manualshive.com logo in svg

Cisco AIR-WLC2006-K9 - Wireless LAN Controller 2006, Configuration Manual

The Cisco AIR-WLC2006-K9 Wireless LAN Controller 2006 offers seamless management and control over your wireless network. With its comprehensive Configuration Manual, users can easily set up and optimize their network settings. Download the manual for free from manualshive.com and unlock the full potential of your wireless infrastructure.

Share
Download
background image

 

Corporate Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706 
USA
http://www.cisco.com
Tel: 408 

526-4000

800 553-NETS (6387)

Fax: 408 

526-4100

Cisco Wireless LAN Controller 
Configuration Guide

Software Release 3.2
March 2006

Text Part Number: OL-8335-02

Summary of Contents for AIR-WLC2006-K9 - Wireless LAN Controller 2006

Page 1: ...ms Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Cisco Wireless LAN Controller Configuration Guide Software Release 3 2 March 2006 Text Part Number OL 8335 02 ...

Page 2: ...NABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing and StackWise are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn and iQuick Study are service marks of Cisco Systems Inc and Access Registrar Aironet BPX Catalyst CCDA CCDP CCIE CCIP CCNA CCNP Cisco t...

Page 3: ...al Assistance xx Cisco Technical Support Documentation Website xx Submitting a Service Request xx Definitions of Service Request Severity xxi Obtaining Additional Publications and Information xxi C H A P T E R 1 Overview 1 1 Cisco Wireless LAN Solution Overview 1 2 Single Controller Deployments 1 3 Multiple Controller Deployments 1 4 Operating System Software 1 5 Operating System Security 1 5 Cisc...

Page 4: ...ms 1 15 Cisco 2000 Series Wireless LAN Controllers 1 16 Cisco 4100 Series Wireless LAN Controllers 1 16 Cisco 4400 Series Wireless LAN Controllers 1 17 Cisco 2000 Series Wireless LAN Controller Model Numbers 1 17 Cisco 4100 Series Wireless LAN Controller Model Numbers 1 18 Cisco 4400 Series Wireless LAN Controller Model Numbers 1 18 Startup Wizard 1 19 Cisco Wireless LAN Controller Memory 1 20 Cis...

Page 5: ... 6 Logging Out of the CLI 2 7 Navigating the CLI 2 7 Enabling Wireless Connections to the Web Browser and CLI Interfaces 2 8 C H A P T E R 3 Configuring Ports and Interfaces 3 1 Overview of Ports and Interfaces 3 2 Ports 3 2 Distribution System Ports 3 3 Service Port 3 4 Interfaces 3 5 Management Interface 3 5 AP Manager Interface 3 6 Virtual Interface 3 6 Service Port Interface 3 7 Dynamic Interf...

Page 6: ...ghbor Devices to Support LAG 3 30 Configuring a 4400 Series Controller to Support More Than 48 Access Points 3 30 Using Link Aggregation 3 31 Using Multiple AP Manager Interfaces 3 31 Connecting Additional Ports 3 36 C H A P T E R 4 Configuring Controller Settings 4 1 Using the Configuration Wizard 4 2 Before You Start 4 2 Resetting the Device to Default Settings 4 3 Resetting to Default Settings ...

Page 7: ... 3 Integrated Security Solutions 5 4 Configuring the System for SpectraLink NetLink Telephones 5 4 Using the GUI to Enable Long Preambles 5 5 Using the CLI to Enable Long Preambles 5 5 Using Management over Wireless 5 6 Using the GUI to Enable Management over Wireless 5 6 Using the CLI to Enable Management over Wireless 5 7 Configuring DHCP 5 7 Using the GUI to Configure DHCP 5 7 Using the CLI to ...

Page 8: ...uring MAC Filtering for Wireless LANs 6 3 Enabling MAC Filtering 6 3 Creating a Local MAC Filter 6 3 Configuring a Timeout for Disabled Clients 6 4 Assigning Wireless LANs to VLANs 6 4 Configuring Layer 2 Security 6 4 Dynamic 802 1X Keys and Authorization 6 4 WEP Keys 6 5 Dynamic WPA Keys and Encryption 6 5 Configuring a Wireless LAN for Both Static and Dynamic WEP 6 6 Configuring Layer 3 Security...

Page 9: ...Frequency Selection 7 8 Autonomous Access Points Converted to Lightweight Mode 7 9 Guidelines for Using Access Points Converted to Lightweight Mode 7 9 Reverting from Lightweight Mode to Autonomous Mode 7 9 Using a Controller to Return to a Previous Release 7 10 Using the MODE Button and a TFTP Server to Return to a Previous Release 7 10 Controllers Accept SSCs from Access Points Converted to Ligh...

Page 10: ...F Group Status 9 8 Using the CLI to View RF Group Status 9 11 Enabling Rogue Access Point Detection 9 12 Using the GUI to Enable Rogue Access Point Detection 9 12 Using the CLI to Enable Rogue Access Point Detection 9 15 Configuring Dynamic RRM 9 15 Using the GUI to Configure Dynamic RRM 9 16 Using the CLI to Configure Dynamic RRM 9 22 Overriding Dynamic RRM 9 23 Statically Assigning Channel and T...

Page 11: ...Conductor Warning A 7 Chassis Warning for Rack Mounting and Servicing A 9 Battery Handling Warning for 4400 Series Controllers A 18 Equipment Installation Warning A 20 More Than One Power Supply Warning for 4400 Series Controllers A 23 A P P E N D I X B Declarations of Conformity and Regulatory Information B 1 Regulatory Information for 1000 Series Access Points B 2 Manufacturers Federal Communica...

Page 12: ... User License and Warranty C 1 End User License Agreement C 2 Limited Warranty C 4 Disclaimer of Warranty C 6 General Terms Applicable to the Limited Warranty Statement and End User License Agreement C 6 Additional Open Source Terms C 7 A P P E N D I X D System Messages and Access Point LED Patterns D 1 System Messages D 2 Using Client Reason and Status Codes in Trap Logs D 4 Client Reason Codes D...

Page 13: ...ains how to obtain other documentation and technical assistance if necessary It contains these sections Audience page xiv Purpose page xiv Organization page xiv Conventions page xv Related Publications page xvii Obtaining Documentation page xvii Documentation Feedback page xviii Cisco Product Security Overview page xix Obtaining Technical Assistance page xx Obtaining Additional Publications and In...

Page 14: ...eless LANs and SSIDs on your system Chapter 7 Controlling Lightweight Access Points explains how to connect access points to the controller and manage access point settings Chapter 8 Managing Controller Software and Configurations describes how to upgrade and manage controller software and configurations Chapter 9 Configuring Radio Resource Management describes radio resource management RRM and ex...

Page 15: ...could be useful information Note Means reader take note Notes contain helpful suggestions or references to materials not contained in this manual Caution Means reader be careful In this situation you might do something that could result equipment damage or loss of data Warning This warning symbol means danger You are in a situation that could cause bodily injury Before you work on any equipment be...

Page 16: ...ratiche standard per la prevenzione di incidenti La traduzione delle avvertenze riportate in questa pubblicazione si trova nell appendice Translated Safety Warnings Traduzione delle avvertenze di sicurezza Advarsel Dette varselsymbolet betyr fare Du befinner deg i en situasjon som kan føre til personskade Før du utfører arbeid på utstyr må du være oppmerksom på de faremomentene som elektriske kret...

Page 17: ...Guide Cisco Wireless Control System for Linux Quick Start Guide Cisco Aironet 1000 Series Lightweight Access Points with Internal Antennas Quick Start Guide Cisco Aironet 1000 Series Lightweight Access Points with External Antennas Click this link to browse to user documentation for the Cisco Unified Wireless Network Solution http www cisco com en US products hw wireless tsd_products_support_categ...

Page 18: ... marketplace Ordering Documentation Registered Cisco com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL http www cisco com go marketplace Nonregistered Cisco com users can order technical documentation from 8 00 a m to 5 00 p m 0800 to 1700 PDT by calling 1 866 463 3487 in the United States and Canada or elsewhere by calling 011 408 519 ...

Page 19: ...ts internally before we release them and we strive to correct all vulnerabilities quickly If you think that you have identified a vulnerability in a Cisco product contact PSIRT For Emergencies only security alert cisco com An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported All other cond...

Page 20: ... Support Documentation website by clicking the Tools Resources link under Documentation Tools Choose Cisco Product Identification Tool from the Alphabetical Index drop down list or click the Cisco Product Identification Tool link under Alerts RMAs The CPI tool offers three search options by product ID or model name by tree view or for certain products by copying and pasting show command output Sea...

Page 21: ...and Cisco will commit resources during normal business hours to restore service to satisfactory levels Severity 4 S4 You require information or assistance with Cisco product capabilities installation or configuration There is little or no effect on your business operations Obtaining Additional Publications and Information Information about Cisco products technologies and network solutions is avail...

Page 22: ...orld case studies and business strategies to help readers make sound technology investment decisions You can access iQ Magazine at this URL http www cisco com go iqmagazine or view the digital edition at this URL http ciscoiq texterity com ciscoiq sample Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing developing and op...

Page 23: ...WAPP Operation page 1 7 Cisco Wireless LAN Controllers page 1 7 Client Roaming page 1 8 External DHCP Servers page 1 10 Cisco WLAN Solution Wired Connections page 1 11 Cisco WLAN Solution Wireless LANs page 1 11 Access Control Lists page 1 12 Identity Networking page 1 12 File Transfers page 1 13 Power over Ethernet page 1 14 Pico Cell Functionality page 1 14 Intrusion Detection Service IDS page 1...

Page 24: ...erface CLI can be used to configure and monitor individual Cisco Wireless LAN Controllers See the Web User Interface and the CLI section on page 1 25 The Cisco Wireless Control System WCS which you use to configure and monitor one or more Cisco Wireless LAN Controllers and associated access points WCS has tools to facilitate large system monitoring and control WCS runs on Windows 2000 Windows 2003...

Page 25: ...ntrol of up to 16 wireless LAN SSID policies for Cisco 1000 series access points Note LWAPP enabled access points support up to 8 wireless LAN SSID policies Lightweight access points connect to controllers through the network The network equipment may or may not provide Power over Ethernet to the access points Note that some controllers use redundant Gigabit Ethernet connections to bypass single n...

Page 26: ...rs A multiple controller system has the following additional features Autodetecting and autoconfiguring RF parameters as the controllers are added to the network Same Subnet Layer 2 Roaming and Inter Subnet Layer 3 Roaming Automatic access point failover to any redundant controller with a reduced access point load refer to the Cisco Wireless LAN Controller Failover Protection section on page 1 20 ...

Page 27: ...er 1 Layer 2 and Layer 3 security components into a simple Cisco WLAN Solution wide policy manager that creates independent security policies for each of up to 16 wireless LANs Refer to the Cisco WLAN Solution Wireless LANs section on page 1 11 The 802 11 Static WEP weaknesses can be overcome using robust industry standard security solutions such as 802 1X dynamic keys with extensible authenticati...

Page 28: ...resses In automated Disabling which is always active the operating system software automatically blocks access to network services for an operator defined period of time when a client fails to authenticate for a fixed number of consecutive attempts This can be used to deter brute force login attacks These and other security features use industry standard authorization and authentication methods to...

Page 29: ...ces on the same subnet or connected through Layer 3 devices across subnets Note that all Cisco Wireless LAN Controllers in a mobility group must use the same LWAPP Layer 2 or Layer 3 mode or you will defeat the Mobility software algorithm Configuration Requirements When you are operating the Cisco Wireless LAN Solution in Layer 2 mode you must configure a management interface to control your Layer...

Page 30: ... Wireless LAN Controller Failover Protection section on page 1 20 for more information Client Roaming The Cisco Wireless LAN Solution supports seamless client roaming across Cisco 1000 series lightweight access points managed by the same Cisco Wireless LAN Controller between Cisco Wireless LAN Controllers in the same Cisco WLAN Solution Mobility Group on the same subnet and across controllers in t...

Page 31: ...nine or fewer milliseconds This short latency period is controlled by Cisco Wireless LAN Controllers rather than allowing independent access points to negotiate roaming handovers The Cisco Wireless LAN Solution supports 802 11 VoIP telephone roaming across Cisco 1000 series lightweight access points managed by Cisco Wireless LAN Controllers on different subnets as long as the controllers are in th...

Page 32: ...rs for individual interfaces The Layer 2 management interface Layer 3 AP manager interface and dynamic interfaces can be configured for a primary and secondary DHCP server and the service port interface can be configured to enable or disable DHCP servers Note Refer to Chapter 3 for information on configuring the controller s interfaces Security Considerations For enhanced security Cisco recommends...

Page 33: ... the ports on the router Cisco 1000 series lightweight access points connects to the network using 10 100BASE T Ethernet cables The standard CAT 5 cable can also be used to conduct power for the Cisco 1000 series lightweight access points from a network device equipped with Power over Ethernet PoE capability This power distribution plan can be used to reduce the cost of individual AP power supplie...

Page 34: ...CL assignments settings on a per MAC Address basis When Cisco Wireless LAN Solution operators configure MAC Filtering for a client they can assign a different VLAN to the MAC Address which can be used to have operating system automatically reroute the client to the management interface or any of the operator defined interfaces each of which have their own VLAN ACL DHCP server and physical port ass...

Page 35: ...65 Tunnel Medium Type 802 IETF 81 Tunnel Private Group ID VLAN or VLAN Name String This enables Cisco Secure ACS to communicate a VLAN change that may be a result of a posture analysis Benefits of this new feature include Integration with Cisco Secure ACS reduces installation and setup time Cisco Secure ACS operates smoothly across both wired and wireless networks This feature supports 2000 4100 a...

Page 36: ... require a specific supplicant to function correctly with Pico Cell environments Off the shelf laptop supplicants are not supported Note Do not attempt to configure Pico Cell functionality within your wireless LAN without consulting your sales team Non standard installation is not supported Note Do not change the configuration database setting unless you are committing to a Pico Cell installation ...

Page 37: ...ection and RF Jamming Detection Spoofed Deauthentication Detection AirJack for example Broadcast Deauthorization Detection Null Probe Response Detection Fake AP Detection Detection of Weak WEP Encryption MAC Spoofing Detection AP Impersonation Detection Honeypot AP Detection Valid Station Protection Misconfigured AP Protection Rogue Access Point Detection AD HOC Detection and Protection Wireless B...

Page 38: ...Wireless LAN Solution Each Cisco 4100 Series Wireless LAN Controller controls up to 36 Cisco 1000 series lightweight access points making it ideal for medium sized enterprises and medium density applications Figure 1 4 shows the Cisco 4100 Series Wireless LAN Controller which has two redundant front panel SX LC jacks Note that the 1000BASE SX circuits provides a 100 1000 Mbps wired connection to a...

Page 39: ...n RJ 45 physical connector The one or two sets of redundant Gigabit Ethernet connections on the Cisco 4400 Series Wireless LAN Controller allow the Cisco 4400 Series Wireless LAN Controller to bypass single network failures The Cisco 4400 Series Wireless LAN Controller can be equipped with one or two Cisco 4400 series power supplies When the Cisco Wireless LAN Controller is equipped with two Cisco...

Page 40: ...llowing upgrade module is also available AIR VPN 4100 VPN Enhanced Security Module Supports VPN L2TP IPSec and other processor intensive security options This is a field installable option for all Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controller Model Numbers Cisco 4400 Series Wireless LAN Controller model numbers are as follows AIR WLC4402 12 K9 The 4402 Cisco ...

Page 41: ...e username and password each up to 24 characters Ensures that the Cisco Wireless LAN Controller can communicate with the CLI Cisco WCS or Web User interfaces either directly or indirectly through the service port by accepting a valid IP configuration protocol none or DHCP and if none IP Address and netmask If you do not want to use the Service port enter 0 0 0 0 for the IP Address and netmask Ensu...

Page 42: ...eployed on the same network if one controller fails the dropped access points automatically poll for unused controller ports and associate with them During installation Cisco recommends that you connect all lightweight access points to a dedicated controller and configure each lightweight access point for final operation This step configures each lightweight access point for a primary secondary an...

Page 43: ... Time Protocol NTP servers Each NTP server IP address is added to the controller database Each controller searches for an NTP server and obtains the current time upon reboot and at each user defined polling interval daily to weekly Cisco Wireless LAN Controller Time Zones Each Cisco Wireless LAN Controller can have its time zone manually set or can be configured to obtain the current time from one...

Page 44: ...eries Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers can communicate with the network through one or two physical data ports as the logical management interface can be assigned to one or both ports The physical port description follows Two Gigabit Ethernet 1000BASE SX fiber optic cables can plug into the LC connectors on the front of the Cisco 4100 Series Wireless LAN Controll...

Page 45: ...nation 1000BASE T Gigabit Ethernet front panel RJ 45 physical port UTP cable 1000BASE SX Gigabit Ethernet front panel LC physical port multi mode 850nM SX fiber optic links using LC physical connectors 1000BASE LX Gigabit Ethernet front panel LC physical port multi mode 1300nM LX LH fiber optic links using LC physical connectors For the 4404 Cisco Wireless LAN Controller up to four of the followin...

Page 46: ...rt behind the corporate firewall Because employees generally do not enable any security settings on the rogue access point it is easy for unauthorized users to use the access point to intercept network traffic and hijack client sessions Even more alarming wireless users and war chalkers frequently publish unsecure access point locations increasing the odds of having the enterprise security breache...

Page 47: ...ating with the rogue access point by having between one and four Cisco 1000 series lightweight access points transmit deauthenticate and disassociate messages to all rogue access point clients This function contains all active channels on the same rogue access point Rogue Detector mode detects whether or not a rogue access point is on a trusted network It does not provide RF service of any kind bu...

Page 48: ...ly or remotely configure monitor and control individual Cisco Wireless LAN Controllers and to access extensive debugging capabilities Because the CLI works with one Cisco Wireless LAN Controller at a time the command line interface is especially useful when you wish to configure or monitor a single Cisco Wireless LAN Controller The Cisco Wireless LAN Controller and its associated Cisco 1000 series...

Page 49: ...rfaces This chapter describes the web browser and CLI interfaces that you use to configure the controllers It contains these sections Using the Web Browser Interface page 2 2 Enabling Web and Secure Web Modes page 2 2 Using the CLI page 2 5 Enabling Wireless Connections to the Web Browser and CLI Interfaces page 2 8 ...

Page 50: ...ing the service port interface You might need to disable your browser s pop up blocker to view the online help Opening the GUI To open the GUI enter the controller IP address in the browser s address line For an unsecure connection enter http ip address For a secure connection enter https ip address See the Configuring the GUI for HTTPS section on page 2 2 for instructions on setting up HTTPS Enab...

Page 51: ...s save config Are you sure you want to save y n y Configuration Saved Step 5 Reboot the controller reset system Are you sure you would like to reset the system y n y System will now restart The controller reboots Loading an Externally Generated HTTPS Certificate You use a TFTP server to load the certificate Follow these guidelines for using TFTP If you load the certificate through the service port...

Page 52: ...erip TFTP server IP address transfer download path absolute TFTP server path to the update file transfer download filename webadmincert_name pem Step 5 Enter the password for the PEM file so the operating system can decrypt the Web Administration SSL key and certificate transfer download certpassword private_key_password Setting password to private_key_password Step 6 Enter transfer download start...

Page 53: ...line help You might have to disable the browser pop up blocker to view online help Using the CLI The CLI allows you to use a VT 100 emulator to locally or remotely configure monitor and control a WLAN controller and its associated lightweight access points The CLI is a simple text based tree structured interface that allows up to five users with Telnet capable terminal emulators to access the cont...

Page 54: ...aud rate and a short timeout If you would like to change either of these values enter config serial baudrate baudrate and config serial timeout timeout to make your changes If you enter config serial timeout 0 serial sessions never time out Using a Remote Ethernet Connection You need these items to connect to a controller remotely A computer with access to the controller over the Ethernet network ...

Page 55: ...you can enter any full command without first navigating to the correct command level Table 2 1 lists commands you use to navigate the CLI and to perform common tasks Table 2 1 Commands for CLI Navigation and Common Tasks Command Action help At the root level view systemwide navigation commands View commands available at the current level command View parameters for a specific command exit Move dow...

Page 56: ...GUI or the CLI from a wireless client device you must configure the controller to allow the connection Follow these steps to enable wireless connections to the GUI or CLI Step 1 Log into the CLI Step 2 Enter config network mgmt via wireless enable Step 3 Use a wireless client to associate to a lightweight access point connected to the controller Step 4 On the wireless client open a Telnet session ...

Page 57: ...nd provides instructions for configuring them It contains these sections Overview of Ports and Interfaces page 3 2 Configuring the Management AP Manager Virtual and Service Port Interfaces page 3 9 Configuring Dynamic Interfaces page 3 14 Configuring Ports page 3 17 Enabling Link Aggregation page 3 27 Configuring a 4400 Series Controller to Support More Than 48 Access Points page 3 30 ...

Page 58: ...d Services Router and the controllers on the Cisco WiSM do not have external physical ports They connect to the network through ports on the router or switch respectively Figure 3 1 Ports on the Cisco 2000 Series Wireless LAN Controllers Figure 3 2 Ports on the Cisco 4100 Series Wireless LAN Controllers Figure 3 3 Ports on the Cisco 4400 Series Wireless LAN Controllers 155242 Serial console port D...

Page 59: ...of 25 or 50 access points to join the controller Cisco 4404 controllers have four gigabit Ethernet distribution system ports each of which is capable of managing up to 48 access points However Cisco recommends no more than 25 access points per port due to bandwidth constraints The 4404 25 4404 50 and 4404 100 models allow a total of 25 50 or 100 access points to join the controller Note The gigabi...

Page 60: ... distribution system ports into a single 802 3ad port channel Cisco 4400 series controllers support LAG in software release 3 2 and higher and LAG is enabled automatically on the Cisco WiSM controllers Refer to the Enabling Link Aggregation section on page 3 27 for more information Service Port Cisco 4100 and 4400 series controllers also have a 10 100 copper Ethernet service port The service port ...

Page 61: ...lt interface for in band management of the controller and connectivity to enterprise services such as AAA servers The management interface has the only consistently pingable in band interface IP address on the controller You can access the controller s GUI by entering the controller s management interface IP address in Internet Explorer s Address field The management interface is also used for Lay...

Page 62: ...ultiple AP Manager Interfaces section on page 3 31 for information on creating and using multiple AP manager interfaces Note When LAG is disabled you must assign an AP manager interface to each port on the controller Virtual Interface The virtual interface is used to support mobility management Dynamic Host Configuration Protocol DHCP relay and embedded Layer 3 security such as guest web authentic...

Page 63: ...ough the controller for remote network access to the service port Note Only Cisco 4100 and 4400 series controllers have a service port interface Note You must configure an IP address on the service port interface of both Cisco WiSM controllers Otherwise the neighbor switch is unable to check the status of each controller Dynamic Interface Dynamic interfaces also known as VLAN interfaces are create...

Page 64: ...gured per controller Note Chapter 6 provides instructions for configuring WLANs Figure 3 4 illustrates the relationship between ports interfaces and WLANs Figure 3 4 Ports Interfaces and WLANs As shown in Figure 3 4 each controller port connection is an 802 1Q trunk and should be configured as such on the neighbor switch On Cisco switches the native VLAN of an 802 1Q trunk is an untagged VLAN Ther...

Page 65: ...ommends that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic Follow the instructions on the pages indicated to configure your controller s interfaces and ports Configuring the Management AP Manager Virtual and Service Port Interfaces page 3 9 Configuring Dynamic Interfaces page 3 14 Configuring Port...

Page 66: ... Edit page for that interface appears Step 3 Configure the following parameters for each interface type Management Interface Note The management interface uses the controller s factory set distribution system MAC address VLAN identifier Note Enter 0 for an untagged VLAN or a non zero value for a tagged VLAN Cisco recommends that only tagged VLANs be used on the controller Fixed IP address IP netma...

Page 67: ...ce s IP address but must be on the same subnet as the management interface Physical port assignment Primary and secondary DHCP servers Access control list ACL name if required Note To create ACLs follow the instructions in Chapter 5 Virtual Interface Any fictitious unassigned and unused gateway IP address such as 1 1 1 1 DNS gateway host name Service Port Interface Note The service port interface ...

Page 68: ...mmunication Step 3 Enter these commands to define the management interface config interface address management ip addr ip netmask gateway config interface vlan management vlan id 0 Note Enter 0 for an untagged VLAN or a non zero value for a tagged VLAN Cisco recommends that only tagged VLANs be used on the controller config interface port management physical ds port number config interface dhcp ma...

Page 69: ...anager access control list name Note To create ACLs follow the instructions in Chapter 5 Step 5 Enter show interface detailed ap manager to verify that your changes have been saved Using the CLI to Configure the Virtual Interface Follow these steps to display and configure the virtual interface parameters using the CLI Step 1 Enter show interface detailed virtual to view the current virtual interf...

Page 70: ... band management of the controller If the management workstation is in a remote subnet you may need to add a route on the controller in order to manage the controller from that remote workstation To do so enter this command config route network ip addr ip netmask gateway Step 4 Enter show interface detailed service port to verify that your changes have been saved Configuring Dynamic Interfaces Thi...

Page 71: ...faces Figure 3 6 Interfaces New Page Step 3 Enter an interface name and a VLAN identifier as shown in Figure 3 6 Note Enter a non zero value for the VLAN identifier Tagged VLANs must be used for dynamic interfaces Step 4 Click Apply to commit your changes The Interfaces Edit page appears see Figure 3 7 Figure 3 7 Interfaces Edit Page ...

Page 72: ...he current dynamic interfaces Step 2 To view the details of a specific dynamic interface enter show interface detailed operator defined interface name Step 3 Enter config wlan disable wlan number to disable each WLAN that uses the dynamic interface for distribution system communication Step 4 Enter these commands to configure dynamic interfaces config interface create operator defined interface na...

Page 73: ...ller s ports and edit their configuration parameters at any time Follow these steps to use the GUI to view the status of the controller s ports and make any configuration changes if necessary Step 1 Click Controller Ports to access the Ports page see Figure 3 8 Figure 3 8 Ports Page This page shows the current configuration for each of the controller s ports Step 2 If you want to change the settin...

Page 74: ...Parameter Description Port Number The number of the current port Physical Status The data rate being used by the port The available data rates vary based on controller type Controller Available Data Rates 4400 and 4100 series 1000 Mbps full duplex 2000 series 10 or 100 Mbps half or full duplex WiSM 1000 Mbps full duplex Integrated Services Routers 100 Mbps full duplex Link Status The port s link s...

Page 75: ...fic through the port Options Enable or Disable Default Enable Note Administratively disabling the port does not affect the port s link status The link can be brought down only by other Cisco devices Physical Mode Determines whether the port s data rate is set automatically or specified by the user The supported data rates vary based on controller type Default Auto Controller Supported Data Rates 4...

Page 76: ... a mirrored port Note Port mirroring is not supported when link aggregation LAG is enabled on the controller Note Cisco recommends that you do not mirror traffic from one controller port to another as this setup could cause network problems Follow these steps to enable port mirroring Step 1 Click Controller Ports to access the Ports page see Figure 3 8 Step 2 Click Edit for the unused port for whi...

Page 77: ...twork STP defines a tree with a root bridge and a loop free path from the root to all infrastructure devices in the Layer 2 network Note STP discussions use the term root to describe two concepts the controller on the network that serves as a central point in the spanning tree is called the root bridge and the port on each controller that provides the most efficient path to the root bridge is call...

Page 78: ...ion that a port takes upon receiving a frame Values Disabled Blocking Listening Learning Forwarding and Broken STP State Description Disabled The port is not participating in spanning tree because the port is shut down the link is down or STP is not enabled for this port Blocking The port does not participate in frame forwarding Listening The first transitional state after the blocking state when ...

Page 79: ...this port to participate in the spanning tree and puts it in the forwarding state when the link state transitions from down to up more quickly than when the STP mode is set to 802 1D Note In this state the forwarding delay timer is ignored on link up STP Port Priority The location of the port in the network topology and how well the port is located to pass traffic Range 0 to 255 Default 128 STP Po...

Page 80: ...ddress The MAC address used by this bridge when it must be referred to in a unique fashion When it is concatenated with dot1dStpPriority a unique bridge identifier is formed that is used in STP Topology Change Count The total number of topology changes detected by this bridge since the management entity was last reset or initialized Time Since Topology Changed The time in days hours minutes and se...

Page 81: ...lso used when a topology change has been detected and is underway to age all dynamic entries in the forwarding database Note This is the actual value that this bridge is currently using in contrast to Stp Bridge Forward Delay which is the value that this bridge and all others would start using if this bridge were to become the root Hold Time seconds The minimum time period to elapse between the tr...

Page 82: ...thm to automatically assign the path cost This is the default setting Step 5 Enter config spanningtree port priority 0 255 port number to configure the port priority on STP ports The default priority is 128 Step 6 If necessary enter config spanningtree switch bridgepriority 0 65535 to configure the controller s STP bridge priority The default bridge priority is 32768 Step 7 If necessary enter conf...

Page 83: ...enabled the system dynamically manages port redundancy and load balances access points transparently to the user Cisco 4400 series controllers support LAG in software release 3 2 and higher and LAG is enabled automatically on the Cisco WiSM controllers Without LAG each distribution system port on the controller supports up to 48 access points With LAG enabled a 4402 controller s logical port suppo...

Page 84: ...LAG groups Only one LAG group is supported per controller Therefore you can connect a controller in LAG mode to only one neighbor device When LAG is enabled any change to the LAG configuration requires a controller reboot When you enable LAG you can configure only one AP manager interface because only one logical port is needed When you enable LAG all dynamic AP manager interfaces and untagged int...

Page 85: ...ime through either the GUI or CLI Using the GUI to Enable Link Aggregation Follow these steps to enable LAG on your controller using the GUI Step 1 Click Controller General to access the General page see Figure 3 13 Figure 3 13 General Page Step 2 Set the LAG Mode on Next Reboot parameter to Enabled Note Choose Disabled if you want to disable LAG Step 3 Click Save Configuration to save your change...

Page 86: ...face GigabitEthernet interface id switchport channel group id mode on no shutdown The port channel on the neighbor switch should be configured as follows interface port channel id switchport switchport trunk encapsulation dot1q switchport trunk native vlan native vlan id switchport trunk allowed vlan allowed vlans switchport mode trunk no shutdown Configuring a 4400 Series Controller to Support Mo...

Page 87: ...rollers Using Multiple AP Manager Interfaces Note This method can be used only with Cisco 4400 series stand alone controllers When you create two or more AP manager interfaces each one is mapped to a different port see Figure 3 14 The ports should be configured in sequential order such that AP manager interface 2 is on port 2 AP manager interface 3 is on port 3 and AP manager interface 4 is on por...

Page 88: ...face has port 2 assigned as the primary and port 1 as the secondary If either port fails the controller would be left trying to support 50 access points on a port that supports only 48 As a result two access points would be unable to communicate with the controller and would be forced to look for an alternate controller 2 The 4404 100 controller supports up to 100 access points and has four ports ...

Page 89: ...onfiguring a 4400 Series Controller to Support More Than 48 Access Points Figure 3 15 Three AP Manager Interfaces Figure 3 16 illustrates the use of four AP manager interfaces to support 100 access points Each has a unique primary port but each port is also a secondary port for one of the AP manager interfaces ...

Page 90: ...r AP manager interfaces If one of the AP manager interfaces fails all of the access points connected to the controller would be evenly distributed among the three available AP manager interfaces For example if AP manager interface 2 fails the remaining AP manager interfaces 1 3 and 4 would each manage approximately 33 access points Follow these steps to create multiple AP manager interfaces Step 1...

Page 91: ... Configuring a 4400 Series Controller to Support More Than 48 Access Points Figure 3 17 Interfaces New Page Step 3 Enter an AP manager interface name and a VLAN identifier as shown above Step 4 Click Apply to commit your changes The Interfaces Edit page appears see Figure 3 18 Figure 3 18 Interfaces Edit Page ...

Page 92: ...fic received on ports 2 3 and 4 egresses the management port configured as port 1 on VLAN 250 with a dot1q tag of 250 With a Layer 2 LWAPP configuration you should distribute access points across VLANs 250 992 993 and 994 manually Ideally you should distribute 25 access points per port to balance a total of 100 access points If you have less than 100 access points divide the number of access point...

Page 93: ...age 4 5 Configuring a Country Code page 4 5 Enabling and Disabling 802 11 Bands page 4 6 Configuring Administrator Usernames and Passwords page 4 7 Configuring RADIUS Settings page 4 7 Configuring SNMP Settings page 4 7 Enabling 802 3x Flow Control page 4 8 Enabling System Logging page 4 8 Enabling Dynamic Transmit Power Control page 4 8 Configuring Multicast Mode page 4 9 Configuring the Supervis...

Page 94: ...ibution System network port static IP Address netmask and optional default gateway IP Address Service port static IP Address and netmask optional Distribution System physical port 1000BASE T 1000BASE SX or 10 100BASE T Note Each 1000BASE SX connector provides a 100 1000 Mbps wired connection to a network through an 850nM SX fiber optic link using an LC physical connector Distribution System port V...

Page 95: ...figuration The Cisco Wireless LAN Controller reboots and displays this message Welcome to the Cisco WLAN Solution Wizard Configuration Tool Step 3 Use the configuration wizard to enter configuration settings Resetting to Default Settings Using the GUI Follow these steps to return to default settings using the GUI Step 1 Open your Internet browser The GUI is fully compatible with Microsoft Internet...

Page 96: ...the next two prompts If you do not want to use the service port enter 0 0 0 0 for the IP address and netmask Step 9 Enter the management interface IP Address netmask default router IP address and optional VLAN identifier a valid VLAN identifier or 0 for untagged Step 10 Enter the Network Interface Distribution System Physical Port number For the controller the possible ports are 1 through 4 for a ...

Page 97: ...tain the time and date from an NTP server or you can configure the time and date manually Configuring Time and Date Manually On the CLI enter show time to check the system time and date If necessary enter config time mm dd yy hh mm ss to set the time and date To enable Daylight Saving Time enter config time timezone enable Configuring NTP On the CLI enter config time ntp server ip address to speci...

Page 98: ...y Code Country 802 11 Bands Allowed US United States of America 802 11b 802 11g and 802 11a low medium and high bands USL US Low 802 11b 802 11g and 802 11a low and medium bands used for legacy 802 11a interface cards that do not support 802 11a high band AU Australia 802 11b 802 11g and 802 11a AT Austria 802 11b 802 11g and 802 11a BE Belgium 802 11b 802 11g and 802 11a CA Canada 802 11b and 802...

Page 99: ...n follow these steps on the CLI to configure RADIUS settings for the controller Step 1 Enter config radius acct ip address to configure a RADIUS server for accounting Step 2 Enter config radius acct port to specify the UDP port for accounting Step 3 Enter config radius acct secret to configure the shared secret Step 4 Enter config radius acct enable to enable accounting Enter config radius acct di...

Page 100: ...ct name Step 11 Enter config snmp syslocation syslocation name to configure the SNMP system location Enter up to 31 alphanumeric characters for the location Step 12 Use the show snmpcommunity and show snmptrap commands to verify that the SNMP traps and communities are correctly configured Step 13 Use the show trapflags command to see the enabled and disabled trapflags If necessary use the config t...

Page 101: ...to be a broadcast to all SSIDs When the source of the multicast is a wireless client the multicast packet is unicast to the controller In this case the controller makes two copies of the packet One copy is the raw Ethernet packet that the controller sends out to the interface for the wireless LAN on which the client is associated enabling the receivers on the wired LAN to receive the multicast tra...

Page 102: ...or 720 to Support the WiSM When you install a WiSM in a Cisco Catalyst 6500 switch you must configure the Supervisor 720 to support the WiSM When the supervisor detects the WiSM the supervisor creates 10 GigabitEthernet interfaces ranging from Gigslot 1 to Gigslot 8 For example if the WiSM is in slot 9 the supervisor creates interfaces Gig9 1 through Gig9 8 The first eight GigabitEthernet interfac...

Page 103: ... information on configuring the WiSM s ports and interfaces Configuring the Supervisor Log into the switch CLI and beginning in Privileged Exec mode follow these steps to configure the supervisor to support the WiSM Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface vlan Create a VLAN to communicate with the data ports on the WiSM and enter interface config ...

Page 104: ...s b switchport trunk native vlan vlan c switchport mode trunk d channel group 1 mode on Bind the physical GigabitEthernet interfaces to the logical port channel interface Step 9 interface GigabitEthernet9 5 8 Establish a separate Gigabit etherchannel for the second controller on the WiSM For the native VLAN on the ports configure the VLAN that you created for communicating with the WiSM data ports...

Page 105: ...ting It must receive a time setting from an NTP server when it powers up When you install the module the configuration wizard prompts you for NTP server information To access the CNM bootloader Cisco recommends that you reset the CNM from the router If you reset the CNM from a CNM user interface the router might reset the CNM while you are using the bootloader When you reset the CNM from a CNM int...

Page 106: ...4 14 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Chapter 4 Configuring Controller Settings Using the Wireless LAN Controller Network Module ...

Page 107: ...urity solutions for wireless LANs This chapter contains these sections Cisco WLAN Solution Security page 5 2 Configuring the System for SpectraLink NetLink Telephones page 5 4 Using Management over Wireless page 5 6 Configuring DHCP page 5 7 Customizing the Web Authentication Login Screen page 5 8 Configuring Identity Networking page 5 16 ...

Page 108: ...olutions has prevented many IT managers from embracing the benefits of the latest advances in WLAN security Layer 1 Solutions The Cisco WLAN Solution Operating System Security solution ensures that all clients gain access within an operator set number of attempts Should a client fail to gain access within that limit it is automatically excluded blocked from access until the operator set timer expi...

Page 109: ...tacks That is a hacker can use a rogue access point to capture sensitive information such as passwords and username The hacker can then transmit a series of clear to send CTS frames which mimics an access point informing a particular NIC to transmit and instructing all others to wait which results in legitimate clients being unable to access the WLAN resources WLAN service providers thus have a st...

Page 110: ...educe the load on centralized VPN concentrators Operating System Security uses the RRM function to continually monitor the air space for interference and security breaches and notify the operator when they are detected Operating System Security works with industry standard authorization authentication and accounting AAA servers making system integration simple and easy The Operating System Securit...

Page 111: ...e GUI loses its connection when the controller reboots Step 5 Reboot the controller using Commands Reboot Reboot Click OK in response to this prompt Configuration will be saved and switch will be rebooted Click ok to confirm The controller reboots Step 6 Log back into the controller GUI and verify that the controller is properly configured Follow this path to navigate to the 802 11b g Global Param...

Page 112: ...lient This feature is supported for all management tasks except uploads to and downloads from transfers to and from the controller Before you can use the Management over Wireless feature you must properly configure the controller using one of these sections Using the GUI to Enable Management over Wireless page 5 6 Using the CLI to Enable Management over Wireless page 5 7 Using the GUI to Enable Ma...

Page 113: ...onfigure DHCP page 5 8 Using the GUI to Configure DHCP Follow these steps to use the GUI to configure DHCP Step 1 In the Web User Interface navigate to the WLANs page Step 2 Locate the WLAN which you wish to configure for a DHCP server and click the associated Edit link to display the WLANs Edit page Step 3 Under General Policies check the DHCP Relay DHCP Server IP Addr to verify whether you have ...

Page 114: ...erver assigned to the WLAN Step 4 Enter ping dhcp ip address to verify that the WLAN can communicate with the DHCP server Customizing the Web Authentication Login Screen Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic except DHCP related packets from a particular client until that client has correctly supplied a valid username and password When y...

Page 115: ...clients might receive a web browser security alert the first time that they attempt to access a URL Figure 5 1 shows a typical security alert Figure 5 1 Typical Web Browser Security Alert After the client user clicks Yes to proceed or if the client s browser does not display a security alert the web authentication system redirects the client to a login window Figure 5 2 shows a typical default Web...

Page 116: ... in the upper right corner can be hidden The window title Welcome to the Cisco WLAN Solution OmniAccess wireless network The message Cisco WLAN SolutionOmniAccess is pleased to provide the Wireless LAN infrastructure for your network Please login and put your air space to work A blank area on the right side of the screen for a logo or other graphic The Customizing Web Authentication Operation sect...

Page 117: ... how to customize web authentication operation using the controller CLI These sections describe the customization tasks Hiding and Restoring the Cisco WLAN Solution Logo page 5 11 Changing the Web Authentication Login Window Title page 5 11 Changing the Web Message page 5 12 Changing the Logo page 5 12 Creating a Custom URL Redirect page 5 14 Verifying Web Authentication Changes page 5 14 Hiding a...

Page 118: ...hese steps to prepare a TFTP server to load the logo Step 1 Make sure you have a TFTP server available to load the logo If you are downloading through the Service port the TFTP server MUST be on the same subnet as the Service port because the Service port is not routable If you are downloading through the DS Distribution System network port the TFTP server can be on the same or a different subnet ...

Page 119: ...load datatype image transfer download serverip tftp server ip address transfer download filename filename gif filename jpg filename png transfer download path absolute tftp server path to file Note Some TFTP servers require only a forward slash as the TFTP server IP address and the TFTP server automatically determines the path to the correct directory Step 3 Enter transfer download start to view t...

Page 120: ...ion Changes Enter show custom web to verify your web authentication operation changes This example shows the output from the command when the web authentication settings are at defaults show custom web Cisco Logo Enabled CustomLogo Disabled Custom Title Disabled Custom Message Disabled Custom Redirect URL Disabled External Web Authentication Mode Disabled External Web Authentication URL Disabled T...

Page 121: ...e to the AcompanyBC Wireless LAN config custom web webmessage Contact the System Administrator for a Username and Password transfer download start Mode TFTP Data Type Login Image TFTP Server IP xxx xxx xxx xxx TFTP Path TFTP Filename Logo gif This may take some time Are you sure you want to start y n y TFTP Image transfer starting Image installed config custom web redirecturl http www AcompanyBC c...

Page 122: ...ing identity networking include Quality of Service When present in a RADIUS Access Accept the QoS Level value overrides the QoS value specified in the WLAN profile ACL When the ACL attribute is present in the RADIUS Access Accept the system applies the ACL Name to the client station after it authenticates This overrides any ACLs that are assigned to the interface VLAN When a VLAN Interface Name or...

Page 123: ... 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type Length Vendor Id Vendor Id cont Vendor type Vendor length QoS Level Type 26 for Vendor Specific Length 10 Vendor Id 14179 Vendor type 2 Vendor length 4 Value Three octets 0 Bronze Background 1 Silver Best Effort 2 Gold Video 3 Platinum Voice ACL Name This attribute indicates the ACL name to be applied to the client A summary of the ACL Name Attribute for...

Page 124: ...up ID for a particular tunneled session and is also known as the Tunnel Private Group ID attribute This attribute might be included in the Access Request packet if the tunnel initiator can predetermine the group resulting from a particular connection and should be included in the Access Accept packet if this tunnel session is to be treated as belonging to a particular private group Private groups ...

Page 125: ...uding tunnel attributes within the Access Accept However the IEEE 802 1X Authenticator may also provide a hint as to the VLAN to be assigned to the Supplicant by including Tunnel attributes within the Access Request For use in VLAN assignment the following tunnel attributes are used Tunnel Type VLAN 13 Tunnel Medium Type 802 Tunnel Private Group ID VLANID Note that the VLANID is 12 bits taking a v...

Page 126: ...5 20 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Chapter 5 Configuring Security Solutions Configuring Identity Networking ...

Page 127: ...nfiguration Guide OL 8335 02 6 Configuring WLANs This chapter describes how to configure up to 16 wireless LANs for your Cisco Wireless LAN Solution This chapter contains these sections Wireless LAN Overview page 6 2 Configuring Wireless LANs page 6 2 ...

Page 128: ... LANs to VLANs page 6 4 Configuring Layer 2 Security page 6 4 Configuring Layer 3 Security page 6 6 Configuring Quality of Service page 6 8 Displaying Creating Disabling and Deleting Wireless LANs On the controller CLI enter these commands to display create disable and delete wireless LANs Enter show wlan summary to display existing wireless LANs and whether they are enabled or disabled Note that ...

Page 129: ...need to enable it at the wireless LAN level first If you plan to use local MAC address filtering for any wireless LAN use the commands in this section to configure MAC filtering for a wireless LAN Enabling MAC Filtering Use these commands to enable MAC filtering on a wireless LAN Enter config wlan mac filtering enable wlan id to enable MAC filtering Enter show wlan to verify that you have MAC filt...

Page 130: ...the untagged option to assign the wireless LAN to VLAN 0 Use the vlan id controller vlan ip address vlan netmask and vlan gateway options to assign the wireless LAN to a specific VLAN and to specify the controller VLAN IP address the local IP netmask for the VLAN and the local IP gateway for the VLAN Enter show wlan to verify VLAN assignment status Note Cisco recommends that you assign one set of ...

Page 131: ...WEP key Enter 10 hexadecimal digits any combination of 0 9 a f or A F or five printable ASCII characters for 40 bit 64 bit WEP keys enter 26 hexadecimal or 13 ASCII characters for 104 bit 128 bit keys enter 32 hexadecimal or 16 ASCII characters for 128 bit 152 bit keys Enter a key index sometimes called a key slot 1 through 4 Note One unique WEP key index must be applied to each wireless LAN that ...

Page 132: ...ies Wireless LAN Controller the controller must be equipped with a VPN Enhanced Security Module Crypto Module The module plugs into the back of the controller and provides the extra processing power needed for processor intensive security algorithms IPSec IPSec Internet Protocol Security supports many Layer 3 security protocols Enter these commands to enable IPSec on a wireless LAN config wlan sec...

Page 133: ...ecrypted keys Enter these commands to configure the Diffie Hellman group on a wireless LAN with IPSec enabled config wlan security ipsec ike DH Group wlan id group id For group id enter group 1 group 2 this is the default setting or group 5 Enter show wlan to verify that IPSec IKE DH group is configured IKE Phase 1 Aggressive and Main Modes IPSec IKE uses the Phase 1 Aggressive faster or Main more...

Page 134: ...ow netuser to display client names assigned to wireless LANs Enter config netuser add username password wlan id to add a user to a wireless LAN Enter config netuser wlan id username wlan id to add a user to a wireless LAN without specifying a password for the user Enter config netuser password username password to create or change a password for a particular user Enter config netuser delete userna...

Page 135: ...es to use WMM on the wireless LAN The required option requires client devices to use WMM devices that do not support WMM cannot join the wireless LAN Note Do not enable WMM mode if Cisco 7920 phones are used on your network Table 6 1 Access Point QoS Translation Values AVVID 802 1p UP Based Traffic Type AVVID IP DSCP AVVID 802 1p UP IEEE 802 11e UP Network control 7 Inter network control LWAPP con...

Page 136: ...client controlled CAC mode on the same wireless LAN Enter this command to enable 7920 support mode for phones that require access point controlled CAC config wlan 7920 support ap cac limit enabled disabled wlan id QBSS Information Elements Sometimes Degrade 7920 Phone Performance If your wireless LAN contains both 1000 series access points and Cisco 7920 wireless phones do not enable the WMM or AP...

Page 137: ...chapter describes how to connect access points to the controller and manage access point settings This chapter contains these sections Lightweight Access Point Overview page 7 2 Using the DNS for Controller Discovery page 7 7 Dynamic Frequency Selection page 7 8 Autonomous Access Points Converted to Lightweight Mode page 7 9 ...

Page 138: ... lightweight access point without and with connectors for external antennas Figure 7 1 1000 Series Lightweight Access Points The Cisco WLAN Solution also offers 802 11a b g Cisco 1030 Remote Edge Lightweight Access Points which are Cisco 1000 series lightweight access points designed for remote deployment Radio Resource Management RRM control via a WAN link and which include connectors for externa...

Page 139: ... through other Cisco 1030 remote edge lightweight access points on its local subnet However it cannot take advantage of features accessed from the Cisco Wireless LAN Controller such as establishing new VLANs until communication is reestablished The Cisco 1030 remote edge lightweight access point includes the traditional SOHO small office home office AP processing power and thus can continue operat...

Page 140: ...ernal antenna adapters Refer to Appendix D Supported Country Codes for information on supported regulatory domains The Cisco 1000 series lightweight access point is shipped with a color coordinated ceiling mount base and hanging ceiling rail clips You can also order projection and flush mount sheet metal wall mounting bracket kits The base clips and optional brackets allow quick mounting to ceilin...

Page 141: ...note that the 802 11a 5 GHz Left external antenna connector is separate from the internal antennas and adds diversity to the 802 11a transmit and receive path Note that no external 802 11a antennas are certified in FCC regulated areas but external 802 11a antennas may be certified for use in other countries Antenna Sectorization Note that the Cisco WLAN Solution supports Antenna Sectorization whic...

Page 142: ...co 1000 series lightweight access point can be powered from an optional factory supplied external AC to 48 VDC power adapter If you are powering the Cisco 1000 series lightweight access point using an external adapter plug the adapter into the 48 VDC power jack on the side of the Cisco 1000 series lightweight access point The Cisco 1000 series lightweight access point includes two 802 11a and two ...

Page 143: ...ecurity Cable Refer to the Kensington website for more information about their security products or to the Internal Antenna AP1010 Cisco 1000 Series IEEE 802 11a b g Lightweight Access Point Quick Start Guide or External Antenna AP1020 and AP1030 Cisco 1000 Series IEEE 802 11a b g Lightweight Access Point Quick Start Guide for installation instructions Cisco 1000 Series Lightweight Access Point Mo...

Page 144: ...tocol RLDP is not supported on the channels listed in Table 7 1 Note The maximum legal transmit power is greater for some 5 GHz channels than for others When it randomly selects a 5 GHz channel on which power is restricted the controller automatically reduces transmit power to comply with power limits for that channel Using DFS the controller monitors operating frequencies for radar signals If it ...

Page 145: ...to support access points running Cisco IOS software Access points converted to lightweight mode do not support Wireless Domain Services WDS Converted access points communicate only with Cisco wireless LAN controllers and cannot communicate with WDS devices However the controller provides functionality equivalent to WDS when the access point associates to it Access points converted to LWAPP mode su...

Page 146: ... in the range of 10 0 0 2 to 10 0 0 30 Step 2 Make sure that the PC contains the access point image file such as c1200 k9w7 tar 123 7 JA tar for a 1200 series access point in the TFTP server folder and that the TFTP server is activated Step 3 Rename the access point image file in the TFTP server folder to c1200 k9w7 tar default for a 1200 series access point Step 4 Connect the PC to the access poi...

Page 147: ...tion based on the access point s DHCP Vendor Class Identifier VCI string DHCP Option 60 Table 7 2 lists the VCI strings for Cisco access points capable of operating in lightweight mode This is the format of the TLV block Type 0xf1 decimal 241 Length Number of controller IP addresses 4 Value List of the IP addresses of controller management interfaces Refer to the product documentation for your DHC...

Page 148: ...ieved core file is stored in the controller flash and can subsequently be uploaded through TFTP to an external server for analysis The core file is removed from the access point flash memory when the controller pulls it from the access point Enabling Memory Core Dumps from Converted Access Points By default access points converted to lightweight mode do not send memory core dumps to the controller...

Page 149: ... the outside of the access point Use this command to disable or enable the reset button on one or all converted access points associated to a controller config ap reset button enable disable ap name all The reset button on converted access points is enabled by default Configuring a Static IP Address on an Access Point Converted to Lightweight Mode After an access point converted to lightweight mod...

Page 150: ...7 14 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Chapter 7 Controlling Lightweight Access Points Autonomous Access Points Converted to Lightweight Mode ...

Page 151: ...ow to manage configurations and software versions on the controllers This chapter contains these sections Transferring Files to and from a Controller page 8 2 Upgrading Controller Software page 8 2 Saving Configurations page 8 4 Clearing the Controller Configuration page 8 4 Erasing the Controller Configuration page 8 4 Resetting the Controller page 8 5 ...

Page 152: ...se cases you will lose your connection to the controller sometime during the update process For this reason Cisco recommends that you use a direct CLI console port connection to update controller software Step 1 Make sure you have a TFTP server available for the Operating System software download Keep these guidelines in mind when setting up a TFTP server If you are downloading through the Service...

Page 153: ...ownload path absolute tftp server path to file Note All TFTP servers require the full pathname For example in Windows the path is C TFTP Root In UNIX forward slashes are required Step 7 Enter transfer download start to view the updated settings and answer y to the prompt to confirm the current download settings and start the Operating System code download This example shows the download command ou...

Page 154: ... configuration changes before the controller reboots Use the logout command The CLI prompts you to confirm that you want to save configuration changes before you log out Clearing the Controller Configuration Follow these steps to clear the active configuration in NVRAM Step 1 Enter clear config and enter y at the confirmation prompt to confirm the action Step 2 Enter reset system At the confirmati...

Page 155: ... reboot process on the CLI console using one of the following two methods Turn the controller off and then turn it back on On the CLI enter reset system At the confirmation prompt enter y to save configuration changes to NVRAM The controller reboots When the controller reboots the CLI console displays the following reboot information Initializing the system Verifying the hardware configuration Loa...

Page 156: ...8 6 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Chapter 8 Managing Controller Software and Configurations Resetting the Controller ...

Page 157: ...ns how to configure it on the controllers It contains these sections Overview of Radio Resource Management page 9 2 Overview of RF Groups page 9 5 Configuring an RF Group page 9 6 Viewing RF Group Status page 9 8 Enabling Rogue Access Point Detection page 9 12 Configuring Dynamic RRM page 9 15 Overriding Dynamic RRM page 9 23 Viewing Additional RRM Settings Using the CLI page 9 28 ...

Page 158: ...ns Radio resource monitoring Dynamic channel assignment Dynamic transmit power control Coverage hole detection and correction Client and network load balancing Radio Resource Monitoring RRM automatically detects and configures new controllers and lightweight access points as they are added to the network It then automatically adjusts associated and nearby lightweight access points to optimize cove...

Page 159: ...ystem capacity If a channel is unusable due to excessive noise that channel can be avoided 802 11 Interference Interference is any 802 11 traffic that is not part of your wireless LAN including rogue access points and neighboring wireless networks Lightweight access points constantly scan all channels looking for sources of interference If the amount of 802 11 interference exceeds a predefined con...

Page 160: ...s Coverage Hole Detection and Correction RRM s coverage hole detection feature can alert you to the need for an additional or relocated lightweight access point If clients on a lightweight access point are detected at signal to noise ratio SNR levels that are lower than the thresholds specified in the Auto RF configuration the access point sends a coverage hole alert to the controller The alert in...

Page 161: ... RF group also known as an RF domain is a cluster of controllers that coordinates its dynamic RRM calculations on a per 802 11 network basis An RF group exists for each 802 11 network type Clustering controllers into RF groups enables the RRM algorithms to scale beyond a single controller Lightweight access points periodically send out neighbor messages over the air The RRM algorithms use a shared...

Page 162: ...e A controller is configured with an RF group name which is sent to all access points joined to the controller and used by the access points as the shared secret for generating the hashed MIC in the neighbor messages To create an RF group you simply configure all of the controllers to be included in the group with the same RF group name You can include up to 20 controllers and 1000 access points i...

Page 163: ...eps to create an RF group using the GUI Step 1 Click Controller General to access the General page see Figure 9 1 Figure 9 1 General Page Step 2 Enter a name for the RF group in the RF Network Name field The name can contain up to 19 ASCII characters Step 3 Click Save Configuration to save your changes Step 4 Repeat this procedure for each controller that you want to include in the RF group ...

Page 164: ...e RF group Step 3 Repeat this procedure for each controller that you want to include in the RF group Viewing RF Group Status This section provides instructions for viewing the status of the RF group through either the GUI or the CLI Note You can also view the status of RF groups using the Cisco Wireless Control System WCS Refer to the Cisco Wireless Control System Configuration Guide for instructi...

Page 165: ...Radio Resource Management Viewing RF Group Status Step 2 Under Global RF click either 802 11a Network or 802 11b g Network to access the Global Parameters page see Figure 9 3 Figure 9 3 Global Parameters Page Step 3 Click Auto RF to access the Global Parameters Auto RF page see Figure 9 4 ...

Page 166: ...9 10 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Chapter 9 Configuring Radio Resource Management Viewing RF Group Status Figure 9 4 Global Parameters Auto RF Page ...

Page 167: ... view the status of the RF group using the CLI Step 1 Enter show advanced 802 11a group to see which controller is the RF group leader for the 802 11a RF network Information similar to the following appears Radio RF Grouping 802 11a Group Mode AUTO 802 11a Group Update Interval 600 seconds 802 11a Group Leader 00 16 9d ca d9 60 802 11a Group Member 00 16 9d ca d9 60 802 11a Last Run 594 seconds ag...

Page 168: ... is successful the frames are authenticated Otherwise the authorized access point reports the neighboring access point as a rogue records its BSSID in a rogue table and sends the table to the controller Using the GUI to Enable Rogue Access Point Detection Follow these steps to enable rogue access point detection using the GUI Step 1 Make sure that each controller in the RF group has been configure...

Page 169: ...6 All APs Details Page Step 4 Choose either local or monitor from the AP Mode drop down box and click Save Configuration to save your changes Step 5 Repeat Step 2 through Step 4 for every access point connected to the controller Step 6 Click Security AP Authentication under Wireless Protection Policies to access the AP Authentication Policy page see Figure 9 7 ...

Page 170: ...ogue access point alarm is generated An alarm occurs when the threshold value which specifies the number of access point frames with an invalid authentication IE is met or exceeded within the detection period Note The valid threshold range is from1 to 255 and the default threshold value is 1 To avoid false alarms you may want to set the threshold to a higher value Step 9 Click Save Configuration t...

Page 171: ...d value which specifies the number of access point frames with an invalid authentication IE is met or exceeded within the detection period Note The valid threshold range is from1 to 255 and the default threshold value is 1 To avoid false alarms you may want to set the threshold to a higher value Step 6 Repeat Step 4 and Step 5 on every controller in the RF group Note If rogue access point detectio...

Page 172: ... 1 RRM Parameters Parameter Description RF Group Group Mode Determines whether the controller participates in an RF group Options Enabled or Disabled Default Enabled Group Mode Description Enabled The controller automatically forms an RF group with other controllers The group dynamically elects a leader to optimize RRM parameter settings for the group Disabled The controller does not participate i...

Page 173: ...immediately after you click Invoke Channel Update Now It waits for the next interval default is 600 seconds Off Prevents the controller from evaluating and if necessary updating the channel assignment for joined access points Note For optimal performance Cisco recommends that you use the Automatic setting Refer to the Disabling Dynamic Channel and Power Assignment Globally for a Controller section...

Page 174: ...n the channel when assigning channels to lightweight access points For example RRM may have access points avoid channels with significant interference from non access point sources such as microwave ovens Options Enabled or Disabled Default Enabled The following non configurable RF channel parameter settings are also shown Signal Strength Contribution This parameter is always enabled RRM constantl...

Page 175: ...ransmit power immediately after you click Invoke Power Update Now It waits for the next interval default is 600 seconds Fixed Prevents the controller from evaluating and if necessary updating the transmit power for joined access points The power level is set to the fixed value chosen from the drop down box Note The transmit power level is assigned an integer value instead of a value in mW or dBm T...

Page 176: ...The controller s RRM software uses this information to evaluate the integrity of the entire network and makes adjustments accordingly Interference 0 to 100 The percentage of interference 802 11 traffic from sources outside of your wireless network on a single access point Default 10 Clients 1 to 75 The number of clients on a single access point Default 12 Noise 127 to 0 dBm The level of noise non ...

Page 177: ...ls Channel List The set of channels that the access point uses for RRM scanning Options All Channels Country Channels or DCA Channels Default Country Channels Channel List Description All Channels RRM channel scanning occurs on all channels supported by the selected radio which includes channels not allowed in the country of operation Country Channels RRM channel scanning occurs only on the data c...

Page 178: ...g channels based on availability and interference enter one of these commands config 802 11a channel global auto config 802 11b channel global auto To have RRM automatically reconfigure all 802 11a or 802 11b g channels one time based on availability and interference enter one of these commands config 802 11a channel global once config 802 11b channel global once Signal Measurement How frequently ...

Page 179: ...ndard deployments but not the more typical carpeted offices Note If you choose to statically assign channels and power levels to your access points and or to disable dynamic channel and power assignment you should still use automatic RF grouping to avoid spurious rogue device events You can disable dynamic channel and power assignment globally for a controller or you can leave dynamic channel and ...

Page 180: ...ork Note Cisco recommends that you do not assign all access points that are within close proximity to each other to the maximum power level Using the GUI to Statically Assign Channel and Transmit Power Settings Follow these steps to statically assign channel and or power settings on a per access point radio basis using the GUI Step 1 Click Wireless to access the All APs page see Figure 9 2 Step 2 ...

Page 181: ...hat varies depending on the regulatory domain in which the access points are deployed The number of available power levels varies based on the access point model However power level 1 is always the maximum power level allowed per country code setting with each successive power level representing 50 of the previous power level For example 1 maximum power level in a particular regulatory domain 2 50...

Page 182: ... level 2 enter this command config 802 11a txPower AP1 2 The transmit power level is assigned an integer value instead of a value in mW or dBm The integer corresponds to a power level that varies depending on the regulatory domain in which the access points are deployed The number of available power levels varies based on the access point model However power level 1 is always the maximum power lev...

Page 183: ... power level from the drop down box Note See Step 5 on page 9 25 for information on transmit power levels Step 6 Click Save Configuration to save your changes Step 7 If you are overriding the default channel and power settings on a per radio basis assign static channel and power settings to each of the access point radios that are joined to the controller Step 8 If desired repeat this procedure fo...

Page 184: ...uration channel Shows the channel assignment configuration and statistics logging Shows the RF event and performance logging monitor Shows the Cisco radio monitoring profile Shows the access point performance profiles receiver Shows the 802 11a or 802 11b g receiver configuration and statistics summary Shows the configuration and statistics of the 802 11a or 802 11b g access points txpower Shows t...

Page 185: ...ring Mobility Groups This chapter describes mobility groups and explains how to configure them on the controllers It contains these sections Overview of Mobility page 10 2 Overview of Mobility Groups page 10 5 Configuring Mobility Groups page 10 7 Configuring Auto Anchor Mobility page 10 11 ...

Page 186: ...ry for that client in its client database This entry includes the client s MAC and IP addresses security context and associations quality of service QoS contexts the WLAN and the associated access point The controller uses this information to forward frames and manage traffic to and from the wireless client Figure 10 1 illustrates a wireless client roaming from one access point to another when bot...

Page 187: ...Figure 10 2 Inter Controller Roaming When the client associates to an access point joined to a new controller the new controller exchanges mobility messages with the original controller and the client database entry is moved to the new controller New security context and associations are established if necessary and the client database entry is updated for the new access point This process remains...

Page 188: ...rded directly into the network by the foreign controller Traffic to the client arrives at the anchor controller which forwards the traffic to the foreign controller in an EtherIP tunnel The foreign controller then forwards the data to the client If a wireless client roams to a new foreign controller the client database entry is moved from the original foreign controller to the new foreign controll...

Page 189: ...red as a mobility group to allow seamless client roaming within a group of controllers By creating a mobility group you can enable multiple controllers in a network to dynamically share information and forward data traffic when inter controller or inter subnet roaming occurs Controllers can share the context and state of client devices and controller loading information With this information the n...

Page 190: ...ts up to 2400 access points 24 100 2400 access points 2 A 4402 25 controller supports up to 25 access points and a 4402 50 controller supports up to 50 access points Therefore a mobility group consisting of 12 4402 25 controllers and 12 4402 50 controllers supports up to 900 access points 12 25 12 50 300 600 900 access points Mobility groups enable you to limit roaming between different floors bui...

Page 191: ...the Cisco Wireless Control System Configuration Guide for instructions Prerequisites Before you add controllers to a mobility group you must verify that the following requirements have been met for all controllers that are to be included in the group All controllers must be configured for the same LWAPP transport mode Layer 2 or Layer 3 Note You can verify and if necessary change the LWAPP transpo...

Page 192: ... time You must have gathered the MAC address and IP address of every controller that is to be included in the mobility group This information is necessary because you will be configuring all controllers with the MAC address and IP address of all the other mobility group members Note You can find the MAC and IP addresses of the other controllers to be included in the mobility group on the Controlle...

Page 193: ...and want to add them in bulk click EditAll and go to Step 4 Note The EditAll option enables you to enter the MAC and IP addresses of all the current mobility group members and then copy and paste all the entries from one controller to the other controllers in the mobility group Step 3 The Mobility Group Member New page appears see Figure 10 7 Figure 10 7 Mobility Group Member New Page Follow these...

Page 194: ...te any of the controllers in the list Figure 10 8 Mobility Group Members Edit All Page Follow these steps to add more controllers to the mobility group a Click inside the edit box to start a new line b Enter the MAC address the management interface IP address and the name of the mobility group for the controller to be added Note These values should be entered on one line and separated by one or tw...

Page 195: ...y feature you can specify a controller or set of controllers as the anchor points for clients on a wireless LAN In auto anchor mobility mode a subset of a mobility group is specified as the anchor controllers for a WLAN You can use this feature to restrict a WLAN to a single subnet regardless of a client s entry point into the network Clients can then access a guest WLAN throughout an enterprise b...

Page 196: ...ith a mobility anchor Guidelines for Using Auto Anchor Mobility Keep these guidelines in mind when you configure auto anchor mobility Controllers must be added to the mobility group member list before you can designate them as mobility anchors for a WLAN You can configure multiple controllers as mobility anchors for a WLAN You must disable the WLAN before configuring mobility anchors for it Auto a...

Page 197: ...ty Anchors Page Step 3 Select the IP address of the controller to be designated a mobility anchor in the Switch IP Address Anchor drop down box Step 4 Click Mobility Anchor Create The selected controller becomes an anchor for this WLAN Note To delete a mobility anchor for a WLAN click Remove to the right of the controller s IP address Step 5 Repeat Step 3 and Step 4 to set any other controllers as...

Page 198: ...be a member of the default mobility group Note Auto anchor mobility is enabled for the WLAN when you configure the first anchor controller 3 To delete a mobility anchor for the WLAN enter one of these commands config mobility group anchor delete wlan id anchor controller ip address config wlan mobility anchor delete wlan id anchor controller ip address Note The wlan id must exist and be disabled N...

Page 199: ...rk Solution products The following safety considerations and safety warnings appear in this appendix Safety Considerations page A 2 Warning Definition page A 2 Class 1 Laser Product Warning page A 5 Ground Conductor Warning page A 7 Chassis Warning for Rack Mounting and Servicing page A 9 Battery Handling Warning for 4400 Series Controllers page A 18 Equipment Installation Warning page A 20 More T...

Page 200: ...nted in an equipment rack be sure that the power source is sufficiently rated to safely run all of the equipment in the rack Verify the integrity of the ground before installing Cisco Wireless LAN Controllers in an equipment rack Lightweight access points are suitable for use in environmental air space in accordance with Section 300 22 C of the National Electrical Code and Sections 2 128 12 010 3 ...

Page 201: ...eses Warnsymbol bedeutet Gefahr Sie befinden sich in einer Situation die zu Verletzungen führen kann Machen Sie sich vor der Arbeit mit Geräten mit den Gefahren elektrischer Schaltungen und den üblichen Verfahren zur Vorbeugung vor Unfällen vertraut Suchen Sie mit der am Ende jeder Warnung angegebenen Anweisungsnummer nach der jeweiligen Übersetzung in den übersetzten Sicherheitshinweisen die zusa...

Page 202: ... IMPORTANTES DE SEGURIDAD Este símbolo de aviso indica peligro Existe riesgo para su integridad física Antes de manipular cualquier equipo considere los riesgos de la corriente eléctrica y familiarícese con los procedimientos estándar de prevención de accidentes Al final de cada advertencia encontrará el número que le ayudará a encontrar el texto traducido en el apartado de traducciones que acompa...

Page 203: ... AIR WLC4136 K9 Cisco 4100 Series Wireless LAN Controllers contain Class 1 Lasers Laser Klasse 1 according to EN 60825 1 A1 A2 Warning Class 1 laser product Statement 1008 Waarschuwing Klasse 1 laser produkt Varoitus Luokan 1 lasertuote Attention Produit laser de classe 1 Warnung Laserprodukt der Klasse 1 Avvertenza Prodotto laser di Classe 1 Advarsel Laserprodukt av klasse 1 Aviso Produto laser d...

Page 204: ...ireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Class 1 Laser Product Warning Aviso Produto a laser de classe 1 Advarsel Klasse 1 laserprodukt ...

Page 205: ...ooit bediend worden zonder dat er een op de juiste wijze geïnstalleerde aardingsleiding aanwezig is Neem contact op met de bevoegde instantie voor elektrische inspecties of met een elektricien als u er niet zeker van bent dat er voor passende aarding gezorgd is Varoitus Laitteiden on oltava maadoitettuja Älä koskaan ohita maajohdinta tai käytä laitteita ilman oikein asennettua maajohdinta Ota yhte...

Page 206: ...i jordingslederen og bruk aldri utstyret uten riktig montert jordingsleder Ta kontakt med fagfolk innen elektrisk inspeksjon eller med en elektriker hvis du er usikker på om det finnes velegnet jordning Aviso Este equipamento deve ser aterrado Nunca anule o fio terra nem opere o equipamento sem um aterramento adequadamente instalado Em caso de dúvida com relação ao sistema de aterramento disponíve...

Page 207: ...the rack If the rack is provided with stabilizing devices install the stabilizers before mounting or servicing the unit in the rack Statement 1006 Waarschuwing Om lichamelijk letsel te voorkomen wanneer u dit toestel in een rek monteert of het daar een servicebeurt geeft moet u speciale voorzorgsmaatregelen nemen om ervoor te zorgen dat het toestel stabiel blijft De onderstaande richtlijnen worden...

Page 208: ...en sollen zur Gewährleistung Ihrer Sicherheit dienen Wenn diese Einheit die einzige im Gestell ist sollte sie unten im Gestell angebracht werden Bei Anbringung dieser Einheit in einem zum Teil gefüllten Gestell ist das Gestell von unten nach oben zu laden wobei das schwerste Bauteil unten im Gestell anzubringen ist Wird das Gestell mit Stabilisierungszubehör geliefert sind zuerst die Stabilisatore...

Page 209: ...ma quede bien estable Para garantizar su seguridad proceda según las siguientes instrucciones Colocar el equipo en la parte inferior del bastidor cuando sea la única unidad en el mismo Cuando este equipo se vaya a instalar en un bastidor parcialmente ocupado comenzar la instalación desde la parte inferior hacia la superior colocando el equipo más pesado en la parte inferior Si el bastidor dispone ...

Page 210: ...almente preenchido carregue o de baixo para cima com o componente mais pesado em sua parte inferior Se o rack contiver dispositivos estabilizadores instale os antes de montar ou dar manutenção à unidade existente Advarsel For at forhindre legemesbeskadigelse ved montering eller service af denne enhed i et rack skal du sikre at systemet står stabilt Følgende retningslinjer er også for din sikkerhed...

Page 211: ...A 13 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack Mounting and Servicing ...

Page 212: ...A 14 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack Mounting and Servicing ...

Page 213: ...A 15 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack Mounting and Servicing ...

Page 214: ...A 16 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack Mounting and Servicing ...

Page 215: ...A 17 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Chassis Warning for Rack Mounting and Servicing ...

Page 216: ...tement 1015 Waarschuwing Er is ontploffingsgevaar als de batterij verkeerd vervangen wordt Vervang de batterij slechts met hetzelfde of een equivalent type dat door de fabrikant aanbevolen is Gebruikte batterijen dienen overeenkomstig fabrieksvoorschriften weggeworpen te worden Varoitus Räjähdyksen vaara jos akku on vaihdettu väärään akkuun Käytä vaihtamiseen ainoastaan saman tai vastaavantyyppist...

Page 217: ...jon hvis batteriet skiftes på feil måte Skift kun med samme eller tilsvarende type som er anbefalt av produsenten Kasser brukte batterier i henhold til produsentens instruksjoner Aviso Existe perigo de explosão se a bateria for substituída incorrectamente Substitua a bateria por uma bateria igual ou de um tipo equivalente recomendado pelo fabricante Destrua as baterias usadas conforme as instruçõe...

Page 218: ...oastaan koulutettu ja laitteen tunteva henkilökunta Attention Il est vivement recommandé de confier l installation le remplacement et la maintenance de ces équipements à des personnels qualifiés et expérimentés Warnung Das Installieren Ersetzen oder Bedienen dieser Ausrüstung sollte nur geschultem qualifiziertem Personal gestattet werden Avvertenza Questo apparato può essere installato sostituito ...

Page 219: ...ificado debe instalar reemplazar o utilizar este equipo Varning Endast utbildad och kvalificerad personal bör få tillåtelse att installera byta ut eller reparera denna utrustning Aviso Somente uma equipe treinada e qualificada tem permissão para instalar substituir ou dar manutenção a este equipamento Advarsel Kun uddannede personer må installere udskifte komponenter i eller servicere dette udstyr...

Page 220: ...A 22 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings Equipment Installation Warning ...

Page 221: ...e tension et tout courant électrique de l unité toutes les connexions d alimentation doivent être débranchées Warnung Dieses Gerät kann mehr als eine Stromzufuhr haben Um sicherzustellen dass der Einheit kein Strom zugeführt wird müssen alle Verbindungen entfernt werden Avvertenza Questa unità può avere più di una connessione all alimentazione elettrica Tutte le connessioni devono essere staccate ...

Page 222: ...ne Power Supply Warning for 4400 Series Controllers Aviso Esta unidade pode ter mais de uma conexão de fonte de alimentação Todas as conexões devem ser removidas para interromper a alimentação da unidade Advarsel Denne enhed har muligvis mere end en strømforsyningstilslutning Alle tilslutninger skal fjernes for at aflade strømmen fra enheden ...

Page 223: ...A 25 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers ...

Page 224: ...A 26 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix A Safety Considerations and Translated Safety Warnings More Than One Power Supply Warning for 4400 Series Controllers ...

Page 225: ...mity and regulatory information for the products in the Cisco Unified Wireless Network Solution This appendix contains these sections Regulatory Information for 1000 Series Access Points page B 2 FCC Statements for Cisco 2000 Series Wireless LAN Controllers page B 8 FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers page B 9 ...

Page 226: ...on Commission Declaration of Conformity Statement Model AIR AP1010 A K9 AIR AP1020 A K9 AIR AP1030 A K9 FCC Certification number LDK102057 Manufacturer Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA This device complies with Part 15 rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any inter...

Page 227: ...operations to reduce any potential for harmful interference to co channel Mobile Satellite System MSS operations Department of Communications Canada Model AIR AP1010 A K9 AIR AP1020 A K9 AIR AP1030 A K9 Certification number 2461B 102057 Canadian Compliance Statement This Class B Digital apparatus meets all the requirements of the Canadian Interference Causing Equipment Regulations Cet appareil num...

Page 228: ...s requisitos esenciales asi como con otras disposiciones de la Directive 1999 5 EC Έλληνας Αυτός ο εξοπλισµός συµµορφώνεται µε τις ουσιώδεις απαιτήσεις και τις λοιπές διατάξεις της Οδηγίας 1999 5 EΚ Français Cet appareil est conforme aux exigencies essentialles et aux autres dispositions pertinantes de la Directive 1999 5 EC Íslenska Þessi búnaður samrýmist lögboðnum kröfum og öðrum ákvæðum tilski...

Page 229: ... be compliant to the requirements set forth in CFR 47 Sections 2 1091 and 15 247 b 4 addressing RF Exposure from radio frequency devices as defined in Evaluating Compliance with FCC Guidelines for Human Exposure to Radio Frequency Electromagnetic Fields The equipment should be installed more than 20 cm 7 9 in from your body or nearby persons The access point must be installed to maintain a minimum...

Page 230: ...trial scientific and medical devices such as microwave ovens and mobile object identification RF ID systems licensed premises radio stations and unlicensed specified low power radio stations used in factory production lines 1 Before using this equipment make sure that no premises radio stations or specified low power radio stations of RF ID are used in the vicinity 2 If this equipment causes RF in...

Page 231: ...s Points Administrative Rules for Cisco Aironet Access Points in Taiwan This section provides administrative rules for operating Cisco Aironet access points in Taiwan The rules are provided in both Chinese and English Access Points with IEEE 802 11a Radios Chinese Translation English Translation This equipment is limited for indoor use All Access Points Chinese Translation ...

Page 232: ...entific and medical ISM equipment or by an incidental radiator Declaration of Conformity Statements All the Declaration of Conformity statements related to this product can be found at the following URL http www ciscofax com FCC Statements for Cisco 2000 Series Wireless LAN Controllers This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part ...

Page 233: ...oller and Cisco 4400 Series Wireless LAN Controller equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and ...

Page 234: ... LAN Controller Configuration Guide OL 8335 02 Appendix B Declarations of Conformity and Regulatory Information FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers ...

Page 235: ...ghtweight Access Points Cisco 2000 Series Wireless LAN Controllers Cisco 2700 Series Location Appliances Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Cisco Wireless Services Modules This appendix contains these sections End User License Agreement page C 2 Limited Warranty page C 4 General Terms Applicable to the Limited Warranty Statement and End User Licen...

Page 236: ...isco grants to Customer a nonexclusive and nontransferable license to use for Customer s internal business purposes the Software and the Documentation for which Customer has paid the required license fees Documentation means written information whether contained in user or technical manuals training materials specifications or otherwise specifically pertaining to the Software and made available by...

Page 237: ...y upgrades updates bug fixes or modified versions thereto collectively Upgrades or backup copies of the Software licensed or provided to Customer by Cisco or an authorized Cisco reseller NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT 1 CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE ALREADY HOLDS A VALID...

Page 238: ...shall constitute a material breach of the Agreement U S Government End User Purchasers The Software and Documentation qualify as commercial items as that term is defined at Federal Acquisition Regulation FAR 48 C F R 2 101 consisting of commercial computer software and commercial computer software documentation as such terms are used in FAR 12 212 Consistent with FAR 12 212 and DoD FAR Supp 227 72...

Page 239: ...r s then current Return Material Authorization RMA procedures Software Cisco warrants that commencing from the date of shipment to Customer but in case of resale by an authorized Cisco reseller commencing not more than ninety 90 days after original shipment by Cisco and continuing for a period of the longer of a ninety 90 days or b the software warranty period if any set forth in the warranty card...

Page 240: ...T CONSEQUENTIAL INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE OR OTHERWISE AND EVEN IF CISCO OR ITS SUPPLIERS OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES In no event shall Cisco s or its suppliers or licensors liability to Customer whether in contract tort including neg...

Page 241: ... Source Code Statement 1995 2004 SAFENET Inc This software is protected by international copyright laws All rights reserved SafeNet is a registered trademark of SAFENET Inc in the United States and in certain other jurisdictions SAFENET and the SAFENET logo are trademarks of SAFENET Inc and may be registered in certain jurisdictions All other names and marks are property of their respective owners...

Page 242: ...C 8 Cisco Wireless LAN Controller Configuration Guide OL 8335 02 Appendix C End User License and Warranty Additional Open Source Terms ...

Page 243: ...ns This appendix lists system messages that can appear on the Cisco Unified Wireless Network Solution interfaces and describes the LED patterns on lightweight access points It contains these sections System Messages page D 2 Using Client Reason and Status Codes in Trap Logs page D 4 Using Lightweight Access Point LEDs page D 6 ...

Page 244: ...ely unreachable LRAD_UP Cisco 1000 Series lightweight access point is operational no action required LRAD_DOWN Cisco 1000 Series lightweight access point may have a problem or is administratively disabled LRADIF_UP Cisco Radio is UP LRADIF_DOWN Cisco Radio may have a problem or is administratively disabled LRADIF_LOAD_PROFILE_FAILED Client density may have exceeded system capacity LRADIF_NOISE_PRO...

Page 245: ...URE Port may have a problem or is administratively disabled AUTHENTICATION_FAILURE Attempted security breech Investigate STP_NEWROOT Informational message STP_TOPOLOGY_CHANGE Informational message IPSEC_ESP_AUTH_FAILURE Check WLAN IPSec configuration IPSEC_ESP_REPLAY_FAILURE Check for attempt to spoof IP Address IPSEC_ESP_POLICY_FAILURE Check for IPSec configuration mismatch between WLAN and clien...

Page 246: ...T_EXCEEDED The current number of active rogue access points has exceeded system threshold SWITCH_UP Controller is responding to SNMP polls SWITCH_DOWN Controller is not responding to SNMP polls check controller and SNMP settings RADIUS_SERVERS_FAILED Check network connectivity between RADIUS and the controller CONFIG_SAVED Running configuration has been saved to flash will be active after reboot M...

Page 247: ...ionStaHasLeft Operating System moved the client to another access point using non aggressive load balancing 9 staReqAssociationWithoutAuth Client not authorized yet still attempting to associate with an access point 99 missingReasonCode Client momentarily in an unknown state Table D 2 Client Reason Code Descriptions and Meanings continued Client Reason Code Description Meaning Table D 3 Client Sta...

Page 248: ... LED Conditions Status Power Alarm 2 4 GHz 5 GHz Green on off on or off on or off Controller found code OK normal status Green on off Yellow on on or off 802 11b g activity Green on off on or off Amber on 802 11a activity off Red on off off Lightweight access point starting up All LEDs cycle back and forth Lightweight access point searching for controller Stops when controller and DHCP server are ...

Page 249: ...interfaces 3 34 illustration of three AP manager interfaces 3 33 illustration of two AP manager interfaces 3 32 using multiple 3 31 to 3 36 AP Mode parameter 9 13 Assignment Method parameter 9 25 authentication information element IE 9 12 auto anchor mobility configuring using the CLI 10 14 configuring using the GUI 10 12 to 10 13 guidelines 10 12 overview 10 11 to 10 12 autonomous access points 7...

Page 250: ...name virtual 3 13 config interface port ap manager 3 13 config interface port management 3 12 config interface vlan ap manager 3 13 config interface vlan management 3 12 config lag 3 30 config mobility group anchor 10 14 config mobility group member 10 11 config mobility group name 10 11 config network rf network name 9 8 config route 3 14 config spanningtree 3 26 3 27 config wlan disable 3 12 3 1...

Page 251: ...e command 3 14 config spanningtree commands 3 26 3 27 configurations saving 8 4 configuration wizard 4 2 config wlan disable command 3 12 3 13 3 16 config wlan mobility anchor command 10 14 config wps ap authentication command 9 15 controller discovery using DNS 7 7 Controller Network Module ports 3 3 3 4 using 4 12 Controller Spanning Tree Configuration page 3 24 country channels 9 21 country cod...

Page 252: ...rference defined 9 3 Interference threshold parameter 9 20 inter subnet roaming 10 3 to 10 4 intra controller roaming 10 2 Invoke Channel Update Now button 9 17 Invoke Power Update Now button 9 19 IPSec enabling 6 6 IPSec passthrough 6 8 L LAG See link aggregation LAG 3 27 LAG Mode on Next Reboot parameter 3 29 Last Auto Channel Assignment parameter 9 18 Last Power Level Assignment parameter 9 20 ...

Page 253: ...l Status parameter 3 18 Port Configure page 3 18 port mirroring configuring 3 20 to 3 21 Port Number parameter 3 18 ports 2000 series controllers 3 3 4100 series controllers 3 3 4400 series controllers 3 3 Cisco WiSM 3 3 comparison table 3 3 configuring 3 17 to 3 27 connecting additional ports to support more than 48 access points 3 36 Controller Network Module 3 3 on Cisco 2000 series controllers...

Page 254: ...9 5 to 9 6 viewing status using the CLI 9 11 viewing status using the GUI 9 8 to 9 11 RF Network Name parameter 9 7 rogue access point alarm 9 14 rogue access point detection enabling using the CLI 9 15 enabling using the GUI 9 12 to 9 14 rogue access points solutions for 5 3 root bridge 3 21 Root Cost parameter 3 24 Root Port parameter 3 24 RRM 4 5 See radio resource management 9 2 S safety warni...

Page 255: ...23 STP Port Path Cost parameter 3 23 STP Port Priority parameter 3 23 STP State parameter 3 22 Supervisor 720 4 10 SX LC T small form factor plug in SFP modules 3 3 system logging 4 8 system logging enabling 4 8 system messages D 1 T time and date settings 4 5 timeout disabled clients 6 4 Time Since Topology Changed parameter 3 24 Topology Change Count parameter 3 24 transmit power statically assi...

Page 256: ...less LAN Controller Configuration Guide OL 8335 02 wireless LANs configuring both static and dynamic WEP 6 6 WiSM guidelines 4 10 wizard startup 4 2 WLANs described 3 8 to 3 9 WLANs page 10 12 WMM 6 9 world mode 4 8 WPA 6 5 ...

Reviews:

No comments

Related manuals for AIR-WLC2006-K9 - Wireless LAN Controller 2006

J4C 20 Mounting Instructions preview
20
Brand: J4C Pages: 4
Vacon 20 Quick Manual preview
20
Brand: Vacon Pages: 62
ABB ControlMaster CM15 Commissioning Instructions preview
ControlMaster CM15
Brand: ABB Pages: 28
ABB 650 series Engineering Manual preview
650 series
Brand: ABB Pages: 128
ABB ACS880 Series Supplement Manual preview
ACS880 Series
Brand: ABB Pages: 50
ABB ABILITY SSC600 Product Manual preview
ABILITY SSC600
Brand: ABB Pages: 42
ABB AC 800M Library Object Style Manual preview
AC 800M
Brand: ABB Pages: 120
ABB ACH400 Series Retrofit Manual preview
ACH400 Series
Brand: ABB Pages: 28
ABB TZIDC-110 Operating Instructions Manual preview
TZIDC-110
Brand: ABB Pages: 59
ABB ACS355 series Quick Start Up Manual preview
ACS355 series
Brand: ABB Pages: 139
ABB LME620-AI Instructions Manual preview
LME620-AI
Brand: ABB Pages: 15
ABB PST30 Manual preview
PST30
Brand: ABB Pages: 10
ABB LME620-AI Service Instruction preview
LME620-AI
Brand: ABB Pages: 30
ABB LME620-AI User Manual preview
LME620-AI
Brand: ABB Pages: 44
ABB XFC G5 Quick Start Manual preview
XFC G5
Brand: ABB Pages: 2
ABB ControlMaster CM15 Instructions preview
ControlMaster CM15
Brand: ABB Pages: 4
Nidec Leroy-Somer R180 Installation And Maintenance Manual preview
Leroy-Somer R180
Brand: Nidec Pages: 20
S&C 5800 Series Troubleshooting Manual preview
5800 Series
Brand: S&C Pages: 34

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands