Cisco M10-RM Software Guide
Cisco M10-RM Manual
 |
View all Cisco M10-RM manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco M10-RM manual content summary:
- Cisco M10-RM | Software Guide - Page 1
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC May 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text - Cisco M10-RM | Software Guide - Page 2
mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Copyright © 2010 Cisco Systems, Inc. All rights reserved. - Cisco M10-RM | Software Guide - Page 3
Obtaining Documentation, Obtaining Support, and Security Bridge 1-5 Central Unit in an All-Wireless Network 1-6 Using the Web-Browser Interface First Time 2-3 Using the Management Pages in the Web-Browser Interface 2-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points iii - Cisco M10-RM | Software Guide - Page 4
4-6 Connecting to the 1300 Series Access Point/Bridge Locally 4-7 Default Radio Settings 4-7 Assigning Basic Settings 4-8 Default Settings on the Express Setup Page 4-14 Configuring Basic Security Settings 4-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points iv OL-14209-01 - Cisco M10-RM | Software Guide - Page 5
Configuring RADIUS Authorization for User Privileged Access and Network Services 5-14 Displaying the RADIUS Configuration 5-15 Controlling Access Point Access with TACACS+ 5-15 Default TACACS+ Configuration 5-15 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points v - Cisco M10-RM | Software Guide - Page 6
System Name and Prompt Configuration 5-32 Configuring a System Name 5-32 Understanding DNS 5-33 Default DNS Configuration 5-33 Setting Up DNS 5-34 Displaying the DNS Configuration 5-35 Creating a Banner 5-35 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points vi OL-14209-01 - Cisco M10-RM | Software Guide - Page 7
Selection 6-19 Setting the 802.11n Guard Interval 6-20 Configuring Location-Based Services 6-21 Understanding Location-Based Services 6-21 Configuring LBS on Access Points 6-21 Enabling and Disabling World Mode 6-22 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 8
6-34 Viewing Wireless Client Reports 6-37 Viewing Voice Fault Summary 6-38 Configuring Voice QoS Settings 6-38 Configuring Voice Fault Settings 6-39 Configuring Multiple SSIDs 7-1 Understanding Multiple SSIDs 7-2 Effect of Software Versions on SSIDs 7-2 Configuring Multiple SSIDs 7-4 Default SSID - Cisco M10-RM | Software Guide - Page 9
Including an SSID in an SSIDL IE 7-13 NAC Support for MBSSID 7-13 Configuring NAC for MBSSID 7-16 Configuring Configuring STP Features 8-8 Default STP Configuration 8-8 Configuring STP Settings 8-9 STP Configuration Examples 8- 14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 10
Configuring Additional WPA Settings 11-14 Configuring MAC Authentication Caching 11-15 Configuring Authentication Holdoffs, Timeouts, and Intervals 11-16 Creating and Applying EAP Method Profiles for the 802.1X Supplicant 11-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 11
Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services 12-1 Understanding WDS 12-2 Role of Example 12-15 Configuring the Authentication Server to Support WDS 12-15 Configuring WDS Only Mode 12-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xi - Cisco M10-RM | Software Guide - Page 12
for User Privileged Access and Network Services 13-11 Configuring Packet of Disconnect 13 Default TACACS+ Configuration 13-25 Identifying the TACACS+ Server Host and Setting the Authentication Key 13-25 Configuring TACACS+ Login Authentication 13-26 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 13
15-10 WiFi Multimedia (WMM) 15-10 Adjusting Radio Access Categories 15-10 Configuring Nominal Rates 15-12 Optimized Voice Settings 15-12 Configuring Call Admission Control 15-12 QoS Configuration Examples 15-14 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xiii - Cisco M10-RM | Software Guide - Page 14
SNMP Agent Functions 18-4 SNMP Community Strings 18-4 Using SNMP to Access MIB Variables 18-4 Configuring SNMP 18-5 Default SNMP Configuration 18-5 Enabling the SNMP Agent 18-5 Configuring Community Strings 18-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xiv OL-14209-01 - Cisco M10-RM | Software Guide - Page 15
Default Configuration 19-4 Guidelines for Repeaters 19-4 Setting Up a Repeater 19-5 Aligning Antennas 19-6 Verifying Repeater Operation 19-6 Setting Up a Repeater As a LEAP Client 19-7 Setting Configuration 19-20 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xv - Cisco M10-RM | Software Guide - Page 16
Available File Systems 20-2 Setting the Default File System 20-3 Displaying Cisco.com 20-19 Copying Image Files by Using TFTP 20-19 Preparing to Download or Upload an Image File by Using TFTP 20-19 Downloading an Image File by Using TFTP 20-20 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 17
Table and to SNMP 21-8 Setting a Logging Rate Limit 21-9 Configuring UNIX Syslog Servers 21-10 Logging Messages to a UNIX Syslog Daemon 21-10 Configuring the UNIX System Logging Facility 21-10 Displaying the Logging Configuration 21-12 Wireless Device Troubleshooting 22-1 Checking the Top Panel - Cisco M10-RM | Software Guide - Page 18
Power Condition 22-17 Checking Basic Settings 22-18 SSID 22-18 WEP Keys 22-18 Security Settings 22-18 Resetting to the Default Configuration 22-19 Using the MODE Cisco Discovery Protocol Messages C-25 External Radius Server Error Messages C-26 xviii Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 19
GLOSSARY INDEX LWAPP Error Messages C-26 Sensor Messages C-27 SNMP Error Messages C-28 SSH Error Messages C-29 Contents OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xix - Cisco M10-RM | Software Guide - Page 20
Contents Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xx OL-14209-01 - Cisco M10-RM | Software Guide - Page 21
about the standard Cisco IOS software commands, refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support > Documentation. On the Cisco Support Documentation home page, select Release 12.4 from the Cisco IOS Software drop-down list. Select wireless in the - Cisco M10-RM | Software Guide - Page 22
pages. Organization This guide is organized into these chapters: Chapter 1, "Overview," lists the software , CKIP, and broadcast key rotation. Chapter 11, Management, and Wireless Intrusion Detection Services," describes how set up on your wired LAN. Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 23
, and timesavers use these conventions and symbols: Tip Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xxi - Cisco M10-RM | Software Guide - Page 24
Notes contain helpful suggestions or references to materials not contained in this manual. Caution Means reader be careful. In this situation, you might do Warnings" (Traduzione delle avvertenze di sicurezza). Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xxii OL-14209-01 - Cisco M10-RM | Software Guide - Page 25
)JA • Release Notes for Cisco Aironet 1100 and 1200 Series Access Points for Cisco IOS Release 12.3(8)JEC • Cisco 1800 Series Routers Hardware Installation Guide • Cisco AP HWIC Wireless Configuration Guide OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xxiii - Cisco M10-RM | Software Guide - Page 26
Obtaining Documentation, Obtaining Support, and Security Guidelines • Cisco Router and Security Device Manager (SDM) Quick Start Guide Related documents from the Cisco TAC Web pages include: • Antenna Cabling Preface Obtaining Documentation, Obtaining Support, and Security Guidelines For - Cisco M10-RM | Software Guide - Page 27
based on Cisco IOS software, Cisco Aironet access pointwireless devices are Wi-Fi certified, 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, and pre-802.11n-compliant wireless LAN transceivers. Note The 802.11n standard has not been ratified. Therefore, references to 802.11n throughout this - Cisco M10-RM | Software Guide - Page 28
Table 1-1 New Cisco IOS Software Features for Cisco IOS Release 12.4(10b)JA Feature Cisco Aironet 1100 Series Access Points J52 to W52 migration on the RM20 radio x for Japan. Support for Cisco Aironet 1250 Series - Access Points Support for the Cisco 1250 802.11n radio - Cisco Aironet 1240 - Cisco M10-RM | Software Guide - Page 29
of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN. OL-14209-01 Cisco IOS Software Configuration Guide for - Cisco M10-RM | Software Guide - Page 30
on page 19-3 for instructions on setting up an access point as a repeater. Note Non-Cisco client devices might have difficulty communicating with repeater access points. Figure 1-2 Access Point as Repeater Access point Repeater 135444 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 31
the "Configuring the Role in Radio Network" section on page 6-2 for instructions on setting up an access point as a bridge. When wirless need to provide wireless connectivity for a group of network printers, OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 32
on page 19-13 and the "Configuring Workgroup Bridge Mode" section on page 19- range of wireless users. Figure 1-6 shows an access point in an all-wireless network. Figure 1-6 Access Point as Central Unit in All-Wireless Network Access point 135443 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 33
The wireless device web-browser interface is fully compatible with Microsoft Internet Explorer version 5.56.0 on Windows 98, 2000, and XP platforms, and with Netscape version 7.17.0 on Windows 98, 2000, XP, and Solaris platforms. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 34
device using the CLI, the web-browser interface might display an inaccurate interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless device is misconfigured. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-2 OL-14209-01 - Cisco M10-RM | Software Guide - Page 35
any changes you made on the page and keeps you on that page. Changes are only applied when you click Apply. Figure 2-1 shows the web-browser interface home page. Figure 2-1 Web-Browser Interface Home Page OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-3 - Cisco M10-RM | Software Guide - Page 36
and links to configuration pages for Telnet/SSH, CDP, domain name server, filters, QoS, SNMP, SNTP, and VLANs. Displays a summary of wireless services used with CCKM and provides links to WDS configuration pages. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-4 OL - Cisco M10-RM | Software Guide - Page 37
Secure Browsing Table 2-1 Common Buttons on Management Pages (continued) Button/Link Description System Software Displays the version number of the firmware that the wireless device is running and provides links to configuration pages for upgrading and managing firmware. Event Log Displays - Cisco M10-RM | Software Guide - Page 38
the Express Setup page. Figure 2-2 Express Setup Page Step 3 Enter a name for the access point in the System Name field and click Apply. Step 4 Browse to the Services - DNS page. Figure 2-3 shows the Services - DNS page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 39
Enter the FQDN on your DNS server. Tip If you do not have a DNS server, you can register the access point's FQDN with a dynamic DNS service. Search the Internet for dynamic DNS to find a fee-based DNS service. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-7 - Cisco M10-RM | Software Guide - Page 40
Step 10 Browse to the Services: HTTP Web Server page. Figure 2-4 shows the HTTP Web Server page: Figure 2-4 Services: HTTP Web Server Page Step 11 Select the Enable ://ip-address to https://ip-address. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-8 OL-14209-01 - Cisco M10-RM | Software Guide - Page 41
Click View Certificate to accept the certificate before proceeding. (To proceed without accepting the certificate, click Yes, and skip to Step 24 in these instructions.) Figure 2-7 shows the Certificate window. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-9 - Cisco M10-RM | Software Guide - Page 42
Interface Step 16 On the Certificate window, click Install Certificate. The Microsoft Windows Certificate Import Wizard appears. Figure 2-8 shows the Certificate Import Wizard window. 2-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 43
Certificate Storage Area Window Step 18 Click Next to accept the default storage area. A window appears that states that you successfully imported the certificate. Figure 2-10 shows the completion window. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-11 - Cisco M10-RM | Software Guide - Page 44
2-11 Certificate Security Warning Step 20 Click Yes. Windows displays another window stating that the installation is successful. Figure 2-12 shows the completion window. 2-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 45
Services: HTTP Web Server page. Uncheck the Enable Secure (HTTPS) Browsing check box to disable HTTPS. Click Delete Certificate to delete the certificate. Re-enable HTTPS. The access point generates a new certificate using the new FQDN. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 46
adds the help version and model number to the help root URL. If you unzip the help files on your network file server at //myserver/myhelp, your Default Help Root URL looks like this: http://myserver/myhelp 2-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209 - Cisco M10-RM | Software Guide - Page 47
Unzipped at This Location Default Help Root URL // Services: HTTP-Web Server page and click Apply. To re-enable the web-browser interface, enter this global configuration command on the access point CLI: ap(config)# ip http server OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 48
Disabling the Web-Browser Interface Chapter 2 Using the Web-Browser Interface 2-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 49
and default Forms of Commands, page 3-4 • Understanding CLI Messages, page 3-4 • Using Command History, page 3-4 • Using Editing Features, page 3-6 • Searching and Filtering Output of show and more Commands, page 3-8 • Accessing the CLI, page 3-9 OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 50
when the wireless device reboots. To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to end. 802.11n 2.4-GHz radio is radio 0, The 5-GHz radio and the 802.11n 5-GHz radio radio 1. Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 51
Commands You have to enter only enough characters for the wireless device to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command: ap# show conf OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-3 - Cisco M10-RM | Software Guide - Page 52
command history feature to suit your needs as described in these sections: • Changing the Command History Buffer Size, page 3-5 • Recalling Commands, page 3-5 • Disabling the Command History Feature, page 3-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-4 OL-14209-01 - Cisco M10-RM | Software Guide - Page 53
By default, the wireless device records ten command lines in its history buffer. Beginning in privileged EXEC mode, enter this command to change the number of command lines that the wireless device records during the current terminal session: ap# terminal history [size number-of-lines] The range is - Cisco M10-RM | Software Guide - Page 54
left arrow key Ctrl-F or the right arrow key Ctrl-A Ctrl-E Esc B Esc F Ctrl-T Recall commands from the buffer and paste them in the command line. The wireless device provides cycle to the first buffer entry. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 55
or lowercase words or capitalize a set of letters. Esc C Esc L key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line. Note The arrow keys function only on ANSI-compatible terminals such as VT100s. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 56
the complete syntax before pressing the Return key to execute the command. The dollar terminal width privileged EXEC command to set the width of your terminal. Use Keystrokes" section on page 3-6. Searching and Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-8 OL-14209-01 - Cisco M10-RM | Software Guide - Page 57
. SSH versions 1 and 2 are supported in this release. See the "Configuring the Access Point for Secure Shell" section on page 5-25 for detailed instructions on setting up the wireless device for SSH access. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-9 - Cisco M10-RM | Software Guide - Page 58
Accessing the CLI Chapter 3 Using the Command-Line Interface 3-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 59
Using the CLI, page 4-28 • Using a Telnet Session to Access the CLI, page 4-28 • Configuring the 802.1X Supplicant, page 4-29 Note In this release, the access point radio interfaces are disabled by default. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-1 - Cisco M10-RM | Software Guide - Page 60
your username in the User Name field. The default username is Cisco. Enter the wireless device password in the Password field and press Enter. The default password is Cisco. The Summary Status page appears. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-2 OL-14209-01 - Cisco M10-RM | Software Guide - Page 61
configured with the factory default values including the IP address (set to receive an IP address using DHCP). To obtain the access point/bridge's new IP address, you can use the show interface bvi1 CLI command. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-3 - Cisco M10-RM | Software Guide - Page 62
wireless device's Express Setup page, you must either obtain or assign the wireless series access point with a default configuration to your LAN, the it as a bridge, you must manually place it in install mode in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-4 OL-14209-01 - Cisco M10-RM | Software Guide - Page 63
After the wireless link is Settings" section on page 4-8. If you make a mistake and need to start over, follow the steps in the "Resetting the Device to Default Settings" section on page instructions for detailed instructions. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 64
, then takes you to the privileged exec mode. The default password is Cisco and is case-sensitive. Note When your configuration changes are completed, you must remove the serial cable from the access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 65
's wireless network through an access point having a default SSID and no security settings. You must create an SSID before you can enable the access point radio interfaces. See Chapter 6, "Configuring Radio Settings" for additional information. OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 66
-sensitive password Cisco and press Enter. The Summary Status page appears. A typical Summary Status page is shown in Figure 4-1. Your page may differ depending on the access point model you are using. Figure 4-1 Summary Status Page Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 67
Figure 4-3 shows the Express Setup page for the 1100 series access points. Your pages may differ depending on the access point model you are using. Figure 4-2 Express Setup Page for 1100 Series Access Points OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-9 - Cisco M10-RM | Software Guide - Page 68
1130, 1200, and 1240 Series Access Points Note Figure 4-3 shows the Express Setup page for an 1130 series access point. The 1200 series is similar, but does not support the universal workgroup bridge role. 4-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 69
Chapter 4 Configuring the Access Point for the First Time Assigning Basic Settings Figure 4-4 Express Setup Page for the 1250 Series Access Point OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-11 - Cisco M10-RM | Software Guide - Page 70
method of IP address assignment. - DHCP-IP addresses are automatically assigned by your network's DHCP server. - Static IP-The wireless device uses a static IP address that you enter in the IP address field. 4-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 71
over the wired LAN, you lose your connection to the wireless device. If you lose your connection, reconnect to the wireless device using its new IP address. Follow the steps in the "Resetting the Device to Default Settings" section on page 4-2 if you need to start over. • IP Subnet Mask-Enter - Cisco M10-RM | Software Guide - Page 72
range but might reduce throughput. - Default-Sets the default values for the access point. - Custom-The wireless device uses the settings you enter on the Network Interfaces. Clicking Custom takes you to the Network Interfaces: Radio-802.11b Settings page. Radio-802.11b Settings page. Radio-802.11n - Cisco M10-RM | Software Guide - Page 73
by DHCP by default; if DHCP is disabled, the default setting is 255.255.255.224 Assigned by DHCP by default; if DHCP is disabled, the default setting is 0.0.0.0 defaultCommunity (Read-only) Access point Throughput Enable OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 74
Setup page to assign basic settings, you can use the Express Security page to create unique SSIDs and assign one of four security types to them. Figure 4-6 shows a typical Express Security page. Figure 4-6 Express Security Page 4-16 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 75
Configuring Basic Security Settings The Express Security page helps you configure basic security settings. You can use the web-browser interface's main Security pages to configure more advanced security settings. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 76
WPA authentication because they use different encryption settings. If you find that the security setting for an SSID conflicts with another SSID, you can delete one or more SSIDs to eliminate the conflict. 4-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 77
setting, you should consider limiting association to the wireless device based on MAC address (see the "Using MAC Address ACLs to Block or Allow Client Association to the Access Point" on page key that matches the wireless device's key. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 78
802.1X/EAP based products) This setting uses mandatory encryption, WEP, open authentication + EAP, network EAP authentication, no key management, RADIUS server authentication port 1645. Mandatory 802 . 4-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 79
your wireless LAN, the security options that you can assign to multiple SSIDs are limited. See the "Using VLANs" section on page 4-18 for details. Step 6 Click Apply. The SSID appears in the SSID table at the bottom of the page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 80
1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled 4-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 81
Settings Example: Static WEP This example shows part of the configuration that results from using the Express Security page encryption vlan 20 key 3 size 128bit 7 741F07447BA1D4382450CB68F37A transmit-key encryption vlan 20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-23 - Cisco M10-RM | Software Guide - Page 82
Basic Security Settings Chapter part of the configuration that results from using the Express Security page to create an SSID called eap_ssid, excluding the SSID from the rts threshold 2312 station-role root 4-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 83
page to create an SSID called wpa_ssid, excluding the SSID from the beacon, and assigning the SSID to VLAN 40: ssid wpa_ssid vlan 40 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa ! OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 84
Basic Security Settings Chapter 4 Configuring the Access Point for the First Time aaa new-model ! ! local aaa authorization exec default local aaa authorization ipmobile default group rad_pmip aaa accounting 26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 85
group 40 spanning-disabled Configuring System Power Settings for 1130 and 1240 Series Access Points support the IEEE 802.3af power negotiation standard, select Pre-Standard Compatibility on the System Software: System Configuration page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 86
or 1240 access point, select Power Injector on the System Software: System Configuration page and enter the MAC address of the switch port to Cisco Aironet radios that support these levels. Assigning an IP Address Using the CLI When you connect the wireless device to the wired LAN, the wireless - Cisco M10-RM | Software Guide - Page 87
followed by the wireless device's IP address. Step 3 In the Host Name field, type the wireless device's IP address and click Connect. Configuring the 802.1X Supplicant Enter the authentication user id. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-29 - Cisco M10-RM | Software Guide - Page 88
followed by the clear text password, or omit the 0 and enter the clear text password. (Optional and only used for EAP-TLS)-Enter the default pki-trustpoint. Return to the created credentials profile. 4-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 89
Password:xxxxxxx repeater-ap#config terminal Enter configuration commands, one per line. End with CTRL-Z. repeater-ap(config-if)#dot11 ssid testap1 repeater-ap(config-ssid)#dot1x credentials test repeater-ap(config-ssid)#end repeater-ap(config) OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 90
can optionally configure an EAP method list to enable the supplicant to recognize a particular EAP method. See "Creating and Applying EAP Method Profiles for the 802.1X Supplicant" on page 11-17. 4-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 91
• Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode, page 5-37 • Migrating to Japan W52 Domain, page 5-37 • Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging, page 5-39 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 92
:/config.txt Private Config file: flash:/private-config Enable Break: no Manual boot:no Mode button:on Enable IOS break: no HELPER path-list password is known, you can restore the mode button to normal operation using the boot mode-button command. Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 93
, page 5-4 • Setting or Changing a Static Enable Password, page 5-4 • Protecting Enable and Enable Secret Passwords with Encryption, page 5-6 • Configuring Username and Password Pairs, page 5-7 • Configuring Multiple Privilege Levels, page 5-8 OL-14209-01 Cisco IOS Software Configuration Guide for - Cisco M10-RM | Software Guide - Page 94
. The default password is Cisco. For password, specify a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. It can contain the question mark (?) character if you precede the question mark with the key - Cisco M10-RM | Software Guide - Page 95
This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted and provides access to level 15 (traditional privileged EXEC mode access): AP(config)# enable password l1u2c3k4y5 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-5 - Cisco M10-RM | Software Guide - Page 96
from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. • (Optional) For encryption-type, only type 5, a Cisco proprietary encryption algorithm, is available. If you specify an - Cisco M10-RM | Software Guide - Page 97
. Enable local password checking at login time. Authentication is based on the username specified in Step 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 98
and you must have login local set to open a Telnet session to the wireless device. If you enter no username for the only username, you can be locked out of the wireless device. Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of password security: user EXEC and - Cisco M10-RM | Software Guide - Page 99
to the wireless device using Remote Authentication Dial-In User Service (RADIUS). For complete instructions on configuring the wireless device to support RADIUS, see Chapter 13, "Configuring RADIUS and TACACS+ Servers." OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 100
Services, page 5-14 (optional) • Displaying the RADIUS Configuration, page 5-15 Default RADIUS Configuration RADIUS and AAA are disabled by default aaa new-model Purpose Enter global configuration mode. Enable AAA. 5-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 101
the username password global configuration Host" section on page 13-4. Enter line or set of lines. • If you specify default, use the default default value, use the no login authentication {default | list-name} line configuration command. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 102
Groups You can configure the wireless device to use AAA server port number), allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. If model Purpose Enter global configuration mode. Enable AAA. 5-12 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 103
port number is different. The wireless device software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key Login Authentication" section on page 13-7. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-13 - Cisco M10-RM | Software Guide - Page 104
service requests. Configure the wireless device for user RADIUS authorization to determine if the user has privileged EXEC access. The exec keyword might return user profile information (such as autocommand information). Return to privileged EXEC mode. 5-14 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 105
to the Cisco IOS Security Command Reference for Release 12.3. These sections describe TACACS+ configuration: • Default TACACS+ Configuration, page 5-15 • Configuring TACACS+ Login Authentication, page 5-15 • Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, page 5-17 - Cisco M10-RM | Software Guide - Page 106
model aaa authentication login {default | list-name} method1 [method2...] Step 4 Step 5 line [console | tty | vty] line-number [ending-line-number] login authentication {default the username password global Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 107
no login authentication {default | list-name} line configuration command. Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services available to a user. When AAA authorization is enabled, the wireless device uses information retrieved - Cisco M10-RM | Software Guide - Page 108
port speed and duplex settings. Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the wireless device Ethernet port. When the wireless device receives inline power from a switch, any change in the speed or duplex settings that resets the Ethernet link - Cisco M10-RM | Software Guide - Page 109
authenticator for 802.1x-enabled client devices to provide a backup for your main server or to provide authentication service on a network without a RADIUS server. See Chapter 9, "Configuring an Access Point as a Local Authenticator," for detailed instructions on configuring the wireless device as - Cisco M10-RM | Software Guide - Page 110
version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ap ! ! username Cisco password 7 123A0C041104 username admin privilege 15 password 7 01030717481C091D25 ip subnet-zero ! ! aaa new-model ! ! aaa group server - Cisco M10-RM | Software Guide - Page 111
group rad_eap aaa authentication login mac_methods local aaa authorization exec default local cache tac_admin group tac_admin aaa accounting network acct_methods start address 192.168.133.207 255.255.255.0 no ip route-cache Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-21 - Cisco M10-RM | Software Guide - Page 112
Access Point to Provide DHCP Service These sections describe how to configure the wireless device to act as a DHCP server: • Setting up the DHCP Server, page 5-22 • Monitoring and Maintaining the DHCP Server Access Point, page 5-24 Setting up the DHCP Server By default, access points are configured - Cisco M10-RM | Software Guide - Page 113
"Configuring DHCP" chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfdhcp.htm Beginning in privileged EXEC mode, follow these steps to configure an access point to provide DHCP service and specify a default router: Step 1 Step 2 Step 3 Step 4 Step - Cisco M10-RM | Software Guide - Page 114
Provide DHCP Service Chapter 5 Administering the Access PointWireless Device Access Use the no form of these commands to return to default settings. This example shows how to configure the wireless device as a DHCP server, exclude a range of IP address, and assign a default router: AP# configure - Cisco M10-RM | Software Guide - Page 115
2 or a Layer 3 device. There are two versions of SSH: SSH version 1 and SSH version 2. This software release supports both SSH versions. If you do not specify the version number, the access point defaults to version 2. SSH provides more security for remote connections than Telnet by providing strong - Cisco M10-RM | Software Guide - Page 116
out its radio port any ARP requests addressed to unknown clients. When the wireless device learns the IP addresses for all associated clients, it drops ARP requests not directed to its associated clients. 5-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 117
be used to provide time services to other systems. SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-27 - Cisco M10-RM | Software Guide - Page 118
is disabled by default. To enable [version number] sntp page 5-30 Setting the System Clock If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. 5-28 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 119
to be accurate). If the system clock has been set by a timing source such as NTP, the flag is set. If the time is not authoritative, it is used EXEC mode, follow these steps to manually configure the time zone: OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-29 - Cisco M10-RM | Software Guide - Page 120
) For hh:mm, specify the time (24-hour format) in hours and minutes. • (Optional) For offset, specify the number of minutes to add during summer time. The default is 60. end Return to privileged EXEC mode. 5-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 121
the number of minutes to add during summer time. The default is set summer time to start on October 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: AP(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 122
DNS, page 5-33 Default System Name and Prompt Configuration The default access point system name and prompt is ap. Configuring a System Name Beginning in privileged EXEC mode, follow these steps to manually configure a system name: 5-32 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 123
configuration information: • Default DNS Configuration, page 5-33 • Setting Up DNS, page 5-34 • Displaying the DNS Configuration, page 5-35 Default DNS Configuration Table 5-5 shows the default DNS configuration. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 124
If you use the wireless device IP address set by the ip domain-name global configuration command. If there is a period (.) in the host name, Cisco IOS software looks up the IP address without appending any default domain name to the host name. 5-34 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 125
37 Default Banner Configuration The MOTD and login banners are not configured. Configuring a Message-of-the-Day Login Banner You can create a single or multiline message banner that appears on the screen when someone logs into the wireless device. OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 126
a pound sign (#), and press the Return key. The delimiting character signifies the beginning and end shows how to configure a MOTD banner for the wireless device using the pound sign (#) symbol as the support. User Access Verification Password: 5-36 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 127
the J52 to W52 domains. The utility operates on the 1130, 1200 (with RM20, RM21, and RM22A radios), and 1240 access points. Migration is not supported on access points that do not ship with 802.11a radios. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-37 - Cisco M10-RM | Software Guide - Page 128
domain when the radio hardware is reset. The hardware reset reloads the firmware and flashes the Password: ap#config terminal ap(config)interface dot11radio0 ap(config-if)#dot11 migrate j52 w52 Migrate APs with 802 38 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 129
Software version 5.95.7 Serial number: ALP0916W015 Number of supported simultaneous BSSID on Dot11Radio1: 8 Carrier Set : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Best Range Rates: basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-39 - Cisco M10-RM | Software Guide - Page 130
any option is supported by this release. CLI Command Use the bridge non-root client vlan command to add the 802.11Q tag to all incoming Ethernet packets. This command can only be applied to non-root bridges. 5-40 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 131
the Fragmentation Threshold, page 6-32 • Enabling Short Slot Time for 802.11g Radios, page 6-33 • Performing a Carrier Busy Test, page 6-33 • Configuring VoIP Packet Handling, page 6-33 • Viewing VoWLAN Metrics, page 6-34 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 132
bridge with wireless clients Workgroup bridge AP1100 X X X X - - - - X AP1130 X X X X - - - - X AP1200 X X X X X X X X X AP1240 X X AP1250 X X 1300AP/ BR X X X X X X X X X X X X X X X X X X X X X X X Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 133
Enter global configuration mode. Enter interface configuration mode for the radio interface: 2.4-GHz radio and the 802.11n 2.4-Ghz radio is interface 0. 5-GHz radio and the 802.11n 5-GHz radio is interface 1. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-3 - Cisco M10-RM | Software Guide - Page 134
wireless device can either shut down its radio port or become a repeater access point associated to any nearby root access point. end Return to privileged EXEC mode. copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 135
Settings Configuring Dual-Radio Fallback Note When you enable the role in the radio network as a Bridge/workgroup bridge and enable the interface using the no shut command, the physical status and the software support page Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-5 - Cisco M10-RM | Software Guide - Page 136
Chapter 6 Configuring Radio Settings Note This feature is supported by the dual- the Role in Radio Network" section on page 6-2. Note Fast Ethernet tracking does not support the Repeater mode. • To configure the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 137
54 Mbps service only, set the 54-Mbps rate to Basic and set the other data rates to Disabled. You can configure the wireless device to set the data rates automatically to optimize either the range or the throughput. When you enter range for the data rate setting, the wireless device sets the 1 Mbps - Cisco M10-RM | Software Guide - Page 138
users will be passing, service level desired, and as always, the quality of the RF environment.When you enter throughput for the data rate setting, the wireless device sets all four data rates to basic. Note When a wireless network has a mixed environment of 802.11b clients and 802.11g clients, make - Cisco M10-RM | Software Guide - Page 139
both 802.11b and 802.11g client devices to associate to the wireless device's 802.11g radio. On the 5-GHz radio, the default option sets rates 6.0, 12.0, and 24.0 to basic, and rates 9.0, 18.0, 36.0, 48.0, and 54.0 to enabled. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 140
Purpose speed (contined) On the 802.11n 2.4-GHz radio, the default option sets rates 1.0, 2.0, 5.5, and 11.0 to enabled. On the 802.11n 5-GHz radio, the default option sets rates to 6.0, 12.0, and 24.0 to enabled. The default MCS rate setting for both 802.11n radios is 0-15. end Return - Cisco M10-RM | Software Guide - Page 141
setting for an 802.11n support links. Click Technical Support & Documentation. The Technical Support and Documentation page appears. In the Documentation & Tools section, choose Wireless. The Wireless Support Resources page appears. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 142
AIR-RM21A 5-GHz radio (in dBm): { -1 | 2 | 5 | 8 | 11 | 14 | 16 | 17 | 20 | maximum } These options are available for the 2.4-GHz 802.11n radio (in dBM): { -1 | 2 | 5 | 8 | 11 | 14 | 17 | 20| 23 | maximum } 6-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 143
{ 0 | 1slot/port Enter interface configuration mode for the radio interface. } The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. The 2.4-GHz 802.11n radio is 0, and the 5-GHz 802.11n radio is 1. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-13 - Cisco M10-RM | Software Guide - Page 144
point. The channel settings on the wireless device correspond to the frequencies available in your regulatory domain. See the access point's hardware installation guide for the frequencies allowed in your domain. 6-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL - Cisco M10-RM | Software Guide - Page 145
the Channels and Maximium Power Settings for Cisco Aironet Autonomous Access Points and Bridges. This document is available on cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6521/tsd_products_support_install_and_upgrade.html 802.11n Channel Widths 802.11n allows both 20-MHz - Cisco M10-RM | Software Guide - Page 146
for the radio interface. The 2.4-GHz radioand the 802.11n 2.4-GHz is radio 0. The 5-GHz radio and the 802.11n 5-GHz is radio 1. channel {frequency | least-congested | width [20 | 40-above | 40-below] | dfs } Set the default channel for the wireless device radio. Table 6-4 shows the channels and - Cisco M10-RM | Software Guide - Page 147
Settings Configuring Radio Channel Settings WDS device. Note You cannot manually select a channel for DFS-enabled 802.11h channel switch announcement, indicating the channel number reset to 30 minutes when the channel initializes. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 148
The IEEE 802.11h protocol requires access points to include the country information element (IE) in beacons and probe responses. By default, however, the version 0.00, Software version 6.00.0 Serial number FOCO83114WK Number of supported simultaneous BSSID on Dot11Radio1: 8 Carrier Set: Americas ( - Cisco M10-RM | Software Guide - Page 149
mode. interface dot11radio1 dfs Enter the configuration interface for the 802.11a radio channel number | dfs |band } For number, enter one of the following channels: 36, 40, known as the UNII-3 band. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-19 - Cisco M10-RM | Software Guide - Page 150
0 The 802.11n 5-GHz radio is radio 1. Enter a guard interval. • any allows either the short (400ns) or long (800ns) guard interval. • long allows only the long (800ns) guard interval. Return to privileged EXEC mode. (Optional) Save your entries in the configuration file. 6-20 Cisco IOS Software - Cisco M10-RM | Software Guide - Page 151
LBS on multiple access points. LBS settings do not appear on the access point GUI in this release. Understanding Location-Based Services Cisco recommends that you configure a minimum of configuration mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-21 - Cisco M10-RM | Software Guide - Page 152
)# exit Enabling and Disabling World Mode You can configure the wireless device to support 802.11d world mode, Cisco legacy world mode, or world mode roaming. When you enable world mode, the wireless device adds channel carrier set information to its beacon. Client devices with world mode enabled - Cisco M10-RM | Software Guide - Page 153
for 802.11d world mode. Aironet extensions are enabled by default. end Cisco Aironet Wireless LAN Client Adapters support short preambles. Early models of Cisco Aironet's Wireless LAN Adapter (PC4800 and PC4800A) require long preambles. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 154
Short preambles are enabled by default. Use the preamble-short wireless device's left connector, you should use this setting for both receive and transmit. When you look at the wireless device's back panel, the left antenna is on the left. 6-24 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 155
radio 0 The 802.11n 5-GHz radio is radio 1. gain dB Specifies the resultant gain of the antenna attached to the device. Enter a value from -128 to 128 dB. If necessary, you can use a decimal in the value, such as 1.5. Note This setting does not affect the behavior of the wireless device; it only - Cisco M10-RM | Software Guide - Page 156
. Disabling and Enabling Aironet Extensions By default, the wireless device uses Cisco Aironet 802.11 extensions to detect the capabilities of Cisco Aironet client devices and to support features that require specific interaction between the wireless device and associated client devices. Aironet - Cisco M10-RM | Software Guide - Page 157
radio 1. The 802.11n 2.4-GHz radio is radio 0 The 802.11n 5-GHz radio 802.1h (dot1h, the default setting). end Return to privileged EXEC mode. copy running-config startup-config (Optional) Save your entries in the configuration file. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 158
setting limits reliable delivery of multicast messages to approximately 20 Cisco Aironet Workgroup Bridges that are associated to the wireless device. The default setting messages to workgroup bridges. 6-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 159
" section on page 6-30 for instructions on setting up protected ports. To enable and disable PSPF using CLI commands on the wireless device, you use bridge groups. You can find a detailed explanation of bridge groups and instructions for implementing them in this document: • Cisco IOS Bridging and - Cisco M10-RM | Software Guide - Page 160
the radio interface. } The 2.4-GHz radio and the 802.11n 2.4-GHz radio is 0. The 5-GHz radio and the 802.11n 5-GHz radio is 1. beacon period value Set the beacon period. Enter a value in Kilomicroseconds. 6-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 161
the wireless device and not each other. You can enter a setting ranging from 0 to 23472347 bytes. Maximum RTS retries is the maximum number of times the wireless command to reset the RTS settings to defaults. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-31 - Cisco M10-RM | Software Guide - Page 162
the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. packet retries value Set the maximum data retries. Enter a setting from 1 to of the command to reset the setting to defaults. 6-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 163
corresponding field. The default value for maximum retries is 3 for the Low Latency setting (Figure 6-3). This value indicates how many times the access point will try to retrieve a lost packet before discarding it. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 164
point groups and for individual access points. To view voice reports, follow these steps: Step 1 Step 2 Log in to a WLSE. Click the Reports tab. 6-34 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 165
Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Step 3 Step 4 Step 5 Click Voice. From the Report Name drop-down voice streams, choose Rejected Voice Streams from the Report Name drop-down menu. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-35 - Cisco M10-RM | Software Guide - Page 166
graph. Figure 6-5 % of Packets > 40 ms Queuing Delay Chapter 6 Configuring Radio Settings Figure 6-6 is an example of a graph showing voice streaming in progress. Figure 6-6 Voice Streaming Progress 6-36 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 167
Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Viewing Wireless Client Reports In addition to viewing voice reports as shown in the example in Figure 6-7. Figure 6-7 Wireless Client Metrics OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-37 - Cisco M10-RM | Software Guide - Page 168
number of faults detected as shown in the example in Figure 6-8. Figure 6-8 Voice Fault Summary Configuring Voice QoS Settings You can use WLSE's Faults > Voice QoS Settings voice faults, follow these steps: 6-38 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 169
WLSE. Click the Faults tab. Click Voice QoS Settings. To change a setting, choose a new value from the corresponding drop-down menu. For example, to set the QoS indicator for Upstream Delay parameter so that OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-39 - Cisco M10-RM | Software Guide - Page 170
Viewing VoWLAN Metrics Figure 6-10 Fault Settings Chapter 6 Configuring Radio Settings 6-40 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 171
• Configuring Multiple SSIDs, page 7-4 • Configuring Multiple Basic SSIDs, page 7-8 • Assigning IP Redirection for an SSID, page 7-11 • Including an SSID in an SSIDL IE, page 7-13 • NAC Support for MBSSID, page 7-13 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 172
methods supported in Cisco IOS Releases. Table 7-1 SSID Configuration Methods Supported in Cisco IOS Releases Cisco IOS Release 12.2(15)JA 12.3(2)JA Supported SSID Configuration Method Interface-level only Both interface-level and global Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 173
global; all SSIDs saved in global mode post-12.3(4)JA Global only Cisco IOS Release 12.3(10b)JA supports configuration of SSID parameters at the interface level on the CLI, but WEP128 on interface dot11 1. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-3 - Cisco M10-RM | Software Guide - Page 174
to a specific radio interface. Follow the instructions in the "Creating an SSID Globally" section on page 7-4 to configure SSIDs globally. Default SSID Configuration In Cisco IOS Release 12.3(7)JA there is no default SSID. Creating an SSID Globally In Cisco IOS Releases 12.3(2)JA and later, you - Cisco M10-RM | Software Guide - Page 175
802.11n radio is 1. Step 9 ssid ssid-string Assign the global SSID that you created in Step 2 to the radio interface. Step 10 end Return to privileged EXEC mode. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file. OL-14209-01 Cisco IOS Software - Cisco M10-RM | Software Guide - Page 176
output from a show configuration privileged EXEC command does not show spaces in SSIDs: ssid buffalo vlan 77 authentication open ssid buffalo vlan 17 authentication open Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 177
-avpair= "ssid=batman" For instructions on configuring the access point to recognize and use VSAs, see the "Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication" section on page 13-17. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-7 - Cisco M10-RM | Software Guide - Page 178
802.11a, 802.11g, and 802.11n radios support up to 8 basic SSIDs (BSSIDs), which are similar to MAC addresses. You use multiple BSSIDs to assign a unique DTIM setting portion of the Global SSID Manager page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-8 OL-14209-01 - Cisco M10-RM | Software Guide - Page 179
Page key management, and accounting settings to the SSID in the Authentication Settings, Authenticated Key Management, and Accounting Settings sections of the page. BSSIDs support all the authentication types that are supported on SSIDs. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 180
-save clients that use this SSID, select the Set Data Beacon Rate (DTIM) check box and enter because clients wake up more often. The default beacon rate is 2, which means that interfaces that support multiple BSSIDs. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 181
Reset packet's destination address to IP-redirect address Increment IP-redirect forward packet counter Forward packet Port number in packet match port permit Y number? N Increment IPredirect drop packet counter Drop packet 121298 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 182
GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio packets that do not match the settings defined in the ACL. The in interface. Note ACL logging is not supported on the bridging interfaces of access Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 183
5-GHz radio and the 5-GHz 802.11n radio is 1. Enter configuration mode for a specific SSID. Include an SSIDL IE in the access point beacon that advertises the access point's extended capabilities, such as 802.1x and support for Microsoft Wireless Provisioning Services (WPS). Use the advertisement - Cisco M10-RM | Software Guide - Page 184
NAC Support for MBSSID Chapter 7 Configuring Multiple SSIDs NAC is designed specifically to help ensure that all wired and wireless endpoint devices (such as PCs, infected and uninfected clients do not mix. 7-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 185
Multiple SSIDs NAC Support for MBSSID A new keyword, backup, is added to the existing vlan | under dot11 ssid as described below: vlan | [backup |, |, | OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 186
This feature supports only Layer 2 mobility within VLANs. Layer 3 mobility using network ID is not supported in Wireless laptops For additional information, see the documentation for deploying NAC for Cisco wireless Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 187
-disabled ! interface FastEthernet0.102 encapsulation dot1Q 102 no ip route-cache bridge-group 102 no bridge-group 102 source-learning bridge-group 102 spanning-disabled ! Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-17 - Cisco M10-RM | Software Guide - Page 188
NAC Support for MBSSID Chapter 7 Configuring Multiple SSIDs 7-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 189
, page 8-2 • Configuring STP Features, page 8-8 • Displaying Spanning-Tree Status, page 8- Cisco IOS Command Reference for Access Points and Bridges for this release. Note STP is available only when the access point is in bridge mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 190
wireless cost settings supports both per-VLAN spanning tree (PVST) and a single 802.1q spanning tree without VLANs. The access point cannot run 802.1s MST or 802.1d Common Spanning Tree, which maps multiple VLANs into a one-instance spanning tree. Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 191
and 1240 series access points. • The 350 series bridge supports only a single instance of STP in both non-VLAN information: • The unique access point ID of the wireless access point that the sending access point identifies as Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-3 - Cisco M10-RM | Software Guide - Page 192
is elected as the spanning-tree root. If all access points are configured with the default priority (32768), the access point with the lowest MAC address in the VLAN becomes designated port for each LAN segment. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-4 OL-14209-01 - Cisco M10-RM | Software Guide - Page 193
a wireless LAN. As a result, topology changes can take place at different times and at different places in the network. When an interface transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 194
, this process occurs: 1. The interface is in the listening state while spanning tree waits for protocol information to transition the interface to the blocking state. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 195
forward-delay timer to expire, it moves the interface to the learning state and resets the forward-delay timer. 3. In the learning state, the interface continues to block port • Learns addresses • Receives BPDUs OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-7 - Cisco M10-RM | Software Guide - Page 196
when you enable STP. Table 8-2 Default STP Values When STP is Enabled Setting Bridge priority Bridge max age Bridge hello time Bridge forward delay Ethernet port path cost Default Value 32768 20 2 15 19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-8 OL-14209-01 - Cisco M10-RM | Software Guide - Page 197
the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. The fast Ethernet interface is 0. Assign the interface to a bridge group. You can number your bridge in the configuration file. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-9 - Cisco M10-RM | Software Guide - Page 198
1.4.64.23 255.255.0.0 no ip route-cache ! ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip bridge 1 priority 9000 ! line con 0 exec-timeout 0 0 line vty 0 4 login line vty 5 15 login ! end 8-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 199
with VLANs configured with STP enabled: hostname master-bridge-hq ! ip subnet-zero ! ip ssh time-out 120 ip ssh authentication-retries 3 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-11 - Cisco M10-RM | Software Guide - Page 200
FastEthernet0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 ! interface BVI1 ip address 1.4.64.23 255.255.0.0 no ip route-cache ! ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip 8-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 201
3 no ip route-cache no cdp enable bridge-group 3 ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-13 - Cisco M10-RM | Software Guide - Page 202
section. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the Cisco Aironet IOS Command Reference for Cisco Aironet Access Points and Bridges for this release. 8-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 203
serve as a stand-alone authenticator for a small wireless LAN or to provide backup authentication service. As a local authenticator, the access point Authentication, page 9-2 • Configuring a Local Authenticator, page 9-2 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 204
Points to Use the Local Authenticator, page 9-6 • Configuring EAP-FAST Settings, page 9-7 • Unblocking Locked Usernames, page 9-9 • Viewing Local Authenticator Statistics, page 9-9 • Using Debug Messages, page 9-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-2 OL-14209 - Cisco M10-RM | Software Guide - Page 205
an access point that does not serve a large number of client devices. When the access point acts You complete four major steps when you set up a local authenticator: 1. On the model Purpose Enter global configuration mode. Enable AAA. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 206
must manually unblock the locked username. See the "Unblocking Locked Usernames" section on page 9-9 for instructions on unblocking client devices. Exit group configuration mode and return to authenticator configuration mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 207
This example shows how to set up a local authenticator used password snake100 group clerks AP(config-radsrv)# user nick password uptown group clerks AP(config-radsrv)# user 00095125d02b password 00095125d02b group clerks mac-auth-only OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 208
use the main servers for authentication. When setting a dead time, you must balance the need to skip dead servers with the need to check the WAN link and begin using the main servers again as soon as possible. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 209
://172.1.1.1/test/user.pac). The password is optional and, if not specified, a default password understood by the CCX client is used. Expiry is also optional and, if not specified, the default period is 1 day. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-7 - Cisco M10-RM | Software Guide - Page 210
hexadecimal digits. Enter 0 before the key to enter an unencrypted key. Enter 7 before the key to enter an encrypted key. Use the no form of the commands to reset the local authenticator to the default setting, which is to use a default value as a primary key. Possible PAC Failures Caused by Access - Cisco M10-RM | Software Guide - Page 211
are enabled by default, you enter the time is set to passwords : 0 Unknown RADIUS message : 0 Missing auth attribute : 0 Invalid state attribute: 0 Unknown EAP auth type : 0 Auto provision failure : 0 Invalid PAC received : 0 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 212
or invalid username or password • PAC refresh-the number of PACs renewed by clients • Invalid PAC received-the number of PACs received that to reset local authenticator statistics to zero: AP# clear radius local-server statistics 9-10 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 213
related to the local authenticator. • Use the packets option to turn on display of the content of RADIUS packets sent and received. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-11 - Cisco M10-RM | Software Guide - Page 214
Configuring a Local Authenticator Chapter 9 Configuring an Access Point as a Local Authenticator 9-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 215
Check (MIC), Temporal Key Integrity Protocol (TKIP), and broadcast key rotation. This chapter contains these sections: • Understanding Cipher Suites and WEP, page 10-2 • Configuring Cipher Suites and WEP, page 10-3 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 216
Aironet 1100, 1200, and 1300 series 802.11g radios support WPA2 with a Cisco IOS software upgrade to Release 12.3(2)JA or later. Note Cisco Aironet 1200 series radio modules having part numbers AIR-RM21A or AIR-RM22A support WPA2 or AES. Note Cisco 802.11n radios require that either no encryption or - Cisco M10-RM | Software Guide - Page 217
point needs to support client devices that use static WEP. If all the client devices that associate to the access point use key management (WPA, CCKM, or 802.1x authentication) you do not need to configure static WEP keys. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 218
VLAN 22 and sets the key as the transmit key: ap1200# configure terminal ap1200(config)# interface dot11radio 0 ap1200(config-if)# encryption vlan 22 key 3 size 128 12345678901234567890123456 transmit-key ap1200(config-if)# end 10-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 219
the transmit key, WEP key 1 on the other device must have the same contents. WEP key 4 on the other device is set, but because it is not selected as the transmit key, WEP key 4 on the access point does not need to be set at all. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 220
also use the encryption mode wep command to set up static WEP. However, you should use encryption mode key management. end Return to privileged EXEC mode. copy running-config startup-config (Optional) Save your entries in the configuration file. 10-6 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 221
access point when you enable broadcast key rotation. When you enable broadcast key rotation, only wireless client devices using 802.1x authentication (such as LEAP, EAP-TLS, or PEAP) can use the access point. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-7 - Cisco M10-RM | Software Guide - Page 222
rotation on VLAN 22 and sets the rotation interval to 300 seconds: ap1200# configure terminal ap1200(config)# interface dot11radio 0 ap1200(config-if)# broadcast-key vlan 22 change 300 ap1200(config-if)# end 10-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 223
. This chapter contains these sections: • Understanding Authentication Types, page 11-2 • Configuring Authentication Types, page 11-10 • Matching Access Point and Client Device Authentication Types, page 11-19 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-1 - Cisco M10-RM | Software Guide - Page 224
network. Note By default, the access point sends reauthentication requests to the authentication server with the service-type attribute set to authenticate-only. However, some Microsoft IAS servers do not support the authenticate-only service-type attribute. Changing the service-type attribute to - Cisco M10-RM | Software Guide - Page 225
11-2 Sequence for Shared Key Authentication Wired LAN Client device Access point or bridge 1. Authentication request 2. Unencrypted challenge text 3. Encrypted challenge text 4. Authentication success Server OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11 - Cisco M10-RM | Software Guide - Page 226
key and sends the encrypted broadcast key to the client, which uses the session key to decrypt it. The client and access point activate WEP and use the session and broadcast WEP keys for all communications during the remainder of the session. 11-4 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 227
server. See the "Configuring MAC Authentication Caching" section on page 11-15 for instructions on enabling this feature. Figure 11-4 shows the authentication sequence for MAC-based authentication. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-5 - Cisco M10-RM | Software Guide - Page 228
" section on page 12-9 for detailed instructions on setting up a WDS access point on your wireless LAN. Note The RADIUS-assigned VLAN feature is not supported for client devices that associate using SSIDs with CCKM enabled. 11-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 229
, the client device is disassociated from the wireless LAN. See the "Assigning Authentication Types to an SSID" section on page 11-10 for instructions on configuring WPA key management on your access point. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-7 - Cisco M10-RM | Software Guide - Page 230
WPA-TKIP Table 11-1 lists the firmware and software requirements required on access points and Cisco Aironet client devices to support WPA and CCKM key management and CKIP and WPA-TKIP encryption protocols. 11-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 231
must install Windows XP Service Pack 1 and Microsoft support patch 815485. Refer to the Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows for complete instructions on configuring security settings on Cisco Aironet client devices. Click - Cisco M10-RM | Software Guide - Page 232
set to use WPA or CCKM key management. If you configure TKIP on a radio or VLAN but you do not configure key 802.1X Supplicant, page 11-17 Note There are no default authentication SSIDs for the wireless router 11-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 233
and become authenticated. This setting is used mainly by service providers that require special client Set the SSID's authentication type to shared key with EAP authentication. For list-name, specify the authentication method list. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 234
a pre-shared key. See Chapter 12, "Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services," for detailed instructions on setting up your wireless LAN to use CCKM and a subnet context manager. 11-12 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 235
ap1200(config-ssid)# authentication key-management wpa optional ap1200(config-ssid)# wpa-psk ascii batmobile65 ap1200(config)# interface dot11radio 0 ap1200(config-if)# ssid migrate ap1200(config-ssid)# end OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-13 - Cisco M10-RM | Software Guide - Page 236
radio interface. The 2.4-GHz radio and the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Enter the ssid defined in Step 2 to assign the ssid to the selected radio interface. 11-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 237
key vlan 87 membership-termination capability-change Configuring MAC Authentication Caching If MAC-authenticated clients on your wireless a value from 30 to 65555 seconds. The default value is 1800 (30 minutes). When you Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-15 - Cisco M10-RM | Software Guide - Page 238
Enter the number of seconds resets the timeout to its default state, 30 seconds. Enter interface configuration mode for the radio interface. The 2.4-GHz radio and the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. 11-16 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 239
sets the maximum number of seconds of service reset the values to default settings. Creating and Applying EAP Method Profiles for the 802 the supplicant supports LEAP, but page 4-29 for additional information about the 802.1X supplicant. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 240
entries in the configuration file. Use the no command to negate a command or set its defaults. Use the show eap registrations method command to view the currently available (registered) configuration mode. 11-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 241
and Open authentication with EAP. Note If you are running an 802.11n access point, for best results be sure to get the latest driver from the 802.11n Wi-Fi card vendor for the card you are using. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-19 - Cisco M10-RM | Software Guide - Page 242
key Create a WEP key and enable Use Set up and enable WEP and enable authentication Static WEP Keys and Shared Key Shared Key Authentication for the Authentication SSID LEAP authentication Enable LEAP Set -20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 243
XP to configure card Select Enable network access control using IEEE 802.1X and Smart Card or other Certificate as the EAP Type Set up and enable WEP and enable EAP and Open Authentication for the SSID OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-21 - Cisco M10-RM | Software Guide - Page 244
ACU to configure card Enable Host Based EAP and Use Dynamic WEP Keys in ACU and select Enable network access control using IEEE 802.1X and SIM Authentication as the EAP Type in Windows 2000 (with Service Pack 3) or Windows XP Set up and enable WEP with full encryption and enable EAP and Open - Cisco M10-RM | Software Guide - Page 245
WLSM Failover, page 12-32 For instructions on configuring WDS on a switch's Wireless LAN Services Module (WLSM), refer to the Catalyst 6500 Series Wireless LAN Services Module Installation and Configuration Note. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 246
WDS device, the switch must be equipped with a Wireless LAN Services Module (WLSM). An access point configured as the WDS device supports up to 60 participating access points, an Integrated Services Router (ISR) configured as the WDS devices supports up to 100 participating access points, and a WLSM - Cisco M10-RM | Software Guide - Page 247
Wireless Intrusion Detection Services Understanding Fast Secure Roaming Table 12-1 Participating Access Points Supported by WDS Devices (continued) Unit Configured as WDS Device Integrated Services Router OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-3 - Cisco M10-RM | Software Guide - Page 248
-enabled client devices roam from one access point to another without involving the main RADIUS server. Using Cisco Centralized Key Management (CCKM), a device configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client so quickly that there - Cisco M10-RM | Software Guide - Page 249
addresses. For instructions on configuring WDS on a switch equipped with a Wireless LAN Services Module (WLSM), refer to the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) Deployment Guide. The Layer 3 mobility wireless LAN solution consists of these hardware and software components - Cisco M10-RM | Software Guide - Page 250
6500 Wireless Domain Services (WDS) on the Wireless LAN Solutions Module (WLSM) CiscoSecure ACS AAA Server Infrastructure access points (registered with WDS) 117993 Click this link to browse to the information pages for the Cisco Structured Wireless-Aware Network (SWAN): http://www.cisco.com - Cisco M10-RM | Software Guide - Page 251
the access point to participate in WIDS and Configuring Management Frame Protection, page 12-24 for instructions on configuring the access point for MFP. • 802.11 Management Frame Protection (MFP)-Wireless is an inherently broadcast medium enabling any device to eavesdrop and participate either - Cisco M10-RM | Software Guide - Page 252
for configuring an access point as a WDS device. For instructions on configuring WDS on a switch equipped with a Wireless LAN Services Module (WLSM), refer to the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) Deployment Guide. 2. Configure the rest of your access points to use - Cisco M10-RM | Software Guide - Page 253
Types," for instructions on configuring EAP on the access point. Note You cannot configure a 350 series access point as your main WDS device. However, you can configure 350 series access points to participate in WDS. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 254
Setup to browse to the WDS/WNM General Setup page. Figure 12-6 shows the General Setup page. Figure 12-6 WDS/WNM General Setup Page Step 4 Check the Use this AP as Wireless Domain Services check box. 12-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 255
Wireless Intrusion Detection Services Configuring WDS Step 5 Step 6 In the Wireless Domain Services Priority field, enter a priority number from 1 to 255 to set Groups page. Figure 12-7 shows the WDS Server Groups page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 256
See Chapter 9, "Configuring an Access Point as a Local Authenticator," for configuration instructions. Step 12 (Optional) Select backup servers from the Priority 2 and 3 drop-down menus. Step 13 Click Apply. 12-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 257
Wireless Intrusion Detection Services Configuring WDS Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Configure the list of servers to be used for 802. Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 258
. Step 2 Click AP to browse to the Wireless Services AP page. Figure 12-8 shows the Wireless Services AP page. Figure 12-8 Wireless Services AP Page Step 3 Step 4 Step 5 Step 6 Step 7 Click Enable for the Participate in SWAN Infrastructure setting. (Optional) If you use a WLSM switch module as - Cisco M10-RM | Software Guide - Page 259
click Network Configuration to browse to the Network Configuration page. You must use the Network Configuration page to create an entry for the WDS device. Figure 12-9 shows the Network Configuration page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-15 - Cisco M10-RM | Software Guide - Page 260
Radio Management, and Wireless Intrusion Detection Figure 12-9 Network Configuration Page Step 2 Click Add Entry under the AAA Clients table. The Add AAA Client page appears. Figure 12-10 shows the Add AAA Client page. 12-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 261
In the Key field, enter exactly the same password that is configured on the WDS device. From the Authenticate Using drop-down menu, select RADIUS (Cisco Aironet). Click Submit. Repeat Step 2 through Step 7 for each WDS device candidate. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 262
User Setup Page Step 10 Step 11 Step 12 Enter the name of the access point in the User field. Click Add/Edit. Scroll down to the User Setup box. Figure 12-12 shows the User Setup box. Figure 12-12 ACS User Setup Box 12-18 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 263
. The access point and WDS associate directly to wireless clients. In this mode, the WDS supports 30 infrastructure access points and 600 clients in addition to 20 direct wireless client associations. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-19 - Cisco M10-RM | Software Guide - Page 264
Roaming, Radio Management, and Wireless Intrusion Detection Viewing WDS Information On the web-browser interface, browse to the Wireless Services Summary page to view a summary of , and mobile node count. 12-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 265
client devices, or Cisco-compatible client devices that comply with Cisco Compatible Extensions (CCX) version 2 or later For instructions on configuring WDS, refer to the "Configuring WDS" section on page 12-7. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12 - Cisco M10-RM | Software Guide - Page 266
4 Step 5 Click the Cipher button. Select CKIP + CMIC from the Cipher drop-down menu. Click Apply. Browse to the Global SSID Manager page. Figure 12-15 shows the top sections of the Global SSID Manager page. 12-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 267
12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services Configuring Fast Secure Roaming Figure 12-15 Global SSID Manager Page Step 6 On the SSID that supports CCKM, select these settings: b. If your access point contains multiple radio interfaces - Cisco M10-RM | Software Guide - Page 268
Wireless Intrusion Detection Configuring Management Frame Protection Step 7 d. Select Mandatory or Optional under Authenticated Key Management. If you select Mandatory, only clients that support point and WDS manually. Note If a Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL - Cisco M10-RM | Software Guide - Page 269
MFP is disabled for clients which are not CCXv5 capable. By default, Client MFP is optional for a particular SSID on the access point, and can be enabled or disabled using the CLI in SSID configuration mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-25 - Cisco M10-RM | Software Guide - Page 270
receiving access point that is configured to detect (validate) MFP frames to report the discrepancy. The access point must be a member of a WDS. 12-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 271
Wireless Intrusion Detection Services Management keys, used to create the MIC IEs, and securely transfers them between generators and detectors. Return to the privileged EXEC mode. (Optional) Save your entries in the configuration file. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 272
Services Summary page. Figure 12-16 Wireless Services Summary Page Step 2 Step 3 Click WDS to browse to the General Setup page. On the WDS/WNM Summary page, click Settings to browse to the General Setup page. Figure 12-17 shows the General Setup page. 12-28 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 273
WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services Configuring Radio Management Figure 12-17 WDS/WNM General Setup Page Step 4 Step 5 Step 6 Check the Configure Wireless Network Manager check box. In the Wireless Network Manager IP Address field, enter the IP - Cisco M10-RM | Software Guide - Page 274
and Wireless Intrusion Device" section on page 12-14 and in the "Configuring Radio Management" section on page 12-28 to configure 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Set the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 275
errored frames captured: 0 Total No. of captured frames forwarded : 23179 Total No. of captured frames forward failed : 0 Use the clear wlccp ap rm statistics command to clear the monitor mode statistics. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-31 - Cisco M10-RM | Software Guide - Page 276
access point clients connected to the SUP continue to be connected to the SUP and won't notice any interruption in service. When an access point detects a WLSM failure, it doesn't tear down the active 12-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 277
, Radio Management, and Wireless Intrusion Detection Services Configuring WLSM Failover tunnels, WLSM Failover In addition to resilient tunnel recovery, WLSM supports another level of resiliency by allowing you to deploy Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-33 - Cisco M10-RM | Software Guide - Page 278
Configuring WLSM Failover Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection 12-34 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 279
: • Understanding RADIUS, page 13-2 • RADIUS Operation, page 13-2 • Configuring RADIUS, page 13-3 • Displaying the RADIUS Configuration, page 13-19 • RADIUS Attributes Sent by the Access Point, page 13-20 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13 - Cisco M10-RM | Software Guide - Page 280
to one service model. RADIUS Operation When a wireless user attempts to log in and authenticate to an access point whose access is controlled by a RADIUS server, authentication to the network occurs in the steps shown in Figure 13-1: 13-2 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 281
" section on page 11-10 for instructions on setting up client authentication using a RADIUS server. Configuring RADIUS This section describes how to configure your access point to support RADIUS. At a minimum, you must identify the host or hosts that run the RADIUS server software and define the - Cisco M10-RM | Software Guide - Page 282
page 13-17 (optional) • Configuring WISPr RADIUS Attributes, page 13-18 (optional) Note The RADIUS server CLI commands are disabled until you enter the aaa new-model command. Default • Key string • Timeout period • Retransmission value 13-4 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 283
these steps to configure per-server RADIUS server communication. This procedure is required. Step 1 Step 2 Command configure terminal aaa new-model Purpose Enter global configuration mode. Enable AAA. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-5 - Cisco M10-RM | Software Guide - Page 284
this command as many times as necessary, making sure that each UDP port number is different. The access point software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific RADIUS host. Enter SSID configuration mode - Cisco M10-RM | Software Guide - Page 285
for authentication in case the initial method fails. The software uses the first method listed to authenticate users; if that method fails to respond, the software selects the next authentication method in OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-7 - Cisco M10-RM | Software Guide - Page 286
model aaa authentication login {default | list-name} method1 [method2...] Step 4 Step 5 line [console | tty | vty] line-number [ending-line-number] login authentication {default password section on page 13-4. Enter Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 287
to the default value, use the no login authentication {default | list number), allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service model Purpose Enter global configuration mode. Enable AAA. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 288
port number is different. The access point software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values Login Authentication" section on page 13-7. 13-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209- - Cisco M10-RM | Software Guide - Page 289
requested service only if the information in the user profile allows it. Note This section describes setting up authorization for access point administrators, not for wireless client has been configured. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-11 - Cisco M10-RM | Software Guide - Page 290
for instructions on how to configure PoD requests. Note The access point does not block subsequent attempts by the client to reassociate. It is the responsibility of the security administrator to disable the client account before issuing a PoD request. 13-12 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 291
on page 13-20 for a complete list of attributes sent and honored by the access point. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services: OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 292
for all network-related service requests. ip radius source default CSID format, use the no form of the dot11 aaa csid command, or enter dot11 aaa csid default. Note You can also use the wlccp wds aaa csid command to select the CSID format. 13-14 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 293
server before giving up. The default is 3; the range 1 to 1000. Specify the number of seconds an access point waits for a reply to a RADIUS request before resending the request. The default is 5 seconds; the range is 1 to 1000. Use this command to cause the Cisco IOS software to mark as "dead" any - Cisco M10-RM | Software Guide - Page 294
acct-port 1813 key 110337 AP(config)# radius-server deadtime 10 To return to the default setting for retransmit, Service (RADIUS)." Beginning in privileged EXEC mode, follow these steps to configure the access point to recognize and use VSAs: 13-16 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 295
, refer to the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide for Release 12.2. Configuring the Access Point for Vendor- , some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes. - Cisco M10-RM | Software Guide - Page 296
passwords and exchange responses. Note The key is a text string that must match the encryption key key rad124 Configuring WISPr RADIUS Attributes The Wi-Fi Alliance's WISPr Best Current Practices for Wireless Internet Service and ITU websites. Cisco IOS software does not check the validity of the country - Cisco M10-RM | Software Guide - Page 297
WISPr Best Current Practices for Wireless Internet Service Provider (WISP) Roaming document accounting requests Return to privileged EXEC mode. Verify your settings. (Optional) Save your entries in the configuration file Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-19 - Cisco M10-RM | Software Guide - Page 298
80 Message-Authenticator 81 Tunnel-Private-Group-ID1 VSA (attribute 26) LEAP session-key VSA (attribute 26) Auth-Algo-Type VSA (attribute 26) SSID 1. RFC2868; defines a VLAN override number. 13-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 299
Service-Type Class Acct-Delay-Time Acct-Input-Octets Acct-Output-Octets Acct-Session-Id Acct-Session-Time Acct-Input-Packets Acct-Output-Packets NAS-Port-Type SSID NAS-Location VLAN-ID Connect-Progress Cisco-NAS-Port Interface OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 300
requests from the access point. Use the dot11 aaa authentication attributes service-type login-only global configuration command to set the service-type attribute in reauthentication requests to login-only. 13-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 301
, and messaging support. The authentication facility can conduct a dialog with the administrator (for example, after a username and password are provided, to challenge a user with several questions, such as home address, mother's maiden name, service type, and social security number). The TACACS - Cisco M10-RM | Software Guide - Page 302
; if that method does not respond, the software selects the next method in the list. This process continues until there is successful communication with a listed method or the method list is exhausted. 13-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 303
the TACACS+ Server Host and Setting the Authentication Key, page 13-25 • Configuring TACACS+ Login Authentication, page 13-26 • Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, page 13-27 • Starting TACACS+ Accounting, page 13-28 Default TACACS+ Configuration TACACS - Cisco M10-RM | Software Guide - Page 304
performed. The only exception is the default method list (which, by coincidence, is named default). The default method list is automatically applied to aaa new-model Purpose Enter global configuration mode. Enable AAA. 13-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 305
{default | list-name} method1 [method2...] Step 4 Step 5 line [console | tty | vty] line-number [ending-line-number] login authentication {default set parameters that restrict an administrator's network access to privileged EXEC mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 306
+ local command sets these authorization parameters service requests. Enable TACACS+ accounting to send a start-record accounting notice at the beginning of a privileged EXEC process and a stop-record at the end. Return to privileged EXEC mode. 13-28 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 307
} {start-stop} method1... global configuration command. Displaying the TACACS+ Configuration To display TACACS+ server statistics, use the show tacacs privileged EXEC command. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-29 - Cisco M10-RM | Software Guide - Page 308
Configuring and Enabling TACACS+ Chapter 13 Configuring RADIUS and TACACS+ Servers 13-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 309
set up on your wired LAN in the following sections:. These sections describe how to configure your access point to support VLANs: • Understanding VLANs, page 14-2 • Configuring VLANs, page 14-4 • VLAN Configuration Example, page 14-10 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 310
set of switches. A VLAN consists of a number of end systems, either hosts or network equipment (such as bridges and routers), connected by a single bridging domain. The bridging domain is supported with wireless devices connected. 14-2 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 311
/technology/handbook/ito_doc.html • Cisco Internetworking Troubleshooting Guide. Click this link to browse to this document: http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1901.html OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-3 - Cisco M10-RM | Software Guide - Page 312
on your access point: • Configuring a VLAN, page 14-5 • Assigning Names to VLANs, page 14-7 • Using a RADIUS Server to Assign Users to VLANs, page 14-8 • Viewing VLANs Configured on the Access Point, page 14-9 14-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 313
instructions on assigning other settings to SSIDs, see Chapter 7, "Configuring Multiple SSIDs." You can configure up to 16 SSIDs on the access point, so you can support 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 314
your access point. See the "Assigning Names to VLANs" section on page 14-7 for instructions. Return to interface configuration mode for the radio interface. Enter interface the native VLAN is VLAN 1. 14-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 315
clients on your wireless LAN require seamless roaming, Cisco recommends that you number between 1 and 4095. For example, vlan4095 is a valid VLAN name, but 4095 is not. The access point reserves the numbers 1 through 4095 for VLAN IDs. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 316
during 802.11 association) may potentially mismatch with the cipher suite supported in Set this attribute to VLAN • IETF 65 (Tunnel Medium Type): Set this attribute to 802 • IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id 14-8 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 317
: Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interfaces: Dot11Radio0 FastEthernet0 Virtual-Dot11Radio0 This is configured as native Vlan for the following interface(s) : Dot11Radio0 FastEthernet0 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-9 - Cisco M10-RM | Software Guide - Page 318
802 wireless support the VLANs in this example: 1. Configure or confirm the configuration of these VLANs on one of the switches on your LAN. 2. On the access point, assign an SSID to each VLAN. 3. Assign authentication types to each SSID. 14-10 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 319
Note You do not need to configure a bridge group on the subinterface that you set up as the native VLAN. This bridge group is moved to the native subinterface ) bridge-group 3 ap1200Router(config-subif) exit OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-11 - Cisco M10-RM | Software Guide - Page 320
configure a bridge group on the radio interface, these commands are set automatically: bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown set automatically: no bridge-group 2 source-learning bridge-group 2 spanning-disabled 14-12 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 321
the expense of others. Without QoS, the access point offers best-effort service to each packet, regardless of the packet contents or size. It Wireless LANs, page 15-2 • Configuring QoS, page 15-5 • QoS Configuration Examples, page 15-14 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 322
see the Cisco IOS Quality of Service Solutions Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/index.htm Impact of QoS on a Wireless LAN Wireless LAN QoS features are a subset of the proposed 802.11e draft. QoS on wireless LANs provides - Cisco M10-RM | Software Guide - Page 323
command dot11 phone dot11e command to enable the future upgrade of the 7920 Wireless Phone firmware to support the standard QBSS Load IE. The new 7920 Wireless Phone firmware will be announced at a later date. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-3 - Cisco M10-RM | Software Guide - Page 324
IEEE 802.11 phone support: AP(config)# no dot11 phone 3. Policies you create on the access point-QoS Policies that you create and apply to VLANs or to the access point interfaces are third in precedence after previously classified packets and the QoS Element for Wireless Phones setting. 4. Default - Cisco M10-RM | Software Guide - Page 325
QoS. Click Services in the task menu on the left side of any page in the web-browser interface. When the list of Services expands, click QoS. The QoS Policies page appears. Figure 15-2 shows the QoS Policies page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 326
Configuring QoS Figure 15-2 QoS Policies Page Chapter 15 Configuring QoS Step 3 With selected either of these, a set of default classifications are automatically populated in the Classification field. 15-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209 - Cisco M10-RM | Software Guide - Page 327
your IP Precedence selection with your class of service selection. Settings in the Apply Class of Service menu include: • Best Effort (0) • Background - Class 4 Medium • Assured Forwarding - Class 4 High OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-7 - Cisco M10-RM | Software Guide - Page 328
the Apply Class of Service drop-down menus. To cancel the policy and reset all fields to defaults, click the Cancel button under the Apply Class of Service drop-down menus. To menus for each interface appear. 15-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 329
QoS. This setting operates independently from the QoS policies that you configure. Select dot11e to use the latest version of QBSS Load IE. If you leave this selection blank, the previous version QBSS Load IE is used. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 330
in IEEE Draft Standard 802.11e. For detailed information on these values, consult that standard. Cisco strongly recommends that you use the default settings on the Radio Access Categories page. Changing these values can lead to unexpected blockages of traffic on your wireless LAN, and the blockages - Cisco M10-RM | Software Guide - Page 331
Configuring QoS Table 15-1 Default QoS Radio Access Categories Class of Service Min Contention Window Local page. Dual-radio access points have a Radio Access Categories page for each radio. Figure 15-4 Radio Access Categories Page OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 332
: Step 1 Step 2 Click the Access Categories page of the radio you want to configure. Figure 15-4 shows an example of an Access Categories page. Select the Admission Control check box under Voice(CoS 6-7). 15-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 333
2 Step 3 Open the SSID Manager page. Select an SSID. Under General Settings, select Enable in the Call Admission Control field. Troubleshooting Admission Control You can use two CLI commands to display information to help you troubleshoot admission control problems: • To display current admission - Cisco M10-RM | Software Guide - Page 334
service to traffic from Spectralink phones (protocol 119 packets). The user applies the voice_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port. Figure 15-5 shows the administrator's QoS Policies page. 15-14 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 335
applies video class of service to video traffic. The user applies the video_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port. Figure 15-6 shows the administrator's QoS Policies page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 336
QoS Configuration Examples Figure 15-6 QoS Policies Page for Video Example Chapter 15 Configuring QoS 15-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 337
and the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. This chapter contains these sections: • Understanding CDP, page 17-2 • Configuring CDP, page 17-2 • Monitoring and Maintaining CDP, page 17-4 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 338
CDP packets) and the CDP timer (the number of seconds between each CDP packets the access point sends). Beginning in Privileged Exec mode, follow these steps to configure the CDP holdtime and CDP timer. 17-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 339
The range is from 10 to 255 seconds; the default is 180 seconds. (Optional) Set the transmission frequency of CDP updates in seconds. The range is from 5 to 254; the default is 60 to privileged EXEC mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-3 - Cisco M10-RM | Software Guide - Page 340
and Enabling CDP on an Interface CDP is enabled by default on all supported interfaces to send and receive CDP information. Beginning in privileged Reset the traffic counters to zero. Delete the CDP table of information about neighbors. 17-4 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 341
Display information about neighbors, including device type, interface type and number, holdtime settings, capabilities, platform, and port ID. You can limit the VTP Management Domain: '' Duplex: full OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-5 - Cisco M10-RM | Software Guide - Page 342
seconds Holdtime is 180 seconds GigabitEthernet0/8 is up, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds 17-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 343
Monitoring and Maintaining CDP AP# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, 0, Input: 0 CDP version 2 advertisements output: 50882, Input: 52510 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-7 - Cisco M10-RM | Software Guide - Page 344
Monitoring and Maintaining CDP Chapter 17 Configuring CDP 17-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 345
web-browser interface. This chapter contains these sections: • Understanding Filters, page 16-2 • Configuring Filters Using the CLI, page 16-2 • Configuring Filters Using the Web-Browser Interface, page 16-3 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-1 - Cisco M10-RM | Software Guide - Page 346
(18e) Software Feature and Configuration Guide. Click this link to browse to the "Command Reference" chapter: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/4908g_l3/ios_12/10w518e/config/cmd_ref .htm Note Avoid using both the CLI and the web-browser interfaces to configure the wireless device - Cisco M10-RM | Software Guide - Page 347
lock yourself out of the access point if you make a mistake setting up the filters. If you accidentally lock yourself out of your page to create MAC address filters for the access point. Figure 16-1 shows the MAC Address Filters page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 348
Filters page. If you are creating a new MAC address filter, make sure (the default) is selected in the Create/Edit Filter Index menu. To edit a filter, select the filter number from the that you enter. 16-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 349
filter number from one of the MAC drop-down menus. You can apply the filter to either or both the Ethernet and radio ports, and to either or both incoming and outgoing packets. Click Apply. The filter is enabled on the selected ports. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 350
the Default Action menu. Click Security to browse to the Security Summary page. Figure 16-3 shows the Security Summary page. Figure 16-3 Security Summary Page LBS access point LBS access point WLSE 127867 LBS access point LBS location server 16-6 Cisco IOS Software Configuration Guide for - Cisco M10-RM | Software Guide - Page 351
tab to browse to the Association Access List page. Figure 16-5 shows the Association Access List page. Figure 16-5 Association Access List Page Step 5 Select your MAC address ACL from the drop-down menu. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-7 - Cisco M10-RM | Software Guide - Page 352
the specified time-range Test. It also permits a Telnet session to the AP on weekdays. Step 7 Apply the time-based ACL to the Ethernet interface: interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group 101 in 16-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 353
the Web-Browser Interface ACL Logging ACL logging is not supported on the bridging interfaces of AP platforms. When applied on IP Filters page to create IP filters for the access point. Figure 16-6 shows the IP Filters page. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 354
path to reach the IP Filters page: 1. Click Services in the page navigation bar. 2. In the Services page list, click Filters. 3. On the Apply Filters page, click the IP Filters tab at the top of the page. 16-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 355
link path to the IP Filters page. If you are creating a new filter, make sure (the default) is selected in the Create and enter the number of an existing ACL in the Custom field. Enter an ACL number from 0 to 255 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-11 - Cisco M10-RM | Software Guide - Page 356
the Ethernet and radio ports and to either or both incoming and outgoing packets. Use the Ethertype Filters page to create Ethertype filters for the access point. Figure 16-8 shows the Ethertype Filters page. 16-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 357
Ethertype Filters page. If you are creating a new filter, make sure (the default) is selected in the Create/Edit Filter Index menu. To edit an existing filter, select the filter number from Action menu. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-13 - Cisco M10-RM | Software Guide - Page 358
filter number from one of the Ethertype drop-down menus. You can apply the filter to either or both the Ethernet and radio ports, and to either or both incoming and outgoing packets. Click Apply. The filter is enabled on the selected ports. 16-14 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 359
to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3. This chapter consists of these sections: • Understanding SNMP, page 18-2 • Configuring SNMP, page 18-5 • Displaying SNMP Status, page 18-12 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 360
manager's requests to get or set data. An agent can send the SNMPv3 security model, SNMP users authenticate software to support communications with one management station using the SNMPv3 protocol and another using the SNMPv2 or SNMPv1 protocol. 18-2 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 361
supported on access points: Table 18-1 SNMP Versions and Security Levels SNMP Version v1 to a get-request, get-next-request, and set-request sent by an NMS. set-request Stores a value in a specific variable. trap Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-3 - Cisco M10-RM | Software Guide - Page 362
, get-next-request, get-bulk, set-request Network device 81949 SNMP manager get-response, traps MIB SNMP agent For information on supported MIBs and how to access them, see Appendix B, "Supported MIBs." 18-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 363
SNMP Properties page on the web-browser interface. When you enable SNMP on the web-browser interface, the access point automatically creates a community string called public with read-only access to the IEEE802dot11 MIB. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 364
Using the snmp-server view Command" section on page 18-10 for instructions on using the snmp-server view command to access Standard IEEE 802.11 MIB objects through IEEE view. • (Optional in the MIB object tree. 18-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 365
number, enter the access list number , set the v1 | v2c | v3 [auth | noauth Configures a new SNMP group, or a table that maps SNMP | priv]}][read readview] [write writeview] [notify notifyview] users to SNMP views. [access access-list] OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 366
when certain events occur. By default, no trap manager is defined, and no traps are issued. Access points running this Cisco IOS release can have an unlimited number of trap managers. Community strings can be any length. Table 18-4 describes the supported access point traps (notification types - Cisco M10-RM | Software Guide - Page 367
the SNMP version to support. Version 1, the default, is not available with page 18-8. To enable multiple types of traps, you must issue a separate snmp-server enable traps command for each trap type. Return to privileged EXEC mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 368
Set the system contact string. For example: snmp-server contact Dial System Operator at beeper 21555. Set use the snmp-server view command to access Standard IEEE 802.11 MIB objects through IEEE view and the dot11 read Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 369
encrypted password for MD5, uses DES56 data query encryption, and uses key99 as an encryption key AP(config)# snmp-server view iso iso included AP(config)# snmp-server engineID remote 1.4.74.10 1234567890 AP(config)# snmp-server group admin v3 priv Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 370
Status To display SNMP input and output statistics, including the number of illegal community string entries, errors, and requested variables, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3. 18-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 371
a Hot Standby Access Point, page 19-9 • Understanding Workgroup Bridge Mode, page 19-13 • Configuring Workgroup Bridge Mode, page 19-16 • The Workgroup Bridge in a Lightweight Environment, page 19-18 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-1 - Cisco M10-RM | Software Guide - Page 372
once for the virtual interface. Note You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN. Figure 19-1 shows an access point acting as a repeater. 19-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 373
, page 19-4 • Setting Up a Repeater, page 19-5 • Verifying Repeater Operation, page 19-6 • Aligning Antennas, page 19-6 • Setting Up a Repeater As a LEAP Client, page 19-7 • Setting Up a Repeater As a WPA Client, page 19-8 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 374
VLANs on a repeater access point. Note Repeater access points running Cisco IOS software cannot associate to parent access points that that do not run Cisco IOS software. Note Repeater access points do not support wireless domain services (WDS). Do not configure a repeater access point as a WDS - Cisco M10-RM | Software Guide - Page 375
2.4-GHz radio and the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Create the SSID radio interface configuration mode. Set the access point's role in the wireless LAN to repeater. If 01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-5 - Cisco M10-RM | Software Guide - Page 376
how to set up a probes adjacent wireless devices, 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Establish the time in seconds that the antenna alignment test runs before timing out. The default Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 377
the username and password that the repeater uses when it performs LEAP authentication. This username and password must match the username and password that you set up for the repeater on the authentication server. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 378
these steps to set up the repeater as 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n key for you. end Return to privileged EXEC mode. copy running-config startup-config (Optional) Save your entries in the configuration file. 19-8 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 379
BSSIDs on your wireless LAN, check the Default Gateway • Data rates • WEP settings • Authentication types and authentication servers Check the monitored access point and record these settings before you set up the standby access point. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 380
settings on the standby access point, save the monitored access point configuration and load it on the standby access point. See the "Working with Configuration Files" section on page 20-7 for instructions . 19-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 381
9 Command authentication client username username password password exit iapp standby poll-frequency seconds radio and Ethernet ports. The default poll frequency is 2 seconds. Sets the number of seconds the standby access Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-11 - Cisco M10-RM | Software Guide - Page 382
Access Points and Workgroup Bridge Mode After you enable standby mode, configure the settings that you recorded from the monitored access point to match on the standby the standby access point took over. 19-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 383
point in workgroup bridge mode has a limited radio range. Workgroup bridges do not support the distance setting, which enables you to configure wireless bridges to communicate across several kilometers. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-13 - Cisco M10-RM | Software Guide - Page 384
bridge as an infrastructure device or as a simple client device. By default, access points and bridges treat workgroup bridges as client devices. For bridge-limits the number of infrastructure devices, including workgroup 19-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 385
mobile station setting is disabled (the default setting) the number of channels the workgroup bridge scans to only those required, the mobile workgroup bridge achieves and maintains a continuous wireless set. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-15 - Cisco M10-RM | Software Guide - Page 386
as a workgroup bridge: Step 1 Step 2 Command configure terminal interface dot11radio {0 | 1} Purpose Enter global configuration mode. Enter interface configuration mode for the radio interface. 19-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 387
is disabled (the default setting) the workgroup bridge does not search for a new association until it loses its current association. Return to privileged EXEC mode. (Optional) Save your entries in the configuration file. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 388
-ssid AP(config-ssid)# authentication client username wgb1 password cisco123 AP(config-ssid)# exit AP(config-if)# bridge connects to a wired network over a single wireless segment by learning the MAC address of its wired Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL - Cisco M10-RM | Software Guide - Page 389
on the Settings > Network Interfaces page. • On the workgroup bridge access point CLI, enter this command: station-role workgroup-bridge • The workgroup bridge can associate only to lightweight access points (except the Cisco Airespace AP1000 series access points, which are not supported). • Only - Cisco M10-RM | Software Guide - Page 390
are not supported for wired )#encry key 1 number is a value between 1 and 255, and seconds is a value between 10 and 1,000,000 seconds. Cisco recommends configuring the seconds parameter to a value greater than the wired client's idle period. 19-20 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 391
• Creating and Removing Directories, page 20-4 • Copying Files, page 20-4 • Deleting Files, page 20-5 • Creating, Displaying, and Extracting tar Files, page 20-5 • Displaying the Contents of a File, page 20-7 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-1 - Cisco M10-RM | Software Guide - Page 392
. tftp:-Trivial File Transfer Protocol (TFTP) network server. zflash:-Read-only file decompression file system, which mirrors the contents of the Flash file system. 20-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 393
directory that the system uses as the default file system by using the cd filesystem: privileged EXEC command. You can set the default file system to omit the filesystem: argument Display the working directory. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-3 - Cisco M10-RM | Software Guide - Page 394
the following syntax: • File Transfer Protocol (FTP)-ftp:[[//username [:password]@location]/directory]/filename • Remote Copy Protocol (RCP)-rcp:[[//username@ a running configuration to a running configuration 20-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 395
Software Images" section on page the default Flash memory supported: • password]@location]/directory]/tar-filename.tar • For the Remote Copy Protocol (RCP), the syntax is rcp:[[//username@location]/directory]/tar-filename.tar OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 396
options are supported: • For the local Flash file system, the syntax is flash: • For the File Transfer Protocol (FTP), the syntax is ftp:[[//username[:password]@location]/directory]/ JA/html/foo.html (0 bytes) 20-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 397
to customize the function of the Cisco IOS software. To better benefit from these instructions, your access point contains a minimal default running configuration for interacting with the system software. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-7 - Cisco M10-RM | Software Guide - Page 398
: • If no passwords have been set on the access point, you must set them on each access point by entering the enable secret secret-password global configuration command. , the IP address in the copied 20-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 399
). Make sure the permissions on the file are set to world-read. Copying Configuration Files by Using page 20-10 • Downloading the Configuration File by Using TFTP, page 20-10 • Uploading the Configuration File by Using TFTP, page 20-11 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 400
/etc/inetd.conf and /etc/services files. To restart the daemon, if you do not have a router to route traffic between subnets. on the file are set correctly. Permissions on the Using TFTP" section on page 20-10. Log into Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209 - Cisco M10-RM | Software Guide - Page 401
TFTP" section on page 20-10. Log password in this list: • The password specified in the copy command if a password is specified. • The password set by the ip ftp password password global configuration command if the command is configured. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 402
point. The username and password must be associated with if you do not have a router to route traffic between subnets. and you do not need to set the FTP username. Include the page 20-12. Log into the access point through a Telnet session. 20-12 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 403
default remote username or password (see Steps 4, 5, and 6). ip ftp username username (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password FTP: OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-13 - Cisco M10-RM | Software Guide - Page 404
files must support RCP. The RCP copy commands rely on the rsh server (or daemon) on the remote system. To copy files by using RCP, you do not need to create a server for file distribution as you do with TFTP. You only need to have 20-14 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 405
supports the remote shell (rsh). • Ensure that the access point has a route to the RCP server. The access point and the server must be in the same subnetwork if you do not have a router do not need to set the RCP username. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-15 - Cisco M10-RM | Software Guide - Page 406
Upload a Configuration File by Using RCP" section on page 20-15. Log into the access point through a . This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 407
or Upload a Configuration File by Using RCP" section on page 20-15. Log into the access point through a mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-17 - Cisco M10-RM | Software Guide - Page 408
the Web Browser Interface, page 20-32 Note For a list of software images and supported upgrade paths, refer to the release notes for your access point. Image Location on the Access Point The Cisco IOS image is stored in a directory that shows the version number. A subdirectory contains the HTML - Cisco M10-RM | Software Guide - Page 409
File by Using TFTP, page 20-19 • Downloading an Image File by Using TFTP, page 20-20 • Uploading an Image File by Using TFTP, page 20-22 Preparing to that the /etc/services file contains this line: tftp 69/udp OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-19 - Cisco M10-RM | Software Guide - Page 410
Software Images Chapter 20 Managing Firmware and Configurations Note You must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services a router to are set page 20-19 Log into the access point through a Telnet session. 20-20 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 411
download succeeds. The download algorithm verifies that the image is appropriate for the access point model and that enough DRAM is present, or it aborts the process and reports an error message is displayed. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-21 - Cisco M10-RM | Software Guide - Page 412
point or another access point of the same type. This section includes this information: • Preparing to Download or Upload an Image File by Using FTP, page 20-23 20-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 413
Software Images • Downloading an Image File by Using FTP, page 20-24 • Uploading an Image File by Using FTP, page password on each FTP request to a server. When you copy an image file from the access point to a server by using FTP, the Cisco IOS software have a router to route need to set the FTP - Cisco M10-RM | Software Guide - Page 414
only if you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. Return to privileged EXEC mode. 20-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209 - Cisco M10-RM | Software Guide - Page 415
software version after a download. • The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved. • For //username[:password], specify the username and password is appropriate for the access point model and that enough DRAM is present, - Cisco M10-RM | Software Guide - Page 416
feature is available only if the HTML pages associated with the Cluster Management Suite (CMS default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. 20-26 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 417
support rsh.) Because you are copying a file from one place to another, you must have read permission on the source file and write permission on the destination file. If the destination file does not exist, RCP creates it for you. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 418
on the RCP server should contain this line: ap1.company.com ap1 For more information, refer to the documentation for your RCP server. 20-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 419
session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify the remote username. Return to privileged EXEC mode. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-29 - Cisco M10-RM | Software Guide - Page 420
Download or Upload an Image File by Using RCP" section on page 20-27. • For @location, specify the IP address of the image is appropriate for the access point model and that enough DRAM is present, or software. 20-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 421
on page 20-27. Log into the access point through a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify the remote username. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 422
the instructions below Password field and press Enter. The Summary Status page appears. Click the System Software tab and then click Software Upgrade. The HTTP Upgrade screen appears. Click the Browse button to locate the image file on your PC. 20-32 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 423
the access point password in the Password field and press Enter. The Summary Status page appears. Click the System Software tab and then click Software Upgrade. The HTTP icon on the Software Upgrade screen. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-33 - Cisco M10-RM | Software Guide - Page 424
Working with Software Images Chapter 20 Managing Firmware and Configurations 20-34 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 425
for Release 12.3. This chapter consists of these sections: • Understanding System Message Logging, page 21-2 • Configuring System Message Logging, page 21-2 • Displaying the Logging Configuration, page 21-12 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-1 - Cisco M10-RM | Software Guide - Page 426
depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. 21-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 427
message logging to the console Console severity Logging buffer size Logging history size Default Setting Enabled Debugging (and numerically lower levels; see Table 21-3 on page 21-8) 4096 bytes 1 message OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-3 - Cisco M10-RM | Software Guide - Page 428
For more information, see the "Enabling and Disabling Timestamps on Log Messages" section on page 21-6. To re-enable message logging after it has been disabled, use the logging on global configuration command. 21-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 429
. The default buffer size is 4096. The range is 4096 is the maximum available, and you should not set the buffer size to this amount. Log Syslog Servers" section on page 21-10. Return to number | type] global configuration command. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 430
can display messages with sequence numbers so that you can unambiguously refer to a single message. By default, sequence numbers in log messages are sequence numbers, use the no service sequence-numbers global configuration command. 21-6 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 431
logging display with sequence numbers enabled: 000019: % page 21-8). Limit messages logged to the syslog servers. By default, syslog servers receive informational messages and numerically lower levels (see Table 21-3 on page Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-7 - Cisco M10-RM | Software Guide - Page 432
not supported on Cisco Aironet also change the number of messages that default, one message of the level warning and numerically lower levels (see Table 21-3 on page 21-8) are stored in the history table even if syslog traps are not enabled. 21-8 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 433
on page 21-8 for a list of level keywords. By default, warnings, errors, critical, alerts, and emergencies messages are sent. logging history size number Specify the number of syslog configuration command. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-9 - Cisco M10-RM | Software Guide - Page 434
versions of UNIX syslog daemons no longer accept by default syslog packets from the network. If this is the /adm/logs/cisco.log The local7 keyword specifies the logging facility to be used; see Table 21-4 on page 21-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 435
21-3 on page 21-8 for level keywords. Configure the syslog facility. See Table 21-4 on page 21-11 for facility-type keywords. The default is local7. UNIX system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator's manual for your UNIX - Cisco M10-RM | Software Guide - Page 436
the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. To display the logging history file, use the show logging history privileged EXEC command. 21-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 437
22-2 • Checking Power, page 22-17 • Low Power Condition, page 22-17 • Checking Basic Settings, page 22-18 • Resetting to the Default Configuration, page 22-19 • Reloading the Access Point Image, page 22-21 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-1 - Cisco M10-RM | Software Guide - Page 438
22 Wireless Device Troubleshooting Checking the Top Panel Indicators If your wireless page 22-6 for information on 1130 series access point indicators. Figure 22-1 Indicators on the 1200 Series Access Point Ethernet Status Radio 86704 22-2 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 439
the Top Panel Indicators Ethernet Status Radio 81597 Figure 22-3 Indicators on the 350 Series Access Point (Plastic Case) CISCO AIRONET 350 SERIES WIRELESS ACCESS POINT S Ethernet Status Radio 49075 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-3 - Cisco M10-RM | Software Guide - Page 440
. Ethernet initialization test. Starting Cisco IOS software. At least one wireless client device is associated with the unit. No client devices are associated; check the wireless device's SSID and WEP settings. 22-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209 - Cisco M10-RM | Software Guide - Page 441
. - Resetting the configuration options to factory defaults. Red Firmware failure; try disconnecting and reconnecting unit power. - Hardware failure. The wireless device must be replaced. - Loading new firmware image. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 442
Checking the Top Panel Indicators Chapter 22 Wireless Device Troubleshooting Indicators on 1130 Series Access Points If your access To view the Ethernet and Radio LEDs you must open the access point cover. 22-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 443
Chapter 22 Wireless Device Troubleshooting Checking the Top Panel Indicators The LED signals are listed in Table 22-2. Table 22-2 Blinking Image recovery in progress and Mode button is pink and off released. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-7 - Cisco M10-RM | Software Guide - Page 444
Checking the Top Panel Indicators Chapter 22 Wireless Device Troubleshooting Table 22-2 LED Signals (continued) Message type Boot loader errors Cable Bay Area Ethernet LED Radio LED Red Red Off Red Off Amber Cisco IOS errors Amber Red Amber Red Amber Blinking amber n/a Red n/a Blinking - Cisco M10-RM | Software Guide - Page 445
one wireless client device is associated with the unit. Ethernet link is operational. Transmitting or receiving Ethernet packets. - Transmitting or receiving radio packets. Blinking dark blue Software upgrade in progress OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 446
22 Wireless Device Troubleshooting Message type Boot loader warnings Boot loader errors Cisco Software failure; try disconnecting and reconnecting unit power. General warning, insufficient inline power (see the Low Power Condition section). 22-10 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 447
Chapter 22 Wireless Device Troubleshooting Checking the Top Panel Indicators Indicators on 1250 Access Points If your access Series Access Point LEDs 230563 ETHERNET STATUS RADIO ETHERNET STATUS RADIO OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-11 - Cisco M10-RM | Software Guide - Page 448
Checking the Top Panel Indicators Chapter 22 Wireless Device Troubleshooting Table 22-4 1250 Series Access Point LED Signals Message type Red Image recovery in progress and Mode button is released. 22-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 449
Chapter 22 Wireless Device Troubleshooting Checking the Top Panel Indicators Table 22-4 1250 Series Access Point LED Signals (continued) (continued) Message type Boot loader errors Cisco IOS errors Ethernet LED Status LED Radio LED Meaning Red Red Red DRAM memory test failure. Off - Cisco M10-RM | Software Guide - Page 450
Chapter 22 Wireless Device Troubleshooting Indicators on antenna, refer to the Cisco Aironet 1300 Series Outdoor Access Point/Bridge Mounting Instructions that shipped with your problem continues, contact technical support for assistance. 22-14 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 451
Wireless Device Troubleshooting settings or improper antenna alignment. You should check the SSID and security settings of all bridges and verify antenna alignment. If the problem continues, contact technical support Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-15 - Cisco M10-RM | Software Guide - Page 452
Wireless Device Troubleshooting The LED blinking error codes are described in Table 22-6. Table 22-6 LED Blinking Error Codes LED Ethernet Radio Blinking Codes First Digit Second Digit Description 2 1 Ethernet cable problem 16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 453
Chapter 22 Wireless Device Troubleshooting Checking Power The power injector is available in two models: • Cisco Aironet Power Injector LR2-standard version (included with the bridge) - 48-VDC input power - Uses the 48-VDC power module (included with the bridge) • Cisco Aironet Power Injector LR2T - Cisco M10-RM | Software Guide - Page 454
10, "Configuring Cipher Suites and WEP," for instructions on setting the wireless device's WEP keys. Security Settings Wireless clients attempting to authenticate with the wireless device must support the same security options configured in the wireless device, such as EAP or LEAP, MAC address - Cisco M10-RM | Software Guide - Page 455
. Note The access point is configured with the factory default values including the IP address (set to receive an IP address using DHCP). The default username and password are Cisco, which is case-sensitive. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-19 - Cisco M10-RM | Software Guide - Page 456
Enter the wireless device password in the Password field and press Enter. The Summary Status page appears. Click System Software and the System Software screen appears. Click System Configuration and the System Configuration screen appears. Click the Reset to Defaults or Reset to Defaults (Except IP - Cisco M10-RM | Software Guide - Page 457
a new Telnet session to the access point. Note The wireless device is configured with factory default values, including the IP address (set to receive an IP address using DHCP) and the default username and password (Cisco). Step 9 When IOS software is loaded, you can use the del privileged EXEC - Cisco M10-RM | Software Guide - Page 458
on page 22-24. If the wireless device experiences a firmware failure or a corrupt firmware image, indicated by three red LED indicators, you must reload the image from a connected TFTP server. Note This process resets all configuration settings to factory defaults, including passwords, WEP keys - Cisco M10-RM | Software Guide - Page 459
screen appears. Enter your username in the User Name field. Enter the wireless device password in the Password field and press Enter. The Summary Status page appears. Click the System Software tab and then click Software Upgrade. The HTTP Upgrade screen appears. Click the TFTP Upgrade tab. Enter - Cisco M10-RM | Software Guide - Page 460
ap: command prompt appears, enter the set command to assign an IP address, subnet mask, and default gateway to the wireless device. Note You must use upper- mx.122-13.JA1/html/level1/ (directory) 0 (bytes) 22-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 461
page: http://www.cisco.com/cisco/software/navigator.html Expand the Wireless LAN Access folder. Expand the appropriate access point folder. Select the appropriate access point. Enter your CCO login and password. The Select Software page appears. OL-14209-01 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 462
. A list of available Cisco IOS versions appears. Choose the version you wish to download. The download page for the version you chose appears. Click WIRELESS LAN. If prompted, enter your login and password. The Encryption Software Export Distribution Authorization page appears. Answer the questions - Cisco M10-RM | Software Guide - Page 463
Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-1 - Cisco M10-RM | Software Guide - Page 464
DEC XNS DEC MOP Dump/Load DEC MOP DEC LAT Ethertalk Appletalk ARP IPX 802.2 IPX 802.3 Novell IPX (old) Novell IPX (new) EAPOL (old) EAPOL (new 0x8180 - 0x888E TXP 0x8729 DDP 0x872D - 0x9000 - 0xF0F0 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-2 OL-14209-01 - Cisco M10-RM | Software Guide - Page 465
- 0 ICMP 1 IGMP 2 TCP 6 EGP 8 - 12 - 16 UDP 17 IDP 22 TP4 29 CNLP 80 VINES 83 encap_hdr 98 SVP 119 Spectralink - 255 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-3 - Cisco M10-RM | Software Guide - Page 466
Protocol Filters Table 0-3 IP Port Protocols Protocol Additional Identifier ISO Designator TCP port service multiplexer tcpmux 1 echo - 7 discard (9) - 9 systat (11) - 95 hostname hostnames 101 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-4 OL-14209-01 - Cisco M10-RM | Software Guide - Page 467
Time Protocol ntp 123 NETBIOS Name Service netbios-ns 137 NETBIOS Datagram Service netbios-dgm 138 NETBIOS Session Service netbios-ssn 139 Interim Mail Access 179 Prospero - 191 Internet Relay Chap IRC 194 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-5 - Cisco M10-RM | Software Guide - Page 468
901 SUP debugging supfiledbg 1127 ingreslock - 1524 Prospero non-priveleged prospero-np 1525 RADIUS - 1812 Concurrent Versions System CVS 2401 Cisco IAPP - 2887 Radio Free Ethernet RFE 5002 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-6 OL-14209-01 - Cisco M10-RM | Software Guide - Page 469
Information Bases (MIBs) that the access point supports for this software release. The Cisco IOS SNMP agent supports SNMPv1, SNMPv2, and SNMPv3. This appendix contains these sections: • MIB List, page B-1 • Using FTP to Access the MIB Files, page B-2 MIB List • IEEE802dot11-MIB • Q-BRIDGE-MIB - Cisco M10-RM | Software Guide - Page 470
to /pub/mibs/v1 or /pub/mibs/v2. Use the get MIB_filename command to obtain a copy of the MIB file. Note You can also access information about MIBs on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Cisco IOS Software Configuration Guide for Cisco Aironet Access - Cisco M10-RM | Software Guide - Page 471
, page C-25 • Cisco Discovery Protocol Messages, page C-25 • External Radius Server Error Messages, page C-26 • LWAPP Error Messages, page C-26 • Sensor Messages, page C-27 • SNMP Error Messages, page C-28 • SSH Error Messages, page C-29 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 472
ALERT-alerts user to a very serious problem 2-LOG-CRIT-warns of a possible number. 2450 A MAC address. 000b.fcff.b04e A message string which "Attempt to protect port 1640 failed." provides more detail of the error. A hexadecimal number. 0x001 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 473
support representative. Error Message DOT11-4-UPGRADE: "Send your company name and the following report to [email protected]." The following AP has been migrated from J(j52) to U(w52) Regulatory Domain:AP name AP Model Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-3 - Cisco M10-RM | Software Guide - Page 474
Software Auto Upgrade Messages Appendix C Error and Event Messages Error Message AUTO-INSTALL-4-IP_ADDRESS_DHCP: "The radio is operating in automatic install mode and has set to your technical support representative. Error Message Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 475
802 service setting of the indicated interface and indicated station may be mismatched. Recommended Action Check the encryption configuration of this interface and the failing station to ensure that the configurations match. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 476
www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl. Also perform a search of the Bug Toolkit http://www.cisco.com/cgi-bin/Support/Bugtool page. If it is, you need to copy an uncompressed version of the file into Flash to retrieve it through HTTP. Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 477
Appendix C Error and Event Messages 802.11 Subsystem Messages 802.11 Subsystem Messages Error Message DOT11-6-FREQ_USED: "Interface %s, frequency %d selected indicated radio interface. Recommended Action None. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-7 - Cisco M10-RM | Software Guide - Page 478
range." Explanation The transmitter power level is outside the normal range on the indicated radio interface. Recommended Action Remove unit from the network and service frequency. Recommended Action None. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-8 OL-14209-01 - Cisco M10-RM | Software Guide - Page 479
Appendix C Error and Event Messages 802.11 Subsystem Messages OL-14209-01 Error Message DOT11-6-DFS_SCAN_START: "DFS: Scanning frequency %d radio interface or change authentication mode for SSID to open configuration. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-9 - Cisco M10-RM | Software Guide - Page 480
a misplaced VLAN tag on source Interface %. Dropping packet. Explanation Received an 802.1Q VLAN tag was detected on the indicated interface which could not be parsed traffic can pass. Recommended Action None. C-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 481
: "Interface %s, Radio %s, Trying hardware reset on radio." Explanation Using a software reset to start a radio failed. Trying a hardware reset which will reset all radios on the unit. Recommended Action None. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-11 - Cisco M10-RM | Software Guide - Page 482
to poll the client a certain number of times, but does not wireless device in the surrounding area. Change the channels under Network Interfaces and select Radio-802 settings. Recommended Action Investigate and correct the power source and settings Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 483
. Explanation Beacon burst mode can only support up to 4 unique DTIM values, each with a maximum of 4 BSSes. Recommended Action Change the number of unique DTIMs on the SSIDs configured the IE configuration. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-13 - Cisco M10-RM | Software Guide - Page 484
802.11 Subsystem Messages Appendix C the access point with a new Cisco IOS image. Instructions for reloading an image are found in "Reloading the Access Point Image" section on page 22-21. If the IOS on None. C-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 485
802 Verify that the basic configuration settings (SSID, WEP, and Click Refresh on the Associations page on the access point GUI supported, radio disabled." Explanation The Indicated AIR-RM21A radio module does not support Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-15 - Cisco M10-RM | Software Guide - Page 486
802.11 Subsystem Messages Appendix C Error and Event Action Verify that the user entered the correct username and password, and verify that the authentication server is online. Error access point is functional. C-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 487
802 from your wireless LAN. key Explanation The access point received an EAPOL-key from the indicated station notifying the access point that TKIP Michael MIC failed on a packet transmitted by this access point. Recommended Action None. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 488
802.11 Subsystem Messages Appendix C Error and attack on your network. Search for and remove potential rogue devices from your wireless LAN. If this is a false alarm and the interface should not access point. C-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 489
Error and Event Messages 802.11 Subsystem Messages Error %s.%s." Explanation An internal error occurred on the indicated line number in the indicated filename in the controller ASIC. Recommended Action . OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-19 - Cisco M10-RM | Software Guide - Page 490
None. Error Message DOT11-6-ROGUE_AP: "Rogue AP %e reported. Reason: %s." Explanation A station has reported a potential rogue access point for the indicated reason. Recommended Action None. C-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 491
of the 802.1x credentials on the client as well as the RADIUS server. Error Message DOT1X-SHIM-3-INIT_FAIL: "Unable to init - %s." Explanation An error occurred during the initialization of the shim layer. Recommended Action OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 492
on the access point.This command is configured to set an interval during which the access point does not attempt to use servers that do not respond. Thus avoids the time needed to wait for a request to time C-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 493
disappear. Actually this message is not really a major problem, it is just an informational log. WDS Messages Error disabled. Explanation Repeater access points do not support WDS. Recommended Action None. Error Message WLCCP Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-23 - Cisco M10-RM | Software Guide - Page 494
Recommended Action Check for a problem with the network manager or Message WLCCP-NM-6-RESET: Resetting WLCCP-NM Explanation password. Explanation Initialization failed when the user attempted to enable a secret password. Recommended Action None C-24 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 495
firmware or a hardware problem in the radio, although a hardware problem is less likely. error= errornum)errornum: status error number HASH(0x2096974) Explanation The access DDP_CLNT_RESET: Detected probable reset of hosthost: host Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 496
in troubleshooting LWAPP access point join problems. Recommended Action No action is required. Error Message LWAPP-3-UNSUPPORTEDRM: Got unsupported CCX RM Measurement Recommended Action No action is required. C-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 497
or volatage condition. If this is a critical temperature warning, please ensure that the router fans are are operating and that the room cooling and air-conditioning are functioning. This to operate properly. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-27 - Cisco M10-RM | Software Guide - Page 498
out of normal range. Explanation Check has been configured on the router. Error Message SNMP-3-INPUT_QFULL_ERR: command show snmp to see the number of packets dropped. Stop any SNMP support representative. C-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 499
. If the problem persists, copy the error message exactly as it appears, and report it to your technical support representative. Error information Recommended Action No action necessary - informational message OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-29 - Cisco M10-RM | Software Guide - Page 500
authentication for SSH Session from "%s" (tty = "%d") using crypto cipher '"%s"' "%s" Explanation The SSH user authentication status information Recommended Action No action necessary - informational message C-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 501
802.11 802.11a 802.11b 802.11g 802.3af The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless throughput. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-1 - Cisco M10-RM | Software Guide - Page 502
uses the services of an Access Point to communicate wirelessly with other devices on a local area network. Carrier sense multiple access. A wireless LAN media access method specified by the IEEE 802.11 specification. D data rates dBi DHCP The range of data transmission rates supported by a device - Cisco M10-RM | Software Guide - Page 503
to an EAP-enabled Remote Authentication Dial-In User Service (RADIUS) server. The most widely used wired local 802.3 and wireless LAN 802.11 specifications. The wired Ethernet network. The Internet Protocol (IP) address of a station. OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 504
if it must be reached through a gateway. This number is expressed in a form similar to an IP address; Keying A modulation technique used by IEEE 802.11b-compliant wireless LANs for transmission at 2 Mbps. R range Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 505
In compliance with this rule, Cisco Aironet, like all other wireless LAN providers, equips its radios as improved interference tolerance and unlicensed operation. Service Set Identifier (also referred to as Radio Network 01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-5 - Cisco M10-RM | Software Guide - Page 506
wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management. GL-6 Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 507
5-15, 13-26 authentication client command 7-5 authentication server configuring access point as local server 9-2 EAP 11-4, 13-2 authentication types Network-EAP 11-4 open 11-2 shared key 11-3 authenticator 9-1 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-1 - Cisco M10-RM | Software Guide - Page 508
BVI) 4-28 broadcast-key command 11-15 broadcast key rotation 10-1, 10-3 BSSIDs 7-8 buttons management pages 2-4 web-browser default forms of commands 3-4 Secure Shell (SSH) 3-9 Telnet 3-9 terminal emulator settings 4-6 client ARP caching 5-26 IN-2 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 509
configuring 18-6 overview 18-4 Complementary Code Keying (CCK) See CCK configuration files creating using a text editor 20-9 deleting a stored configuration 20-18 downloading preparing 20-10, 20-12, 20-15 reasons for 20-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-3 - Cisco M10-RM | Software Guide - Page 510
software image 5-25 CSID format, selecting 13-14 D Data Beacon Rate 6-30 data rate setting 6-7 data retries 6-32 data volume 4-14 daylight saving time 5-30 debug command 21-2 default commands 3-4 default configuration banners 5-35 DNS 5-33 password and privilege level 5-4 RADIUS 5-10, 13-4 resetting - Cisco M10-RM | Software Guide - Page 511
settings 5-18 Ethertype filter 1-xxi, 16-1 event log 2-5 event messages C-1 Express Security page 2-4, 4-16 Express Setup page 2-4 F fallback role 6-3 fast secure roaming 12-1 files copying 20-4 deleting 20-5 displaying the contents of 20-7 tar Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 512
and number of syslog messages 21-8 Home button 2-4 HTTPS 2-5 I image, operating system 22-21 indicators 22-2 infrastructure-client command 6-28 infrastructure-ssid command 7-5 inter-client communication, blocking 6-29 interface CLI 3-1 web-browser 2-1 IN-6 Cisco IOS Software Configuration Guide - Cisco M10-RM | Software Guide - Page 513
key features 1-2 keystrokes (edit CLI commands) 3-6 L latency 15-2 Layer 3 mobility 12-5 LBS 6-21 LEAP authentication local authentication 9-1 setting 9-1 Location-Based Services 6-21 login 16-3 troubleshooting 22- Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-7 - Cisco M10-RM | Software Guide - Page 514
32 packet size (fragment) 6-32 password reset 22-19 passwords default configuration 5-4 encrypting 5-6 overview 5-3 setting enable 5-4 enable secret 5-6 with usernames 6-30 preferential treatment of traffic IN-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01 - Cisco M10-RM | Software Guide - Page 515
-2 tracking services accessed by user 13-13 range 4-14 rate limit, logging 21-9 rate limiting configuring for non-root bridge 5-39 RCP configuration files downloading 20-16 overview 20-14 preparing the server 20-15 uploading 20-17 image files Cisco IOS Software Configuration Guide for Cisco Aironet - Cisco M10-RM | Software Guide - Page 516
See SSH security 2-4 troubleshooting 22-18 security features synchronizing 11-20 security settings, Express Security page 4-16 self-healing wireless LAN 12-5 sequence numbers in log messages 21-6 serial serial port connector 22-16 service set identifiers (SSIDs) See SSID service-type attribute 11 - Cisco M10-RM | Software Guide - Page 517
software image 5-25 OL-14209-01 described 5-25 displaying settings 5-26 SSH Communications Security, Ltd. 3-9 SSID 7-2, 14-6 guest mode 7-2 invalid characters in 7-4, 11-10 multiple SSIDs 7-1 troubleshooting port, defined 8-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points - Cisco M10-RM | Software Guide - Page 518
numbers, enabling and disabling 21-6 setting the display destination device 21-5 timestamps, enabling and disabling 21-6 UNIX syslog servers configuring the daemon 21-10 configuring the logging facility 21-10 facilities supported 21-11 system name default configuration 5-32 manual configuration - Cisco M10-RM | Software Guide - Page 519
password See TFTP troubleshooting 22-1, supported 21-11 message logging configuration 21-10 upgrading software 22 user EXEC mode 3-2 username, default 4-2 username-based authentication 5-7 V VLAN key example 10-5 with EAP 11-4 WEP key 22-18 OL-14209-01 Cisco IOS Software Configuration Guide for Cisco - Cisco M10-RM | Software Guide - Page 520
network configuration 19-20 world mode 6-22, 6-26 always on setting 6-22 world-mode command 6-23 world mode roaming 6-22 WPA 11-7 WPA migration mode 11-13 wpa-psk command 11-14 wraparound (CLI commands) 3-7 IN-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
 |
 |
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC
May 2010
Text Part Number: OL-14209-01