

  • Página 198

    7-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs NAC Support for MBSSID NAC Support for MBSSID Networks must be protected fr om security threats, su ch as viruses, worms, and spyw are. These security threats disrupt b usiness, causing do wntime and continual patching. E[...]

  • Página 199

    7-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID When a client associates and the RADIUS server dete rmines that it is unh ealthy , the server returns one of the quarantine N A C VLANs in its RADIUS auth entication response for dot1x auth entication[...]

  • Página 200

    7-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs NAC Support for MBSSID Configuring NAC for MBSSID Note This feature supports only Layer 2 mobility within VLANs. Layer 3 mob ility using netwo rk ID is not supported in this feature. Note Before you attempt to enable NA C[...]

  • Página 201

    7-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID authentication open authentication network-eap eap_methods ! dot11 ssid mktg vlan mktg-normal backup mktg-infected1, mktg-infected2, mktg-infected3 authentication open authentication network-eap eap_m[...]

  • Página 202

    7-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 7 Config uring Multi ple SSIDs NAC Support for MBSSID[...]

  • Página 203

    CH A P T E R 8-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 8 Configuring Spanning Tree Protocol This chapter descibes ho w to configure Spanning T r ee Protocol (STP) on your access point/bridge. This chapter contains the following sections: • Understanding Spanning Tree Protocol, page 8-2 • Config uri[...]

  • Página 204

    8-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol Understanding Spanning Tree Protocol This section describes ho w spanning-tree features work. It includes this information: • STP Overvie w , page 8-2 • Access Point/Bridge [...]

  • Página 205

    8-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol The access point/bridge maintain s a separate spanning -tree instance for each ac tiv e VLAN configu red on it. A bridge ID, con sisting of the brid ge priority and the access po[...]

  • Página 206

    8-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol When a access point/bridge receiv es a configuration BPDU that contains superior information (lower access point/bridge ID, lower path cost , and so forth), it st ores the infor[...]

  • Página 207

    8-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol BPDUs contain information about the sending acce ss point/bridge and its po rts, including access point/bridge and MA C addresses, access point/bridge pr iority , port pr iority [...]

  • Página 208

    8-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol Spanning-Tree Interface States Propagation dela ys can occur when p rotocol informa tion passes throug h a wireless LAN. As a re sult, topology changes can take pl ace at dif fe[...]

  • Página 209

    8-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol When the spanning-tree algorithm pl aces a Laye r 2 interface in the forwarding state, this process occ urs: 1. The interface is in the listening st ate while spanning tree wa it[...]

  • Página 210

    8-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features • Receiv es BPDUs Forwarding State An interface in the forwar ding state forwards frames . The interface enters the fo rwarding sta te from the learning state. An interface in the forw ard[...]

  • Página 211

    8-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features The radio and Ethernet interfaces and the nati ve VLAN on the access point/bridge are as signed t o bridge group 1 by def ault. When you enable STP and assign a priori ty on bridge grou p 1,[...]

  • Página 212

    8-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features STP Configuration Examples These configuration e x amples sho w how to enable STP on root and non-root acc ess point/bridges w ith and without VL ANs: • Root Bridge W ithout VLANs, page 8[...]

  • Página 213

    8-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features Non-Root Bridge Without VLANs This exampl e sho ws the conf iguration of a non-root bridge with no VLANs conf igured with STP enabled: hostname client-bridge-north ip subnet-zero ! bridge i[...]

  • Página 214

    8-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features ! interface Dot11Radio0 no ip address no ip route-cache ! ssid vlan1 vlan 1 infrastructure-ssid authentication open ! speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 rts threshold 2312 st[...]

  • Página 215

    8-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features bridge 2 priority 10000 bridge 3 protocol ieee bridge 3 priority 3100 ! line con 0 exec-timeout 0 0 line vty 5 15 ! end Non-Root Bridge with VLANs This exampl e sho ws the conf iguration of[...]

  • Página 216

    8-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 8 Configur ing Spanning Tree Protocol Displaying Spanning-T ree Status encapsulation dot1Q 1 native no ip route-cache bridge-group 1 ! interface FastEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 ! interface FastEthernet0.3 encapsul[...]

  • Página 217

    CH A P T E R 9-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 9 Configuring an Access Point as a Local Authenticator This chapter describes ho w to conf igure the access poin t as a local authentica tor to serve as a stand-alone authenticator for a small wireless LAN or to pro v ide backup authentication serv[...]

  • Página 218

    9-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Understanding Local Authentication Understanding Local Authentication Many smal l wireless LANs that could be made more secure w ith 802.1x authenticatio n do not ha ve access to a RADIUS server .[...]

  • Página 219

    9-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator Guidelines for Local Authenticators Follo w these guidelines w hen configuring an access point as a local authenticator: • Use an access point that does not se[...]

  • Página 220

    9-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r Step 3 radius-server local Enable the access point as a local authenticator and enter conf iguration mode for the auth enticator . Step 4 nas ip-addr ess key sha[...]

  • Página 221

    9-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator This exampl e sho ws ho w to set up a lo cal authenticator used by three access points with three user groups and sev eral users: AP# configure terminal AP(confi[...]

  • Página 222

    9-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r AP(config-radsrv)# user 00095125d02b password 00095125d02b group cashiers AP(config-radsrv)# user 00079431f04a password 00079431f04a group cashiers AP(config-rad[...]

  • Página 223

    9-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator Each time the access point t ries to use the main serv ers while they are do wn, th e client device trying to authenticate might repor t an authentication timeou[...]

  • Página 224

    9-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r In this example, the local authenticat or generates a P A C for the username joe , password-protects the file with the password bingo , sets the P AC to e xpire [...]

  • Página 225

    9-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator Limiting the Local Authenticator to One Authentication Type By default, a local authenticator access poi nt performs LEAP , EAP-F AST , and MA C-based authentica[...]

  • Página 226

    9-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r The second section lists stats for each acces s point (N A S) authorized to use th e local authenticator . The EAP-F A ST statistics in th is section include th[...]

  • Página 227

    CH A P T E R 10-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 10 Configuring Cipher Suites and WEP This chapter describes ho w to configure th e cipher suites required to use W i-Fi Protected Access (WP A) and Cisco Cen tralized Key Management (CCKM) aut henticated key manageme nt, W ired Equiv ale nt Pri va[...]

  • Página 228

    10-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 10 Configurin g Cipher Suites and WEP Understanding Cipher Suites and WEP Understanding Cipher Suites and WEP This section descri bes ho w WEP and cipher suit es protect traf fic on your wireless LAN. Just as anyone with in range of a radio station can[...]

  • Página 229

    10-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 10 Configuring Cipher Suites a nd WEP Configuring Cipher Suites an d WEP • TKIP (T emporal K ey Integrit y Protocol)—TKIP is a suite of algorithms sur rounding WEP that is designed to ac hiev e the best possible se curity on legacy hardware built t[...]

  • Página 230

    10-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Ci pher Suites and WEP Beginni ng in pri vileged EXEC mode, foll ow these st eps to create a WEP ke y and set the key properties: This example sh ow s how to create a 128-bit WEP k ey in slot 3 f or VLA[...]

  • Página 231

    10-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 10 Configuring Cipher Suites a nd WEP Configuring Cipher Suites an d WEP WEP Key Restrictions T able 10-1 lists WEP key restrictions based o n your securit y configuration. Example WEP Key Setup T able 10-2 shows an e xample WEP key setup that would wo[...]

  • Página 232

    10-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Ci pher Suites and WEP Note If you enable MIC but you use static WEP (you do not enable an y type of EAP authentication), both the access point and any devices with whic h it co mmunicates must use the [...]

  • Página 233

    10-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 10 Configuring Cipher Suites a nd WEP Configuring Cipher Suites an d WEP Use the no form of the encryption command to disable a cipher suite. Matching Cipher Suites with WPA or CCKM If you conf igure your access point to use WP A or CCKM authenticated [...]

  • Página 234

    10-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Ci pher Suites and WEP Note If using WP A and CCKM as ke y ma nagement, only tkip and aes ciphers are supported . If using only CCKM as key management, ckip, cmic, ckip-cmic, tkip, wep, and aes ciphers [...]

  • Página 235

    10-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 10 Configuring Cipher Suites a nd WEP Configuring Cipher Suites an d WEP Beginni ng in pri vile ged EXEC mode, follo w th ese steps to enable broadcast k ey rotati on: Use the no form of the encryption command to disable b roadcast key rotation. This e[...]

  • Página 236

    10-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Ci pher Suites and WEP[...]

  • Página 237

    CH A P T E R 11-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 11 Configuring Authentication Types This chapter describes how to conf igure authenticati on types on the access point. This chapter contains the following sections: • Understanding Authen tication T ypes, page 11-2 • Config uring Authenticati[...]

  • Página 238

    11-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Understanding Authentication Types This section describes the authentication types that you can co nfigure on the access point. The authentication types are ti ed to the SSIDs tha[...]

  • Página 239

    11-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types Figur e 1 1 -1 Sequence for Open A uthentication Shared Key Authentication to the Access Point Cisco provides shared k ey authenti cation to comply with the IEEE 8 02.11b standard.[...]

  • Página 240

    11-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types EAP Authentication to the Network This authentication t ype provides t he highest le vel o f security for your wireless network. By using t he Extensible A uthentica tion Protoco [...]

  • Página 241

    11-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types There is more than one typ e of EAP authentication, b ut the access point behav es the same way for each type: it re lays authen tication m ess ages from the wireless client de vic[...]

  • Página 242

    11-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Figur e 1 1 -4 Sequence for MAC-Based A uthentication Combining MAC-Based, EAP, and Open Authentication Y ou can set up the access point to authenticate c lient devices using a co[...]

  • Página 243

    11-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types Figure 11-5 sho ws the reassociation proce ss using CCKM. Figur e 1 1 -5 Client R eassociation Using CCKM Using WPA Key Management W i-Fi Protected Acces s (WP A) is a st anda rds-[...]

  • Página 244

    11-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Figure 11-6 sh ows the WP A key management process. Figure 1 1 -6 WP A Key Management Pr ocess Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP T able 11-1 lis[...]

  • Página 245

    11-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types T o support the security combi nations in T able 11-1 , your Ci sco Aironet access p oints and Cisco Airon et client de vices must run the follo wing software and f irmware v ersio[...]

  • Página 246

    11-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Note When you configure TKIP -only cipher encryp tion (not TKIP + WE P 128 or TKIP + WEP 40 ) on any radio interface o r VLAN, e ver y SSID on that radio or VLAN must be set to use[...]

  • Página 247

    11-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Step 3 authentication open [ mac-address list -name [ alter nate ]] [[ optional ] eap list-name ] (Optional) Set the authenticati on type to open for this SSID. Open authenticati [...]

  • Página 248

    11-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Step 5 authentication network-eap list-name [ mac-address list -name ] (Optional) Set the authenticati on type for the SSID to Network-EAP . Using the Extensible Authenti cation Pr[...]

  • Página 249

    11-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Use the no form of the SSID commands to disable th e SSID or to disable SSID features. This exampl e sets the authenticati on type for the SSID batman to Network-EAP wi th CCKM au[...]

  • Página 250

    11-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Configuring Additional WPA Settings Use two optional sett ings to conf igure a preshar ed key o n the access point and adjust the frequ ency of group k ey upd ates. Setting a presh[...]

  • Página 251

    11-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types This exampl e sho ws ho w to conf igure a preshared ke y for clients using WP A and static WEP , with group ke y update options: ap# configure terminal ap(config-if)# ssid batman [...]

  • Página 252

    11-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types This exampl e sho ws how to enable MA C authentication caching with a one-hour timeout: ap# configure terminal ap(config)# dot11 aaa mac-authen filter-cache timeout 3600 ap(config)[...]

  • Página 253

    11-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Use the no form of these commands to reset the v alues to default settings. Creating and Applying EAP Method Pr ofiles for the 802.1X Supplicant This section descri bes the option[...]

  • Página 254

    11-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Creating an EAP Method Profile Beginni ng in pri vile ged ex ec mode, follo w these steps to define a ne w EAP profile: Use the no command to negate a command or set it s defaults.[...]

  • Página 255

    11-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Matching Access Point and Client Device Authentication Type s Applying an EAP Prof ile to an Uplink SSID This operation typical ly applies to repeater access points. Be ginning in the pri vileged e xec mode, fol lo[...]

  • Página 256

    11-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Matching Access Point and Client Device Au thentication Types T able 1 1 -2 Client and Access P oint Security Set tings Security Feature Client Setting Access Point Setting Static WEP with open authentication Creat[...]

  • Página 257

    11-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Matching Access Point and Client Device Authentication Type s 802.1X authen tication and CCKM Enable LEAP Select a ciph er suite and enable Network-EAP an d CCKM for the SSID Note T o allow both 80 2.1X clients and[...]

  • Página 258

    11-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement Guest Access Management Guest Access allows a guest to gain access to the Internet, and the guest’ s o wn enterprise wit hout compromising the security o f the host enterprise. EAP-MD5 au[...]

  • Página 259

    11-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Guest Access Management Guest access is allowed through these method s: • W eb Authentication (secured) • W eb Pass-through Web Authentication (secured ) W eb authentication is a Layer 3 security feature that e[...]

  • Página 260

    11-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement Beginni ng in pri vile ged EXEC mode, use these commands to enable W eb Pass-through : – ap(config)# ip admission name W eb_passthrough consent – ap(config)# interface dot11Radio 0 – [...]

  • Página 261

    11-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 11 Configuring Authen tication Types Guest Access Management Guest access is allo wed for a maximum of twent-four days and a mini mum of fi ve minutes. Beginni ng in pri vile ged EXEC mode, use this command to delete a gu est user: ap# clear dot11 gue[...]

  • Página 262

    11-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement – ap(config-ext-nacl)# permit tcp any host 40.40.5.10 eq 443 – ap(config-ext-nacl)# exit Note acl-in and acl-out are the names of the Access-list. These acl's allo w you to downloa[...]

  • Página 263

    CH A P T E R 12-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access points for wireless domain services (WDS), fast, secure roaming of cli ent devices, radio mana[...]

  • Página 264

    12-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding WDS Understanding WDS When you conf igure W ireless Domain Services on your netw ork, access points on your wi reless LAN use the WDS device ([...]

  • Página 265

    12-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Understanding Fast Secure Roaming Role of Access Points Using the WDS Device The access points on your wir eless LAN intera ct with the WDS device in[...]

  • Página 266

    12-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding Fast Secure Roaming Figur e 12-1 Client Au thentication Using a RADIUS Server When you conf igure your wireless LAN for fast, secure roaming, [...]

  • Página 267

    12-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Understanding Radio Mana gement device. The WDS de vice forwards the client’ s cred entials to the new access point, and the ne w access point send[...]

  • Página 268

    12-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding Wireless Intr usion Detection Services Figur e 12-3 Require d Components for Lay er 3 Mobility Click this link to bro wse to the information p[...]

  • Página 269

    12-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS access points. The WLSE examines the BRIDG E MIB of each CDP-discovered switch to determine if they contain an y of the target MA C a[...]

  • Página 270

    12-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS • Config uring the Authenticatio n Server to Supp ort WDS, page 12-15 • Config uring WDS Only Mode, page 1 2-19 • V ie wing WDS Inform[...]

  • Página 271

    12-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Figure 12-4 sho ws the required configuration for each de vice that pa rticipates in WDS. Figure 12-4 Config urations on Devices Par [...]

  • Página 272

    12-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS On the access point that you want to conf igure as your primary WDS access point, follo w these steps to configure the access point as the [...]

  • Página 273

    12-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 5 In the W ireless Domain Services Priority f ield, enter a priority number f rom 1 to 255 to set the prio rity of this WDS ca [...]

  • Página 274

    12-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figur e 12-7 WDS Server Gr oups P age Step 10 Create a group of serv ers to be used for 802.1x authenticati on for the infrastructure de vi[...]

  • Página 275

    12-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 14 Config ure the list of serv ers to be us ed for 802.1x authenticat ion for client de vices. Y ou can specify a separate list[...]

  • Página 276

    12-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Configuring Access Points to use the WDS Device Follo w these steps to configure an access point to authenti cate through the WDS de vice a[...]

  • Página 277

    12-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS The access points that you configur e to interact with the WDS auto matically perform these steps: • Discov er and track the curre[...]

  • Página 278

    12-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figur e 12-9 Networ k Configuration P age Step 2 Click Add Entry unde r the AAA C lients tabl e. The Add AA A Client page appears. Figure 1[...]

  • Página 279

    12-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Figure 12-1 0 Add AAA Client P age Step 3 In the AAA Client Hostname f ield, enter the name of the WDS de vice. Step 4 In the AAA Cl[...]

  • Página 280

    12-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Step 9 Click User Setup to bro wse to the User Setup page. Y ou must use th e User Setup page to crea te entries for the access points that[...]

  • Página 281

    12-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 13 Select CiscoSecure Database from the P assword Aut hentication drop-d own li st. Step 14 In the Passw ord and Conf irm Passw[...]

  • Página 282

    12-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Viewing WDS Information On the web-b rowser interface, browse to the W irele ss Services Summary page to vie w a summary of WDS status. On [...]

  • Página 283

    12-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Fast Secure Roaming Using Debug Messages In pri vileg ed ex ec mode, use these deb ug commands to control the display of deb ug messages[...]

  • Página 284

    12-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fa st Secure Roaming Configuring Access Points to Support Fast Secure Roaming T o support fast, secure roaming, the access poi nts on your wir [...]

  • Página 285

    12-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Fast Secure Roaming Figure 12-15 Global SSID Ma nager P age Step 6 On the SSID that suppor ts CCKM, select these settings: a. If your ac[...]

  • Página 286

    12-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fa st Secure Roaming c. Select Mandatory or Optional under Authenticate d Ke y Managemen t. If you select Mandatory , only clients that support[...]

  • Página 287

    12-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Management Frame Protection Step 4 Click the over-air or ove r -ds radio butt on. Step 5 Enter the reassociation time. The v alues range[...]

  • Página 288

    12-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Management Frame Pro tection Management Frame Protection operation requires a WDS and is av ailable on 32 Mb platforms only (1130, 1140, 1240, [...]

  • Página 289

    12-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Management Frame Protection rejected. If you attempt to change the ke y management with Client MFP conf igured as required and ke y mana[...]

  • Página 290

    12-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Management Frame Pro tection Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure the WDS: Management Frame Protection with [...]

  • Página 291

    12-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Management Frame Protection This CLI command is us ed to en able 802.11w on the access point: ap(config-ssid)# 11w-pmf client r equired/[...]

  • Página 292

    12-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Radio Manage ment Configuring Radio Management When you conf igure access points on y our wireless LAN to use WDS, the access points automatica[...]

  • Página 293

    12-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Radio Mana gement Figure 12-1 7 WDS/WNM General Setup P age Step 4 Check the Configure W ireless Network Manager check box. Step 5 In th[...]

  • Página 294

    12-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Access Points to Participate in WIDS Configuring Access Points to Participate in WIDS T o partic ipate in WIDS, access points must be configure[...]

  • Página 295

    12-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Access Points to Participate in WIDS Beginning in pri vile ged EXEC mode, follo w these st eps to configure the access point to capture [...]

  • Página 296

    12-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Access Points to Participate in WIDS Configuring Monitor Mode Limits Y ou c an configure threshold v a lues that the access po int uses in moni[...]

  • Página 297

    CH A P T E R 13-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 13 Configuring RADIUS and TACACS+ Servers This chapter describes ho w to enable and configur e the Remote Authen ticati on Dial-In Use r Service (RADIUS) and T erminal Access Cont roller Access Control System Plus (T A CA CS+), that provides detai[...]

  • Página 298

    13-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthorized access. RADIUS clien ts run on suppo rted Cisco devices and send a[...]

  • Página 299

    13-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Figur e 13-1 Sequence fo r EAP A uthentication In Steps 1 through 9 in Fi gure 13-1 , a wireless client devi ce and a RADIUS serv er on the wired LAN use 802.1x and EAP to perf[...]

  • Página 300

    13-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS A method list def ines the sequence and methods to be used to au thenticate, to author ize, or to keep accounts on a user. Y ou can use method lists to designate one or more se[...]

  • Página 301

    13-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Y ou identify R ADIUS security server s by their host name or IP address, host name and specif ic UDP port numbers, or t heir IP address and specif ic UDP po rt numbers. The co[...]

  • Página 302

    13-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Step 3 radius server {hostname | ip-address}[ auth-port port-numb er ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r i e s ] [ key string ] Note This comman[...]

  • Página 303

    13-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T o remove the specified RADIUS server , use the no radius-server host hostna me | ip-addr ess glo bal confi guration command. This example shows ho w to configure one RADIUS s[...]

  • Página 304

    13-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o disable AAA, use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [ [...]

  • Página 305

    13-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Defining AAA Server Groups Y ou can configure the access point t o use AAA server gr oups to group e xisting serv er hosts for authentication. Y o u select a subset of the conf[...]

  • Página 306

    13-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r i e s ] [ key string ] Specify[...]

  • Página 307

    13-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T o remove the specified RADIUS server , use the no radius-server host hostna me | ip-addr ess glo bal confi guration command. T o remov e a server group from t he config urat[...]

  • Página 308

    13-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Beginni ng in pri vileged EXEC mode, fol lo w these steps to specify RADIUS authorizatio n for pri vile ged EXEC access and network services: T o dis able authorization, use t[...]

  • Página 309

    13-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Note When WDS is configured, PoD requ ests should be directed to the WDS. The WDS forwards the disassociation request to the parent access point and th en purges the sessi on [...]

  • Página 310

    13-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o disable accounting, use the no aaa accounting { network | exec } { start-stop } method1... global confi guration command. Selecting the CSID Format Y ou c an select the fo[...]

  • Página 311

    13-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Configuring Settings fo r All RADIUS Servers Beginni ng in pri vile ged EXEC mode, follo w these steps to configure global com munication settin gs between the acc ess point a[...]

  • Página 312

    13-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS This ex ample sho ws how to set up two main serv ers and a local authenticator with a serv er deadtime of 10 minutes: AP(config)# aaa new-model AP(config)# radius-server host [...]

  • Página 313

    13-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS For a complete list of RADIUS attribut es or more information about VSA 26, refer to the “RADIUS Attrib utes” appendix in th e Cisco IOS Security Conf iguration Guide f or[...]

  • Página 314

    13-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o delete the vendor -proprietary RADIUS host, use the no radius-server host { hostna me | ip-addr ess } non-standard global conf iguration command. T o disable the key , use[...]

  • Página 315

    13-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Beginning in pri vile ged EXEC mode, follo w these st eps to specify WISPr RADIUS attributes on the access point: This exampl e sho ws ho w to conf igur e the WISPr location-n[...]

  • Página 316

    13-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS RADIUS Attributes Sent by the Access Point T able 13-2 through Ta b l e 1 3 - 6 identify the at trib utes sent by an a ccess point to a client in access-request, access-accept[...]

  • Página 317

    13-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T able 1 3-4 At tr ibutes Sent in Ac counting-Request (start) P ack ets Attribute ID Description 1U s e r - N a m e 4 N AS-IP-Addres s 5N A S - P o r t 6 Service-T ype 25 Clas[...]

  • Página 318

    13-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Note By default, the access point sends reauthenticati on requests to the authenticat ion server with the service-type attrib ute set to authenticat e-only . Ho wever , some M[...]

  • Página 319

    13-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ Configuring and Enabling TACACS+ This section contains this conf iguration information: • Understanding T A CACS+, p age 13-23 • T A CACS+ Operation, p age 13-24 • Confi[...]

  • Página 320

    13-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ TACACS+ Operation When an administrator attempts a simple ASCII login by authenticating to an access po int using T A CA CS+, this process occurs: 1. When the connection i s [...]

  • Página 321

    13-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ This section contains this conf iguration information: • Default T ACA CS+ Conf iguration, page 13-25 • Identifying t he T A CA CS+ Server Host and Setting the A uthentica[...]

  • Página 322

    13-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ T o remove the specified T A CA CS+ server name or address, use the no tacacs-server host hostname global conf iguration command. T o remove a ser ver group fro m the conf ig[...]

  • Página 323

    13-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ T o disable AAA, use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [[...]

  • Página 324

    13-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ The aaa authoriza tion exec ta cacs+ local command set s these authorization pa rameters: • Use T A CA CS+ for privile ged EXEC access authorization if authent ication was [...]

  • Página 325

    13-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ T o disable accounting, use the no aaa accounting { network | exec } { start-stop } method1... global confi guration command. Displaying the TACACS+ Configuration T o display [...]

  • Página 326

    13-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+[...]

  • Página 327

    CH A P T E R 14-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 14 Configuring VLANs This chapter describes how to configure your access point to operate with the VLANs set up on your wired LAN. This chapter contains th e follo wing sections : • Understanding VLANs, page 14-2 • Conf iguring VLANs, p age 14[...]

  • Página 328

    14-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns Understanding VLANs Understanding VLANs A VLAN is a switched network that is logically segmen ted, by functions, project teams, or applications rather than on a physical or geographical basis. For e xample, all w orkstations and s[...]

  • Página 329

    14-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 14 Configuring VLANs Understanding VLANs Figur e 14-1 LAN and VLAN Segmentation with Wireless Devices Related Documents These documents prov ide more detailed informati on pertaining to V LAN design an d conf iguration: • Cisco IOS Switchi ng Service[...]

  • Página 330

    14-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns Configuring VLANs Incorporating Wireless Devices into VLANs The basic wireless componen ts of a VLAN consist of an access point and a client associated to it using wireless technology . The access point is physically connected th [...]

  • Página 331

    14-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 14 Configuring VLANs Configuri ng VLANs Configuring a VLAN Note When you confi gure VLANs on access points, the nati ve VLAN must be VLAN1. In a sin gle architecture, client traff ic rece i ved by the access poi nt is tunneled through an IP-GRE tunnel,[...]

  • Página 332

    14-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns Configuring VLANs Step 3 ssid ssid-string Create an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up t o 32 alphanumeric characters. SSI Ds are cas e sensiti ve. The SSID can consist of up to 32 [...]

  • Página 333

    14-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 14 Configuring VLANs Configuri ng VLANs This example sho ws how to: • Name an SSID • Assign the SSID to a V LAN • Enable the VLAN on the radio and Ethernet ports as the na tiv e VLAN ap1200# configure terminal ap1200(config)# interface dot11radio[...]

  • Página 334

    14-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns Configuring VLANs Creating a VLAN Name Beginning in pri vileged EXEC mod e, follo w these steps to assign a name to a VLAN: Use the no form of the command to remov e the name from the VLAN. Use the show dot11 vlan-name priv ileged[...]

  • Página 335

    14-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 14 Configuring VLANs Configuri ng VLANs Using a RADIUS Server for Dynamic Mobility Group Assignment Y ou can configure a RADIUS server to dynamically assi gn mobility groups to users or user g roups. This eliminates the need to conf igure multiple SSID[...]

  • Página 336

    14-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns VLAN Configuration Ex ample Virtual-Dot11Radio0 Protocols Configured: Address: Received: Transmitted: Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Virtual LAN ID: 2 (IEEE 802.[...]

  • Página 337

    14-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 14 Configuring VLANs VLAN Configuration Example 4. Configure VLAN 1, the Management VLAN, on both the fastEthernet and do t11radio interfaces on the access point. Y ou should make th is VLAN the nati ve VLAN. 5. Config ure VLANs 2 and 3 on both the f [...]

  • Página 338

    14-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 14 Configuring VLA Ns VLAN Configuration Ex ample T able 14-3 shows th e results of the conf iguration commands in T able 14-2 . Use the sho w running command to display th e running conf igurati on on the access point. Notice that when yo u config ur[...]

  • Página 339

    CH A P T E R 15-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 15 Configuring QoS This chapter describes how to conf igure quality of se rvice (QoS) on your access point. W ith this feature, you can provide preferential treatment to certain traff i c at the expense of others. W ithout QoS, the access point of[...]

  • Página 340

    15-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs Understanding QoS for Wireless LANs T ypically , networks operate on a best-ef fort deliv ery ba sis, which means that all traf fic has equal priority and an equal chance of being deli vered in a t[...]

  • Página 341

    15-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs QoS on the wireless LAN focuses on do wnstream prioritization from the access point. Fi gure 15-1 sho ws the upstream and downstream traf f ic flow . Figur e 15-1 Upstream and Downstr eam T raf fic[...]

  • Página 342

    15-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs Note This release continues to support e xisting 7920 wireless phone f irmwa re. Do not attempt to u se the ne w standard (IEEE 802.11e dr aft 13) QBSS Load IE with the 7 920 W ireless Phone until [...]

  • Página 343

    15-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs Using Band Select Band Select allo ws you to mo ve to the less cong ested radios if your W i-Fi radios are capable of dual band operati on. This feat ure improves the ov erall performance of the ne[...]

  • Página 344

    15-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Configuring QoS - ap (conf ig)# dot11 ssid abcd - ap(conf ig-ssid)# band-select Configuring QoS QoS is disabled by default (ho wever , the radio interf ace al ways honors tagged 802. 1P packets e ven when you have not configured a Qo[...]

  • Página 345

    15-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Configuri ng QoS Figur e 15-2 QoS Policies P age Step 3 Wi t h <NEW> selected in the Create/Edit Polic y f ield, type a name for the QoS polic y in the Policy Name entry fi eld. The name can contain up to 25 alphanumer ic chara[...]

  • Página 346

    15-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Configuring QoS Step 4 If the packets that you need to pr ioritize contain IP preced ence information in the IP header TOS field, select an IP precedence classifica tion from the IP Precede nce drop-do w n list. Menu selections i ncl[...]

  • Página 347

    15-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Configuri ng QoS • Class Selector 1 • Class Selector 2 • Class Selector 3 • Class Selector 4 • Class Selector 5 • Class Selector 6 • Class Selector 7 • Expedited Forwarding Step 8 Use the Apply Class of Service drop-d[...]

  • Página 348

    15-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Configuring QoS Step 19 Click the A pply bu tton at the bottom of the page to apply the policies t o the access point ports. The QoS Policies Advanced Page The QoS Policies Advanced page ( Fi gure 15-3 ) Figur e 15-3 QoS Policies - [...]

  • Página 349

    15-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Configuri ng QoS IGMP Snooping When Internet Group Membership Protocol (IG MP) snooping is enabled on a switch and a client roams from one access point to another, the clients’ multicast session is dropped. When the ac cess points[...]

  • Página 350

    15-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Configuring QoS Adjusting Radio Access Categories The access point uses the radio access categories to calculate backoff times for each packet. As a rule, high-priority packets hav e short backoff times. The default v alues in the M[...]

  • Página 351

    15-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS Configuri ng QoS Figur e 15-4 Radio Access Categ or i es P a ge Note In this release, clients are blocked from using an access category when you select Enable for Admission Control. Configuring Nominal Rates When an access point rec[...]

  • Página 352

    15-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS Configuring QoS http://cisco. com/en/US/docs/wireless/access_poin t/12.4_10b_J A/command/reference/cr12410b-chap2 . html#wp325708 0 Note The abov e rates work f ine for Cisco phones. Third parties wireless phones may ha ve a dif fer[...]

  • Página 353

    15-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS QoS Configuration Examples Troubleshooting Admissio n Control Y ou can use two CLI commands to d isplay information to h elp you troubleshoot adm ission control problems: • T o display current admission control sett ings on radio [...]

  • Página 354

    15-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS QoS Configuration Example s Figure 15-5 QoS Policies P age f or V oice Example The network admin istrat or also enables the QoS element for wir eless phones setting on the QoS Policies - Adv anced page. This setting gi ves priority [...]

  • Página 355

    15-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 15 Configuring QoS QoS Configuration Examples Figure 15-6 QoS Policies P age for Video Example[...]

  • Página 356

    15-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 15 Configuring QoS QoS Configuration Example s[...]

  • Página 357

    CH A P T E R 16-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 16 Configuring Filters This chapter describe s how to configure and manage MA C address, IP , and EtherT ype filters on the access point using the we b-bro wser interface. Th is chapter contains the follo wing sections: • Understanding Filters, [...]

  • Página 358

    16-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Understanding Filters Understanding Filters Protocol filters (IP protocol , IP port, and EtherT ype) pr ev en t or allow the use of specific protocols through the acc ess point’ s Ethernet and rad io ports. Y ou can se t up ind[...]

  • Página 359

    16-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Configuring Filters Using the Web-Browser Interface This section descri bes ho w to conf igure and enab le f ilters using the web-bro wser interface. Y ou complete two steps to [...]

  • Página 360

    16-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Figure 16-1 MAC Addr ess Filters P age Follo w this link path to reach the Address Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, [...]

  • Página 361

    16-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Step 5 Use the Mask entry field to indicate ho w many bits, from left to right, the f ilter checks against the MA C address. For e xample, to require an exact matc h with the MA[...]

  • Página 362

    16-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface If clients are not f iltered immediately , click Reload on the System Confi guration page to restart t he access point. T o reach the Syst em Conf iguration page, click System[...]

  • Página 363

    16-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Step 3 Click Advanced Security to bro wse to the Adv anced Security: MA C Address Authentication page. Figure 16-4 sho ws the MAC Address Authentication page. Figur e 16-4 Adv a[...]

  • Página 364

    16-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Step 6 Click A pply . Creating a Time-Based ACL T ime-ba sed A CLs are ACLs that can be enabled or disabled for a specific period of time. This cap ability provid es robust ne[...]

  • Página 365

    16-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface ACL Logging A CL logging is not supported on the br idging interfaces of A P platforms. When applied on bridgin g interface, it wi ll work as if conf igured without “log” op[...]

  • Página 366

    16-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Figure 16-6 I P Filters P age Follo w this link path to reach the IP Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, click Filters[...]

  • Página 367

    16-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Creating an IP Filter Follo w these steps to create an IP filter: Step 1 Follo w the link path to the IP Filters page. Step 2 If you are creating a new f ilter, mak e sure <[...]

  • Página 368

    16-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Step 15 When the f ilter is complete, click A pply . The f ilter is sav ed on the access point, but it i s not enabled unti l you apply it on the Appl y Filters pa ge. Step 1[...]

  • Página 369

    16-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Figur e 16-8 Ethe rT ype Filters P age Follo w this link path to reach the EtherT ype Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list[...]

  • Página 370

    16-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Step 7 Click Add . The EtherT ype appears in the Filters Classes fi eld. T o remove the EtherT ype from the Filters Classes list, select it and click Delete Class . Repeat St[...]

  • Página 371

    CH A P T E R 17-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 17 Configuring CDP This chapter describes ho w to configure Cisco Disco very Protocol (CDP) on your access point . Note For complete syntax and usage in formation for the co mmands used in this chapter, refer to the Cisco Air onet IOS Command Refe[...]

  • Página 372

    17-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 17 Configur ing CDP Understanding CDP Understanding CDP Cisco Discov ery Protocol (CDP) is a de vice-disco v ery protocol that runs on all Ci sco network equipment. Each de vice sends identifying messages to a multicast address, and e ach device monito[...]

  • Página 373

    17-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 17 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This exampl e sho ws ho w to conf igur e and verify CDP characteristics: AP# configure terminal AP(config)# cdp holdtime 120 AP(config)# cdp time[...]

  • Página 374

    17-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 17 Configur ing CDP Monitoring and Maintaining CDP This e xample sho ws how to enable CDP . AP# configure terminal AP(config)# cdp run AP(config)# end Disabling and Enabling CDP on an Interface CDP is enabled by def ault on all supported in terfaces to[...]

  • Página 375

    17-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 17 Configuring CDP Monitori ng and Maintaining CDP Belo w are si x exampl es of output from t he CDP show pri vileged EXEC commands: AP# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds AP# s[...]

  • Página 376

    17-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 17 Configur ing CDP Monitoring and Maintaining CDP Device ID: idf2-1-lab-l3.cisco.com Entry address(es): IP address: 10.1.1.10 Platform: cisco WS-C3524-XL, Capabilities: Trans-Bridge Switch Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEt[...]

  • Página 377

    17-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 17 Configuring CDP Monitori ng and Maintaining CDP AP# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal InterfaceHoldtmeCapabilityPlatformPort ID Perdi[...]

  • Página 378

    17-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 17 Configur ing CDP Monitoring and Maintaining CDP[...]

  • Página 379

    CH A P T E R 18-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 18 Configuring SNMP This chapter describe s how to configure the Simple Network Managemen t Protocol (SNM P) on your access point. Note For complete syntax and usage info rmation for th e commands used i n this chapter , refer to the Cisco IOS Com[...]

  • Página 380

    18-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Understanding SNMP Understanding SNMP SNMP is an appli cation-layer protocol that p r ovides a message format for communication between SNMP manage rs and agents. The SN MP manager ca n be part of a net work management system (NMS)[...]

  • Página 381

    18-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 18 Configuring SNMP Understanding SNMP T able 18-1 lists the SNMP versio ns and security le vels supported on access points. For detailed infor mation on SN MPv3, click th is link to browse to the Ne w F eature Do cumentation for Cisco IOS Release 12.0[...]

  • Página 382

    18-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Understanding SNMP SNMP Agent Functions The SNMP agent responds to SNMP manager request s as follo ws: • Get a MIB variable—The SNM P agent b egins this func tion in r esponse to a request f rom the NMS. The agent retriev e s t[...]

  • Página 383

    18-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 18 Configuring SNMP Configuring SNMP Configuring SNMP This section descri bes ho w to conf igure SNMP on your access point. I t contains this conf iguration inform ation: • Default SNMP Conf iguration, page 18-5 • Enabling the SNMP Agent, page 18-5[...]

  • Página 384

    18-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Configuring SNMP Configuring Community Strings Y ou use the SNMP community string to def ine th e relationship between the SNMP manager and the agent. The community stri ng acts like a passw ord to permit access to the agent on the[...]

  • Página 385

    18-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 18 Configuring SNMP Configuring SNMP T o disable access for an SNMP community , set the communi ty string for that community to the null string (do not enter a v alue for th e community string). T o remov e a specif ic community string , use the no snm[...]

  • Página 386

    18-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Configuring SNMP Configuring SNMP-Server Hosts T o configure the recip ient of an SNMP trap oper ation, use the follo wing command in global confi guration mode: Configuring SNMP-Server Users T o configure a ne w user to an SNMP gr[...]

  • Página 387

    18-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 18 Configuring SNMP Configuring SNMP Some notif ication types cannot be contro lled with the snmp-server enable global conf iguration command, such as udp-port . These notification types are always enabled. Y ou can use the snmp-server host global conf[...]

  • Página 388

    18-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Configuring SNMP T o remov e the specified hos t from receiving traps , use the no snmp-server host host global confi guration command. T o disable a specif ic trap type, use the no snmp-server enable traps notif ication-t ypes gl[...]

  • Página 389

    18-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 18 Configuring SNMP Configuring SNMP This example sho ws how to assign the strings open and ieee to SNMP , to allow read-write access for both, and to specify that open is the community string for quer ies on non-IEEE80 2dot11-MIB objects and ieee is [...]

  • Página 390

    18-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 18 Configu ring SNMP Displaying SNMP Status AP(config)# snmp-server group admin v3 priv read iso write iso AP(config)# snmp-server user joe admin v3 auth md5 xyz123 priv des56 key007 AP(config)# snmp-server user fred admin v3 encrypted auth md5 abc789[...]

  • Página 391

    CH A P T E R 19-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode This chapter describes how to conf ig ure your a ccess point as a repeater , as a hot standby unit, or as a workgroup bridge. This chapter co ntains the following sections[...]

  • Página 392

    19-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Repeater Ac cess Points Understanding Repeater Access Points A repeater access point is not connected to the wired LAN ; it is placed within radio range of an [...]

  • Página 393

    19-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Repeater Access Point Figur e 19-1 Access P o int as a Repeater Configuring a Repeater Access Point This section pro vides instruct ions for setting u p an acc[...]

  • Página 394

    19-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Re peater Access Point Default Configuration Access points are configured as root units by default. T able 19-1 sho ws the default v alues for settings that co[...]

  • Página 395

    19-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Repeater Access Point Setting Up a Repeater Beginning in Pri vileged Exec mode, fol low th ese steps to conf igure an access point as a repeater: Command Purpo[...]

  • Página 396

    19-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas The follo wing example sho ws how to set up a repeat er access point with three potential parents, designated 1 t o 3: AP# configure terminal AP(config)# i[...]

  • Página 397

    19-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Aligning Antennas Use the show dot11 antenna-alignment command to list the MA C addresses and signal level for the last 10 de vices that responded to the probe. Verifying Re[...]

  • Página 398

    19-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas Setting Up a Repeater As a WPA Client WP A key management uses a combination of encr yption methods to protect communi cation between client devices and th[...]

  • Página 399

    19-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Hot Standby Understanding Hot Standby Hot Standby mode designates an access point as a backup for another acces s point. The standby access point is placed nea[...]

  • Página 400

    19-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point Configuring a Hot Standby Access Point When you set up the standby access po int, you must enter the MA C addr ess of the access poin[...]

  • Página 401

    19-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Hot Standby Access Po int Beginni ng in Pri vileg ed Exec mode , follow these st eps to enable hot standby mode on an access point: Command Purpose Step 1 con[...]

  • Página 402

    19-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point After you enable standby mode, conf igure the settings that you recorded from the monitored access p oint to match on the standby acc[...]

  • Página 403

    19-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Workgroup Bridge Mode Use this command to check the stand by confi guration: show iapp standby-parms This command di splays the MAC address of the st andby ac[...]

  • Página 404

    19-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Brid ge Mode Caution An access point in workgroup bridge mode can introd uce a bridge loop if you co nnect its Ethernet port to your wired LAN. T o[...]

  • Página 405

    19-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Workgroup Bridge Mode Figure 19-2 sho ws an a ccess point in workgroup br idge mode. Figur e 1 9-2 Access P oint in W ork group Br idg e Mode Treating Workgro[...]

  • Página 406

    19-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Brid ge Mode bridges, t hat can as sociat e to an access point or bridge. T o increase beyond 20 the number of w orkgroup bridges that can associat[...]

  • Página 407

    19-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Workgroup Bridge VLAN Tagging The follo wing e xample sho ws ho w the command is used . In the example, channels 1, 6, and 11 are specified to scan: ap# ap#confure terminal[...]

  • Página 408

    19-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring Work group Bridge Mode In the upstream direction, WGB remo ves the 802 .1q he ader from the pack et while sending to the WLC. In the downst ream direction while[...]

  • Página 409

    19-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring Workgroup Bridge Mode This exampl e sho ws how to conf igure an 1100 series access point as a workgroup bri dge. In this exam ple, the workgrou p bridge uses th[...]

  • Página 410

    19-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment This example sho w s how to set up a w orkgroup bridge with the parent access points, designated 1 and 2: AP(config-if[...]

  • Página 411

    19-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Using Workgroup Bridges in a Lightweight Environment • The workgroup bridge can be any autonomous acce ss point that supports the workgroup bridge mode and is running Cis[...]

  • Página 412

    19-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment • When you delete a workgroup bridg e record from the controller , all of the workgroup bridg e wired clients’ rec[...]

  • Página 413

    19-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Using Workgroup Bridges in a Lightweight Environment Enabling VideoStream Suppo rt on Workgroup Bridges V ideoStream impro ves the reliabi lity of an IP multicast stream by[...]

  • Página 414

    19-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment[...]

  • Página 415

    CH A P T E R 20-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 20 Managing Firmware and Configurations This chapter describ es how to manipulate the Flash fi le system, ho w to copy configuration f iles, a nd ho w to archiv e (upload and download) software images. Note For complete syntax and usage info rmati[...]

  • Página 416

    20-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System Displaying Available File Systems T o display the av ailable file systems on your access point, use the sho w f ile systems privile ged EXEC command as sho wn in this e xample:[...]

  • Página 417

    20-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with the Flash File System Setting the Default File System Y ou can specify the file system or direct ory that the system uses as the default file system by usi ng the cd filesyst em: pri vile ged EXEC co[...]

  • Página 418

    20-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System Creating and Removing Directories Beginning in pri vile ged EXEC mode, follo w these steps to create and remo ve a directory: T o delete a directory with all its files and subd[...]

  • Página 419

    20-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with the Flash File System • From a startup conf iguration to a startup configuration • From a de vice to the same de vice (for example, the copy flash: flash: command is in v alid) For specific e xam[...]

  • Página 420

    20-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System • For the T rivial Fil e T ransfer Protocol (TFTP), the syntax i s tftp: [[ // location ] / dir ectory ] / tar- fil ename .tar The tar-filename .tar is the tar file to be cre[...]

  • Página 421

    20-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s Extracting a tar File T o e xtract a ta r file into a directory o n the Flash file system, use this pr i vileged EXEC comm and: archiv e tar /xtract sour c e-url flash:/ fi le - [...]

  • Página 422

    20-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Yo u c a n c o p y ( download ) configuration f iles from a TFTP , FTP , or RCP server to the running configuration of the access point for v arious reasons: • T o restore a ba[...]

  • Página 423

    20-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s config uration is used. Ho wever , some commands in the e xisting conf iguration might not be replaced or nega ted. In this case, the resulting conf iguration f ile is a mixture [...]

  • Página 424

    20-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Preparing to Download or Upload a Configuration File by Using TFTP Before you be gin do wnloading or uploading a conf iguratio n file by using TFTP , perform these tasks: • En[...]

  • Página 425

    20-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s The configuration f ile do w nloads, and the commands are executed as th e f ile is parsed line-by-line. This example sho w s ho w to conf igure the software from the f ile toky[...]

  • Página 426

    20-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files • The access point forms a password named username@apn ame. domain . The v ariable username is the username associated with the current session, apname is the configured host [...]

  • Página 427

    20-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s This example sho ws how to cop y a config uration f ile named host1-confg from the netadmin1 directory on the remo te server with an IP address of 172.16.101.101 and to lo ad an[...]

  • Página 428

    20-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files This exampl e sho ws how to copy the run ning conf iguration f ile named ap2-confg to the netadmin1 directory on the remote host with an IP address of 172.16.101.101: ap# copy s[...]

  • Página 429

    20-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s access to a server that supports the remote shell (rsh). (Most UNIX systems support rsh.) Because you are copying a f ile from one place to another , you must hav e read permiss[...]

  • Página 430

    20-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files ap1.company.com ap1 For more information, r efer to th e documentation for yo ur RCP server . Downloading a Configuration File by Using RCP Beginni ng in pri vileged EXEC mode, [...]

  • Página 431

    20-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s %SYS-5-CONFIG_NV:Non-volatile store configured from host2-config by rcp from 172.16.101.101 Uploading a Configuration File by Using RCP Beginni ng in pri vile ged EXEC mode, fol[...]

  • Página 432

    20-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s Deleting a Stored Configuration File Caution Y ou cannot restore a file af ter it has been deleted. T o delete a saved conf iguration from Flash memory , use the d elete flash: fi [...]

  • Página 433

    20-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images tar File Format of Images on a Server or Cisco.com Software images located on a server or d ownload ed from Cisco .com are pro vided in a tar f ile format, which contains these files[...]

  • Página 434

    20-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s Note Y ou must restart the inetd daemon after modify ing the /etc/inetd.conf and / etc/services f iles. T o restart the daem on, either stop the inetd process and restart it, or en[...]

  • Página 435

    20-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note T o a void an unsuccessful do wnload, use the archi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til the[...]

  • Página 436

    20-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s The algorithm installs the do wnloaded image on the system board Flash de vice (flash:). The image is placed into a ne w directory named with the softw are version string , and the[...]

  • Página 437

    20-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images • Downloading an Image File by Using FTP , page 20-24 • Uploading an Im age File by Using FTP , pa ge 20-26 Preparing to Download or Upload an Image File by Using FTP Y ou can co[...]

  • Página 438

    20-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s For more information, r efer to th e documentation for yo ur FTP server . Downloading an Image File by Using FTP Y ou can dow nload a ne w image fi le and o ve rwrite the cur rent [...]

  • Página 439

    20-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note T o a void an unsuccessful do wnload, use the archi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til the[...]

  • Página 440

    20-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s If you specify the /lea ve-old-sw , the e xisting f iles are not remo ved. If there is no t enough space to install the ne w image and k eep the r unning image, the do wn load proc[...]

  • Página 441

    20-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images The archiv e upload-sw command b uilds an image f ile on the serv er by uploading th ese fi les in order: info, the Cisco IOS image, th e HTML files, and i nfo.ver . After these file[...]

  • Página 442

    20-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s RCP requires a client to send a remote usern ame on each RCP request to a server . When you copy an image from the access point to a server by using RCP , the Cisco IOS software se[...]

  • Página 443

    20-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Downloading an Image File by Using RCP Y ou c an download a ne w image file an d replace or keep the current image. Caution For the do wn load and upload algo rithms to operat e prop[...]

  • Página 444

    20-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s Note T o a void an unsuccessful do wnload, use the archi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til t[...]

  • Página 445

    20-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note If the Flash de vice has suff icient space to hold two images and you want to ov erwrite one of these images with the same versi on, you must specify the /ov erwrite optio n. If[...]

  • Página 446

    20-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s The archive upload-sw pri vile ged EXEC command buil ds an image f ile on the serv er by uploading these files in order: info, the Cisco IOS i mage, the HTML files, and info.ver . [...]

  • Página 447

    20-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Step 7 Click the Upgrade b utton. For additi onal information, cl ick the Help icon on the Software Upgrade screen. Browser TFTP Interface The TFTP interface allo ws you to use a TFT[...]

  • Página 448

    20-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s[...]

  • Página 449

    CH A P T E R 21-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 21 Configuring System Message Logging This chapter describes how to conf igure sy stem message logging on your acces s point. Note For complete syntax and usage info rmation for th e commands used i n this chapter , refer to the Cisco IOS Confi gu[...]

  • Página 450

    21-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Understanding System Message Lo gging Understanding System Message Logging By default, access points send the outpu t from system messages and deb ug privile ged EXEC commands to a logging process. The l ogging [...]

  • Página 451

    21-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging T able 21-1 describes the elements of syslog messages. This example show s a partial access point system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed stat[...]

  • Página 452

    21-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Logging Disabling and Enabling Message Logging Message logging is enabled by default. It must be en abled to send messages to any d estination other than the console. When enabled, log[...]

  • Página 453

    21-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging Setting the Message Display Destination Device If message logging is en abled, you ca n send messages to specific locati ons in addition to the cons ole. Beginni ng in pri vile g[...]

  • Página 454

    21-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Logging Enabling and Disabling Timestamps on Log Messages By default, log messag es are not timestamped. Beginni ng in pri vile ged EXEC mode, follo w these steps to enable ti mestampi[...]

  • Página 455

    21-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging This example sh ow s part of a logging display with sequenc e numbers enabled: 000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Defining the Message Severi[...]

  • Página 456

    21-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Logging T able 21-3 describes the level ke yword s. It also lists the corresponding UNIX syslo g defini tions from the most se vere le vel to the least se vere le vel. The software gen[...]

  • Página 457

    21-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging Beginni ng in pri vile ged EXEC mode, follo w these steps to change the lev el and history table size defaults: When the history table is fu ll (it contains the maximum number of[...]

  • Página 458

    21-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Logging Configuring UNIX Syslog Servers The next sections describe how to configure the 4.3 BSD U NIX server syslog daemon and de fine the UNIX system logging f acility . Logging Mess[...]

  • Página 459

    21-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging T o remove a syslog server , use the no logg ing host global conf iguration comman d, and specify the syslog server IP address. T o disable logg ing to syslog servers, enter the[...]

  • Página 460

    21-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uri ng System Message Logg ing Displaying the Logging Configuration Displaying the Logging Configuration T o display the current logging con figur ation and the co ntents of the log b uffer , use the show lo gging pri vileged EXEC co mmand. [...]

  • Página 461

    CH A P T E R 22-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 22 Troubleshooting This chapter pro vides troubleshooting procedures for basic p roblems with the wireless de vice. For the most up-to-date, detail ed troubleshooting i nformation, refer to the Cisco T A C website at the follow ing URL (select T o[...]

  • Página 462

    22-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Checking the Top Panel Indicators If your wireless de vice is not communicating, check the three LED indicators on the top panel to quickly assess the device ’s status. Figure 22-1 sho ws the indi[...]

  • Página 463

    22-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Figur e 22-2 Indicators on the 1 1 00 Series A ccess Point Figur e 22-3 Indicators on the 350 Ser ies Access P oint (Plastic Case) Ethernet Status Radio 81597 S CISCO AIRONET 350 SERIES WIRELESS ACC[...]

  • Página 464

    22-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figur e 22-4 Indicators on the 350 Ser ies Access P oint (Metal Case) The indicator sign als on the wi reless de vice hav e the follo wing meanings (for additional d etails refer to T able 22-1 ): ?[...]

  • Página 465

    22-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note Regarding LED status colors, it is expected that there will be small v ariations in color intensity and hue from unit to unit. This is within the normal range of the LED manufa cturer’ s spec[...]

  • Página 466

    22-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators The LED signals are listed in Ta b l e 2 2 - 2 . T able 22-2 LED Signals Message type Cable Bay Area T op of Unit Meaning Ethernet LED Radio LED Status LED Boot loader st atus Green Green Green DRAM[...]

  • Página 467

    22-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note Regarding LED status colors, it is expected that there will be small v ariations in color intensity and hue from unit to unit. This is within the normal range of the LED manufa cturer’ s spec[...]

  • Página 468

    22-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Indicators on 1040 or 1140 Series Access Point If your access point i s not workin g properly , check the Eth ernet and Status LEDs of the uni t. Y ou can use the LED indications to quickly assess t[...]

  • Página 469

    22-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators 48VD C MO D E CO NSOL E E T HE RNE T 207523 2 3 4 1 1 Reset Button 3 Ethernet LED 2 Console LED 4 DC Po wer T able 2 2-3 1 040 or 1 140 Ser ies Access P oint LED Signals Message type Ethernet LED St[...]

  • Página 470

    22-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Note It is expected that there will be small va riations in LED color intensity and hue from unit to unit. This is within the normal range of th e LED manufact urer’ s specifications and is not a[...]

  • Página 471

    22-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1240 Series Access Points If your access point is not w orking properly , check the Status, Ethernet, and Radio LEDs on the 2.4 GHz end of the unit. Y ou can use the LED indicati ons [...]

  • Página 472

    22-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Note It is expected that there will be small va riations in LED color intensity and hue from unit to unit. This is within the normal range of th e LED manufact urer’ s specifications and is not a[...]

  • Página 473

    22-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1250 Access Points If your access point is not w orking properly , check the Ethernet, Status, and Radio LEDs on the 2.4 GHz end of the unit. Y ou can use the LED indicatio ns to quic[...]

  • Página 474

    22-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators T able 2 2-5 1250 Ser ies Access P oint LED Signals Message type Ethernet LED Status LED Radio LED Meaning Boot loader status G reen Off Amber DR AM test in progress. Green Green Green DRAM memory [...]

  • Página 475

    22-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note It is expect ed that there will be small v ariations in LED color intensity and hue from unit to un it. This is within the normal range of th e LED manufact urer’ s specifications and is not[...]

  • Página 476

    22-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figur e 22-8 126 0 Ser i es Access P oint LED T able 22-6 shows th e 1260 access point LED indicators for v arious conditions. T able 2 2-6 1260 A ccess Point LED Status Indicat ors 1 207522 1 Stat[...]

  • Página 477

    22-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1300 Outdoor Access Point/Bridges If your access point/bridge is no t associating with a remot e bridge or access point, check the four LEDs on the back panel. Y ou can use them to qu[...]

  • Página 478

    22-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figur e 22-9 LEDs Normal Mode LE D Indications During access poi nt/bridge op eration the LEDs provide status information as sho w n in T a ble 22-7 . R Radio LED E Ethernet LED S Status LED I Inst[...]

  • Página 479

    22-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note It is expect ed that there will be small v ariations in LED color intensity and hue from unit to un it. This is within the normal range of th e LED manufact urer’ s specifications and is not[...]

  • Página 480

    22-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking the Top Panel Indicators Power Injector When the po wer injector is po wered up, it applie s 48-VDC to the dual-coax cables to the access point/bridge. When po wer is applied to the access point/bridge , th e unit acti vat[...]

  • Página 481

    22-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Checking Power • Cisco Aironet Power Injector LR2— standard (inclu ded with the b ridge) – 48-VDC inpu t power – Uses the 48-VDC po wer module (included with the bridge) • Cisco Aironet Po wer Injector LR2T—optional tran[...]

  • Página 482

    22-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Checking Basic Settings access point remains in lo w power mode wi th the radios disabled to pre vent a possible o ve r-cu rrent condition. In lo w power mode, the access point acti vates the S tatus LED lo w po wer error indicatio[...]

  • Página 483

    22-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Resetting to the Default Configuration Note The wireless de vice MAC address th at appears on the Status page in the Air onet Client Utility (A CU) is the MA C address for the wireless device radio. The MA C address for the acces s [...]

  • Página 484

    22-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Resetting to th e Default Configuration Using the Web Browser Interface Follo w these steps to delete the current conf iguration and return all wireless de vice settings to the fact ory defaults usin g the web bro wser interface: S[...]

  • Página 485

    22-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Reloading the Access Point Image flashfs[0]: flashfs fsck took 0 seconds. ...done initializing Flash. Step 5 Use the dir flash: command to display the contents of Flash and f ind the config.txt conf iguration file. ap: dir flash: Di[...]

  • Página 486

    22-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Reloading the A ccess Point Image Using the MODE button Y ou can use the MODE but ton on 1040, 1100 and 1200 series access point s to reload the access point image file from an acti ve Tri vial File T ransfer Pr otocol (TFTP) serve[...]

  • Página 487

    22-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Reloading the Access Point Image Browser HTTP Interface The HTTP interface enables you to bro w se to the wireless de vice image file on your PC and do wnload the image to the wireless de vice. Follo w the instructions belo w to use[...]

  • Página 488

    22-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Reloading the A ccess Point Image Using the CLI Follo w the steps belo w to reload the wirel ess de vice image using the CLI. When the wireless device begin s to boot, you interru pt the boot process and use bo ot loader commands t[...]

  • Página 489

    22-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Reloading the Access Point Image extracting c350-k9w7-mx.122-13.JA1/html/level1/appsui.js (558 bytes) extracting c350-k9w7-mx.122-13.JA1/html/level1/back.htm (205 bytes) extracting c350-k9w7-mx.122-13.JA1/html/level1/cookies.js (502[...]

  • Página 490

    22-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point Step 6 Click IOS . A list of av ailable C isco IOS versions appears. Step 7 Choose the v ersion you wish to do wnload. The do wnload page for the v ersion you chose appears. Step 8 Click WIRE[...]

  • Página 491

    22-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Image Recovery on the 1520 Access Point T o perform image recovery on the 15 20 access point, follo w these steps: Step 1 W ith the ac cess point powered of f, connect an RJ45 console cable t o the console port (). The console port [...]

  • Página 492

    22-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point Note If the ENABLE_BREAK=no envir onmental variab le is set, you will not be able to escape to the bootloader . Step 5 Cable the 1520 access point’ s LAN port (“PoE In”) to a TFTP serve[...]

  • Página 493

    22-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 22 Troubleshooting Image Recovery on the 1520 Access Point MAC_ADDR=00:1F:27:75:DB:00 MAC_ADDR_BLOCK_SIZE=01 00 NETMASK=255.255.255.0 NEW_IMAGE=yes PCA_ASSY_NUM_800=03 20 00 70 ed 03 PCA_PART_NUM_73=49 2a a6 03 PCA_REVISION_NUM=B0 PCA_REVISION_NUM_800[...]

  • Página 494

    22-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point[...]

  • Página 495

    A-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-29225-01 APPENDIX A Protocol Filters The tables in this appendix list some of the prot ocol s that you can f ilter on th e access point. The tables include: • T able A-1, EtherT ype Pr otocols • T able A-2, IP Protocols • T able A-3, IP Port Protocols In each table,[...]

  • Página 496

    A-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix A Protocol Filters T able A -1 Ether T ype Prot ocols Protocol Additional Identifier ISO Designator ARP — 0x0806 RARP — 0x8035 IP — 0x0800 Berkele y T railer Negotiation — 0x1000 LAN T est — 0x0708 X.25 Le vel3 X.25 0x0805 Ban yan — 0x0B AD[...]

  • Página 497

    A-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix A Protocol Filters T able A -2 IP Protocols Protocol Additional Identifier ISO Designator dummy — 0 Internet Control Message Protocol ICMP 1 Internet Group Management Prot ocol IGMP 2 T ransmission Control Protocol TCP 6 Exterior Gate way Protocol EGP[...]

  • Página 498

    A-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix A Protocol Filters T able A -3 IP P or t Pr ot ocols Protocol Additional Identifier ISO Designator TCP port service multiple xer tcpmux 1 echo — 7 discard (9) — 9 systat (11) — 11 daytime (13) — 13 netstat (15) — 15 Quote of the Day qot d quo[...]

  • Página 499

    A-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix A Protocol Filters TSAP iso-tsap 102 CSO Name Serv er cso-ns csnet-ns 105 Remote T elnet rtelnet 107 Postoff ice v2 POP2 POP v2 109 Postoff ice v3 POP3 POP v3 110 Sun RPC sunrpc 111 tap ident authentication auth 113 sftp — 115 uucp-path — 117 Networ[...]

  • Página 500

    A-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix A Protocol Filters SNMP Unix Multiple xer smux 199 AppleT alk Routing at-rtmp 201 AppleT alk name binding at-nbp 202 AppleT alk echo at-e cho 204 AppleT alk Zone Information at-zis 206 NISO Z39.50 da tabase z395 0 210 IPX — 213 Interactiv e Mail Acce[...]

  • Página 501

    B-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-29225-01 APPENDIX B Supported MIBs This appendi x lists the Simple Network Manag ement Protocol (SNMP) Management Information Bases (MIBs) that the access point su pports for this soft w are release. The Cisco IOS SNMP agent supports SNMPv1, SNMPv2, and SNMPv3. This ap pe[...]

  • Página 502

    B-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix B Supported MIBs Using FTP to Acce ss the MIB Files • CISCO-MEMOR Y -POOL-MIB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO-SMI-MIB • CISCO-TC-MIB • CISCO-SYSLOG-MIB • CISCO-WDS-INFO-MIB • ENTITY -MIB • IF-MIB • OLD-CISCO-CHASS[...]

  • Página 503

    C-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-29225-01 APPENDIX C Error and Event Messages This appendix lists t he CLI error and e vent message s. The appendix contains the follo wing sections: • Con ventions, page C-2 • Software Auto Upgrade Message s, page C-3 • Association Man agement Messages, page C-5 •[...]

  • Página 504

    C-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Conventions Conventions System error messages are displa yed in the fo rmat shown in Ta b l e C - 1 . T able C-1 System Er ror Message F ormat Message Component Description Example Error identif ier A string categorizing the[...]

  • Página 505

    C-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages Software Auto Upgrade Message s Software Auto Upgrade Messages Error Message SW-AUTO-UPGRADE-2-FATAL_FAILURE: “At tempt to upgrade softw are failed, software on flash may be deleted. Pl ease copy software into flash. Explana[...]

  • Página 506

    C-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Software Auto Upgrade Messages Error Message AUTO-INSTALL-4-IP_ADDRESS_DH CP: “The radio is operating in automati c install mode and has set ip address dhcp.” Explanation The radio is oper ating in au tomatic inst all m [...]

  • Página 507

    C-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages Association Management Message s Association Management Messages Error Message DOT11-3-BADSTATE: “%s %s -> %s.” Explanation 802 .11 associatio n and managem ent uses a ta ble-dri ven stat e machin e to k eep track and t[...]

  • Página 508

    C-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Unzip Mess ages Error Message DOT11-4-DIVER_USED: Interf ace $s, Mcs rates 8-15 disabled due to only one transmit or recieve antenna enab led Explanation These rates require that at lea st 2 rece iv e and transmit antennas b[...]

  • Página 509

    C-7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages System Log Messages System Log Messages Error Message %DOT11-4-LOADING_RADIO: Interface [ chars], loading the radio firmware ([chars]) Explanation The radio has been stopped to load ne w firmware. Recommended Action None. Erro[...]

  • Página 510

    C-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages 802.11 Subsystem Messages Error Message DOT11-6-FREQ_USED: “Interfa ce %s, frequency %d selected.” Explanation After scanning for an unused frequency , th e indicated interface selected the disp[...]

  • Página 511

    C-9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-3-TX_PWR_OUT_OF_RANGE : “Interface %s Radio transmit power out of range.” Explanation The transmitter po wer le vel is o utside the normal range on the indicated radio interf a[...]

  • Página 512

    C-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-6-DFS_SCAN_START: “DF S: Scanning frequency %d MHz for %d seconds.” Explanation The device has be gun its DFS scanning process. Recommended Action None. Error Message DOT11-[...]

  • Página 513

    C-11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT114-NO_MBSSID_BACKUP_VLA N: “Backup VLANs cannot be configured if MBSSID is not enabled. %s not starte d. Explanation T o enable a backup VLAN, MBSSID mode should be con figured . [...]

  • Página 514

    C-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-2-UPLINK_FAILED: “Upl ink to parent failed: %s.” Explanation The connection to the parent access point f ailed for the di splayed reason. The uplink will stop its connection[...]

  • Página 515

    C-13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-MAXRETRIES: “Packet to client %e reached max retries, removing the client.” Explanation The maximum packet send retry limit has been reached and th e client is being re mov [...]

  • Página 516

    C-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-RADIO_NO_FREQ: “Int erface &s, all frequencies have been blocked, interface not started.” Explanation The frequencies set for operatio n are in valid an d a channel sc[...]

  • Página 517

    C-15 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-FLASHING_RADIO: “Interfa ce %s, flashing radio firmware (%s).” Explanation The indic ated interface radio has been stop ped to loa d the indicated new f irmware. Recommended[...]

  • Página 518

    C-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-UPLINK_LINK_DOWN: “ Interface %s, parent lost: %s.” Explanation The connection to the parent access point on the indicated interf ace was lost for the reason indicated. Th[...]

  • Página 519

    C-17 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-6-ANTENNA_GAIN: “Inte rface %s, antenna position/gain changed, adjusting transmitter power.” Explanation The antenna gain has changed so the list of allo wed power le vels mus[...]

  • Página 520

    C-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-CKIP_MIC_FAILURE: “CKIP MIC failure was detect ed on a packet (Digest 0x%x) received from %e).” Explanation CKIP MIC failure was detected on a frame. A failure of the CKIP[...]

  • Página 521

    C-19 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-TKIP_REPLAY: “TKIP TSC replay was detected on a packet (TSC 0x%ssx received from %e).” Explanation TKIP TSC re play was detected on a frame. A replay of the TKIP TSC in a re[...]

  • Página 522

    C-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message SOAP_FIPS-2-INIT_FAILURE: “ SOAP FIPS initialization failure: %s.” Explanation SOAP FIPS i nitialization fa ilure. Recommended Action None. Error Message SOAP_FIPS-4-PROC_FAILURE:[...]

  • Página 523

    C-21 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages Inter-Access Point Protocol Messages Error Message DOT11-6-MCAST_DISCARD: “%s mode multicast packets are discarded in %s multicast mode.” Explanation The access point conf igured as a workgrou p bridge and drops i nfrastr[...]

  • Página 524

    C-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Local Authenticator Messages Error Message RADSRV-4-NAS_KEYMIS: NAS sh ared key mismatch. Explanation The local RADIU S server recei ved an authen tication request but the message signature indicates that th e shared ke y t[...]

  • Página 525

    C-23 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages Local Authenticator Message s Error Message DPT1X-SHIM-4-PLUMB_KEY_ERR: “Unable to plumb keys - %s.” Explanation An unexpected error occu rred when the shim layer t ried to plumb the k eys. Recommended Action None. Error [...]

  • Página 526

    C-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es WDS Messages WDS Messages Error Message WLCCP-WDS-6-REPEATER_STOP: WLCCP WDS on Repe ater unsupported, WDS is disabled. Explanation Repeater access points do not support WD S. Recommended Action None. Error Message WLCCP-WD[...]

  • Página 527

    C-25 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages Mini IOS Messages Error Message WLCCP-NM-6-WNM_LINK_UP: Lin k to WNM is up Explanation The network manager is no w responding to k eep-acti ve messages. Recommended Action None. Error Message WLCCP-NM-6-RESET: Resetting WLCCP[...]

  • Página 528

    C-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Access Point/Bridge Messages Access Point/Bridge Messages Error Message APBR-4-SEND_PCKT_FAILED: Failed to Send Packet on port ifDescr (error= errornum)errornum: status er ror number HASH(0x2096974) Explanation The access p[...]

  • Página 529

    C-27 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages LWAPP Error Messages LWAPP Error Messages Error Message LWAPP-3-CDP: Failure sendin g CDP Update to Controller. Reason “s” Explanation Could not send access point CDP update to controller Recommended Action None. Error Me[...]

  • Página 530

    C-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es Sensor Messages Sensor Messages Error Message SENSOR-3-TEMP_CRITICAL: Sys tem sensor “d” has exceeded CRITCAL temperature thresholds Explanation One of the measured en vironmental test poin ts exceeds the e xtreme thres[...]

  • Página 531

    C-29 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages SNMP Error Messages Error Message SENSOR-3-VOLT_NORMAL: Syste m sensor “d”(“d”) is now operating under NORMAL voltage Explanation One of the measured en vironmental test points is u nder normal operating voltage. Reco[...]

  • Página 532

    C-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es SSH Error Mess ages Error Message SNMP-4-NOENGINEIDV6: Remote snmpEngineID f or Unrecognized format ‘ %P’ not found when creating user: “s” Explanation An attempt to create a user failed.This is lik ely because the [...]

  • Página 533

    C-31 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Appendix C Error and Event Messages SSH Error Messages Error Message SSH-5-SSH_CLOSE: SSH Sessio n from “%s”(tty = “%d”) for user ’”%s”’ using crypto cipher ’”%s”’ closed Explanation The SSH Session closure information Recommended Action[...]

  • Página 534

    C-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Appendix C Error and Event Messag es SSH Error Mess ages[...]

  • Página 535

    GL-1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specif ications for 1- and 2- megabi t-per -second (Mbps) wireless LANs operating in the 2. 4-GHz band. 802.11a The IEEE standard that specifies carrier sense[...]

  • Página 536

    Glossary GL-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 beacon A wireless LAN pa cket that signals the a v ailability and presence of the wireless de vice. Beacon packets are sent by access points and base stations; howe ver , client radio ca rds send beaco ns when op erating in computer to computer (Ad Ho[...]

  • Página 537

    Glossar y GL-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 dipole A ty pe of low-gain (2.2-dBi ) antenna consisting of tw o (often internal) elements. domain n ame The text name that refers to a groupi ng of networks or network resources based on org anization-type or geography; for e xample: name.com—comme[...]

  • Página 538

    Glossary GL-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 IP subnet mask The number used to identi fy the IP subnetwork, i ndicating whether the IP address can be recognized on the LAN or if it must be reached through a gate way . This number is expressed in a f orm similar to an IP address; for example: 255[...]

  • Página 539

    Glossar y GL-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 roaming A feature of some Access Points that a llows users to mo ve through a f acility while maintaining an unbrok en connection t o the LAN. RP-TNC A connector type unique to Cisco Aironet rad ios and antennas. P art 15.203 of the FCC rules co veri [...]

  • Página 540

    Glossary GL-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 W WDS W ireless Domain Services (WDS). An access point providing WDS on your wireless LAN maintains a cache of credenti als for CCKM-capable client de vices on your wireless LAN. When a CCKM- capable client roam s from one a ccess point to another , t[...]