Home » Cisco Manuals » Wireless » Cisco C3230ENC-1WMIC-K9 » Manual Viewer

Cisco C3230ENC-1WMIC-K9 Software Guide - Page 31

Features

UPC - 882658019814

View all Cisco C3230ENC-1WMIC-K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 31 highlights

Overview of the Cisco WMIC Features Features The WMIC running Cisco IOS offers these software features: • VLANs-Allow VLAN trunking on both wireless and Ethernet interfaces. • QoS-Use this feature to support quality of service (QoS) for prioritizing traffic on the wireless interface. The WMIC supports required elements of Wi-Fi Multimedia (WMM) for QoS, which improves the user experience for audio, video, and voice applications over a Wi-Fi wireless connection and is a subset of the IEEE 802.11e QoS standard. WMM supports QoS prioritized media access through the Enhanced Distributed Channel Access (EDCA) method. • Multiple Basic SSIDs-Support up to 8 basic service set identifiers (SSIDs) in access point mode. • RADIUS Accounting-Enable accounting on the WMIC to send accounting data about wireless client devices to a RADIUS server on your network. • TACACS+ administrator authentication-Enable TACACS+ for server-based, detailed accounting information and flexible administrative control over authentication and authorization processes. It provides secure, centralized validation of administrators attempting to gain access to your WMIC. • Enhanced security-Enable three advanced security features to protect against sophisticated attacks on your wireless network's WEP keys: Message Integrity Check (MIC) and WEP key hashing. Enhanced security for Wi-Fi Protected Access (WPA) with AES and Temporal Key Integrity Protocol (TKIP) encryption is also available. • Enhanced authentication services-Set up non-root bridges or workgroup bridges to authenticate to the network like other wireless client devices. After a network username and password for the non-root bridge or workgroup bridge are set, it authenticates to the network using Cisco Light Extensible Authentication Protocol (LEAP), and receives and uses dynamic WEP keys. • 802.1x supplicant-Support 802.1x, the standardized framework defined by the IEEE to provide port-based network access using information unique to the client and with credentials known only to the client. The supplicant refers to the client software that supports the 802.1x and EAP protocols. The 802.1x supplicant provides a secure method for accomplishing this authentication. Transport Layer Security (TLS) is an enhancement to SSL and provides data encryption in conjunction with EAP. • EAP-TLS and EAP-FAST-Support EAP-TLS and EAP-FAST in workgroup bridge and non-root device mode. • Advanced Encryption Standard (AES) -This feature supports Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP). AES-CCMP is required for Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i wireless LAN security. • Enhanced authentication for Cisco Centralized Key Management (CCKM). • Roaming-Support fast, secure roaming of client devices, and radio management through wireless domain services (WDS) (See the "WDS, Fast Secure Roaming, and Radio Management" document for more information. • Universal workgroup bridge-Support interoperability with non-Cisco devices. • Prioritized Multiple Client Profiles. • Any SSID- May associate to any root device as long the encrption and authentication settings match. • Management Frame Protection (MFP)-Support management frame protection version 1 and 2. Cisco 3200 Series Wireless MIC Software Configuration Guide 7

Section	Page
Cisco 3200 Series Wireless MIC Software Configuration Guide	1
Contents	3
Preface	15
Audience	15
Purpose	15
Organization	15
Conventions	17
Related Documentation	19
Obtaining Documentation	20
Cisco.com	20
Product Documentation DVD	20
Ordering Documentation	20
Documentation Feedback	20
Cisco Product Security Overview	21
Reporting Security Problems in Cisco Products	21
Obtaining Technical Assistance	22
Cisco Technical Support & Documentation Website	22
Submitting a Service Request	23
Definitions of Service Request Severity	23
Obtaining Additional Publications and Information	23
Overview of the Cisco WMIC	25
Understanding the Cisco Mobile Wireless Network	25
Public Safety Wireless Network Example	25
Intersection Example	27
Vehicle Network Example	28
Data Path Example	29
Call Setup Process	29
Data Flow to and from the Home Network	30
Features	31
Management Options	34
Configuring the WMIC for the First Time	35
Before You Start	35
Connecting to the WMIC	35
Using the Console Port to Access the Privileged Exec Mode	36
Using a Telnet Session to Access the Privileged Exec Mode	36
Opening the CLI with Secure Shell	36
Obtaining and Assigning an IP Address	37
Assigning an IP Address By Using the Exec	37
Protecting Your Wireless LAN	38
Configuring Basic Security Settings	38
Using VLANs	38
Express Security Types	39
CLI Security Configuration Examples	40
Example: No Security	40
Example: Static WEP	40
Example: EAP Authentication	41
Example: WPA	42
Roles and the Associations of Wireless Devices	45
Understanding Wireless Device Network Roles	45
Access Point Role	46
Bridge Role	46
Point-to-Point Bridging	47
Point-to-Multipoint Bridging	48
Redundant Bridging	49
Workgroup Bridge Role	50
Universal Workgroup Bridge (2.4-GHz Radios Only)	52
Configuring Universal Workgroup Bridge on a Cisco 3200	55
Assigning Dynamic MAC address for Universal Workgroup Bridge	56
World Mode (2.4 GHz Radio Only)	56
Supported Country Codes	57
Additional Information	62
Administering the WMIC	65
Configuring a System Name and Prompt	65
Configuring a System Name	65
Managing DNS	66
Default DNS Configuration	66
Setting Up DNS	66
Displaying the DNS Configuration	67
Creating a Banner	67
Default Banner Configuration	68
Configuring a Message-of-the-Day Login Banner	68
Configuring a Login Banner	69
Protecting Access to Privileged EXEC Commands	69
Default Password and Privilege Level Configuration	70
Setting or Changing a Static Enable Password	70
Protecting Enable and Enable Secret Passwords with Encryption	71
Configuring Username and Password Pairs	73
Configuring Multiple Privilege Levels	74
Setting the Privilege Level for a Command	74
Logging Into and Exiting a Privilege Level	75
Protecting the Wireless LAN	75
Using VLANs	75
Express Security Types	76
Security Configuration Examples	78
Configuring and Enabling RADIUS	83
Understanding RADIUS	83
RADIUS Operation	84
Controlling WMIC Access with RADIUS	85
Identifying the RADIUS Server Host	85
Configuring RADIUS Login Authentication	88
Defining AAA Server Groups	89
Configuring RADIUS Authorization for User Privileged Access and Network Services	91
Starting RADIUS Accounting	92
Configuring Settings for All RADIUS Servers	92
Configuring the Bridge to Use Vendor-Specific RADIUS Attributes	93
Configuring the Bridge for Vendor-Proprietary RADIUS Server Communication	94
Displaying the RADIUS Configuration	95
Controlling WMIC Access with TACACS+	96
Understanding TACACS+	96
TACACS+ Operation	97
Default TACACS+ Configuration	97
Configuring TACACS+ Login Authentication	98
Identifying the TACACS+ Server Host and Setting the Authentication Key	98
Configuring TACACS+ Login Authentication	99
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services	100
Starting TACACS+ Accounting	101
Displaying the TACACS+ Configuration	102
Configuring the WMIC for Local Authentication and Authorization	102
Configuring the WMIC for Secure Shell	103
Understanding SSH	103
Configuring SSH	104
Managing Aironet Extensions	104
Managing the System Time and Date	105
Understanding the System Clock	105
Understanding Network Time Protocol	105
Configuring Time and Date Manually	108
Setting the System Clock	108
Displaying the Time and Date Configuration	108
Configuring the Time Zone	109
Configuring Summer Time (Daylight Saving Time)	110
Configuring NTP	111
Default NTP Configuration	111
Configuring NTP Authentication	111
Configuring NTP Associations	113
Configuring NTP Broadcast Service	114
Configuring NTP Access Restrictions	116
Disabling NTP Services on a Specific Interface	117
Configuring the Source IP Address for NTP Packets	118
Displaying the NTP Configuration	118
Radio Channel and Transmit Frequency Configuration	121
Understanding Radio Channels and Frequencies	121
Determining the Radio Type	122
Configuring a Channel or Frequency	122
Configuring the Radio Channel or Frequency	122
Configuring the Radio Channel Spacing	123
Additional Information	123
Radio Channel Frequencies	125
IEEE 802.11n (2.4-GHz Band)	125
IEEE 802.11n (5-GHz Band)	126
IEEE 802.11b (2.4-GHz Band)	127
IEEE 802.11g (2.4-GHz Band)	128
IEEE 802.11a (5-GHz Band)	129
4.9 GHz (public safety) Channels and Frequencies	130
Dynamic Frequency Selection	131
Understanding Dynamic Frequency Selection	131
DFS Actions	132
Dynamic Frequency Selection Channels	132
Configuring a Preferred Channel	133
Configuring Radar Detection By Clients	134
Configuring an SNMP Trap for Radar Detection	134
Additional Information	135
Radio Transmit Power	137
Understanding Radio Transmit Power	137
Determine the Radio Type	138
Configuring Radio Transmit Power	138
Configuring Client Radio Transmit Power	139
Maximum Power Levels and Antenna Gains	140
IEEE 802.11g (2.4 GHz Band)	140
Configuring Radio Data Rates	141
speed Command	142
speed Command Examples	143
Verify Settings	144
Multiple Client Profiles	145
MCP Support in the 12.3(8)JK Release	145
MCP Support in 12.4(3)JK and Later Releases	145
Setting Priority in 12.4(3)JK and Later Releases	146
Dynamic Channel Width (4.9GHz WMIC only)	146
Configuring a WMIC for MCP (12.4(3)JK or Later Releases)	147
Configuration Examples	148
Configuring a WMIC for MCP (12.3(8)JK Only)	149
Configuration Examples	150
Service Set Identifiers	153
Understanding SSIDs	153
Configuring the SSID	154
Creating an SSID	154
Configuring Any SSID	155
Configuring Multiple Basic SSIDs	155
Requirements for Configuring Multiple BSSIDs	155
Guidelines for Using Multiple BSSIDs	156
CLI Configuration Example	156
Displaying Configured BSSIDs	156
Cipher Suites and WEP	157
Understanding Cipher Suites and WEP	157
Configuring Cipher Suites	158
Configuring WEP	158
Configuring WEP with 12.4(3)JK or Later Releases	158
Configuring WEP with 12.3(8)JK or Earlier Releases	159
WEP Key Restrictions	160
Example WEP Key Setup	160
Enabling Cipher Suite	161
Enabling Cipher Suite with 12.4(3)JK or Later Releases	161
Enabling Cipher Suite with 12.3(8)JK or Earlier Releases	163
Matching Cipher Suites with WPA	164
Spanning Tree Protocol in a Wireless Environment	165
Understanding Spanning Tree Protocol	165
STP Overview	166
STP Support	166
Bridge Protocol Data Units	167
Election of the Spanning-Tree Root	168
Spanning-Tree Timers	168
Creating the Spanning-Tree Topology	168
Spanning-Tree Interface States	169
Blocking State	170
Listening State	171
Learning State	171
Forwarding State	171
Disabled State	171
Configuring STP Features	172
Default STP Configuration	172
Configuring STP Settings	172
STP Configuration Examples	173
Root Bridge Without VLANs	173
Non-Root Bridge Without VLANs	174
Root Bridge with VLANs	175
Non-Root Bridge with VLANs	176
Displaying Spanning-Tree Status	178
Cisco Discovery Protocol	179
Understanding CDP	179
Configuring CDP	179
Default CDP Configuration	180
Configuring the CDP Characteristics	180
Disabling and Enabling CDP	180
Disabling and Enabling CDP on an Interface	181
Monitoring and Maintaining CDP	182
Authentication Types	185
Understanding Authentication Types	185
Open Authentication to the WMIC	186
Shared Key Authentication to the WMIC	186
EAP Authentication to the Network	187
EAP-TLS	189
EAP-FAST	189
EAP-TTLS	189
MAC Address Authentication to the Network	190
Using CCKM Key Management	190
Using WPA Key Management	190
Configuring Certificates Using the crypto pki CLI	191
Configuration Using the Cut and Paste Method	191
Configuration Using the TFTP Method	195
Configuration Using SCEP	196
Adding the Trustpoint to the dot1x Credentials	198
Configuring Authentication Types	199
Default Authentication Settings	199
Assigning Authentication Types to an SSID	200
Configuring Up 2.4 the WMIC Radio as an EAP Client	203
Setting Up a Non-Root Bridge as a LEAP Client for 4.9 WMIC Radios	205
Configuring the Root Device to Interact with the WDS Device	207
Configuring Additional WPA Settings	207
Configuring Authentication Holdoffs, Timeouts, and Intervals	208
Matching Authentication Types on Root Devices and Non-Root Bridges	209
QoS in a Wireless Environment	211
Understanding QoS for Wireless LANs	211
QoS for Wireless LANs Versus QoS on Wired LANs	212
Impact of QoS on a Wireless LAN	212
Precedence of QoS Settings	213
Using Wi-Fi Multimedia Mode	213
Configuring QoS	214
QoS Configuration Examples	214
QoS Example Configuration for VLAN	214
QoS Example of IP DSCP and IP Precedence	215
Configuring VLANs	217
Understanding VLANs	217
Related Documents	218
Incorporating Wireless Bridges into VLANs	219
Configuring VLANs	219
Configuring a VLAN	219
Viewing VLANs Configured on the WMIC	222
System Message Logging	223
Understanding System Message Logging	223
Configuring System Message Logging	224
System Log Message Format	224
Default System Message Logging Configuration	225
Disabling and Enabling Message Logging	226
Setting the Message Display Destination Device	227
Enabling and Disabling Timestamps on Log Messages	228
Enabling and Disabling Sequence Numbers in Log Messages	228
Defining the Message Severity Level	229
Limiting Syslog Messages Sent to the History Table and to SNMP	230
Setting a Logging Rate Limit	231
Configuring UNIX Syslog Servers	231
Logging Messages to a UNIX Syslog Daemon	232
Configuring the UNIX System Logging Facility	232
Displaying the Logging Configuration	233
Tunnel Templates	235
Applying the Tunnel Template on the Home Agent	235
Applying the Tunnel Template on the Mobile Router	236
Example Configuration	237
Applying Tunnel Templates to the IPSec Two-box Solution	238
Related Documents	241
WIMIC Troubleshooting	243
Checking the LED Indicators	243
Checking Basic Settings	245
SSID	245
WEP Keys	245
Security Settings	245
Resetting to the Default Configuration	245
Using the CLI	246
Reloading the Image	247
Obtaining the Image Files	249
Obtaining TFTP Server Software	249
Reloading the Bootloader Image	249
Error and Event Messages	250
Filters	255
Understanding Filters	255
Configuring Filters	256
Simple Network Management Protocol	257
Understanding SNMP	257
SNMP Versions	258
SNMP Manager Functions	258
SNMP Agent Functions	259
SNMP Community Strings	259
Using SNMP to Access MIB Variables	259
Configuring SNMP	260
Default SNMP Configuration	260
Enabling the SNMP Agent	260
Configuring Community Strings	260
Configuring Trap Managers and Enabling Traps	262
Setting the Agent Contact and Location Information	265
Using the snmp-server view Command	265
SNMP Examples	265
Displaying SNMP Status	266
Maximum Power Levels	267
IEEE 802.11g (2.4-GHz Band)	267
Supported MIBs	269
MIB List	269
Using FTP to Access the MIB Files	270
Protocol Filters	273
WDS, Fast Secure Roaming, and Radio Management	279
Understanding WDS	279
Role of the WDS Access Point	280
Role of Access Points Using the WDS Access Point	280
Understanding Fast Secure Roaming	280
Understanding Radio Management	282
Configuring WDS and Fast Secure Roaming	282
Guidelines for WDS	282
Requirements for WDS and Fast Secure Roaming	283
Configuring the WMIC to use the WDS Access Point	283
Configuring the Authentication Server to Support Fast Secure Roaming	283
Using CLI Commands to Enable the WDS Server	287
Using CLI Commands to Enable the Root Device	288
Viewing WDS Information	289
Using Debug Messages	289
Using CLI Commands to Enable Roaming	290
Management Frame Protection	291
Understanding Management Frame Protection	291
Protection of Unicast Management Frames	292
Protection of Broadcast Management Frames	292
Client MFP For Access Points in Root mode	292
Configuring Client MFP	292
Configuring Infrastructure MFP	293
Glossary	295

Match case Limit results 1 per page

Overview of the Cisco WMIC

Features

Cisco 3200 Series Wireless MIC Software Configuration Guide

Features

The WMIC running Cisco IOS offers these software features:

•

VLANs—Allow VLAN trunking on both wireless and Ethernet interfaces.

•

QoS—Use this feature to support quality of service (QoS) for prioritizing traffic on the wireless

interface. The WMIC supports required elements of Wi-Fi Multimedia (WMM) for QoS, which

improves the user experience for audio, video, and voice applications over a Wi-Fi wireless

connection and is a subset of the IEEE 802.11e QoS standard. WMM supports QoS prioritized media

access through the Enhanced Distributed Channel Access (EDCA) method.

•

Multiple Basic SSIDs—Support up to 8 basic service set identifiers (SSIDs) in access point mode.

•

RADIUS Accounting—Enable accounting on the WMIC to send accounting data about wireless

client devices to a RADIUS server on your network.

•

TACACS+ administrator authentication—Enable TACACS+ for server-based, detailed accounting

information and flexible administrative control over authentication and authorization processes. It

provides secure, centralized validation of administrators attempting to gain access to your WMIC.

•

Enhanced security—Enable three advanced security features to protect against sophisticated attacks

on your wireless network’s WEP keys: Message Integrity Check (MIC) and WEP key hashing.

Enhanced security for Wi-Fi Protected Access (WPA) with AES and Temporal Key Integrity

Protocol (TKIP) encryption is also available.

•

Enhanced authentication services—Set up non-root bridges or workgroup bridges to authenticate to

the network like other wireless client devices. After a network username and password for the

non-root bridge or workgroup bridge are set, it authenticates to the network using Cisco Light

Extensible Authentication Protocol (LEAP), and receives and uses dynamic WEP keys.

•

802.1x supplicant—Support 802.1x, the standardized framework defined by the IEEE to provide

port-based network access using information unique to the client and with credentials known only

to the client. The supplicant refers to the client software that supports the 802.1x and EAP protocols.

The 802.1x supplicant provides a secure method for accomplishing this authentication. Transport

Layer Security (TLS) is an enhancement to SSL and provides data encryption in conjunction with

EAP.

•

EAP-TLS and EAP-FAST—Support EAP-TLS and EAP-FAST in workgroup bridge and non-root

device mode.

•

Advanced Encryption Standard (AES) —This feature supports Advanced Encryption

Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

(AES-CCMP). AES-CCMP is required for Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i

wireless LAN security.

•

Enhanced authentication for Cisco Centralized Key Management (CCKM).

•

Roaming—Support fast, secure roaming of client devices, and radio management through wireless

domain services (WDS) (See the

“WDS, Fast Secure Roaming, and Radio Management”

document

for more information.

•

Universal workgroup bridge—Support interoperability with non-Cisco devices.

•

Prioritized Multiple Client Profiles.

•

Any SSID— May associate to any root device as long the encrption and authentication settings

match.

•

Management Frame Protection (MFP)—Support management frame protection version 1 and 2.