Home » Cisco Manuals » Wireless » Cisco AIR-AP1242AG-E-K9 » Manual Viewer

Cisco AIR-AP1242AG-E-K9 Hardware Installation Guide - Page 47

Understanding Express Security Settings, Using VLANs, Express Security Types

View all Cisco AIR-AP1242AG-E-K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

Chapter 3 Configuring the Access Point for the First Time Configuring Basic Security Settings Understanding Express Security Settings When the access point configuration is at factory defaults, the first SSID that you create by using the Express Security page overwrites the default SSID (tsunami), which has no security settings. The SSIDs that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the access point. Note In Cisco IOS Release 12.3(4)JA and later, there is no default SSID. You must configure an SSID before client devices can associate to the access point. Using VLANs If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs by using any of the four security settings on the Express Security page. However, if you do not use VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because on the Express Security page encryption settings and authentication types are linked. Without VLANs, encryption settings (WEP and ciphers) apply to an interface, such as the radio, and you cannot use more than one encryption setting on an interface. For example, when you create an SSID with static WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use different encryption settings. If you find that the security setting for an SSID conflicts with another SSID, you can delete one or more SSIDs to eliminate the conflict. If any VLANs are defined on the access point, the trunk port on the switch must be limited to allow only the VLANs defined on the access point. Express Security Types Table 3-2 describes the four security types that you can assign to an SSID. Table 3-2 Security Types on Express Security Setup Page Security Type No Security Static WEP Key Description Security Features Enabled This is the least secure option. You should use this option only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network. None. This option is more secure than no security. However, static WEP keys are vulnerable to attack. If you configure this setting, you should consider limiting association to the bridge based on MAC address (refer to the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points). Mandatory WEP. Client devices cannot associate using this SSID without a WEP key that matches the bridge's key. OL-4310-05 Cisco Aironet 1200 Series Access Point Hardware Installation Guide 3-11

Section	Page
Cisco Aironet 1200 Series Access Point Hardware Installation Guide	1
Contents	3
Preface	9
Audience	9
Purpose	9
Organization	9
Conventions	10
Related Publications	12
Obtaining Documentation	12
Cisco.com	13
Product Documentation DVD	13
Ordering Documentation	13
Documentation Feedback	14
Cisco Product Security Overview	14
Reporting Security Problems in Cisco Products	14
Obtaining Technical Assistance	15
Cisco Technical Support & Documentation Website	15
Locating the Product Serial Number	16
Submitting a Service Request	16
Definitions of Service Request Severity	17
Obtaining Additional Publications and Information	17
Overview	19
Hardware Features	20
Dual-Radio Operation	20
LEDs	21
Ethernet Port	21
Console Port	22
Power Sources	22
UL 2043 Certification	22
Anti-Theft Features	23
Network Configuration Examples	23
Central Unit in an All-Wireless Network	23
Root Access Point on a Wired LAN	24
Repeater Unit that Extends Wireless Range	25
Point-to-Point Bridge Configuration	25
Workgroup Bridge Configuration	26
Installing the Access Point	27
Safety Information	28
FCC Safety Compliance Statement	28
General Safety Guidelines	28
Warnings	28
Unpacking the Access Point	29
Package Contents	29
Basic Installation Guidelines	29
Installation Above Suspended Ceilings	30
Before Beginning the Installation	30
Installation Summary	32
Connecting the 2.4-GHz Antennas	32
Connecting the 5-GHz External Antennas	33
Connecting the Ethernet and Power Cables	34
Connecting to an Ethernet Network with an Inline Power Source	35
Connecting to an Ethernet Network with Local Power	35
Powering Up the Access Point	36
Configuring the Access Point for the First Time	37
Before You Start	38
Resetting the Access Point to Default Settings	38
Using the Mode Button	38
Using a Web-browser	38
Default IP Address Behavior	39
Obtaining and Assigning an IP Address	39
Connecting to the Access Point Locally	40
Assigning Basic Settings	40
Default Settings on the Express Setup Page	44
Enabling the Radio Interfaces	45
Configuring Basic Security Settings	45
Understanding Express Security Settings	47
Using VLANs	47
Express Security Types	47
Express Security Limitations	48
Using the Express Security Page	49
Assigning an IP Address Using the CLI	50
Using a Telnet Session to Access the CLI	50
Using the Web-Browser Interface	51
Using the Web-Browser Interface for the First Time	52
Using the Management Pages in the Web-Browser Interface	52
Using Action Buttons	54
Character Restrictions in Entry Fields	55
Using Online Help	55
Using the Command-Line Interface	57
Cisco IOS Command Modes	58
Getting Help	59
Abbreviating Commands	59
Using no and default Forms of Commands	59
Understanding CLI Messages	60
Using Command History	60
Changing the Command History Buffer Size	60
Recalling Commands	61
Disabling the Command History Feature	61
Using Editing Features	61
Enabling and Disabling Editing Features	62
Editing Commands Through Keystrokes	62
Editing Command Lines that Wrap	63
Searching and Filtering Output of show and more Commands	64
Accessing the CLI	64
Opening the CLI with Telnet	64
Opening the CLI with Secure Shell	65
Mounting Instructions	67
Overview	68
Mounting on a Horizontal or Vertical Surface	69
Mounting Below a Suspended Ceiling	70
Mounting Above a Suspended Ceiling	71
Attaching the Access Point to the Mounting Bracket	73
Securing the Access Point to the Mounting Bracket	73
2.4-GHz Radio Upgrade	75
Upgrade Overview	76
Unpacking the Radio	76
Opening the Access Cover	77
Removing a Blank Spacer Card	78
Removing a 2.4-GHz Radio	79
Installing a 2.4-GHz Radio	81
Attaching the Compliance Labels	83
Placing the Labels	84
Finding the Software Version	84
5-GHz Radio Module Upgrade	85
Upgrade Overview	86
Unpacking the Radio Module	86
Removing the 5-GHz Radio Access Cover	86
Removing a 5-GHz Radio Module	87
Installing a 5-GHz Radio Module	89
Attaching the Compliance Label	91
Finding the Software Version	92
Troubleshooting	93
Checking the Top Panel LEDs	94
Checking Basic Settings	96
Default IP Address Behavior	96
Default SSID and Radio Behavior	96
Enabling the Radio Interfaces	96
SSID	97
WEP Keys	97
Security Settings	97
Running the Carrier Busy Test	97
Running the Ping or Link Test	98
Resetting to the Default Configuration	99
Using the MODE Button	99
Using the Web Browser Interface	100
Reloading the Access Point Image	100
Using the MODE button	101
Web Browser Interface	101
Browser HTTP Interface	102
Browser TFTP Interface	102
Obtaining the Access Point Image File	103
Obtaining the TFTP Server Software	104
Translated Safety Warnings	105
Statement 245B—Explosive Device Proximity Warning	106
Statement 332—Antenna Installation Warning	107
Statement 1001—Work During Lightning Activity Warning	108
Statement 1004—Installation Instructions Warning	109
Statement 1005—Circuit Breaker (20A) Warning	110
Declarations of Conformity and Regulatory Information	113
Manufacturers Federal Communication Commission Declaration of Conformity Statement	114
Department of Communications—Canada	115
Canadian Compliance Statement	115
European Community, Switzerland, Norway, Iceland, and Liechtenstein	116
Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC	116
Declaration of Conformity for RF Exposure	118
Guidelines for Operating Cisco Aironet Access Points in Japan	118
Japanese Translation	118
English Translation	119
Administrative Rules for Cisco Aironet Access Points in Taiwan	119
Access Points with IEEE 802.11a Radios	119
Chinese Translation	119
English Translation	119
All Access Points	120
Chinese Translation	120
English Translation	120
Operation of Cisco Aironet Access Points in Brazil	121
Access Point Model	121
Regulatory Information	121
Portuguese Translation	121
English Translation	121
Declaration of Conformity Statements	122
Declaration of Conformity Statements for European Union Countries	122
Access Point Specifications	131
Channels and Antenna Settings	137
Channels	138
IEEE 802.11b (2.4-GHz Band)	138
IEEE 802.11g (2.4-GHz Band)	139
IEEE 802.11a (5-GHz Band)	140
Maximum Power Levels and Antenna Gains	142
IEEE 802.11b (2.4-GHz Band)	142
IEEE 802.11g (2.4-GHz Band)	143
IEEE 802.11a (5-GHz Band)	144
Console Cable Pinouts	149
Overview	150
Console Port Signals and Pinouts	150
Glossary	151

Match case Limit results 1 per page

3-11

Cisco Aironet 1200 Series Access Point Hardware Installation Guide

OL-4310-05

Chapter 3

Configuring the Access Point for the First Time

Configuring Basic Security Settings

Understanding Express Security Settings

When the access point configuration is at factory defaults, the first SSID that you create by using the

Express Security page overwrites the default SSID (tsunami), which has no security settings. The SSIDs

that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the

access point.

Note

In Cisco IOS Release 12.3(4)JA and later, there is no default SSID. You must configure an SSID before

client devices can associate to the access point.

Using VLANs

If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs

by using any of the four security settings on the Express Security page. However, if you do not use

VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because on

the Express Security page encryption settings and authentication types are linked. Without VLANs,

encryption settings (WEP and ciphers) apply to an interface, such as the radio, and you cannot use more

than one encryption setting on an interface. For example, when you create an SSID with static WEP with

VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use

different encryption settings. If you find that the security setting for an SSID conflicts with another

SSID, you can delete one or more SSIDs to eliminate the conflict.

If any VLANs are defined on the access point, the trunk port on the switch must be limited to allow only

the VLANs defined on the access point.

Express Security Types

Table 3-2

describes the four security types that you can assign to an SSID.

Table 3-2

Security Types on Express Security Setup Page

Security Type

Description

Security Features Enabled

No Security

This is the least secure option. You should

use this option only for SSIDs used in a

public space and assign it to a VLAN that

restricts access to your network.

None.

Static WEP Key

This option is more secure than no security.

However, static WEP keys are vulnerable to

attack. If you configure this setting, you

should consider limiting association to the

bridge based on MAC address (refer to the

Cisco IOS Software Configuration Guide

for Cisco Aironet Access Points)

Mandatory WEP. Client devices

cannot associate using this SSID

without a WEP key that matches

the bridge

’s

key.