Cisco Small Business AP541N Page 24 Administration Manual Download | Manualshive

Page: 24 / 172

background image

Getting Started

Configuring Security on the Wireless Access Point

Cisco AP541N Dual-band Single-radio Access Point Quick Start Guide

19

1

!

CAUTION

By default, no security is in place on the access point, so any wireless client can
associate with it and access your LAN, including unauthorized devices. An
important next step is to configure security. Continue with

Configuring Security on

the Wireless Access Point, page 19

for more information.

Configuring Security on the Wireless Access Point

You configure secure wireless client access by configuring security for each
virtual access point (VAP) that you enable. You can configure up to 16 VAPs per
wireless radio that simulate multiple access points in one physical access point.
For each VAP, you can configure a unique security mode to control wireless client
access.

Each wireless radio has 16 VAPs, with VAP IDs from 0-15. VAP 0, VAP 1, and VAP 2
have different default settings than VAPs 3-15. By default, VAP 0, VAP 1, and VAP 2
are enabled.

VAP0 has the following default settings:

•

VLAN ID: 1

•

SSID: cisco-data

•

Broadcast SSID: Enabled

•

Security: None

•

MAC Authentication Type: Disabled

•

Station Isolation: Disabled

•

HTTP Redirect: Disable

VAP1 has the following default settings:

•

VLAN ID: 100

•

SSID: cisco-voice

•

Broadcast SSID: Enabled

•

Security: None

•

MAC Authentication Type: Disabled

«
...
22
23
24
25
26
...
»

Summary of Contents for Small Business AP541N

Page 1: ...Cisco Small Business AP541N Dual band Single radio Access Point OL 20285 01 ADMINISTRATION GUIDE ...

Page 2: ...tion Utility by Using Cisco Configuration Assistant 2 1 or higher 9 Display the Configuration Utility by Using Another IP Address 11 Troubleshooting Your Connection 13 Using the Ping Command to Test the Connection 13 Possible Cause of Failure 13 Resetting the Device by using the Reset Button 14 Configuring the Access Point by using the Getting Started Page 15 Access Point Configuration 15 Access P...

Page 3: ... Access Point Settings 50 Security Mode 58 Client Connection Control 71 Configuring a MAC Filter and Station List on the Access Point 71 Configuring MAC Authentication on the RADIUS Server 74 Modifying Advanced Settings 74 Configuring the Wireless Distribution System 85 WEP on WDS Links 88 WPA PSK on WDS Links 89 Bandwidth Utilization 90 Configuring Quality of Service QoS 91 Chapter 5 SNMP 97 Conf...

Page 4: ...17 Upgrading the Software by Using HTTP 119 Event Logs 120 Configuring Persistent Logging Options 121 Configuring the Log Relay Host for Kernel Messages 123 Enabling or Disabling the Log Relay Host on the Events Page 124 Configuring the Web Server Settings 125 Creating an Administration Access Control List 127 Chapter 7 Clustering Multiple Access Points 129 Managing Access Points in the Cluster 12...

Page 5: ...tion Examples 149 Configuring a VAP 150 VAP Configuration from the Web Interface 151 VAP Configuration Using SNMP 152 Configuring Wireless Radio Settings 153 Wireless Radio Configuration from the Web Interface 153 Wireless Radio Configuration Using SNMP 155 Configuring the Wireless Distribution System 155 WDS Configuration from the Web Interface 156 WDS Configuration Using SNMP 157 Clustering Acce...

Page 6: ...nt in Standalone Mode Before you power on a new access point review the following sections to check required hardware and software components client configurations and compatibility issues Make sure you have everything you need for a successful launch and test of your new or extended wireless network This chapter contains the following topics Administrator Computer Requirements Connecting the Acce...

Page 7: ...t cable The IP address must be on the same subnet as the access point The subnet mask must match the subnet mask of the access point The Administration PC IP Address section describes the procedure for changing these parameters on a PC running Windows Web Browser and Operating System The following Web browsers can be used to display the access point Configuration Utility Web pages Microsoft Intern...

Page 8: ...P 4 In the IP Address window click Specify an IP address STEP 5 In the IP Address field enter an IP address that is in the same subnet as the access point IP address The default access point IP address is 192 168 10 10 The default subnet mask is 255 255 255 0 For example you can set the PC IP address to 192 168 10 250 PC IP subnet mask to 255 255 255 0 STEP 6 In the Subnet Mask field type 255 255 ...

Page 9: ... the network port on the access point as shown in Figure1 STEP 2 Connect the other end of the cable to the Ethernet port on the PC Figure 1 Connecting the Access Point Using a Direct Cable Connection If you use this method you will need to reconfigure the cabling for subsequent startup and deployment of the access point so that the access point is no longer connected directly to the PC but instead...

Page 10: ...ugh or crossover cable to the network port on the access point as shown in Figure 2 STEP 2 Connect the other end to the same hub or switch where your PC is connected Figure 2 Connecting the Access Point Using a LAN Connection The hub or switch you use must permit broadcast signals from the access point to reach the other devices on the network STEP 3 If you are not using PoE connect the power adap...

Page 11: ... Follow the instructions in the Display the Configuration Utility by Using Cisco Configuration Assistant 2 1 or higher section Using the an IP address assigned to the switch through DHCP Follow the instructions in the Display the Configuration Utility by Using Another IP Address section Display the Configuration Utility By Using the Default IP Address To access the Access Point Configuration Utili...

Page 12: ... radio Access Point Quick Start Guide 7 1 Figure 3 Login Window STEP 2 Enter the login information Username cisco Default password cisco Passwords are case sensitive When you log in the Getting Started page for the access point Configuration Utility is displayed as shown in Figure 4 ...

Page 13: ...e Software Upgrade link as shown in Figure 4 Next we recommend that you Change the password by clicking Change Administrator Password Configure the SSID and enable wireless security by clicking Configure Wireless Networks SSIDs Enable the wireless radio by clicking Enable Wireless Radio Assign a new static IP address to the access point if your network devices are configured with static IP address...

Page 14: ...are familiar with CCA You can find additional information about CCA at http www cisco com en US products ps7287 tsd_products_support_series_home html To configure the access point by using CCA STEP 1 Connect the Ethernet port on the access point to a switch port on a SBCS device STEP 2 Power on the Cisco AP541N STEP 3 Connect a PC with CCA installed to any access switch port on the UC520 or SR520 ...

Page 15: ...ay the options Configuration Utility Properties and Annotation STEP 8 Click Configuration Utility The Access Point Configuration Utility displays in a new window as shown in Figure 4 Next we recommend that you Change the password by clicking Change Administrator Password Configure the SSID and enable wireless security by clicking Configure Wireless Networks SSIDs Enable the wireless radio by click...

Page 16: ... the Access Point Configuration Utility To configure the access point by using an IP address other than the default static IP address STEP 1 Power on the Cisco AP541N STEP 2 If you used a DHCP server on your network to automatically configure network information for the access point enter the IP address assigned to the access point by the DHCP server into the Web browser If you have access to the ...

Page 17: ...g Configure Wireless Networks SSIDs Enable the wireless radio by clicking Enable Wireless Radio Assign a new static IP address to the access point if your network devices are configured with static IP addresses by clicking Set LAN IP Address CAUTION If you do not have a DHCP server on your internal network and do not plan to use one we recommend assigning a new static IP address so that if you bri...

Page 18: ...dicate the appropriate links STEP 2 Open a command window by using Start Run and enter cmd STEP 3 At the Command window prompt enter ping and the access point IP address For example ping 192 168 10 10 the default static IP address of the access point If successful you should get a reply similar to the following Pinging 192 168 10 10 with 32 bytes of data Reply from 192 168 10 10 bytes 32 time 1ms ...

Page 19: ...onfiguration Utility will lose connectivity You can query the DHCP server for the new IP address or disconnect the access point from the network and reset the device to use the static default access point IP address by using the Resetting the Access Point to the Factory Default Configuration page 114 procedure Resetting the Device by using the Reset Button To use the Reset button to reboot or rese...

Page 20: ...e access point The username is cisco and it cannot be changed The default password is cisco STEP 2 If you do not have a DHCP server on the network and do not plan to use one click Change IP Address to change the connection type from DHCP to static IP and set a static IP address and subnet mask NOTE We recommend that you assign a new static IP address Otherwise if you bring up another Cisco AP541N ...

Page 21: ...rsions of the Access Point software become available you can upgrade the software on your devices to take advantage of new features and enhancements For more information see Software Upgrade page 117 For information on how to backup and restore the configuration go to Access Point Configuration page 113 Wireless Configuration Page For information about the wireless radio settings see Configuring W...

Page 22: ...lient Software Client software such as Microsoft Windows Supplicant configured to associate with the access point Client Security Settings Security should be disabled on the client used to do initial configuration of the access point If the Security mode on the access point is set to anything other than plain text wireless clients must have a profile set to the same authentication mode used by the...

Page 23: ...ired location c Connect an Ethernet cable from the access point to the LAN d Power on the access point e Connect your computer to the LAN by using an Ethernet cable or a wireless card If you configured the access point and an administrator PC by connecting both to a network hub or switch your access point is already connected to the LAN The next step is to test some wireless clients STEP 2 Test th...

Page 24: ...rity for each virtual access point VAP that you enable You can configure up to 16 VAPs per wireless radio that simulate multiple access points in one physical access point For each VAP you can configure a unique security mode to control wireless client access Each wireless radio has 16 VAPs with VAP IDs from 0 15 VAP 0 VAP 1 and VAP 2 have different default settings than VAPs 3 15 By default VAP 0...

Page 25: ...TTP Redirect Disable VAP3 15 are disabeld by default but when they are enabled they will have the following default settings VLAN ID 1 SSID Virtual Access Point x where x is the VAP ID Broadcast SSID Enabled Security None MAC Authentication Type Disabled Station Isolation Disabled HTTP Redirect Disable To prevent unauthorized access to the access point we recommend that you select and configure a ...

Page 26: ...N Dual band Single radio Access Point Quick Start Guide 21 Status The Status page provides information on the following Device Information Network Interfaces Traffic Statistics Associated Clients Rogue AP Detection ...

Page 27: ...ge Table 3 Device Information Page Field Description Product Identifier Identifies the AP hardware model Hardware Version Identifies the AP hardware version Software Version Shows version information for the software installed on the AP As new versions of the WLAN AP software become available you can upgrade the software Serial Number Shows the AP serial number Device Name Generic name to identify...

Page 28: ... Network Interface Status window displays the current Wired Settings and the Wireless Settings of the access point Click Refresh to refresh the page Figure 6 Interface Status System Uptime The amount of time that the AP has been operational since its last power up reboot Table 3 Device Information Page Field Description ...

Page 29: ...reless radio interface To change the Radio Mode or Channel settings click Edit You are redirected to the Wireless Radio Settings page For information about configuring these settings see Modifying Wireless Radio Settings page 47 and Modifying Advanced Settings page 74 Traffic Statistics The Traffic Statistics page provides basic information about the access point a real time display of the transmi...

Page 30: ...Status Traffic Statistics Cisco AP541N Dual band Single radio Access Point Quick Start Guide 25 2 Figure 7 Viewing Traffic Statistics ...

Page 31: ...plicable or is not supported Transmit and Receive Information Total Packets Indicates total packets sent in Transmit table or received in Received table on that interface Total Bytes Indicates total bytes sent in Transmit table or received in Received table on that interface Total Dropped Packets Indicates total number of packets sent in Transmit table or received in Received table on that interfa...

Page 32: ...tations are displayed along with information about packet traffic transmitted and received for each station Click Refresh to refresh the page Table 5 describes the fields on the Associated Clients page Table 5 Associated Clients Field Descriptions Field Description Network Shows which VAP the client is associated with For example an entry of wlan0vap2 means the client is associated with Wireless R...

Page 33: ...t is if a client shows as authenticated to the access point it will be able to transmit and receive data This is because Static WEP uses only IEEE 802 11 authentication If the access point uses IEEE 802 1X or WPA security however it is possible for a client association to show on this tab as authenticated by using IEEE 802 11 security but actually not be authenticated to the access point by using ...

Page 34: ...A Rogue AP is an access point that has been installed on a secure network without authorization from a system administrator Rogue access points pose a security threat because anyone with access to the premises can ignorantly or maliciously install a wireless access point that might allow unauthorized parties to access the network The Rogue AP Detection page displays information about all access po...

Page 35: ...rmation about other access points within range Table 6 describes the information provided on neighboring access points Table 6 Neighboring Access Point Information Field Description AP Detection To enable neighbor access point detection and collect information about neighbor access points click Enabled default To disable neighbor access point detection click Disabled To save the setting click Appl...

Page 36: ...rval of another access point Beacon frames are transmitted by an access point at regular intervals to announce their existence on the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second The Beacon Interval for your access point is set on the Wireless Advanced Settings page See Modifying Advanced Settings page 74 Type Indicates the type of de...

Page 37: ...ecurity mode on the neighboring access point is set to None no security On indicates that the neighboring access point has some security in place Security is configured on the access point from the Virtual Access Point page WPA Indicates whether WPA security is on or off for the detected access point Band This indicates the IEEE 802 11 mode being used on the detected access point For example IEEE ...

Page 38: ...rted Rates Signal Indicates the strength of the wireless radio signal emitting from the detected access point If you hover the mouse pointer over the bars a number appears and shows the strength in decibels dB Beacons Shows the total number of beacons received from the detected access point since it was first discovered Last Beacon Shows the date and time of the last beacon received from the detec...

Page 39: ...t or cfg extension Entries in the file are MAC addresses in hexadecimal format with each octet separated by colons for example 00 11 22 33 44 55 Separate the entries with a single space For the access point to accept the file it must contain only MAC addresses To import an access point list from a file do the following STEP 1 Choose whether to replace the existing Known AP List or add the entries ...

Page 40: ...asts requests for network information To use a static IP address you must disable the DHCP client and manually configure the IP address and other network information The access point default management VLAN is VLAN 1 This VLAN is also the default untagged VLAN If you have configured the management VLAN on your network with a different VLAN ID you must change the VLAN ID of the access point managem...

Page 41: ...Setup LAN Settings 36 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 3 Figure 10 LAN Settings ...

Page 42: ...agement VLAN ID is 1 Untagged VLAN Enable or disable VLAN tagging If you enable the untagged VLAN all traffic is tagged with a VLAN ID By default all traffic on the access point uses VLAN 1 the default untagged VLAN This means that all traffic is untagged until you disable the untagged VLAN change the untagged traffic VLAN ID or change the VLAN ID for a VAP or client using RADIUS UntaggedVLAN ID P...

Page 43: ...k until the 802 1X authentication server grants access If your network uses 802 1X you must configure the 802 1X authentication information that the access point can supply to the authentication server To configure the access point 802 1X supplicant user name and password click the 802 1X Authentication tab and configure the fields shown in Table 8 Subnet Mask Subnet Mask of the access point Defau...

Page 44: ... Start Guide 39 3 Figure11 IEEE 802 1X Authentication Table 8 IEEE 802 1X Authentication Field Descriptions Field Description 802 1X Supplicant Click Enabled to enable the Administrative status of the 802 1X Supplicant Click Disabled to disable the Administrative status of the 802 1X Supplicant ...

Page 45: ...ntication server The username can be 1 to 64 characters in length ASCII printable characters are allowed which includes upper and lower case letters numbers and special symbols such as and Double quote is not a valid character NOTE If the 802 1X Supplicant is Disabled the Username field is not editable Password Enter the MD5 password for the access point to use when responding to requests from an ...

Page 46: ...s to servers using the returned time stamp to adjust its clock The timestamp is used to indicate the date and time of each event in log messages By using NTP the AP can obtain and maintain its time from a server on the network Using an NTP server gives your AP the ability to provide the correct time of day in log messages and session information See http www ntp org for more information about NTP ...

Page 47: ...Setup Enabling the Network Time Protocol 42 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 3 Figure 12 Manually Enabling Network Time Protocol ...

Page 48: ...Setup Enabling the Network Time Protocol Cisco AP541N Dual band Single radio Access Point Quick Start Guide 43 3 Figure13 Enabling Network Time Protocol Server ...

Page 49: ...otocol NTP in the Set System Time field If using NTP specify the server by host name or IP address Using the IP address is not recommended as the IP address is more likely to change Time Zone Select the international time zone in which the AP is operating for example USA Eastern System Date This field appears when you select Manually in the Set System Time field Use the System Date list to select ...

Page 50: ...eek of the month First Second Last From the day list select the day of the week Sunday Monday From the month list select the month January February Specify the time 24 hour format by selecting the hours and minutes DST End 24 HR Use this field to configure Daylight Savings Time to end The end time is relative to Daylight Savings Time From the week list select the week of the month First Second Las...

Page 51: ... configure the Time settings you must click Apply to apply the changes and to save the settings Changing some settings might cause the access point to stop and restart system processes If this happens wireless clients will temporarily lose connectivity We recommend that you change access point settings when WLAN traffic is low ...

Page 52: ...gure the wireless radio in the access point 802 11 mode and channel and to the network interface to the access point AP MAC address To configure the wireless interface click the Wireless Radio Settings tab Figure 14 Wireless Interface Configuration Table10 describes the fields and configuration options available on the Radio Settings page ...

Page 53: ... any country without reconfiguration Disabling 802 11d prevents the country code setting from being broadcast in the beacons However this only applies to wireless radios configured to operate in the g band 2 4 GHz band For wireless radios operating in the a band 5 GHz band the access point software configures support for 802 11h When 802 11h is supported the country code information is broadcast i...

Page 54: ... 802 11a clients can connect to the access point 802 11b g 802 11b and 802 11g clients can connect to the access point 802 11a n 802 11a clients and 802 11n clients operating in the 5 GHz frequency can connect to the access point 802 11b g n default 802 11b 802 11g and 802 11n clients operating in the 2 4 GHz frequency can connect to the access point 2 4 GHz 802 11n Only 802 11n clients operating ...

Page 55: ...s simulate multiple access points in one physical access point The Cisco AP541N supports up to 16 VAPs Channel Select the Channel NOTE If Radio Interface is set to Off the Channel cannot be changed The range of available channels is determined by the mode of the wireless radio interface and the country code setting If you select Auto for the channel setting the access point scans all available cha...

Page 56: ... assigns wireless clients to the VLAN when the clients associate and authenticate You can configure up to four global IPv4 RADIUS servers One of the servers always acts as a primary while the others act as backup servers The network type and accounting mode are common across all configured RADIUS servers You can configure each VAP to use the global RADIUS server settings which is the default or yo...

Page 57: ...ADIUS IP Address Enter the address for the primary global RADIUS server By default each VAP uses the global RADIUS settings that you define for the access point at the top of the VAP page When the first wireless client tries to authenticate with the access point the access point sends an authentication request to the primary server If the primary server responds to the authentication request the a...

Page 58: ...ey 1 3 Enter the RADIUS key associated with the configured backup RADIUS servers The server at RADIUS IP Address 1 uses RADIUS Key 1 RADIUS IP Address 2 uses RADIUS Key 2 and so forth Enable Radius Accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data transmitted and received and so forth If you enable RADIUS accounting i...

Page 59: ...ags all traffic from the wireless client with the VLAN ID you enter in this field unless you enable the untagged VLAN ID or use a RADIUS server to assign a wireless client to a VLAN The range for the VLAN ID is 1 4094 If you use RADIUS based authentication for clients you can optionally add the following attributes to the appropriate file in the RADIUS or AAA server to configure a VLAN for the cli...

Page 60: ...adcast SSID parameter is disabled by default When the VAP does not broadcast its SSID the network name is not displayed in the list of available networks on a client station Instead the client must have the exact network name configured in the supplicant before it is able to connect To enable the SSID broadcast select the Broadcast SSID check box To prohibit the SSID broadcast clear the Broadcast ...

Page 61: ...urity Mode section MAC Auth Type You can configure a global list of MAC addresses that are allowed or denied access to the network The drop down menu for this feature allows you to select the type of MAC authentication to use Disabled Do not use MAC authentication Local Use the MAC authentication list that you configure on the Wireless Connection Control page RADIUS Use the MAC authentication list...

Page 62: ...sociates with an access point and the user opens a Web browser on the client to access the Internet The custom Web page must be located on an external Web server and might contain information such as the company logo and network usage policy NOTE The wireless client is redirected to the external Web server only once when it is first associated with the access point Redirect URL Specify the URL whe...

Page 63: ...nt security settings None Plain text If you select None as your security mode no other options are configurable on the access point This mode means that any data transferred to and from the access point is not encrypted This security mode can be useful during initial network configuration or for problem solving but it is not recommended for regular use on the Internal network because it is not sec...

Page 64: ...eys to transmit data to the access point Or they can all use the same key but this is less secure because it means one station can decrypt the data being sent by another On some wireless client software you can configure multiple WEP keys and define a client station transfer key index and then set the stations to encrypt the data they transmit using different keys This ensures that neighboring acc...

Page 65: ...nd the letters A to F Use the same number of characters for each key as specified in the Characters Required field These are the RC4 WEP keys shared with the stations using the access point Each client station must be configured to use one of these same WEP keys in the same slot as specified here on the access point Characters Required The number of characters you enter into the WEP Key fields is ...

Page 66: ...use a client station is allowed to associate does not ensure it can exchange traffic with an access point A station must have the correct WEP key to be able to successfully access and decrypt data from an access point and to transmit readable data to the access point Shared key authentication requires the client station to have the correct WEP key in order to associate with the access point When t...

Page 67: ...ws clients the authentication server must support Protected EAP PEAP and MSCHAP V2 You can use any of a variety of authentication methods that the IEEE 802 1X mode supports including certificates Kerberos and public key authentication You must configure the client stations to use the same authentication method the access point uses NOTE After you configure the security settings you must click Appl...

Page 68: ...iated with the configured backup RADIUS servers The server at RADIUS IP Address 1 uses RADIUS Key 1 RADIUS IP Address 2 uses RADIUS Key 2 and so forth Enable RADIUS Accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data transmitted and received and so forth If you enable RADIUS accounting it is enabled for the primary RADI...

Page 69: ...must support Protected EAP PEAP and MSCHAP V2 You can use any of a variety of authentication methods that the Dynamic WEP mode supports including certificates Kerberos and public key authentication You must configure the client stations to use the same authentication method the access point uses Table14 Dynamic WEP Field Description Use Global RADIUS Server Settings By default each VAP uses the gl...

Page 70: ...ervers The server at RADIUS IP Address 1 uses RADIUS Key 1 RADIUS IP Address 2 uses RADIUS Key 2 and so on Enable RADIUS Accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data transmitted and received and so on If you enable RADIUS accounting it is enabled for the primary RADIUS server and all backup servers Broadcast Key ...

Page 71: ...Personal Field Descriptions Field Description WPA Versions Select the types of client stations you want to support WPA If all client stations on the network support the original WPA but none support the newer WPA2 select WPA WPA2 If all client stations on the network support WPA2 we suggest using WPA2 as it provides the best security by supporting the IEEE 802 11i standard WPA and WPA2 If you have...

Page 72: ...e access point WPA clients must have one of the following to be able to associate with the access point A valid TKIP key A valid AES CCMP key Clients not configured to use a WPA Personal cannot associate with the access point Key The Pre shared Key is the shared secret key for WPA Personal Enter a string of at least 8 characters to a maximum of 63 characters Acceptable characters include upper and...

Page 73: ...ginal WPA select both WPA and WPA2 This lets both WPA and WPA2 client stations associate and authenticate but uses the more robust WPA2 for clients that support it This WPA configuration allows more interoperability at the expense of some security Enable pre authentication If in WPA Versions you selected only WPA2 or both WPA and WPA2 you can enable pre authentication for WPA2 clients Click Enable...

Page 74: ...ross reboots The first configured RADIUS server is selected when the device is rebooted or reset Use Global RADIUSServer Settings By default each VAP uses the global RADIUS settings that you define for the access point at the top of the VAP page However you can configure each VAP to use a different set of RADIUS servers To use the global RADIUS server settings make sure the check box is selected T...

Page 75: ...r at RADIUS IP Address 1 uses RADIUS Key 1 RADIUS IP Address 2 uses RADIUS Key 2 and so forth EnableRADIUS Accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data transmitted and received and so forth If you enable RADIUS accounting it is enabled for the primary RADIUS server and all backup servers Broadcast Key Refresh Rat...

Page 76: ...AC address of the client in the local Stations List or on the RADIUS server If it is found the global allow or deny setting is applied If it is not found the opposite is applied On the Virtual Access Point Settings page the MAC Auth Type setting controls whether the access point uses the station list configured locally on the Client Connection Control page or the external RADIUS server The Allow B...

Page 77: ... Description Filter To set the MAC Address Filter select one of the following options Allow only stations in list Any station that is in the Stations List is allowed access to the network through the access point all other stations are denied Block all stations in list Only the stations that appear in the list are denied access to the network through the access point All other stations are permitt...

Page 78: ...int To add a MAC Address to the local Stations List enter its 48 bit MAC address into the MAC Address text boxes then click Add To remove a MAC Address from the Stations List select its 48 bit MAC address then click Remove The stations in the list will either be allowed or denied access based on how you set the filter in the previous field NOTE If the MAC authentication type for the VAP is set to ...

Page 79: ...ing table Modifying Advanced Settings The advanced wireless settings directly control the behavior of the wireless radio in the access point and its interaction with the physical medium that is how and what type of electromagnetic waves the access point emits To specify the wireless radio settings click the Advanced Settings tab Table18 Configuring MAC Authentication on the RADIUS Server RADIUS Se...

Page 80: ...ual band Single radio Access Point Quick Start Guide 75 4 Figure17 Configuring the Wireless Radio Settings Different settings display depending on the mode you select Table 19 describes the fields and configuration options for the Advanced Settings page ...

Page 81: ... the wireless clients it was supporting so that the wireless radio can be gracefully shutdown and the clients can start the association process with other available access points NOTE If Status is set to Off then all fields are not able to be edited Mode The Mode defines the Physical Layer PHY standard used by the wireless radio NOTE The modes available on your access point depend on the country c...

Page 82: ... the wireless radio uses for transmitting and receiving Each mode offers a number of channels depending on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission FCC or the International Telecommunication Union ITU R Channel Bandwidth This field is available only if the wireless radio mode includes 802 11n The 802 11n specification allo...

Page 83: ...annel in the 40 MHz band Lower Set the Primary Channel as the lower 20 MHz channel in the 40 MHz band Short Guard Interval Supported This field is available only if the radio mode includes 802 11n The guard interval is the dead time in nanoseconds between OFDM symbols It prevents Inter Symbol and Inter Carrier Interference ISI ICI The 802 11n mode allows for a reduction in this guard interval from...

Page 84: ... stations or applications By default these protection mechanisms are enabled Auto With protection enabled protection mechanisms will be invoked if legacy devices are within range of the access point You can disable Off these protection mechanisms however when protection is off legacy clients or access points within range can be affected by 802 11n transmissions Protection is also available when th...

Page 85: ...in low power mode have data buffered on the access point and are awaiting pick up The DTIM period you specify indicates how often the clients served by this access point should check for buffered data still on the access point awaiting pickup The measurement is in beacons For example if you set this field to 1 clients will check for buffered data on the access point at every beacon If you set this...

Page 86: ...hold to the largest value 2346 bytes effectively disables fragmentation Fragmentation plays no role when Aggregation is enabled Fragmentation involves more overhead both because of the extra work of dividing up and reassembling of frames it requires and because it increases message traffic on the network However fragmentation can help improve network performance and reliability if properly configu...

Page 87: ...lly one with a lot of clients If you specify a low threshold value RTS packets will be sent more frequently This will consume more bandwidth and reduce the throughput of the packet On the other hand sending more RTS packets can help the network recover from interference or collisions which might occur on a busy network or on a network experiencing electromagnetic interference Maximum Stations Spec...

Page 88: ... the number of access points needed To increase capacity of the network place access points closer together and reduce the value of the transmit power This helps reduce overlap and interference among access points A lower transmit power setting can also keep your network more secure because weaker wireless signals are less likely to propagate outside of the physical location of your network Fixed ...

Page 89: ...ate Limiting Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network By default the Multicast Broadcast Rate Limiting option is enabled When Multicast Broadcast Rate Limiting is disabled the Rate Limit and Rate Limit Burst fields cannot be modified Rate Limit Enter the rate limit you want to set for mul...

Page 90: ...tween the access points The bridge does not add to the hop count It functions as a simple OSI layer 2 network device In the point to multipoint bridge mode one access point acts as the common link between multiple access points In this mode the central access point accepts client associations and communicates with the clients and other repeaters All other access points associate only with the cent...

Page 91: ...re to configure WDS settings on both access points participating in the WDS link You can have only one WDS link between any pair of access points That is a remote MAC address might appear only once on the WDS page for a particular access point Both access points participating in a WDS link must be on the same wireless radio channel and use the same IEEE 802 11 mode See Modifying Advanced Settings ...

Page 92: ... Address The MAC address for this access point Remote Address The MAC address of the destination access point the access point on the other end of the WDS link to which data will be sent and from which data will be received Click the drop down arrow to the right of the Remote Address field to see a list of all the available MAC addresses and their associated SSIDs on the network Select the appropr...

Page 93: ...ct WEP as the encryption type Table 21 WEP on WDS Links Field Description Encryption WEP WEP Select this option if you want to set WEP encryption on the WDS link Key Length If WEP is enabled specify the length of the WEP key 64 bits 128 bits Key Type If WEP is enabled specify the WEP key type ASCII Hex Characters Required The number of characters required in the WEP key The field updates automatic...

Page 94: ...le 22 WPA PSK on WDS Links Field Description Encryption WPA PSK SSID Enter an appropriate name for the new WDS link you have created This SSID should be different from the other SSIDs used by this access point However it is important that the same SSID is also entered at the other end of the WDS link If this SSID is not the same for both access points on the WDS link they will not be able to commu...

Page 95: ...Bandwidth Utilization tab and update the fields shown in the following figure Figure 19 Configuring Bandwidth Utilization Table 23 Bandwidth Utilization Field Description Bandwidth Utilization Enable or disable bandwidth utilization To enable bandwidth utilization this access point click Enable To disable bandwidth utilization on this access point click Disable Maximum Utilization Threshold Provid...

Page 96: ...ata over the access point Configuring QoS on the access point consists of setting parameters on existing queues for different types of wireless traffic and effectively specifying minimum and maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of the client stations AP Enhanced Distribute...

Page 97: ...h priority queue minimum delay Time sensitive data such as VoIP and streaming media are automatically sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughpu...

Page 98: ...efore the data frame is sent a retry counter is incremented and the random backoff value window is doubled Doubling will continue until the size of the random backoff value reaches the number defined in the Maximum Contention Window Valid values for cwMin are 1 3 7 15 31 63 127 255 511 or 1023 The value for cwMin must be less than or equal to the value for cwMax cwMax Maximum Contention Window The...

Page 99: ...st length are 0 0 through 999 0 Wi Fi Multimedia Settings Wi Fi MultiMedia WMM Wi Fi MultiMedia WMM is enabled by default With WMM enabled QoS prioritization and coordination of wireless medium access is on With WMM enabled QoS settings on the access point control downstream traffic flowing from the access point to client station AP EDCA parameters and the upstream traffic flowing from the station...

Page 100: ...queue FTP data for example AIFS Inter Frame Space The Arbitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 255 cwMin Minimum Contention Window This parameter is used by the algorithm that determines the initial random wait time for data transmission during a period of contention for access point resources ...

Page 101: ... Maximum Contention Window size is reached Once the Maximum Contention Window size is reached retries will continue until a maximum number of retries allowed is reached TXOP Limit The TXOP Limit is a station EDCA parameter and only applies to traffic flowing from the client station to the access point The Transmission Opportunity TXOP is an interval of time in milliseconds when a client has the ri...

Page 102: ...ation Bases MIBs and return this data to the SNMP manager when requested Managed devices can be network nodes such as access points routers switches bridges hubs servers or printers The access point can function as an SNMP managed device for seamless integration into network management systems such as HP OpenView From the SNMP page you can start or stop control of SNMP agents configure community p...

Page 103: ...Enabled Disabled You can specify the SNMP administrative mode on your network By default SNMP is disabled To enable SNMP click Enabled To disable SNMP click Disabled After changing the mode you must click Apply to save your configuration changes NOTE If you disable SNMP all remaining fields on the SNMP page are disabled This is a global SNMP parameter that applies to SNMPv1 SNMPv2c and SNMPv3 ...

Page 104: ... another port Enter the port number on which you want the SNMP agents to listen to requests NOTE This is a global SNMP parameter that applies to SNMPv1 SNMPv2c and SNMPv3 Allow SNMP set requests You can choose whether or not to allow SNMP set requests on the access point Enabling SNMP set requests means that machines on the network can execute configuration changes by using the SNMP agent on the a...

Page 105: ...ask and address mask_length are supported Individual hosts can be provided for this i e I P Address or Hostname For example if you enter a range of 192 168 1 0 24 this specifies a subnetwork with address 192 168 1 0 and a subnet mask of 255 255 255 0 The address range is used to specify the subnet of the designated NMS Only machines with IP addresses in this range are permitted to execute get and ...

Page 106: ...ontrol the OID range that SNMPv3 users can access A MIB view called all that contains all management objects supported by the system is created by default Community name for traps Enter the global community string associated with SNMP traps Traps sent from the device provide this string as a community name The community name can be in any alphanumeric format Special characters are not permitted Do...

Page 107: ...xcludes the subtree 1 3 6 1 4 create an excluded entry with the OID 1 3 6 1 4 Then create an included entry with OID 1 with the same view name Figure 22 SNMPv3 Views Table 26 describes the fields you can configure on the SNMPv3 Views page Table 26 SNMPv3 Views Field Description View Name Enter a name to identify the MIB view View names can contain up to 32 alphanumeric characters Double quote is n...

Page 108: ...ault users of this group have read and write access to default all MIB view which can be modified by the user OID Enter an OID string for the subtree to include or exclude from the view OID string is 256 characters in length For example the system subtree is specified by the OID string 1 3 6 1 2 1 1 Mask The OID mask is 47 characters in length The format of the OID mask is xx xx xx or xx xx xx and...

Page 109: ...By default users of this group have read and write access to default all MIB view which can be modified by the user RWPriv RWAuth and RO groups are defined by default To define additional groups navigate to the SNMP Groups page and configure the settings that Table 27 describes Figure 23 SNMPv3 Groups Table 27 SNMPv3 Groups Field Description Name Specify a name to use to identify the group The def...

Page 110: ...d data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption For groups that require authentication encryption or both you must define the MD5 and DES key passwords on the SNMPv3 Users page Write Views Select the write access to management objects MIBs for the group write all The group can create alter and delete MIBs write none...

Page 111: ... supported and for encryption only DES type is supported There are no default SNMPv3 users on the access point Figure 24 SNMPv3 Users Table 28 describes the fields to configure SNMPv3 users Table 28 SNMP v3 Users Field Description Name Enter the user name to identify the SNMPv3 user User names can contain up to 32 alphanumeric characters Double quote is not a valid character Group Map the user to ...

Page 112: ...thentication type enter a password to enable the SNMP agent to authenticate requests sent by the user The passphrase must be between 8 and 32 characters in length Encryption Type Select the type of privacy to use on SNMP requests from the user DES Use DES encryption on SNMPv3 requests from the user None SNMPv3 requests from this user require no privacy Encryption Key If you specify DES as the priv...

Page 113: ... user name Figure 25 SNMPv3 Target Table 29 SNMPv3 Targets Field Description IP Address Enter the IP address of the remote SNMP manager to receive the target Port Enter the UDP port to use for sending SNMP targets Users Enter the name of the SNMP user to associate with the target To configure SNMP users see Configuring SNMP Users page 106 SNMPv3 Targets This field shows the SNMPv3 Targets on the a...

Page 114: ... SNMP Targets Cisco AP541N Dual band Single radio Access Point Quick Start Guide 109 5 NOTE After you configure the SNMPv3 Target settings you must click Apply to apply the changes and to save the settings ...

Page 115: ...SNMP SNMP Targets 110 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 5 ...

Page 116: ... and to provide a new administration password for the access point The default password is cisco NOTE As an immediate first step in securing your wireless network we recommend that you change the administrator password from the default Figure 26 Administrator Configuration Page Table 30 describes the fields and configuration options on the Administrator page ...

Page 117: ... or phone number of the person to contact regarding issues related to the access point You can use up to 255 alphanumeric and symbols characters ASCII values 32 to 126 excluding double quote Access Point Location Enter the physical location of the access point for example Conference Room A You can use up to 255 alphanumeric and symbols characters ASCII values 32 to 126 excluding double quote Curre...

Page 118: ...ion about the access point settings You can download the configuration file to a management station to manually edit the content or to save as a back up copy When you upload a configuration file to the access point the configuration information in the XML file is applied to the access point Click the AP Configuration tab to access the configuration management page which Figure 27 shows Figure 27 C...

Page 119: ...es to and from the access point After you download a configuration file to the management station you can manually edit the file which is in XML format Then you can upload the edited configuration file to apply those configuration settings to the access point Saving the Current Configuration by using TFTP Use the following steps to save a copy of the current settings on an access point to a backup...

Page 120: ...file but be sure to save the file with an xml extension Restoring the Configuration from a Previously Saved File You can use HTTP or TFTP to transfer files to and from the access point After you download a configuration file to the management station you can manually edit the file which is in XML format Then you can upload the edited configuration file to apply those configuration settings to the ...

Page 121: ...nt Configuration by Using HTTP Use the following steps to save a copy of the current settings on an access point to a backup configuration file by using HTTP STEP 1 Clear the Use TFTP to upload the file option When you clear the radio button the Server IP field is disabled STEP 2 Enter the name of the file to restore STEP 3 Click Restore A File Upload or Choose File dialog box displays STEP 4 Navi...

Page 122: ...tware Upgrade As new versions of the access point software become available you can upgrade the software on your devices to take advantage of new features and enhancements The access point uses a TFTP client for software upgrades You can also use HTTP to perform software upgrades NOTE When you upgrade the software the access point retains the existing configuration information NOTE By default the ...

Page 123: ...tory enter share builds ap ap_upgrade tar in the New Software Image field The software upgrade file supplied must be a tar file Do not attempt to use bin files or files of other formats for the upgrade these types of files will not work STEP 4 Enter the IP address of the TFTP server in the Server IP field STEP 5 Click Upgrade Upon clicking Upgrade a popup confirmation window is displayed that desc...

Page 124: ...adio button the Server IP field is disabled STEP 2 If you know the path to the New Software Image file enter it in the New Software Image field Otherwise click the Browse button and locate the software image file The software upgrade file supplied must be a tar file Do not attempt to use bin files or files of other formats for the upgrade these types of files will not work STEP 3 Click Upgrade to ...

Page 125: ...Events page shows real time system events on the access point such as wireless clients associating with the access point and being authenticated You can view the most recent events generated by this access point and configure logging settings You can enable and configure persistent logging to write system event logs to non volatile memory so that the events are not erased when the system reboots A...

Page 126: ...e 41 Configuring Persistent Logging Options If the system unexpectedly reboots log messages can help you diagnose the cause However log messages are erased when the system reboots unless you enable persistent logging WARNING Enabling persistent logging can wear out the flash non volatile memory and degrade network performance You should only enable persistent logging to debug a problem Make sure y...

Page 127: ... so that the logs are not erased when the access point reboots Choose Disabled to save system logs to volatile memory Logs in volatile memory are deleted when the system reboots Severity Specify the severity level of the log messages to write to non volatile memory For example if you specify 2 critical alert and emergency logs are written to non volatile memory Error messages with a severity level...

Page 128: ...point to send syslog messages to the remote server Remote log server collection for access point syslog messages provides the following features Allows aggregation of syslog messages from multiple access points Stores a longer history of messages than kept on a single access point Triggers scripted management operations and alerts To use Kernel Log relaying you must configure a remote server to re...

Page 129: ...the access point to stop and restart system processes If this happens wireless clients will temporarily lose connectivity We recommend that you change access point settings when WLAN traffic is low Table 32 Log Relay Host Field Description Relay Log Choose to either enable or disable use of the Log Relay Host If you select the Relay Log radio button the Log Relay Host is enabled and the Relay Host...

Page 130: ...erver monitor a specified kernel log file or other storage depending on how you configured the Log Relay Host If you disabled the Log Relay Host clicking Apply disables remote logging Configuring the Web Server Settings The access point can be managed through HTTP or secure HTTP HTTPS sessions By default both HTTP and HTTPS access are enabled Either access type can be disabled To configure the Web...

Page 131: ...TP traffic The default is 80 Maximum Sessions Specify the maximum number of HTTP and HTTPS connections permitted to the access point Web server that are allowed at the same time The permitted range is 1 10 The number you enter affects the number of connections to the access point Configuration Utility It has no impact on the number of wireless clients allowed to associate with the access point Ses...

Page 132: ... IPv4 hosts that are authorized to access the access point management interface by Web Telnet and SNMP If this feature is disabled anyone can access the management interface from any network client by supplying the correct access point username and password To create an access list click the Administration Access Control tab Figure 32 Management ACL NOTE After you configure the settings click Appl...

Page 133: ... Enable or disable the management ACL feature At least one IPv4 address should be configured before enabling Management ACL Mode If enabled only the IP addresses you specify will have Web Telnet SSH and SNMP access to the management interface IP Address 1 5 Enter up to five IPv4 addresses that are allowed management access to the access point Use dotted decimal format for example 192 168 10 100 ...

Page 134: ...on and enables you to view the deployment of access points as a single wireless network rather than a series of separate wireless devices A network subnet can have multiple clusters Clusters can share various configuration information such as VAP settings and QoS queue parameters A cluster can be formed between two access points if the following conditions are met The access points use the same ra...

Page 135: ... then only radio 1 on the dual radio access point is configured with the cluster configuration Radio 2 on the access point remains as it was prior to joining the cluster However if the cluster already has at least one dual radio access point then the second radio of the access point joining the cluster is configured with the cluster settings Viewing and Configuring Cluster Members The Access Point...

Page 136: ... information whether clustering is enabled or disabled Table 35 describes the configuration and status information available on the cluster Access Points page when clustering is enabled Table 35 Access Points in the Cluster Field Description Status If the status field is visible the access point is enabled for clustering If clustering is not enabled then the access point is operating in stand alon...

Page 137: ...icking up cluster configuration changes to configure advanced settings on a particular access point or to switch a standalone access point to cluster mode Table 36 Clustering Options Field Description Location Enter a description of where the access point is physically located The location can be a maximum of 64 characters in length All alphanumeric characters except double quote are valid Null or...

Page 138: ... as standalone instead of cluster Adding an Access Point to a Cluster To add an access point that is currently in standalone mode back into a cluster do the following STEP 1 Go to the Administration pages for the standalone access point STEP 2 Click the Cluster Access Points tab in the Administration pages for the standalone access point The Access Points tab for a standalone access point indicate...

Page 139: ... on the Cluster Access Points page To navigate to clustered access points you can simply click on the IP address for a specific cluster member shown in the list Navigating to an Access Point by Using its IP Address in a URL You can also link to the Administration pages of a specific access point by entering the IP address for that access point as a URL directly into a Web browser address bar in th...

Page 140: ...intains a connection with the wireless network The session begins when the client logs on to the network and the session ends when the client either logs off intentionally or loses the connection for some other reason NOTE A session is not the same as an association which describes a client connection to a particular access point A client network connection can shift from one clustered access poin...

Page 141: ... name is not sent to other access points in the cluster You must configure the same cluster name on each access point that is a member of the cluster The cluster name must be unique for each cluster you configure on the network User MAC Indicates the MAC address of the wireless client device A MAC address is a hardware address that uniquely identifies each node of a network Idle Indicates the amou...

Page 142: ...u must start channel management to get automatic channel assignments it is disabled by default on a new access point At a specified interval the Channel Manager maps access points to channel use and measures interference levels in the cluster If significant channel interference is detected the Channel Manager automatically re assigns some or all of the access points to new channels per an efficien...

Page 143: ...o optimize channel usage across the cluster on a scheduled interval To configure and view the channel assignments for the cluster members click the Channel Management tab Figure 35 Channel Management From this page you can view channel assignments for all access points in the cluster and stop or start automatic channel management By using the Advanced settings on the page you can modify the interf...

Page 144: ...to reduce interference with cluster members or other access points outside the cluster Click Stop to stop automatic channel assignment No channel usage maps or channel re assignments will be made Only manual updates will affect the channel assignment NOTE The proposed channel assignment will not take effect if the Channel field on the Wireless Radio page is set to auto The channel must be set to a...

Page 145: ...on which the access point is broadcasting Channel Radio channel on which this access point is currently broadcasting Locked Click Locked to force the access point to remain on the current channel When Locked is selected enabled for an access point automated channel management plans do not re assign the access point to a different channel as a part of the optimization strategy Instead access points...

Page 146: ...for automatic updates and reconfigure the channel set used for assignments If there are no fields showing in the Advanced section click the toggle button to display the settings that modify timing and details of the channel planning algorithm Table 40 Advanced Channel Management Settings Field Description Change channels if interference is reduced by at least Specify the minimum percentage of inte...

Page 147: ... 20 detected access points are reported per access point To see all the detected access points directly access the Neighboring Access Points page of the specific access point For each neighbor access point the Wireless Neighborhood view shows identifying information SSID or Network Name IP address MAC address along with radio statistics signal strength channel beacon interval You can click on an a...

Page 148: ...a wireless domain so that you can take action to limit associated risks Verify coverage expectations By assessing which access points are visible at what signal strength from other access points you can verify that the deployment meets your planning goals Detect faults Unexpected changes in the coverage pattern are evident at a glance in the color coded table Figure 36 Wireless Neighborhood Table ...

Page 149: ...ot in cluster Shows only neighbor access points that are not cluster members Both Shows all neighbor access points cluster members and non members Cluster The Cluster list at the top of the table shows IP addresses for all access points in the cluster This is the same list of cluster members shown on the Cluster Access Points tab If there is only one access point in the cluster only a single IP ad...

Page 150: ...ber for example 50 indicates good signal strength detected from the Neighbor seen by the access point with the IP address listed above that column Lighter Blue Bar A lighter blue bar and a lower signal strength number for example 20 or lower indicates medium or weak signal strength from the Neighbor seen by the access point with the IP address listed above that column White Bar A white bar and the...

Page 151: ...Viewing Details for a Cluster Member To view details on a cluster member access point click on the IP address of a cluster member at the top of the page Figure 37 shows the Neighbor Details for Radio 1 of the access point with an IP address of 10 27 64 177 Figure 37 Details for a Cluster Member AP Table 42 describes the parameters of an access point ...

Page 152: ...ifies each node of a network Channel Shows the channel on which the access point is broadcasting The Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving Rate Shows the rate in megabits per second at which this access point is currently transmitting The current rate will always be one of the rates shown in Supported Rates Signal Indicates the strengt...

Page 153: ...Clustering Multiple Access Points Viewing Wireless Neighborhood Information 148 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 7 ...

Page 154: ...Configuration Utility or SNMP This chapter describes how to perform the following procedures Configuring a VAP Configuring Wireless Radio Settings Configuring the Wireless Distribution System Clustering Access Points For all SNMP examples the objects you use to modify the access point are in a private MIB The path to the tables that contain the objects is iso 1 org 3 dod 6 internet 1 private 4 ent...

Page 155: ...AP541N Dual band Single radio Access Point Quick Start Guide 8 Figure 38 MIB Tree Configuring a VAP This example shows how to configure VAP 3 with the following non default settings VLAN ID 3 SSID Marketing Security WPA Personal using WPA2 with CCMP AES ...

Page 156: ...ect the check box STEP 3 Enter 3 in the VLAN ID column STEP 4 In the SSID column delete the existing SSID and type Marketing STEP 5 Select WPA Personal from the menu in the Security column The screen refreshes and additional fields appear STEP 6 Select the WPA2 and CCMP AES options and clear the WPA and TKIP options STEP 7 Enter a WPA encryption key in the Key field The key can be a mix of alphanu...

Page 157: ...o up 1 STEP 5 Use the apVapVlanID object to set the VLAN ID of VAP 2 to 2 STEP 6 Navigate to the objects in the apIfConfig table STEP 7 Walk the apIfConfigName object to view the instance ID for VAP 2 wlan0vap2 VAP 2 on wireless Radio 1 is instance 7 STEP 8 Set the value of instance 7 in the apIfConfigSsid object to Marketing STEP 9 Set the value of instance 7 in the apIfConfigSecurity object to w...

Page 158: ...ings Mode IEEE 802 11b g n Channel 6 Channel Bandwidth 40 MHz Maximum Stations 100 Transmit Power 75 Wireless Radio Configuration from the Web Interface STEP 1 Log onto the access point and navigate to the Wireless Advanced Settings page STEP 2 Make sure the number 1 appears in the wireless Radio field and that the status is On STEP 3 From the Mode menu select 802 11b g n STEP 4 From the Channel f...

Page 159: ...Configuration Examples Configuring Wireless Radio Settings 154 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 8 STEP 8 Click Apply to update the access point with the new settings ...

Page 160: ...hannel assignment STEP 6 Use the apRadioStaticChannel object to set the channel to 6 STEP 7 Use the apRadioChannelBandwith object to set the channel bandwidth for wireless Radio 1 to 40 MHz 2 STEP 8 Use the apRadioTxPower object to set the transmission power on wireless Radio 1 to 75 STEP 9 Navigate to the objects in the apBssTable STEP 10 Use the apBssMaxStations object to set the value of the ma...

Page 161: ...ded in the Local Address field STEP 2 Enter the MAC address for MyAP2 in the Remote Address field STEP 3 STEP 4 Select WPA PSK from the Encryption menu NOTE The WPA PSK option is available only if VAP 0 on wireless Radio 1 uses WPA PSK as the security method If VAP 0 is not set to WPA Personal or WPA Enterprise you must choose either None Plain text or WEP for WDS link encryption STEP 5 Enter wds ...

Page 162: ...e ID for the first WDS link wlan0wds0 The first WDS link is instance 1 STEP 4 Set the value of instance 1 in the apIfConfigRemoteMac object to 00 30 AB 00 00 B0 In the MG Soft browser the format for the MAC address value to set is 0x00 0x30 0xAB 0x00 0x00 0xB0 STEP 5 Set the value of instance 1 in the apIfConfigWdsSecPolicy object to WPA Personal 3 STEP 6 Set the value of instance 1 in the apIfCon...

Page 163: ...name is MyCluster Clustering APs by Using the Web Interface STEP 1 Log onto the access point and navigate to the Cluster Access Points page STEP 2 Enter the access point location and the name of the cluster for it to join STEP 3 Click Apply STEP 4 Click Enable Clustering to enable the clustering feature After you refresh the page other APs that are on the same bridged segment have wireless radios ...

Page 164: ...rt the automatic channel assignment feature go to the Channel Management page A table on the page displays the current channel assignments STEP 6 Click Start The page refreshes and lists the proposed channel changes for all APs in the cluster The interval setting in the Advanced section determine how often proposed changes are applied ...

Page 165: ...guration Examples Clustering Access Points 160 Cisco AP541N Dual band Single radio Access Point Quick Start Guide 8 Clustering Access Points by Using SNMP Cluster configuration by using SNMP is not supported ...

Page 166: ...ure Default System Information User Name cisco Password cisco Ethernet Interface Settings Connection Type DHCP DHCP Enabled IP Address 192 168 10 10 if no DHCP server is connected Subnet Mask 255 255 255 0 DNS Name None Management VLAN ID 1 Untagged VLAN ID 1 Radio Settings Radio Off Radio 1 IEEE 802 11 Mode 802 11b g n 802 11b g n Channel Auto Wireless Radio 1 Channel Bandwidth 20 MHz 802 11a n C...

Page 167: ... 9 6 IEEE 2 4 GHz 802 11g 54 48 36 24 18 12 11 9 6 5 5 2 1 Rate Sets Mbps Basic Advertised IEEE 802 11a 24 12 6 IEEE 802 11b 2 1 IEEE 802 11g 11 5 5 2 1 EEE 5 GHz 802 11n 24 12 6 IEEE 2 4 GHz 802 11n 11 5 5 2 1 SSIDs cisco data cisco voice cisco scan Broadcast Multicast Rate Limiting Enabled Fixed Multicast Rate Auto Beacon Interval 100 DTIM Period 2 Fragmentation Threshold 2346 RTS Threshold 2347...

Page 168: ...e None RADIUS IP Address 0 0 0 0 RADIUS Key secret RADIUS Accounting Disabled HTTP Redirect None Other Default Settings WDS Settings None STP Disabled MAC Authentication No stations in list Load Balancing Disabled SNMP Enabled RO SNMP Community Name Public Managed AP Mode Disabled Authentication 802 1X Supplicant Disabled Management ACL Disabled HTTP Access Enabled HTTPS Access Enabled SNMP Agent ...

Page 169: ...dio Access Point Quick Start Guide 9 Telnet Access Enabled SSH Access Enabled WMM Enabled Network Time Protocol NTP None Clustering Stopped Client QoS Global Admin Mode Disabled VAP QoS Mode Disabled Table 43 UAP Default Settings Continued Feature Default ...

Page 170: ...tp www cisco com en US products ps10492 index html Cisco AP541N Wall Mount Template http www cisco com en US docs wireless access_point csbap AP541N release_notes 78 19205 pdf Firmware Downloads www cisco com en US products ps10024 index html Customer Support www cisco com en US support tsd_cisco_small_business_support_center_ contacts html Online Technical Support Login Required www cisco com sup...

Page 171: ...ce and Safety Information www cisco com en US products ps10024 tsd_products_support_series_home html Cisco Configuration Assistant http www cisco com en US products ps7287 index html Cisco Partner Central site for Small Business www cisco com web partners sell smb Cisco Small Business Home www cisco com smb Marketplace www cisco com go marketplace Resource Location ...

Page 172: ...ed trademarks or trademarks of Cisco and or its affiliates in the United States and certain other countries All other trademarks mentioned in this document or website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1002R ...

Reviews:

No comments

Related manuals for Small Business AP541N

Brand: Majesti-Fi Pages: 2

Brand: D-Link Pages: 3

B-Link B-LINK-MIFI

Brand: Brickhouse Security Pages: 8

Brand: LevelOne Pages: 42

Brand: TUYA Pages: 13

Brand: Topcom Pages: 196

Brand: Cisco Pages: 90

Brand: Technicolor Pages: 80

Brand: PHICOMM Pages: 53

Brand: Cambium Networks Pages: 52

Brand: Quectel Pages: 43

Brand: AAxeon Pages: 14

Brand: Novatel Pages: 88

Brand: Ebyte Pages: 14

Brand: Ebyte Pages: 27

Brand: Quantum Pages: 18

Brand: Quantum Pages: 21

Brand: Lava Pages: 12

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands