Cisco C3201FESMIC-TP= Software Guide
Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Manual
 |
UPC - 882658032479
View all Cisco C3201FESMIC-TP= manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco C3201FESMIC-TP= manual content summary:
- Cisco C3201FESMIC-TP= | Software Guide - Page 1
Cisco 3200 Series Wireless MIC Software Configuration Guide January 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 2
OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human - Cisco C3201FESMIC-TP= | Software Guide - Page 3
Problems in Cisco Products i-xxi Obtaining Technical Assistance i-xxii Cisco Technical Support & Documentation Website i-xxii Submitting a Service Request i-xxiii Definitions of Service 1-7 Management Options 1-10 CONTENTS OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide iii - Cisco C3201FESMIC-TP= | Software Guide - Page 4
Bridge 3-12 World Mode (2.4 GHz Radio Only) 3-12 Supported Country Codes 3-13 Additional Information 3-18 Administering the WMIC 4-1 Configuring a System Name and Prompt 4-1 Configuring a System Name 4-1 Managing DNS 4-2 Cisco 3200 Series Wireless MIC Software Configuration Guide iv OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 5
Groups 4-25 Configuring RADIUS Authorization for User Privileged Access and Network Services 4-27 Starting RADIUS Accounting 4-28 Configuring Settings for All RADIUS Servers + Operation 4-33 Default TACACS+ Configuration 4-33 OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide v - Cisco C3201FESMIC-TP= | Software Guide - Page 6
for Privileged EXEC Access and Network Services 4-36 Starting TACACS+ Accounting Network Time Protocol 4-41 Configuring Time and Date Manually 4-44 Setting the System Clock 4-44 Displaying the Additional Information 5-3 Cisco 3200 Series Wireless MIC Software Configuration Guide vi OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 7
12.3(8)JK Release 9-1 MCP Support in 12.4(3)JK and Later Releases 9-1 Setting Priority in 12.4(3)JK and Later Releases 9-2 Dynamic Channel Width (4.9GHz WMIC only) 9-2 Configuring a WMIC for MCP (12.4(3)JK or Later Releases) 9-3 Configuration Examples 9-4 OL-6415-04 Cisco 3200 Series Wireless MIC - Cisco C3201FESMIC-TP= | Software Guide - Page 8
for MCP (12.3(8)JK Only) 9-5 Configuration Examples 9-6 Service Set Identifiers 10-1 Understanding SSIDs 10-1 Configuring the SSID a Wireless Environment 1-1 Understanding Spanning Tree Protocol 1-1 STP Overview 1-2 STP Support 1-2 Bridge Protocol Data Units 1-3 Election of the Spanning-Tree Root 1-4 - Cisco C3201FESMIC-TP= | Software Guide - Page 9
1-11 Non-Root Bridge with VLANs 1-12 Displaying Spanning-Tree Status 1-14 Cisco Discovery Protocol 2-1 Understanding CDP 2-1 Configuring CDP 2-1 Default CDP Configuration 2-2 Method 3-11 Configuration Using SCEP 3-12 OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide ix - Cisco C3201FESMIC-TP= | Software Guide - Page 10
Message Format 6-2 Default System Message Logging Configuration 6-3 Disabling and Enabling Message Logging 6-4 Setting the Message Display Destination Device 6-5 Enabling and Disabling Timestamps on Log Messages 6-6 Cisco 3200 Series Wireless MIC Software Configuration Guide x OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 11
Templates to the IPSec Two-box Solution 7-4 Related Documents 7-7 WIMIC Troubleshooting 8-1 Checking the LED Indicators 8-1 Checking Basic Settings 8-3 SSID 8-3 Protocol 10-1 Understanding SNMP 10-1 SNMP Versions 10-2 OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide xi - Cisco C3201FESMIC-TP= | Software Guide - Page 12
10-10 Maximum Power Levels 11-1 IEEE 802.11g (2.4-GHz Band) 11-1 Supported MIBs 12-1 MIB List 12-1 Using FTP to Access the MIB Files 12-2 Protocol WMIC to use the WDS Access Point 14-5 Configuring the Authentication Server to Support Fast Secure Roaming 14-5 Using CLI Commands to Enable the WDS Server 14 - Cisco C3201FESMIC-TP= | Software Guide - Page 13
of Broadcast Management Frames 15-2 Client MFP For Access Points in Root mode 15-2 Configuring Client MFP 15-2 Configuring Infrastructure MFP 15-3 OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide xiii - Cisco C3201FESMIC-TP= | Software Guide - Page 14
Cisco 3200 Series Wireless MIC Software Configuration Guide xiv OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 15
, refer to the IOS documentation set available from the Cisco.com home page at Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.3 from the Cisco IOS Software drop-down list. This guide includes an overview of the web-based interface, which - Cisco C3201FESMIC-TP= | Software Guide - Page 16
, and Radio Management" describes Wireless Domain Services (WDS), fast secure roaming, and radio management features. The chapter also provides instructions for configuring the WMIC to register with a WDS access point. Cisco 3200 Series Wireless MIC Software Configuration Guide xvi OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 17
publication uses these conventions to convey instructions and information: Command descriptions use these the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could -04 Cisco 3200 Series Wireless MIC Software Configuration Guide xvii - Cisco C3201FESMIC-TP= | Software Guide - Page 18
elkretsar och känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta säkerhetsvarningar].) xviii Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 19
to configure SNMP, refer to the following documents: • The "Configuring SNMP Support" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 • The "SNMP Commands" chapter of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 For information about - Cisco C3201FESMIC-TP= | Software Guide - Page 20
library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the - Cisco C3201FESMIC-TP= | Software Guide - Page 21
cisco.com/en/US/products/products_psirt_rss_feed.html Reporting Security Problems in Cisco Products Cisco in a Cisco product, contact PSIRT: • For Emergencies only - [email protected] An are considered nonemergencies. • For Nonemergencies - [email protected] In an emergency, you can also reach - Cisco C3201FESMIC-TP= | Software Guide - Page 22
Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller. Cisco Technical Support & Documentation Website The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving - Cisco C3201FESMIC-TP= | Software Guide - Page 23
service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service printed sources. • The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product - Cisco C3201FESMIC-TP= | Software Guide - Page 24
for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj • Networking products offered by Cisco Systems, as well as customer support services, can - Cisco C3201FESMIC-TP= | Software Guide - Page 25
of basic wireless network configurations. Public Safety Wireless Network Example A Cisco Mobile Wireless Network provides wireless network services to multiple safety departments, such as police, fire, emergency medical services, and other public safety agencies. The wireless technologies used in - Cisco C3201FESMIC-TP= | Software Guide - Page 26
Authentication Services Layer Encryption Mobile IP Internet Security Flarion AAA HA NMS Flarion mobility across Flarion radio stations Aggregation Layer VPN Cisco AAA backup Fire Medical In-vehicle mobile networks 126176 Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 27
secondary intersections (integrated into the Cisco 3200 Series router). Two of the bridges are point-to-point links to other primary or secondary intersections in the local service area, and one is a Primary Root Root Root Root Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 28
Root SSID Infra24B This configuration supports a long chain of primary and service because they offer the most bandwidth; however, since a wireless connection is not always available, cellular technology provides a backup link. Figure 4 shows an example of the devices that can connect to the Cisco - Cisco C3201FESMIC-TP= | Software Guide - Page 29
tunnel is built across the service provider network and into the home agent. The mobile router chooses a wireless link, depending on the following factors: • Which link is up (and available for authorization, and accounting (AAA) server. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 30
address from the service provider network and the Cisco 3200 Series router registers with the home agent. The registration process is similar to the process for CoA registration. The encapsulation and encryption process is also similar. Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 31
for Cisco Centralized Key Management (CCKM). • Roaming-Support fast, secure roaming of client devices, and radio management through wireless domain services (WDS Frame Protection (MFP)-Support management frame protection version 1 and 2. Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 32
dynamically learned instead of being manually configured. Note The Cisco Key Integrity Protocol (CKIP) and Cisco Message Integrity Check (CMIC) encryption is supported only on 2.4-GHz WMIC. Japan and Europe, select the Japanese SKU. Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 33
for new values The platform-dependent SNMP code was modified to return new values (entPhysicalVendorType, System OID, and Chassis ID). Dot11 MIB parameters Supported The dot11 parameters are returned through the dot11 MIB interface. Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 34
You can use the WMIC management system through the following interfaces: • The Cisco IOS command-line interface (CLI), which you use through a PC that is Protocol" document explains how to configure your device for SNMP management. Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 35
your network administrator: • A system name for the WMIC • The case-sensitive wireless service set identifier (SSID) • If not connected to a DHCP server, a unique IP Consult your PC documentation for detailed instructions. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, - Cisco C3201FESMIC-TP= | Software Guide - Page 36
that there might be several console ports on a Cisco 3200 Series router. Follow these steps to connect a Cisco. The password prompt displays. Enter the WMIC password. The default password is Cisco documentation for detailed instructions for your operating WMIC" document for instructions on setting up - Cisco C3201FESMIC-TP= | Software Guide - Page 37
locally. For detailed instructions, see the Cisco.com. Click this link to browse to the Software Center: http://www.cisco links to the network by using a Bridge Group Virtual Interface (BVI) that it creates automatically. Each WMIC supports Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 38
that is not broadcast in the beacon (see "Service Set Identifiers" for additional information) • Wired Equivalent limited because encryption settings and authentication types are linked. Without VLANs, encryption settings (WEP and ciphers Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 39
Access (WPA) permits wireless access to users authenticated against a database through the services of an authentication server, and then encrypts their IP traffic with stronger algorithms by using this SSID must be WPA-capable. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 40
-ke y encryption vlan 20 mode wep mandatory ! ssid static_wep_ssid vlan 20 authentication open interface Dot11Radio0 no ip address no ip route-cache ! ssid no_security-ssid Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 41
-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 42
aaa authorization exec default local aaa authorization ipmobile default group rad_pmip aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ! ! bridge irb ! ! Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 43
route-cache bridge-group 40 ! ip http server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag /122-15.JA/1100 ip radius 1646 key 7 135445415F59 radius-server authorization permit missing Service-Type radius-server vsa send accounting bridge 1 route ip ! line con 0 line - Cisco C3201FESMIC-TP= | Software Guide - Page 44
Protecting Your Wireless LAN Configuring the WMIC for the First Time Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 45
(without Non-root Bridge Wireless Clients) X X X X X X X X Non-root Bridge with Workgroup Bridge Wireless Clients X X X X To change the role of a wireless Cisco device, use the station-role command. For example, the following command sets the wireless device in access point mode (the - Cisco C3201FESMIC-TP= | Software Guide - Page 46
135445 Access point Bridge Role Wireless bridges provide higher data rates and superior throughput for data-intensive and line of sight applications. High-speed links between the wireless bridges deliver throughput that is many times faster than the E1/T1 lines for a fraction of the cost. In this - Cisco C3201FESMIC-TP= | Software Guide - Page 47
Network Roles The Cisco® Metropolitan Mobile Networks (MMN) access layer is created by wireless outdoor access points and all client associations to the non-root bridge will be terminated. A workgroup bridge links wired devices to the network through its association with a wireless root device, - Cisco C3201FESMIC-TP= | Software Guide - Page 48
the Internet cloud. If the range is short, the bridges can support wireless clients and maintain high-bandwidth availability. Figure 3 Root Bridge might also lead to lower average throughput. Point-to-multipoint links might require additional design efforts such as traffic and capacity planning - Cisco C3201FESMIC-TP= | Software Guide - Page 49
of bridges can be deployed to add redundancy or load balancing to a bridge link. The bridges must use non-adjacent, non-overlapping radio channels to prevent in a redundant configuration. Figure 5 Redundant Bridge Configuration Cisco 3200 127922 Roles and the Associations of Wireless Devices 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 50
support the following workgroup bridge features: • Interoperability-The universal workgroup bridge can forward routing traffic using a non-cisco support this operational change, add the roaming keyword to the world-mode command. This option instructs information, see "Service Set Identifiers". For - Cisco C3201FESMIC-TP= | Software Guide - Page 51
workgroup bridge as a client device, more workgroup bridges are allowed to associate to the same access point or to associate with use of a service set identifier (SSID) that is not an infrastructure SSID. The performance cost of reliable multicast delivery-in which the duplication of each multicast - Cisco C3201FESMIC-TP= | Software Guide - Page 52
as a universal workgroup bridge. Figure 7 Universal Workgroup Bridge Mode Cisco Airespace AP Cisco Aironet AP Cisco 3200 146954 Third party AP The wireless device configured in universal workgroup-bridge mode supports the universal interoperability and roaming options. For example: wd(config - Cisco C3201FESMIC-TP= | Software Guide - Page 53
itself as a Cisco Compatible eXtensions (CCX) client; however, it does support CCX features. The Fast 802.1X reauthentication via CCKM, with EAP-FAST MBSSID9 Keep-Alive Quality of Service and VLANs Interoperability with APs that support multiple SSIDs10 and VLANs WGB v1 v2 v3 v4 AP WGB Client X X - Cisco C3201FESMIC-TP= | Software Guide - Page 54
Cisco Centralized Key Management 8. Extensible Authentication Protocol-Transport layer Security 9. Multiple Basic Service Set Identifier 10. Service Support for Universal Workgroup Bridges The universal workgroup bridge supports all the access points that conform to the 802.11 standards. If a problem - Cisco C3201FESMIC-TP= | Software Guide - Page 55
Device Network Roles Configuring Universal Workgroup Bridge on a Cisco 3200 To support manageability when the Ethernet client (MARC card) is ip address 192.168.1.10 255.255.255.0 no ip route-cache no snmp trap link-status bridge-group 10 Step 3 interface BVI1 no ip address no ip route-cache Step - Cisco C3201FESMIC-TP= | Software Guide - Page 56
, by default it takes the dynamic MAC address assignment. Note This feature is supported only on Cisco 3200 2.4-GHz card. World Mode (2.4 GHz Radio Only) 2.4 GHz radios support 802.11d world mode or Cisco legacy world mode. When world mode is enabled, the wireless device adds channel carrier - Cisco C3201FESMIC-TP= | Software Guide - Page 57
list of ISO country codes. Supported country codes can also be found in the Supported Country Codes section. The indoor, outdoor, or both parameters indicate the Note These entries are subject to change. Consult www.cisco.com/go/aironet/compliance for current approvals and regulatory domain information. - Cisco C3201FESMIC-TP= | Software Guide - Page 58
the Associations of Wireless Devices Table 3 Supported Country Codes Access Point Country Code/ Regulatory Country Domain 802.11 Bands Channels Allowed AT/ -E Austria a - b/g 1-11 Maximum Transmit Power (EIRP) - 100 mW EIRP Indoor/ Outdoor Use - Both Frequency Regulatory Range (GHz - Cisco C3201FESMIC-TP= | Software Guide - Page 59
Mode (2.4 GHz Radio Only) Table 3 Supported Country Codes (continued) Access Point Country Code/ Regulatory Country Domain 802.11 Bands Channels Allowed DK/ -E Denmark a - b/g 1-11 Maximum Transmit Power (EIRP) - 100 mW EIRP Indoor/ Outdoor Use - Both Frequency Regulatory Range - Cisco C3201FESMIC-TP= | Software Guide - Page 60
Only) Roles and the Associations of Wireless Devices Table 3 Supported Country Codes (continued) Access Point Country Code/ Regulatory Country Domain 802.11 Bands Channels Allowed ILO/ -I Israel OUTDOOR a - b/g 5-13 IN/ -N a - India b/g IS/ -E Iceland a - b/g 1-11 IT - Cisco C3201FESMIC-TP= | Software Guide - Page 61
GHz Radio Only) Table 3 Supported Country Codes (continued) Access Point Country Code/ Regulatory Country Domain 802.11 Bands Channels Allowed MY/ -E Malaysia b/g 1-13 NL/ -E Netherlands a - b/g 1-11 Maximum Transmit Power (EIRP) 100 mW EIRP Indoor/ Outdoor Use In Frequency - Cisco C3201FESMIC-TP= | Software Guide - Page 62
Part 15 - 1 W EIRP - Both - (tbd) 2.4-2.4835 Additional Information For more information on bridge mode, see the "Outdoor Bridge Range Calculation Utility" at: http://www.cisco.com/application/vnd.ms-excel/en/us/guest/products/ps458/c1225/ccmigration_09186 a00800a912a.xls For more information - Cisco C3201FESMIC-TP= | Software Guide - Page 63
this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0801R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples - Cisco C3201FESMIC-TP= | Software Guide - Page 64
Additional Information Roles and the Associations of Wireless Devices Roles and the Associations of Wireless Devices 20 - Cisco C3201FESMIC-TP= | Software Guide - Page 65
information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.1. Configuring a System Name To manually configure a system name, follow these steps, beginning in privileged EXEC - Cisco C3201FESMIC-TP= | Software Guide - Page 66
IP address with all IP commands, such as ping, telnet, connect, and related Telnet support operations. IP defines a hierarchical naming scheme that allows a device to be identified by the servers were configured with this information). Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 67
global configuration command. If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 68
secure site. Only authorized users are allowed. For access, contact technical support. # bridge(config)# This example shows the banner displayed from the allowed. For access, contact technical support. User Access Verification Password: Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 69
can issue after they have logged into a network device. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference for Release 12.2. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 70
The password is encrypted before it is written to the configuration file. Default password is Cisco. The password is encrypted in the configuration file. Setting or Changing a Static Enable password, you are locked out of the EXEC mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 71
or change an existing password for access to privileged EXEC mode. The default password is Cisco. For password, specify a string from 1 to 25 alphanumeric characters. The string cannot two commands cannot be in effect simultaneously. Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 72
is defined. • (Optional) For encryption-type, only type 5, a Cisco proprietary encryption algorithm, is available. If you specify an encryption type, encryption, use the no service password-encryption command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 73
login to open a Telnet session to the WMIC. If you enter no username for the only username, you can be locked out of the WMIC. Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 74
EXEC Commands Administering the WMIC Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged mode level level command command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 75
• Unique service set identifiers (SSIDs) that are not broadcast in the beacon (see "Service Set Identifiers are limited, because encryption settings and authentication types are linked. Without VLANs, encryption settings (WEP and ciphers) Cisco 3200 Series Wireless MIC Software Configuration Guide 11 - Cisco C3201FESMIC-TP= | Software Guide - Page 76
management, and open authentication. In root access point mode, client devices cannot associate using this SSID without a WEP key that matches the access point key. Cisco 3200 Series Wireless MIC Software Configuration Guide 12 - Cisco C3201FESMIC-TP= | Software Guide - Page 77
to users authenticated Mandatory WPA authentication. Client against a database through the services of an devices that associate using this SSID must authentication server, and encrypts , AUTH OPEN with EAP should also be configured. Cisco 3200 Series Wireless MIC Software Configuration Guide 13 - Cisco C3201FESMIC-TP= | Software Guide - Page 78
dot1Q 10 no ip address no ip route-cache duplex auto speed auto bridge-group 1 As it applies to the 4.9-GHz WMIC: hostname root ! username Cisco password 7 02250D480809 ip subnet-zero ! no aaa new-model Cisco 3200 Series Wireless MIC Software Configuration Guide 14 - Cisco C3201FESMIC-TP= | Software Guide - Page 79
-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 logging snmp-trap all transport input all transport output all ! end Cisco 3200 Series Wireless MIC Software Configuration Guide 15 - Cisco C3201FESMIC-TP= | Software Guide - Page 80
eap_methods authentication network-eap eap_methods interface Dot11Radio0 no ip address no ip route-cache ! ssid eap_ssid ! speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 rts threshold 2312 Cisco 3200 Series Wireless MIC Software Configuration Guide 16 - Cisco C3201FESMIC-TP= | Software Guide - Page 81
group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local Cisco 3200 Series Wireless MIC Software Configuration Guide 17 - Cisco C3201FESMIC-TP= | Software Guide - Page 82
route-cache bridge-group 40 ! ip http server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag /122-15.JA/1100 ip radius key 7 135445415F59 radius-server authorization permit missing Service-Type radius-server vsa send accounting bridge 1 route ip ! line con 0 line - Cisco C3201FESMIC-TP= | Software Guide - Page 83
system that secures networks against unauthorized access. RADIUS clients run on supported Cisco devices and send authentication requests to a central RADIUS server that contains all user authentication and network service access information. The RADIUS host is normally a multiuser system running - Cisco C3201FESMIC-TP= | Software Guide - Page 84
messages from the non-root bridge to the RADIUS server and from the RADIUS server to the non-root bridge. See the "Authentication Types" for instructions on setting up authentication using a RADIUS server. Cisco 3200 Series Wireless MIC Software Configuration Guide 20 - Cisco C3201FESMIC-TP= | Software Guide - Page 85
Groups • Configuring RADIUS Authorization for User Privileged Access and Network Services • Starting RADIUS Accounting • Configuring Settings for All RADIUS Servers destination port • Key string • Timeout period • Retransmission value Cisco 3200 Series Wireless MIC Software Configuration Guide 21 - Cisco C3201FESMIC-TP= | Software Guide - Page 86
If two different host entries on the same RADIUS server are configured for the same service-such as accounting-the second host entry configured acts as a failover backup to the first Enters global configuration mode. Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide 22 - Cisco C3201FESMIC-TP= | Software Guide - Page 87
example shows how to configure host1 as the RADIUS server using the default ports for both authentication and accounting: bridge(config)# radius-server host host1 Cisco 3200 Series Wireless MIC Software Configuration Guide 23 - Cisco C3201FESMIC-TP= | Software Guide - Page 88
applied to all interfaces. For more information on list names, click this link: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/1 22cgcr/fsecur_c/fsaaa/scfathen. and configures the lines to apply the authentication list. Cisco 3200 Series Wireless MIC Software Configuration Guide 24 - Cisco C3201FESMIC-TP= | Software Guide - Page 89
. Select a subset of the configured server hosts, and use them for a particular service. The server group is used with a global server-host list, which lists the IP model Purpose Enters global configuration mode. Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide 25 - Cisco C3201FESMIC-TP= | Software Guide - Page 90
command in global configuration mode. To remove the IP address of a RADIUS server, use the no server ip-address command in server group configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 26 - Cisco C3201FESMIC-TP= | Software Guide - Page 91
security server, to configure the user's session. The user is granted access to a requested service only if the information in the user profile allows it. You can use the aaa network | exec} method1 command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 27 - Cisco C3201FESMIC-TP= | Software Guide - Page 92
management, client billing, or auditing. To enable RADIUS accounting for each Cisco IOS privilege level and for network services, follow these steps, beginning in privileged EXEC mode: Step 1 Step is 5; the range is from 1 to 1000. Cisco 3200 Series Wireless MIC Software Configuration Guide 28 - Cisco C3201FESMIC-TP= | Software Guide - Page 93
to cause the Cisco IOS software to Internet Engineering Task support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation supports pair activates Cisco's multiple address assignment): cisco-avpair= to privileged EXEC commands: cisco-avpair= "shell:priv- - Cisco C3201FESMIC-TP= | Software Guide - Page 94
26, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide for Release 12.2. Configuring the Bridge for Vendor-Proprietary extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes. As mentioned - Cisco C3201FESMIC-TP= | Software Guide - Page 95
bridge(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config command.in privileged EXEC mode: Cisco 3200 Series Wireless MIC Software Configuration Guide 31 - Cisco C3201FESMIC-TP= | Software Guide - Page 96
provide these services: • Authentication-Provides complete control of authentication of administrators through login and password dialog, challenge and response, and messaging support. The + daemon software to use TACACS+ on your WMIC. Cisco 3200 Series Wireless MIC Software Configuration Guide 32 - Cisco C3201FESMIC-TP= | Software Guide - Page 97
from the TACACS+ daemon: - ACCEPT-The administrator is authenticated, and service can begin. If the WMIC is configured to require authorization, authorization begins authenticate administrators accessing the WMIC through the CLI. Cisco 3200 Series Wireless MIC Software Configuration Guide 33 - Cisco C3201FESMIC-TP= | Software Guide - Page 98
servers to select a subset of the configured server hosts and use them for a particular service. The server group is used with a global server-host list and contains the list puts the WMIC in a server group subconfiguration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 34 - Cisco C3201FESMIC-TP= | Software Guide - Page 99
authentication, follow these required steps, beginning in privileged EXEC mode: Step 1 Step 2 Command configure terminal aaa new-model Purpose Enters global configuration mode. Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide 35 - Cisco C3201FESMIC-TP= | Software Guide - Page 100
security server, to configure the user's session. The user is granted access to a requested service only if the information in the user profile allows it. You can use the aaa authorization a user's network access to privileged EXEC mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 36 - Cisco C3201FESMIC-TP= | Software Guide - Page 101
EXEC access and network services, follow these steps, network-related service requests. Configures accounting feature tracks the services that administrators are for each Cisco IOS privilege level and for network services, follow these for all network-related service requests. Enables TACACS+ - Cisco C3201FESMIC-TP= | Software Guide - Page 102
to check the local database to determine whether the user is allowed to run an EXEC shell. Configures user AAA authorization for all network-related service requests. Cisco 3200 Series Wireless MIC Software Configuration Guide 38 - Cisco C3201FESMIC-TP= | Software Guide - Page 103
There are two versions of SSH: SSH version 1 and SSH version 2. Cisco IOS release 12.3(8)JK supports only SSH version 1. SSH provides greater security for remote connections than Telnet and Authorization" section on page 38) Cisco 3200 Series Wireless MIC Software Configuration Guide 39 - Cisco C3201FESMIC-TP= | Software Guide - Page 104
For more information about SSH, see the "Configuring Secure Shell" section in the Cisco IOS Security Configuration Guide for Release 12.2. Note The SSH feature in Cisco IOS release 12.3(8)JK does not support IP Security (IPSec). Configuring SSH Before you configure SSH, download the crypto software - Cisco C3201FESMIC-TP= | Software Guide - Page 105
, by using the Network Time Protocol (NTP), or manually, by setting the time and date on the WMIC. Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. Understanding the System Clock The heart of the time service . Cisco 3200 Series Wireless MIC Software Configuration Guide 41 - Cisco C3201FESMIC-TP= | Software Guide - Page 106
access-list-based restriction scheme and an encrypted authentication mechanism. Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or host systems to be time-synchronized as well. Cisco 3200 Series Wireless MIC Software Configuration Guide 42 - Cisco C3201FESMIC-TP= | Software Guide - Page 107
Catalyst 6500 series switch. This switch is configured as an NTP peer to the upstream and downstream Catalyst 3550 switches. Catalyst 3550 switch 43269 Workstations Cisco 3200 Series Wireless MIC Software Configuration Guide 43 - Cisco C3201FESMIC-TP= | Software Guide - Page 108
you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. To set the system clock, follow . • .-Time is authoritative, but NTP is not synchronized. Cisco 3200 Series Wireless MIC Software Configuration Guide 44 - Cisco C3201FESMIC-TP= | Software Guide - Page 109
coordinated (UTC), so this command is used only for display purposes and when the time is manually set. • For zone, enter the name of the time zone to be displayed when standard time clock timezone command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 45 - Cisco C3201FESMIC-TP= | Software Guide - Page 110
and ends on the last Sunday in October at 02:00: bridge(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco 3200 Series Wireless MIC Software Configuration Guide 46 - Cisco C3201FESMIC-TP= | Software Guide - Page 111
NTP source is not available. These devices also have no hardware support for a calendar. As a result, the ntp update-calendar and NTP peer or server associations NTP broadcast service NTP access restrictions NTP packet source IP Cisco 3200 Series Wireless MIC Software Configuration Guide 47 - Cisco C3201FESMIC-TP= | Software Guide - Page 112
key 42 in the device's NTP packets: bridge(config)# ntp authenticate bridge(config)# ntp authentication-key 42 md5 aNiceKey bridge(config)# ntp trusted-key 42 Cisco 3200 Series Wireless MIC Software Configuration Guide 48 - Cisco C3201FESMIC-TP= | Software Guide - Page 113
with the clock of the peer at IP address 172.16.22.44, using NTP version 2: bridge(config)# ntp server 172.16.22.44 version 2 Cisco 3200 Series Wireless MIC Software Configuration Guide 49 - Cisco C3201FESMIC-TP= | Software Guide - Page 114
System Time and Date Administering the WMIC Configuring NTP Broadcast Service The communications between devices running NTP (known as associations) (config)# interface gigabitethernet0/1 bridge(config-if)# ntp broadcast version 2 Cisco 3200 Series Wireless MIC Software Configuration Guide 50 - Cisco C3201FESMIC-TP= | Software Guide - Page 115
configuration mode. This example shows how to configure an interface to receive NTP broadcast packets: bridge(config)# interface gigabitethernet0/1 bridge(config-if)# ntp broadcast client Cisco 3200 Series Wireless MIC Software Configuration Guide 51 - Cisco C3201FESMIC-TP= | Software Guide - Page 116
Creating an Access Group and Assigning a Basic IP Access List To control access to NTP services by using access lists, follow these steps, beginning in privileged EXEC mode: Step 1 Step whose address passes the access list criteria. Cisco 3200 Series Wireless MIC Software Configuration Guide 52 - Cisco C3201FESMIC-TP= | Software Guide - Page 117
specified, only the specified access types are granted. To remove access control to the WMIC NTP services, use the no ntp access-group {query-only | serve-only | serve | peer} command ntp disable command in interface configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 53 - Cisco C3201FESMIC-TP= | Software Guide - Page 118
following commands in privileged EXEC mode: • show ntp associations [detail] • show ntp status For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Cisco 3200 Series Wireless MIC Software Configuration Guide 54 - Cisco C3201FESMIC-TP= | Software Guide - Page 119
, and to end on April 26, 2006, at 02:00: bridge(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 Cisco 3200 Series Wireless MIC Software Configuration Guide 55 - Cisco C3201FESMIC-TP= | Software Guide - Page 120
Managing the System Time and Date Administering the WMIC Cisco 3200 Series Wireless MIC Software Configuration Guide 56 - Cisco C3201FESMIC-TP= | Software Guide - Page 121
2 Understanding Radio Channels and Frequencies By default, the channel selected by Cisco wireless devices is the one that is least congested. At startup and by using Dynamic Frequency Selection (DFS). Transmission Power Control (TPC) is used to automatically adjust the transmission power level on - Cisco C3201FESMIC-TP= | Software Guide - Page 122
number: FOC10452M68 Number of supported simultaneous BSSID on Dot11Radio0: 1 TXQ_LOCK = 0, DOT11_DEAD = 0 Carrier Set: ETSI Outdoor (OFDM) (EU) follow these steps: • Determine the radio type to verify that the radio manual setting of the channel and to verify that the wireless device is not - Cisco C3201FESMIC-TP= | Software Guide - Page 123
and TPC can be found in the Cisco "Dynamic Frequency Selection and IEEE 802.11h Transmit Power Control" document available at: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f7c2.html For additional information on the 4.9 GHz (public safety) band, see the "Cisco Support - Cisco C3201FESMIC-TP= | Software Guide - Page 124
Additional Information Radio Channel and Transmit Frequency Configuration Radio Channels and Transmit Frequencies 4 OL-11491-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 125
Channel Frequencies This note lists the radio channels supported by Cisco access products in the regulatory domains of the X X X X X X X X X X X X X X Japan (-P) X X X X X X X X Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 126
(MHz) 2452 2457 2462 2467 2472 2484 Regulatory Domains Americas EMEA (-A) (-E) X X X X X X - X - X - - Japan (-P) X X X X X - 1. 802.11n is not supported on the Cisco 3200 Series WMIC. IEEE 802.11n (5-GHz Band) The channel identifiers, channel center frequencies, and regulatory - Cisco C3201FESMIC-TP= | Software Guide - Page 127
5745 5765 5785 5805 5809 Regulatory Domains North America (-A) EMEA (-E) - X - X X - X - X - X - X - Japan (-P 2. 802.11n is not supported on the Cisco 3200 Series WMIC. China (-C) - - X X X X X Isreal (-I IEEE 802.11b (2.4-GHz Band) The channel identifiers, channel center - Cisco C3201FESMIC-TP= | Software Guide - Page 128
in the Americas (-A) regulatory domain; however, channels 1 through 8 are for indoor use only while channels 9 through 11 can be used indoors and outdoors. Users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of Mexico. IEEE 802.11g - Cisco C3201FESMIC-TP= | Software Guide - Page 129
- X - Japan (-P) - X - X - X - X X X X X China (-C X X X X Australia (-N) - X - X - X - X X X X X X X X X Note All channel sets are restricted to indoor usage except the Americas (-A), which allows for indoor and outdoor use on channels 52 through 64 in the United States. xx-xxxxx-xx 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 130
4.9 GHz (public safety) Channels and Frequencies Radio Channel Frequencies 4.9 GHz (public safety) Channels and Frequencies This band is available only in the U.S. The radio operates on 5-MHz wide, 10-MHz wide, or 20-MHz wide channels between 4940-MHz and 4990-MHz for the licensed public safety - Cisco C3201FESMIC-TP= | Software Guide - Page 131
/h) radio to one that is not interfering with the radar systems. TPC is used to adapt the transmission power of a radio based on . For the ETSI regulatory domain, 5.0-GHz radios support the DFS 1.3.1 compliance requirement. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose - Cisco C3201FESMIC-TP= | Software Guide - Page 132
(5640 MHz) • 132 (5660 MHz) • 136 (5680 MHz) • 140 (5700 MHz) 1. 52, (5260 MHz), 64 (5320 MHz), 120 (5600 MHz), and 128 ( 5640) are not supported on the Cisco 3200 Series WMIC. Radio Channels and Transmit Frequencies 2 OL-11491-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 133
Dynamic Frequency Selection Understanding Dynamic Frequency Selection The maximum legal transmit power is greater for some 5 GHz channels than for others. When the wireless device randomly selects a 5 GHz channel on which power is restricted, the wireless device automatically reduces transmit - Cisco C3201FESMIC-TP= | Software Guide - Page 134
device, the root device silently drops the client's notification. Configuring an SNMP Trap for Radar Detection Note This command is available on the Cisco 3205 WMIC only. To configure an SNMP trap for radar detection or to switch to prefer channel notification, use the snmp-server enable traps - Cisco C3201FESMIC-TP= | Software Guide - Page 135
and TPC can be found in the Cisco "Dynamic Frequency Selection and IEEE 802.11h Transmit Power Control" document available at: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f7c2.html For additional information on the 4.9 GHz (public safety) band, see the "Cisco Support - Cisco C3201FESMIC-TP= | Software Guide - Page 136
Additional Information Dynamic Frequency Selection Radio Channels and Transmit Frequencies 6 OL-11491-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 137
document for additional information. For general information on power values, see RF Power Values (Document ID 23231) at: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00800e90fe.shtml For general information on channel selection and transmit power, see the FCC Regulations - Cisco C3201FESMIC-TP= | Software Guide - Page 138
controllers dot11Radio 0 interface Dot11Radio0 ! Radio AIR-AP1242GA, Base Address 0014.1b58.08f Version 5.80.12 Serial number: GAM09200992 Number of supported simultaneous BSSID on Dot1 Carrier Set: Americas (US) DFS Required: No ! Current Frequency: 2412 MHz Channel 1 ! AIR-AP1242GA radio type - Cisco C3201FESMIC-TP= | Software Guide - Page 139
Configuring Client Radio Transmit Power Configuring Client Radio Transmit Power The transmit power level of Cisco clients can be controlled by a Cisco wireless infrastructure device. The client software chooses the actual transmit power level, choosing between the lower of the access point value - Cisco C3201FESMIC-TP= | Software Guide - Page 140
Maximum Power Levels and Antenna Gains Maximum Power Levels and Antenna Gains IEEE 802.11g (2.4 GHz Band) Table 2 indicates the maximum power levels and antenna gains allowed for the 2.4 GHz radios in most regulatory domains. We recommend that you check your local regulations with the appropriate - Cisco C3201FESMIC-TP= | Software Guide - Page 141
if the speed of the wireless device is set to basic-1.0, the client must support a 1.0 Mbps transmission rate or it will not be allowed to associate with of the wireless device is set to basic-1.0 and basic-6.0, the client must support a 1.0 Mbps or a 6.0 Mbps transmission rate or it will not be - Cisco C3201FESMIC-TP= | Software Guide - Page 142
rate default range no speed 2.4 GHz 802.11b Radio basic-1.0, basic-2.0, basic-5.0, basic-11.0, 1.0, 2.0, 5.0, 11.0 The default keyword is not supported on 802.11b radios. basic-1.0, 2.0, 5.0, 11.0 basic-1.0, 2.0, 5.0, 11.0 2.4 GHz 802.11g 4.9 GHz at Radio 4.9 GHz at 5 MHz 10 MHz 4.9 GHz - Cisco C3201FESMIC-TP= | Software Guide - Page 143
of the command. Multicast packets are transmitted at 1 Mbps. Unicast packets are transmitted at the highest allowed data rate. Client devices must support basic-1.0 service or they will not be able to associate. WD# configure terminal WD(config)# interface dot11radio 1 WD(config-if)# no speed WD - Cisco C3201FESMIC-TP= | Software Guide - Page 144
Configuring Radio Data Rates Verify Settings Use the show controller dot11radio command to display the data rates for the speed command and the default keyword. With the speed command set to the default value for a 2.4 GHz, 802.11g radio, the show controller dot11radio command displays the following - Cisco C3201FESMIC-TP= | Software Guide - Page 145
and set of client profiles. A client profile consists of a service set identifier (SSID) and encryption settings that are bounded by a been redesigned to support the following client modes: • workgroup-bridge • universal workgroup-bridge • non-root bridge Americas Headquarters: Cisco Systems, Inc., - Cisco C3201FESMIC-TP= | Software Guide - Page 146
side traffic loads, and receiving collisions. Dynamic Channel Width (4.9GHz WMIC only) Cisco 3202 WMICs support dynamic channel width for 4.9GHz. For 4.9GHz WMIC, the channel width setting ? 10 10 Mhz width 20 20 Mhz width 5 5 Mhz width Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 147
-role to permit support for workgroup-bridge, universal workgroup bridge, or non-root bridge modes. The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices. Cisco 3200 Series - Cisco C3201FESMIC-TP= | Software Guide - Page 148
aLeapUser password ciscoleap client(config-ssid)# encryption mode cipher tkip client(config-ssid)# priority 8 client(config-ssid)# end client# config terminal client(config)# interface dot11Radio 0 Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 149
interface 0. Changes station-role to permit support for universal workgroup bridge. The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices. Enables the multiple client profile - Cisco C3201FESMIC-TP= | Software Guide - Page 150
WMIC device in universal workgroup bridge mode and enable multiple client profiles to support up to 16 client profiles. The example in this section describes four client are used to configure the client profiles. Client profile A: Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 151
11 mode ciphers tkip wep128 client(config-if)# end client# config terminal client(config)# interface Dot11Radio 0 client(config-if)# ssid WPAPSK_WEP128 client(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 152
Configuring a WMIC for MCP (12.3(8)JK Only) Multiple Client Profiles Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 153
Set Identifiers This document describes how to configure a service set identifier (SSID). Understanding SSIDs The SSID is a unique Extensible Authentication Protocol (EAP) authentication method. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 154
Service . For more information on method lists, click this link: http://www.cisco.com/univercd/cc/td/doc/product/software/ios 122/122cgcr the SSID. See Cipher Suites and WEP for instructions on configuring encrypton settings. Use the ssid Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 155
Service Set "Any SSID" feature requires guest-mode to be enabled on the Cisco access point. This feature is supported for 2.4-GHz, 4.9-GHz and 5.0-GHz WMIC. To configure Any • Access points must run Cisco IOS Release 12.3(4)JA or later. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 156
cannot manually map a BSSID to a specific SSID. • When multiple BSSIDs are enabled on the access point, the Service Set enable multiple BSSIDs on all radio interfaces that support multiple BSSIDs. ap(config)# configure terminal ap Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 157
. Because WEP is the first line of defense against intruders, Cisco recommends that you use full encryption on your wireless network. To protection of WEP while also allowing use of authenticated key management, Cisco recommends that you enable WEP by using the encryption mode cipher command - Cisco C3201FESMIC-TP= | Software Guide - Page 158
CMIC are supported only on the 2.4-GHz (802.11b/g) Cisco wireless mobile interface card (WMIC).) • CMIC (Cisco Message Integrity Check)-Like TKIP, the Cisco message integrity Enters global configuration mode. Enters SSID Configuration. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 159
WEP with MIC, use the same WEP key for the transmit key in the same key slot on both root devices and non-root bridges. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 160
bridges. Example WEP Key Setup Table 2 shows an example WEP key setup that would work for the root device and an associated non-root bridge. Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 161
cipher settings from dot11 interface to each SSID configuration. Cisco 3202 WMIC and 3205 WMIC supports this feature change starting 12.4(3)JL release. To configure Purpose Enters global configuration mode. Enters SSID Configuration. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 162
fails on the SSID. Step 4 Step 5 Note Cisco Key Integrity Protocol (CKIP) and CKIP-Cisco Message Integrity Protocol (CMIP) are supported only on the 2.4-GHz (802.11b/g) WMIC. end encryption mode ciphers aes-ccm bridge(config-ssid)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 163
the SSID. Step 4 Step 5 Note Cisco Key Integrity Protocol (CKIP) and CKIP-Cisco Message Integrity Protocol (CMIP) are supported only on the 2.4-GHz (802.11b/g) WMIC WEP: bridge# configure terminal bridge(config)# interface dot11radio 0 Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 164
you do not configure key management on the SSID, the authentication fails on this SSID. For a complete description of WPA and CCKM and instructions for configuring authenticated key management, see the "Authentication Types" document. Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 165
features work. It includes this information: • STP Overview, page 2 • STP Support, page 2 • Bridge Protocol Data Units, page 3 • Election of the page 4 • Spanning-Tree Interface States, page 5 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 166
Spanning-Tree Protocol (STP) is a Layer 2 link management protocol that prevents loops from being formed when switches is located to pass traffic. The path cost value represents media speed. STP Support The bridge supports both per-VLAN spanning tree (PVST) and a single 802.1q spanning tree. - Cisco C3201FESMIC-TP= | Software Guide - Page 167
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the bridge with the lowest bridge ID becomes the spanning-tree root for that VLAN. 802. - Cisco C3201FESMIC-TP= | Software Guide - Page 168
• The election of a designated bridge for every LAN segment • The removal of loops in the network by blocking Layer 2 interfaces connected to redundant links For each VLAN, the bridge with the highest bridge priority (the lowest numerical priority value) is elected as the spanning-tree root. If all - Cisco C3201FESMIC-TP= | Software Guide - Page 169
frame forwarding. • Forwarding-The interface forwards frames. • Disabled-The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port. An interface moves through these states: • From initialization to blocking - Cisco C3201FESMIC-TP= | Software Guide - Page 170
Understanding Spanning Tree Protocol Spanning Tree Protocol in a Wireless Environment Figure 2 illustrates how an interface moves through the states. Figure 2 Spanning-Tree Interface States Power-on initialization Blocking state Listening state Learning state Disabled state 43569 - Cisco C3201FESMIC-TP= | Software Guide - Page 171
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol Note If an bridge port is blocked, some broadcast or multicast packets can reach a forwarding port on the bridge and cause the bridging logic to switch the blocked port into listening state momentarily before the - Cisco C3201FESMIC-TP= | Software Guide - Page 172
Configuring STP Features Spanning Tree Protocol in a Wireless Environment Configuring STP Features These sections include spanning-tree configuration information: • Default STP Configuration, page 8 • Configuring STP Settings, page 8 • STP Configuration Examples, page 9 Default STP Configuration - Cisco C3201FESMIC-TP= | Software Guide - Page 173
Spanning Tree Protocol in a Wireless Environment Configuring STP Features Step 5 Step 6 Command exit bridge number protocol ieee Step 7 bridge number priority priority Step 8 end Step 9 show spanning-tree bridge Purpose Return to global configuration mode. Enable STP for the bridge group. You - Cisco C3201FESMIC-TP= | Software Guide - Page 174
Configuring STP Features Spanning Tree Protocol in a Wireless Environment no ip route-cache ! ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip bridge 1 priority 9000 ! line con 0 exec-timeout 0 0 line vty 0 4 login line vty 5 15 login ! end Non-Root Bridge Without VLANs This - Cisco C3201FESMIC-TP= | Software Guide - Page 175
Spanning Tree Protocol in a Wireless Environment Configuring STP Features ! end Root Bridge with VLANs This example shows the configuration of a root bridge with VLANs configured with STP enabled: hostname master-bridge-hq ! ip subnet-zero ! ip ssh time-out 120 ip ssh authentication-retries 3 ! - Cisco C3201FESMIC-TP= | Software Guide - Page 176
Configuring STP Features Spanning Tree Protocol in a Wireless Environment encapsulation dot1Q 2 no ip route-cache bridge-group 2 ! interface FastEthernet0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 ! interface BVI1 ip address 1.4.64.23 255.255.0.0 no ip route-cache ! ip default- - Cisco C3201FESMIC-TP= | Software Guide - Page 177
Spanning Tree Protocol in a Wireless Environment encapsulation dot1Q 2 no ip route-cache no cdp enable bridge-group 2 ! interface Dot11Radio0.3 encapsulation dot1Q 3 no ip route-cache no cdp enable bridge-group 3 ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! - Cisco C3201FESMIC-TP= | Software Guide - Page 178
Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver - Cisco C3201FESMIC-TP= | Software Guide - Page 179
: • Understanding CDP, page 1 • Configuring CDP, page 1 • Monitoring and Maintaining CDP, page 4 Understanding CDP Cisco Discovery Protocol (CDP) is a device-discovery protocol that runs on all Cisco network equipment. Each device sends identifying messages to a multicast address, and each device - Cisco C3201FESMIC-TP= | Software Guide - Page 180
Configuring CDP Cisco Discovery Protocol Default CDP Configuration Table 1 lists the default CDP settings. Table 1 Default CDP To disable the CDP device discovery capability, follow these steps, beginning in privileged EXEC mode: Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 181
end Disabling and Enabling CDP on an Interface CDP is enabled by default on all supported interfaces to send and receive CDP information. To disable CDP on an interface, follow Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 182
Monitoring and Maintaining CDP Cisco Discovery Protocol This example shows how to enable CDP on show cdp entry Device ID: bridge Entry address(es): IP address: 10.1.1.66 Platform: cisco WS-C3550-12T, Capabilities: Switch IGMP Interface: GigabitEthernet0/2, Port ID (outgoing port): - Cisco C3201FESMIC-TP= | Software Guide - Page 183
-M), Experimental Version 12.1(20010612:021 316) [jang-flamingo 120] Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 06-Jul-01 18:18 by jang advertisement version: 2 Protocol packets every 60 seconds Holdtime is 180 seconds Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 184
Monitoring and Maintaining CDP Cisco Discovery Protocol GigabitEthernet0/6 is up, line protocol is packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 50882, Input: 52510 Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 185
can configure on the WMIC. The authentication types are tied to the service set identifier (SSID) that you configure on the WMIC. Before wireless 3 • MAC Address Authentication to the Network, page 6 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 186
request 2. Authentication response Switch on LAN 2 88902 Shared Key Authentication to the WMIC Cisco provides shared key authentication to comply with the IEEE 802.11b and IEEE 802.11g key, so it can both authenticate and communicate. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 187
exchange multicast and broadcast data between them. When you enable EAP on your bridges, authentication to the network occurs in the sequence shown in Figure 0-3. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 188
RADIUS server and from the RADIUS server to the wireless client device. See the "Assigning Authentication Types to an SSID" section on page 16 for instructions on setting up EAP on the WMIC. Note If you use EAP authentication, you can select open or share-key authentication, but you do not - Cisco C3201FESMIC-TP= | Software Guide - Page 189
type supported by Funk Software. It uses TLS (server certificates) and supports a variety of client authentication mechanisms, including legacy mechanisms. EAP-TTLS supports both username/password and mutual authentication. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 190
on page 11-15 for instructions on enabling this feature. Using CCKM Key Management Using Cisco Centralized Key Management (CCKM), EAP /or Advanced Encryption Standard (AES) for data protection. WPA key management supports two mutually exclusive management types: WPA and WPA-pre-shared key (WPA - Cisco C3201FESMIC-TP= | Software Guide - Page 191
potentially mismatch with the cipher suite supported in an explicitly assigned VLAN. an SSID" section on page 16 for instructions on configuring WPA key management on your manual key with the given name will be generated with length 1024. Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 192
running-config startup-config (Optional) Saves your entries in the configuration file. The following example shows the manual configuration method: maldives-ap# maldives-ap#conf t Enter configuration commands, one per line. End with CNTL Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 193
certificate % The fully-qualified domain name in the certificate will be: maldives-ap.cisco.com Enter the base 64 encoded certificate. End with a blank line or the word VQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxFjAUBgNVBAoT Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 194
: http://wnbu-syd-acs-a/CertEnroll/wnbu-syd-acs-a.cisco.com.crl Validity Date: start date: 12:13:42 AEST Jun 29 2005 end date: 12:23:42 AEST Jun 29 2006 renew date: 11:00:00 AEST Jan 1 1970 Associated Trustpoints: TEST-CUT-PASTE Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 195
the URL to be used for certificate enrollment. rsakeypair name 1024 Specifies that a manual key with the given name will be generated with length 1024. subject-name CN= Personal Information Exchange Syntax Standard (PCKS)#10 format. Cisco 3200 Series Wireless MIC Software Configuration Guide 11 - Cisco C3201FESMIC-TP= | Software Guide - Page 196
Tip You can install the SCEP Add-on for Windows 2003 server from the following link: http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9f306763-d036-41d8-88 60 certificate enrollment: maldives-ap# maldives-ap#conf t Cisco 3200 Series Wireless MIC Software Configuration Guide 12 - Cisco C3201FESMIC-TP= | Software Guide - Page 197
fully-qualified domain name in the certificate will be: maldives-ap.cisco.com % The subject name in the certificate will be: maldives-ap.cisco.com % Include the router serial number in the subject name? ap#show crypto pki cert TEST-SCEP Cisco 3200 Series Wireless MIC Software Configuration Guide 13 - Cisco C3201FESMIC-TP= | Software Guide - Page 198
73.49 serialNumber=80AD5AD4 CRL Distribution Point: http://wnbu-syd-acs-a/CertEnroll/wnbu-syd-acs-a.cisco.com.crl Validity Date: start date: 13:14:13 AEST Jun 29 2005 end do not specify a trustpoint, EAP-TLS uses the default trustpoint. Cisco 3200 Series Wireless MIC Software Configuration Guide 14 - Cisco C3201FESMIC-TP= | Software Guide - Page 199
authentication types. You attach authentication types to the WMIC's SSID. See "Service Set Identifiers" for details on setting up the WMIC SSID. This 1 Default Authentication Configuration Feature SSID Default Setting autoinstall Cisco 3200 Series Wireless MIC Software Configuration Guide 15 - Cisco C3201FESMIC-TP= | Software Guide - Page 200
mode. Creates an SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive. Note Do not include spaces in SSIDs. Cisco 3200 Series Wireless MIC Software Configuration Guide 16 - Cisco C3201FESMIC-TP= | Software Guide - Page 201
authentication method list. Click this link for more information on method lists: http://www.cisco.com/univercd/cc/td/doc authenticated. This setting is used mainly by service providers that require special client accessibility. Note . Cisco 3200 Series Wireless MIC Software Configuration Guide 17 - Cisco C3201FESMIC-TP= | Software Guide - Page 202
.11g radios support WPA and instructions on configuring your root device to interact with your WDS device. end Returns to privileged EXEC mode. copy running-config startup-config (Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 203
Chooses an EAP authentication method for authentication purpose. Note In client mode, the WMIC supports only the FAST, LEAP, and TLS methods. Note A root device configured for submode. Specifies the EAP profile created in Step 7. Cisco 3200 Series Wireless MIC Software Configuration Guide 19 - Cisco C3201FESMIC-TP= | Software Guide - Page 204
"Configuring Additional WPA Settings" section on page 23 for instructions on configuring a pre-shared key. Step 15 Step 16 Note To support CCKM, your root device must interact with the WDS )# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 20 - Cisco C3201FESMIC-TP= | Software Guide - Page 205
port 1645 acct-port 1646 key 7 141B1309 bridge(config)# radius-server authorization permit missing Service-Type bridge(config)# ip radius source-interface BVI1 bridge(config)# end Setting Up a to which the non-root bridge associates. Cisco 3200 Series Wireless MIC Software Configuration Guide 21 - Cisco C3201FESMIC-TP= | Software Guide - Page 206
.11g radios support WPA and instructions on configuring your root device to interact with your WDS device. end Returns to privileged EXEC mode. copy running-config startup-config (Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 207
instructions on configuring WDS and CCKM on your wireless LAN, see Chapter 11 in the Cisco IOS Software Configuration Guide for Cisco Access adjust the frequency of group key updates. Setting a Pre-Shared Key To support WPA on a wireless LAN where 802.1x-based authentication is not available, you - Cisco C3201FESMIC-TP= | Software Guide - Page 208
with RADIUS attribute 27, Session-Timeout. This attribute sets the maximum number of seconds of service to be provided to the non-root bridge before termination of the session or prompt. commands to reset the values to default settings. Cisco 3200 Series Wireless MIC Software Configuration Guide 24 - Cisco C3201FESMIC-TP= | Software Guide - Page 209
server as a client device. WPA key management Set up and enable WEP and enable Set up and enable WEP and enable WPA authentication. WPA authentication. Cisco 3200 Series Wireless MIC Software Configuration Guide 25 - Cisco C3201FESMIC-TP= | Software Guide - Page 210
Matching Authentication Types on Root Devices and Non-Root Bridges Authentication Types Cisco 3200 Series Wireless MIC Software Configuration Guide 26 - Cisco C3201FESMIC-TP= | Software Guide - Page 211
Confidential QoS in a Wireless Environment This chapter describes how to configure quality of service (QoS) on your Cisco wireless mobile interface card (WMIC). With this feature, you can provide preferential treatment to certain traffic at the expense of others. Without QoS, the WMIC - Cisco C3201FESMIC-TP= | Software Guide - Page 212
. Bridges do not support InterSwitch Link Protocol (ISL). • They support only MQC policy-map set cos action. To contrast the wireless LAN QoS implementation with the QoS implementation on other Cisco network devices, see the Cisco IOS Quality of Service Solutions Configuration Guide at this URL - Cisco C3201FESMIC-TP= | Software Guide - Page 213
of service value Support for burst transmission of multiple frames in a transmit opportunity • Support for the WMM specified backoff procedure • Support for the WMM retransmit procedure • Addition of 802.1d priority for WMM enabled clients Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 214
of the WMM specification are not supported: • Transmission of a packet with the no ACK required bit set in the QoS control field • End of service period (EOSP) bit in the QoS dot11Radio 0.100 encapsulation dot1Q 100 bridge-group 100 Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 215
any policy-map v100traffic class alldata set cos 6 interface dot11Radio 0.100 service-policy output v100traffic QoS Example of IP DSCP and IP Precedence The class dscp46 set cos 6 interface dot11Radio 0 service-policy output L3Map Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 216
Configuring QoS QoS in a Wireless Environment Beta Draft for Review - Cisco Confidential Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 217
Cisco wireless mobile interface card (WMIC) to operate with the VLANs set up on your wired LAN. These sections describe how to configure your WMIC to support separate group for each VLAN. VLANs provide the segmentation services traditionally provided by routers in LAN configurations. VLANs address - Cisco C3201FESMIC-TP= | Software Guide - Page 218
WMIC. VLAN 802.1Q trunking is supported between root devices and non-root bridges Cisco Internetworking Technology Handbook. Click this link to browse to this document: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm • Cisco Internetworking Troubleshooting Guide. Click this link - Cisco C3201FESMIC-TP= | Software Guide - Page 219
specific VLAN is by configuring its service set identifier (SSID) to recognize that VLAN is established. The WMIC supports 16 SSIDs. You can assign and Ethernet ports. For detailed instructions on assigning authentication types to SSIDs Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 220
n protocol ieee command. See "Spanning Tree Protocol" for complete instructions on enabling STP on the WMIC. Returns to global configuration mode an authentication type for each SSID. See "Authentication Types" for instructions on configuring authentication types. Assigns the SSID to the native VLAN - Cisco C3201FESMIC-TP= | Software Guide - Page 221
(config-subif)# exit bridge(config)# interface dot11radio0 bridge(config-if)# ssid batman bridge(config-ssid)# vlan 1 bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 222
Configured on the WMIC To view the VLANs that the WMIC supports, use the show vlan command in privileged EXEC mode. The : Dot11Radio0.2 FastEthernet0.2 Virtual-Dot11Radio0.2 Protocols Configured: Address: Received: Transmitted: Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 223
interface card (WMIC). Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. This document consists of these sections: • Understanding System Message Logging, page 1 • Configuring - Cisco C3201FESMIC-TP= | Software Guide - Page 224
uptime) Date and time of the message or event. This information appears only if the service timestamps log [datetime | log] global configuration command is configured. For more information, the source or the cause of the system message. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 225
reset *Mar 1 17:02:19.618: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up *Mar 1 17:14:21.520: %SYS-5-CONFIG_I: Configured from console by Cisco on vty0 (10.0.0.42) *Mar 1 17: ; see Table 3 on page 8) 4096 bytes 1 message Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 226
Disabling Timestamps on Log Messages" section on page 6. To re-enable message logging after it has been disabled, use the logging on global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 227
, use the no logging console global configuration command. To disable logging to a file, use the no logging file [severity-level-number | type] global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 228
part of a logging display with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed numbers, use the no service sequence-numbers global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 229
than the console, use the no logging monitor global configuration command. To disable logging to syslog servers, use the no logging trap global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 230
sent to the SNMP server. See Table 3 on page 8 for a list of level keywords. By default, warnings, errors, critical, alerts, and emergencies messages are sent. Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 231
command. Configuring UNIX Syslog Servers The next sections describe how to configure the 4.3 BSD UNIX server syslog daemon and define the UNIX system logging facility. Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 232
a line such as the following to the file /etc/syslog.conf: local7.debug /usr/adm/logs/cisco.log The local7 keyword specifies the logging facility to be used; see Table 4 on page 11 for lower. See Table 3 on page 8 for level keywords. Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 233
UNIX system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator's manual for your UNIX For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. To display the - Cisco C3201FESMIC-TP= | Software Guide - Page 234
Displaying the Logging Configuration System Message Logging Cisco 3200 Series Wireless MIC Software Configuration Guide 12 - Cisco C3201FESMIC-TP= | Software Guide - Page 235
cannot be removed if they are being used as templates. • This feature does not support mobile routers that are acting as mobile nodes. Applying the Tunnel Template on the Home the tunnel template. wd(config)#end Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134- - Cisco C3201FESMIC-TP= | Software Guide - Page 236
Applying the Tunnel Template on the Mobile Router Use the show ip mobile tunnel command to display the active tunnels. The following example displays the active Mobile IP tunnels and the template configuration for the tunnel on the home agent: Router# show ip mobile tunnel Mobile Tunnels: Total - Cisco C3201FESMIC-TP= | Software Guide - Page 237
. The foreign agent does not require any additional configuration to support the Cisco Mobile Networks-Tunnel Templates for Multicast feature. Home Agent ip ip address 20.0.0.1 255.0.0.0 ip pim sparse-mode ip mobile router-service roam ! router mobile ip pim rp-address 7.7.7.7 ip mobile secure - Cisco C3201FESMIC-TP= | Software Guide - Page 238
routing and allows for all traffic to be Cisco Express Forwarding (CEF) switched (which is not supported on loopback interfaces). To be encrypted, all .255.1 255.255.255.255 ip mobile router-service roam ! interface Ethernet1/0 description Mobile Network ip address 192.168.124.1 255.255.255.0 - Cisco C3201FESMIC-TP= | Software Guide - Page 239
Applying Tunnel Templates to the IPSec Two-box Solution router mobile ! ip mobile secure home-agent 192.168.1.2 spi 100 key hex 1234567890abcdef1234567890abcdef algorithm md5 mode prefix-suffix ip mobile router address 192.168.100.10 255.255.255.0 home-agent 192.168.1.2 mobile-network Ethernet1/0 ! - Cisco C3201FESMIC-TP= | Software Guide - Page 240
Tunnel, } conn id: 1, flow_id: SW:l, crypto map: MAR_VPN sa timdng: remaining key lifetime (k/sec): (4602927/3584) IV size: 16 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: OxC8D41EOA(3369344522) transfor.m: esp-256-aes esp-sha-hmac , in use - Cisco C3201FESMIC-TP= | Software Guide - Page 241
to configure SNMP, refer to the following documents: • The "Configuring SNMP Support" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 • The "SNMP Commands" chapter of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 For information about - Cisco C3201FESMIC-TP= | Software Guide - Page 242
Related Documents Related documents from the Cisco TAC Web pages include: • Antenna Cabling (http://www.cisco.com/warp/public/102/wlan/antcable.html) Tunnel Templates 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 243
This document provides troubleshooting procedures for basic problems with the wireless device. For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following URL (select Top Issues and then select Wireless Technologies): http://www.cisco.com/tac - Cisco C3201FESMIC-TP= | Software Guide - Page 244
Checking the LED Indicators WIMIC Troubleshooting Table 1 Indicator Signals ( SSID and WEP settings. Transmitting/receiving radio packets. Ethernet link is operational. Transmitting/receiving Ethernet packets. Red Red firmware image. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 245
Troubleshooting to associate with the wireless device must use the same service set identifier (SSID) as the wireless device. If with the wireless device must support the same security options configured in Cisco, which is case-sensitive. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 246
Resetting to the Default Configuration WIMIC Troubleshooting Using the CLI Follow the steps below to delete the current configuration and return (set to receive an IP address using DHCP) and the default username and password (Cisco). Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 247
WIMIC Troubleshooting Reloading the Image Step 8 When Cisco IOS software is loaded, you can use the del privileged EXEC command to delete the .168.133.1 Enter the tftp_init command to prepare the wireless device for TFTP. ap: tftp_init Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 248
Reloading the Image WIMIC Troubleshooting Step 6 Step 7 Enter the tar command to load and inflate the new image from your TFTP server. The command mx.122-13.JA1 DEFAULT_ROUTER=192.168.133.1 IP_ADDR=192.168.133.160 NETMASK=255.255.255.0 Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 249
. Obtaining TFTP Server Software You can download TFTP server software from several websites. Cisco recommends the shareware TFTP utility available at this URL: http://tftpd32.jounin.net Follow the instructions on the website for installing and using the utility. Reloading the Bootloader Image - Cisco C3201FESMIC-TP= | Software Guide - Page 250
Messages WIMIC Troubleshooting Step 6 ethernet port 0... Reset done! ethernet link up, 100 mbps, full-duplex Ethernet port 0 initialized:link is up Error and Event Messages This support representative. Association Management Messages Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 251
WIMIC Troubleshooting Error and Event Messages Table 2 Error and Event Messages (continued) Message Explanation Recommended Action DOT11-2-RADIO_HW_RESET: Radio Radio must be reset due to problem. subsystem is under going hardware reset to recover from problem None. DOT11-3-BADSTATE: [mac- - Cisco C3201FESMIC-TP= | Software Guide - Page 252
Error and Event Messages WIMIC Troubleshooting Table 2 Error and Event Messages (continued) Message Explanation Recommended Action SOAP Reason = [chars] ([int]) The device is transitioning from standby None. mode to active mode. Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 253
WIMIC Troubleshooting Error and Event Messages error message exactly as it appears, and report it to your technical support representative. SCHED-3-UNEXPECTEDEVENT: Process received unknown event (maj [hex], min power connections. Cisco 3200 Series Wireless MIC Software Configuration Guide 11 - Cisco C3201FESMIC-TP= | Software Guide - Page 254
Error and Event Messages WIMIC Troubleshooting Cisco 3200 Series Wireless MIC Software Configuration Guide 12 - Cisco C3201FESMIC-TP= | Software Guide - Page 255
commands in the command-line interface (CLI). Tip You can include filters in the WMIC's QoS policies. Refer to "QoS in a Wireless Environment" for detailed instructions on setting up QoS policies. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 256
lists (ACLs) and bridge groups. You can find explanations of these concepts and instructions for implementing them in these documents: • Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to browse to the "Configuring Transparent Bridging" chapter: http://www - Cisco C3201FESMIC-TP= | Software Guide - Page 257
condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP 3 • Using SNMP to Access MIB Variables, page 3 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © - Cisco C3201FESMIC-TP= | Software Guide - Page 258
can communicate with multiple managers; therefore, you can configure the software to support communications with one management station using the SNMPv1 protocol and another using a table. 2. The get-bulk command works only with SNMPv2. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 259
graph and analyzed to troubleshoot internetworking problems, increase network performance, as improper user authentication, restarts, link status (up or down), MAC address supported MIBs and how to access them, see "Supported MIBs." Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 260
subset of all MIB objects accessible to the given community • Read and write or read-only permission for the MIB objects accessible to the community Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 261
such as ieee802dot11. See the "Using the snmp-server view Command" section on page 9 for instructions on using the snmp-server view command to access Standard IEEE 802.11 MIB objects through IEEE view ISO object in the MIB object tree. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 262
traps are issued. Bridges running this IOS release can have an unlimited number of trap managers. Community strings can be any length. Table 3 describes the supported traps (notification types). You can enable any or all of these traps and configure a trap manager to receive them - Cisco C3201FESMIC-TP= | Software Guide - Page 263
types are always enabled. You can use the snmp-server host global configuration command to a specific host to receive the notification types listed in Table 3. Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 264
host. Specify informs to send SNMP informs to the host. • Specify the SNMP version to support. Version 1, the default, is not available with informs. Note Though visible in the command-line -types global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 265
.1.27 using SNMPv2C. The community string public is sent with the traps. bridge(config)# snmp-server community public bridge(config)# snmp-server enable traps config Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 266
. SNMP Authentication Failure traps are sent by SNMPv2C to the host cisco.com using the community string public. bridge(config)# snmp-server community refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2. Cisco 3200 Series Wireless MIC Software Configuration Guide 10 - Cisco C3201FESMIC-TP= | Software Guide - Page 267
Power Levels This document lists the maximum power levels, and antenna gains supported by the world's regulatory domains. IEEE 802.11g (2.4-GHz Band) An 100 30 100 30 100 30 50 20 20 10 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 268
Gain (dBi) 2.2 6 6.5 10 13.5 15 21 2.2 6 6.5 10 13.5 15 21 Maximum Power Level (mW) CCK OFDM 50 30 30 10 20 10 10 5 5 5 5 1 1 - 5 5 5 5 5 5 5 5 5 5 5 5 5 5 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 269
MIB Files, page 2 MIB List • CISCO-CDP-MIB • CISCO-CLASS-BASED-QOS-MIB • CISCO-CONFIG-COPY-MIB • CISCO-CONFIG-MAN-MIB • CISCO-DDP-IAPP-MIB • CISCO-DOT11-ASSOCIATION-MIB • CISCO-DOT11-CONTEXT-SERVICES-CLIENT-MIB • CISCO-DOT11-CONTEXT-SERVICES-MIB • CISCO-DOT11-IF-MIB • CISCO-DOT11-SSID-SECURITY-MIB - Cisco C3201FESMIC-TP= | Software Guide - Page 270
FTP: Step 1 Step 2 Step 3 Step 4 Step 5 Use FTP to access the server ftp.cisco.com. Log in with the username anonymous. Enter your e-mail username when prompted for the password. At to obtain a copy of the MIB file. Supported MIBs Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 271
Supported MIBs Using FTP to Access the MIB Files Note You can also access information about MIBs on the Cisco website: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 272
Using FTP to Access the MIB Files Supported MIBs Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 273
, the Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 - Cisco C3201FESMIC-TP= | Software Guide - Page 274
- 0x2000 XNS 0x6000 - 0x6001 MOP 0x6002 LAT 0x6004 - 0x809B Appletalk AARP 0x80F3 - 0x00E0 - 0x00FF - 0x8137 IPX 0x8138 - 0x8180 - 0x888E TXP 0x8729 DDP 0x872D - 0x9000 - 0xF0F0 Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 275
Identifier ISO Designator - 0 ICMP 1 IGMP 2 TCP 6 EGP 8 - 12 - 16 UDP 17 IDP 22 TP4 29 CNLP 80 VINES 83 encap_hdr 98 SVP 119 Spectralink - 255 Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 276
0-3 IP Port Protocols Protocol Additional Identifier ISO Designator TCP port service multiplexer tcpmux 1 echo - 7 discard (9) - 9 systat link 87 Kerberos v5 Kerberos 88 krb5 supdup - 95 hostname hostnames 101 Cisco 3200 Series Wireless MIC Software Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 277
Network Time Protocol ntp 123 NETBIOS Name Service netbios-ns 137 NETBIOS Datagram Service netbios-dgm 138 NETBIOS Session Service netbios-ssn 139 Interim Mail Access BGP 179 Prospero - 191 Internet Relay Chap IRC 194 Cisco 3200 Series Wireless MIC Software Configuration Guide 5 - Cisco C3201FESMIC-TP= | Software Guide - Page 278
swat 901 SUP debugging supfiledbg 1127 ingreslock - 1524 Prospero non-priveleged prospero-np 1525 RADIUS - 1812 Concurrent Versions System CVS 2401 Cisco IAPP - 2887 Radio Free Ethernet RFE 5002 Cisco 3200 Series Wireless MIC Software Configuration Guide 6 Protocol Filters - Cisco C3201FESMIC-TP= | Software Guide - Page 279
This document describes how to configure access points for Wireless Domain Services (WDS), fast secure roaming of client devices, and radio management and forwards it to a wireless LAN solution engine (WLSE) device on your network. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, - Cisco C3201FESMIC-TP= | Software Guide - Page 280
(LEAP)-enabled client devices mutually authenticate with a new access point by performing a complete LEAP authentication, including communication with the main RADIUS server, as in Figure 1. Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 281
roam from one access point to another without involving the main server. Using Cisco Centralized Key Management (CCKM), an access point configured to provide WDS takes the registration reply Reassociation response Authentication server Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 282
and 1200 clients. • Repeater access points do not support WDS. Do not configure a repeater access point as a WDS candidate, and do not configure a WDS access point to return (fall back) to repeater mode in case of Ethernet failure. Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 283
these requirements: • Your central wireless domain services (WDS) server is serving a zone ( foreign agent mode • Cisco-compatible client devices that comply with Cisco Compatible eXtensions (CCX to Support Fast on your server: Step 1 Log into Cisco Secure ACS and click Network Configuration to - Cisco C3201FESMIC-TP= | Software Guide - Page 284
, and Radio Management Step 2 Click Add Entry under the AAA Clients table. The Add AAA Client page appears. Figure 4 shows the Add AAA Client page. Cisco 3200 Series Wireless MIC Software Configuration Guide 6 - Cisco C3201FESMIC-TP= | Software Guide - Page 285
must use the User Setup page to create entries for the access points that use the WDS access point. Figure 5 shows the User Setup page. Cisco 3200 Series Wireless MIC Software Configuration Guide 7 - Cisco C3201FESMIC-TP= | Software Guide - Page 286
in the User field. Click Add/Edit. Scroll down to the User Setup box. Figure 6 shows the User Setup box. Figure 6 ACS User Setup Box Cisco 3200 Series Wireless MIC Software Configuration Guide 8 - Cisco C3201FESMIC-TP= | Software Guide - Page 287
enter exactly the same password that you entered on the access point on the Wireless Services AP page. Click Submit. Repeat Step 10 through Step 15 for each access point group infra where is Cisco 3200 Series Wireless MIC Software Configuration Guide 9 - Cisco C3201FESMIC-TP= | Software Guide - Page 288
tkip | wep128 | wep40] [no] ssid [no] authentication network-eap > Refer to http://www.cisco.com/univercd/cc/td/doc agent only. Refer to http://www.cisco.com/univercd/cc/td/doc/product/software/ios123 commands. Refer to http://www.cisco.com/univercd/cc/td/doc/ - Cisco C3201FESMIC-TP= | Software Guide - Page 289
access point authentication to the WDS access point (state). Use this command to turn on display of debugging messages related to LEAP-enabled client devices. Cisco 3200 Series Wireless MIC Software Configuration Guide 11 - Cisco C3201FESMIC-TP= | Software Guide - Page 290
network is deployed with a single channel, the "mode" command will provide an option for the Cisco 3205 radio to perform active scanning. The default value for this command is "2", in which the " device. This reduces the roaming time. Cisco 3200 Series Wireless MIC Software Configuration Guide 12 - Cisco C3201FESMIC-TP= | Software Guide - Page 291
. Infrastructure MFP provides infrastructure support. Infrastructure MFP utilizes a domain service (WDS). MFP is configured at the wireless LAN solution engine (WLSE), but you can manually configure 3 management frames sent between APs and Cisco Compatible Extension version 5 (CCXv5)-capable client - Cisco C3201FESMIC-TP= | Software Guide - Page 292
Access Points in Root mode Autonomous APs in root mode support mixed-mode clients. Clients capable of CCXv5 with negotiated . By default, Client MFP is optional for a particular service set identifier (SSID) on the AP. Client MFP an Cisco 3200 Series Wireless MIC Software Configuration Guide 2 - Cisco C3201FESMIC-TP= | Software Guide - Page 293
IEs, and the WDS securely transfers them between generators and detectors. Returns to the privileged EXEC mode. (Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide 3 - Cisco C3201FESMIC-TP= | Software Guide - Page 294
Understanding Management Frame Protection Management Frame Protection Cisco 3200 Series Wireless MIC Software Configuration Guide 4 - Cisco C3201FESMIC-TP= | Software Guide - Page 295
. associated A station is configured properly to enable it to wirelessly communicate with an access point. authentication suite A suggested set of authentication methods OL-6415-03 Cisco Wireless Router and HWIC Configuration Guide GL-1 - Cisco C3201FESMIC-TP= | Software Guide - Page 296
and the physical environment, as well as other factors. A radio device that uses the services of an Access Point to communicate wirelessly with other devices on a local area network. A or integrity, and/or replay protection GL-2 Cisco Wireless Router and HWIC Configuration Guide OL-6415-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 297
supports SSN Group Key update. Cisco Temporal Key Integrity Protocol A radio device that uses the services of an access point to communicate wirelessly with other devices on a local area network. Cisco Remote Authentication Dial-In User Service (RADIUS) server. Combination of EAPOL-Key Encryption key - Cisco C3201FESMIC-TP= | Software Guide - Page 298
mask isotropic Institute of Electrical and Electronic Engineers. A professional society serving electrical engineers through its publications, conferences, and standards antenna that radiates its signal in a spherical pattern. GL-4 Cisco Wireless Router and HWIC Configuration Guide OL-6415-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 299
system. Pre-Shared Key (PSK) A key that is distributed to the units in the system by manual means. Legacy WEP systems without authentication used Pre-Shared Keys as the WEP keys. The Robust Security Network Key is not as secure. OL-6415-03 Cisco Wireless Router and HWIC Configuration Guide GL-5 - Cisco C3201FESMIC-TP= | Software Guide - Page 300
in order to gain benefits such as improved interference tolerance and unlicensed operation. Service Set Identifier (also referred to as Radio Network Name). A unique identifier used mode, the station use 802.1X for key management. GL-6 Cisco Wireless Router and HWIC Configuration Guide OL-6415-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 301
Wireless Domain Services. An link integrity of wireless devices equal to that of a cable. Wireless LAN Solutions Engine. The WLSE is a specialized appliance for managing Cisco tool for added configuration ease and improved productivity. OL-6415-03 Cisco Wireless Router and HWIC Configuration Guide - Cisco C3201FESMIC-TP= | Software Guide - Page 302
Network (SSN), relies on the interim version of IEEE Standard 802.11i. WPA supports WEP and TKIP encryption algorithms as well as 802.1X and EAP for simple integration communication between client devices and the access point. GL-8 Cisco Wireless Router and HWIC Configuration Guide OL-6415-03 - Cisco C3201FESMIC-TP= | Software Guide - Page 303
on root devices and non-root bridges 3-25 Network-EAP 3-3 open 3-2 shared key 3-2 using WPA key management 3-6 authorization with RADIUS 4-27 with TACACS+ 4-32, 4-36 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-1 - Cisco C3201FESMIC-TP= | Software Guide - Page 304
set command 4-44 clock timezone command 4-45 CMIC 1-8, 11-2 CMIC (Cisco Message Integrity Check) See CMIC commands aaa authentication login 4-24 aaa authorization clear cdp table 2-4 client profile multiple 3-11, 9-5 IN-2 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 305
39 console cable 2-1 console port cable 2-2 country code 3-13 country codes, supported ?? to 3-18 cryptographic message integrity 11-2 crypto map 7-4 crypto map password and privilege level 4-6 SNMP 10-4 system message logging 6-3 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-3 - Cisco C3201FESMIC-TP= | Software Guide - Page 306
1-4 group key updates 3-23 H history table, level and number of syslog messages 6-8 home agent tunnel template 7-1 host name, ARPANET rules 4-1 hostname command 4-1 I IAPP messaging 3-6 IN-4 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 307
system message logging loopback crypto map 7-4 M MAC address authentication 3-6 troubleshooting 8-3 Management Frame Protection 15-1 access points in root mode 15-2 10-1 SNMP interaction with 10-3 MIC 4-40, 11-1, 8-3 Mobile IP Cisco 3200 Series Wireless MIC Software Configuration Guide IN-5 - Cisco C3201FESMIC-TP= | Software Guide - Page 308
4-41 restricting access creating an access group 4-52 disabling NTP services per interface 4-53 source IP address, configuring 4-54 stratum 4-41 prompt command 4-1 protocol filters 9-2, 13-1 protocols IP port 13-4 IN-6 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 309
NTP services 4-52 passwords and privilege levels 4-5 TACACS+ 4-32 reverse tunneling tunnel templates 7-1 RFC 1157, SNMPv1 10-2 1305, NTP 4-41 1901, SNMPv2C 10-2 1902 to 1907, SNMPv2 10-2 roaming, fast secure roaming using CCKM 14-2 role 3-1 station-role command 3-1 roles access point 3-2 Cisco 3200 - Cisco C3201FESMIC-TP= | Software Guide - Page 310
bridge settings 3-25 synchronizing 3-25 troubleshooting 8-3 security settings, Express Security page 6-6 server group AAA 4-25 service set identifier (SSID) 3-7, 10 types of 10-6 versions supported 10-2 software images delete from Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04 - Cisco C3201FESMIC-TP= | Software Guide - Page 311
Index RADIUS 10-2 troubleshooting 8-3 understanding 10-1 VLAN clock 4-41 OL-6415-04 configuring daylight saving time 4-46 manually 4-44 summer time 4-46 time zones 4-45 displaying the time the logging facility 6-10 facilities supported 6-11 system name 4-1 manual configuration 4-1 T TAC 8-1 TACACS - Cisco C3201FESMIC-TP= | Software Guide - Page 312
6-10 facilities supported 6-11 message logging configuration 6-10 username-based authentication 4-9 V VLAN and bridges 5-2 configuring 5-3 overview 5-1 SSID 2-4, 4-11, 4-12, 10-2 with wireless bridges 5-3 vlan command 10-2 IN-10 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415 - Cisco C3201FESMIC-TP= | Software Guide - Page 313
14-1 CLI commands 14-9 guidelines and requirements 14-4 universal workgroup bridge 3-9 web site Cisco Software Center 8-7 WEP configuring key 11-2 described 11-2 key example 11-5 key restrictions 11-4 keys 8-3 troubleshooting 8-3 with EAP 3-3 Wi-Fi Multimedia See WMM Wi-Fi Protected Access See WPA - Cisco C3201FESMIC-TP= | Software Guide - Page 314
Index IN-12 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
 |
 |
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco 3200 Series Wireless MIC Software
Configuration Guide
January 2009
Text Part Number: OL-6415-04