Cisco WAP371 Administration Manual Download | Manualshive

Page: 133 / 166

background image

9

Cisco Small Business WAP371 Wireless Access Point Administration Guide

129

Captive Portal

This chapter describes the Captive Portal (CP) feature, which allows you to block wireless
clients from accessing the network until user verification has been established. You can
configure CP verification to allow access for both guest and authenticated users.

Authenticated users must be validated against a database of authorized Captive Portal groups
or users before access is granted. The database can be stored locally on the WAP device or on
a RADIUS server.

Captive Portal consists of two CP instances. Each instance can be configured independently,
with different verification methods for each VAP or SSID. Cisco WAP371 devices operate
concurrently with some VAPs configured for CP authentication and other VAPs configured for
normal wireless authentication methods, such as WPA or WPA Enterprise.

This chapter includes these topics:

•

Local Groups

•

Local Users

•

Instance Configuration

•

Instance Association

•

Web Portal Customization

•

Captive Portal Global Configuration

•

Authenticated Clients

•

Failed Authentication Clients

Local Groups

Each local user is assigned to a user group. Each group is assigned to a CP instance. The group
facilitates managing the assignment of users to CP instances.

«
...
131
132
133
134
135
...
»

Summary of Contents for WAP371

Page 1: ...Cisco Small Business WAP371 Wireless AC N Dual Radio Access Point with Single Point Setup ADMINISTRATION GUIDE ...

Page 2: ...ummary 13 Network Interfaces 15 Traffic Statistics 16 WorkGroup Bridge Transmit Receive 16 Associated Clients 17 TSPEC Client Associations 18 TSPEC Status and Statistics 20 TSPEC AP Statistics 22 Radio Statistics 22 Email Alert Status 24 Log 24 Chapter 3 Administration 25 System Settings 25 User Accounts 26 Time Settings 28 Log Settings 29 Email Alert 31 LED Display 34 HTTP HTTPS Service 35 Manage...

Page 3: ...tion 50 Chapter 4 LAN 52 Port Settings 52 VLAN and IPv4 Address Settings 53 IPv6 Addresses 54 IPv6 Tunnel 56 LLDP 57 Chapter 5 Wireless 60 Radio 60 Rogue AP Detection 68 Networks 71 Scheduler 82 Scheduler Association 85 Bandwidth Utilization 86 MAC Filtering 86 WDS Bridge 88 WorkGroup Bridge 91 Quality of Service 94 Chapter 6 System Security 99 RADIUS Server 99 802 1X Supplicant 101 Password Compl...

Page 4: ...tatus 121 Chapter 8 Simple Network Management Protocol 123 General SNMP Settings 123 Views 126 Groups 127 Users 129 Targets 130 Chapter 9 Captive Portal 132 Local Groups 132 Local Users 133 Instance Configuration 134 Instance Association 137 Web Portal Customization 138 Captive Portal Global Configuration 142 Authenticated Clients 143 Failed Authentication Clients 144 Chapter 10 Single Point Setup...

Page 5: ...s Access Point Administration Guide 4 Contents Sessions 152 Channel Management 154 Wireless Neighborhood 157 Appendix A Deauthentication Message Reason Codes 161 Deauthentication Reason Code Table 161 Appendix B Where to Go From Here 163 ...

Page 6: ... Internet Explorer 7 0 or later Chrome 5 0 or later Firefox 3 0 or later Safari 3 0 or later Browser Restrictions If you are using Internet Explorer 6 you cannot directly use an IPv6 address to access the AP You can however use the Domain Name System DNS server to create a domain name that contains the IPv6 address and then use that domain name in the address bar in place of the IPv6 address When ...

Page 7: ...elp you perform initial configurations Follow these steps to complete the wizard NOTE If you click Cancel to bypass the Wizard the Change Password page appears You can then change the default password for logging in For all other settings the factory default configurations apply You must log in again after changing your password STEP 1 Click Next on the Welcome page of the Wizard The Configure Dev...

Page 8: ...the password security rules However we strongly recommend keeping the password security rules enabled STEP 9 Click Next The Enable Security Name Your Wireless Network window appears for the Radio 1 interface NOTE For this window and the following two windows Wireless Security and VLAN ID you configure these settings for the Radio 1 interface first Then the windows repeat to enable you to configure...

Page 9: ...stem Security STEP 21 Click Next The Wizard displays the Enable Captive Portal Assign the VLAN ID window STEP 22 Specify a VLAN ID for the guest network The guest network VLAN ID should be different from the management VLAN ID STEP 23 Click Next The Wizard displays the Enable Captive Portal Enable Redirect URL window STEP 24 Select Enable Redirect URL and specify a fully qualified domain name or I...

Page 10: ...uration utility Links on the Getting Started Page Category Link Name on the Page Linked Page Initial Setup Run Setup Wizard Using the Access Point Setup Wizard Configure Radio Settings Radio Configure Wireless Network Settings Networks Configure LAN Settings LAN Configure Single Point Setup Single Point Setup Device Status System Summary System Summary Wireless Status Network Interfaces Quick Acce...

Page 11: ...op level features of the WAP devices If a main menu item is preceded by an arrow select to expand and display the submenu of each group You can then select on the desired submenu item to open the associated page Buttons Button Name Description User The account name Administrator or Guest of the user logged into the AP The factory default user name is cisco Log Out Click to log out of the web based...

Page 12: ... Button Name Description Add Adds a new entry to the table or database Cancel Cancels the changes made to the page Clear All Clears all entries in the log table Delete Deletes an entry in a table Select an entry first Edit Edits or modifies an existing entry Select an entry first Refresh Redisplays the current page with the latest data Save Saves the settings or configuration Update Updates the ne...

Page 13: ...Getting Started Window Navigation Cisco Small Business WAP371 Wireless Access Point Administration Guide 9 1 ...

Page 14: ...C AP Statistics Radio Statistics Email Alert Status Log System Summary The System Summary page shows basic information such as the hardware model description software version and the time that has elapsed since the last reboot To view system information select Status and Statistics System Summary in the navigation pane You can also select System Summary under Device Status on the Getting Started p...

Page 15: ...e service uses TCP or UDP Local IP Address The IP address if any of a remote device that is connected to this service on the WAP device All indicates that any IP address on the device can use this service Local Port The port number for the service Remote IP Address The IP address of a remote host if any that is using this service All indicates that the service is available to all remote hosts that...

Page 16: ...us These settings include the Wireless Radio mode Enabled or Disabled the MAC address associated with both the radio interfaces the 802 11 mode a b g n ac the channel used by the interface and the operational bandwidth To change the wireless settings click the Edit link After you click Edit you are redirected to the Radio page See Radio for descriptions of these fields Interface Status This table ...

Page 17: ...s radio 1 and WLAN1 represents radio 2 Total Packets The total packets sent in Transmit table or received in Received table by this WAP device Total Bytes The total bytes sent in Transmit table or received in Received table by this WAP device Total Dropped Packets The total number of dropped packets sent in Transmit table or received in Received table by this WAP device Total Dropped Bytes The tot...

Page 18: ...work Total Bytes The total number of bytes bridged between the wired clients in the WorkGroup Bridge and the wireless network You can click Refresh to refresh the screen and show the most current information Associated Clients You can use the Associated Clients page to view the client stations associated with a particular access point To show the Associated Clients page select Status and Statistic...

Page 19: ...less client Packets Number of packets received transmitted from the wireless client Bytes Number of bytes received transmitted from the wireless client Drop Packets Number of packets dropped after being received transmitted Drop Bytes Number of bytes that dropped after being received transmitted TS Violate Packets From Station Number of packets sent from a client STA to the WAP device in excess of...

Page 20: ...he TSPEC Client Associations page shows this information Status and Statistics Network Interface Radio interface used by the client WLAN0 represents radio 1 and WLAN1 represents radio 2 SSID Service set identifier associated with this TS client Station Client station MAC address TS Identifier TSPEC Traffic Session Identifier range 0 to 7 Access Category TS Access Category voice or video Direction ...

Page 21: ...blished and admission is required by the WAP device To Station The number of packets and bytes transmitted from the WAP device to the wireless client Packets Number of packets in excess of an admitted TSPEC Bytes Number of bytes for which no TSPEC has been established when admission is required by the WAP device You can click Refresh to refresh the screen and show the most current information TSPE...

Page 22: ...lients associated with this radio and Access Category Medium Time Admitted Time allocated for this Access Category over the transmission medium to carry data This value should be less than or equal to the maximum bandwidth allowed over the medium for this TS Medium Time Unallocated Time of unused bandwidth for this Access Category These statistics appear separately for the transmit and receive pat...

Page 23: ...and the total number of rejected voice traffic streams TSPEC Statistics Summary for Video ACM The total number of accepted and the total number of rejected video traffic streams You can click Refresh to refresh the screen and show the most current information Radio Statistics You can use the Radio Statistics page to show packet level and byte level statistics for each wireless radio interface To v...

Page 24: ...ount Number of times an MSDU was not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit FCS Error Count Count of FCS errors detected in a received MPDU frame Transmit Retry Count Number of times an MSDU is successfully transmitted after one or more retries ACK Failure Count Count of ACK frames not received when expected RTS Failure Coun...

Page 25: ...r of 32 bits The default is 0 Time Last Email Sent The day date and time when the last email was sent You can click Refresh to show the most current information Log The Log page shows a list of system events that generated a log entry such as login attempts and configuration changes The log is cleared upon a reboot and can be cleared by an administrator Up to 512 events can be shown Older entries ...

Page 26: ...s System Settings User Accounts Time Settings Log Settings Email Alert LED Display Management Access Control Manage Firmware Download Backup Configuration File Configuration Files Properties Copy Save Configuration Reboot Discovery Bonjour Packet Capture Support Information System Settings The System Settings page enables you to configure information that identifies the WAP device within the netwo...

Page 27: ...son for the WAP device The System Contact can be 0 to 255 characters long and can include spaces and special characters System Location Description of the physical location of the WAP device The System Location can be 0 to 255 characters long and can include spaces and special characters STEP 3 Click Save The changes are saved to the Startup Configuration User Accounts One management user is confi...

Page 28: ...s are saved to the Startup Configuration NOTE To delete a user select the check box next to the user name and select Delete To save your deletion permanently select Save when complete Changing a User Password To change a user password STEP 1 Select Administration User Accounts in the navigation pane The User Account Table shows the currently configured users The user cisco is preconfigured in the ...

Page 29: ...se NTP to have the WAP device automatically acquire its time settings STEP 1 For the System Clock Source field select Network Time Protocol NTP STEP 2 Configure these parameters NTP Server IPv4 IPv6 Address Name Specify the IPv4 address IPv6 address or hostname of an NTP server A default NTP server is listed A hostname can consist of one or more labels which are sets of up to 63 alphanumeric chara...

Page 30: ...is applicable to your time zone When selected configure these fields Daylight Savings Start Select the week day month and time when daylight savings time starts Daylight Savings End Select the week day month and time when daylight savings time ends Daylight Savings Offset Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends STEP 4 Clic...

Page 31: ...le memory For example if you specify 2 critical then critical alert and emergency events are logged to nonvolatile memory Error messages with a severity level of 3 to 7 are written to volatile memory Depth The maximum number of messages up to 512 that can be stored in volatile memory When the number you configure in this field is reached the oldest log event is overwritten by the newest log event ...

Page 32: ... 514 Using the default port is recommended If you choose to reconfigure the log port make sure that the port number you assign to syslog is available for use STEP 3 Click Save The changes are saved to the Startup Configuration If you enabled a Remote Log host clicking Save activates remote logging The WAP device sends its kernel messages real time for display to the remote log server monitor a spe...

Page 33: ... is 30 minutes Scheduled Message Severity Log messages of this severity level or higher are grouped and sent to the configuration email address at the frequency specified by the Log Duration Select from these values None Emergency Alert Critical Error Warning Notice Info and Debug If set to None then no scheduled severity messages are sent The default severity is Warning Urgent Message Severity Lo...

Page 34: ...account that will be used to send these mails The password can be from 1 to 64 characters STEP 4 Configure the email addresses and subject line To Email Address 1 2 3 Enter up to three addresses to receive email alerts Each email address must be valid Email Subject Enter the text to appear in the email subject line This can be up to a 255 character alphanumeric string STEP 5 Click Test Mail to sen...

Page 35: ...sday September 09 2009 11 16 AM To administrator mailserver com Subject log message from AP TIME PriorityProcess Id Message Sep 8 03 48 25 info login 1457 root login on ttyp0 Sep 8 03 48 26 info mini_http ssl 1175 Max concurrent connections of 20 reached LED Display The WAP device has 3 LEDs Power Ethernet and WLAN Use the LED Display page to enable or disable all the LEDs The LED Display is enabl...

Page 36: ...ity receives an error message about the session limit Session Timeout The maximum amount of time in minutes an inactive user remains logged on to the WAP device configuration utility When the configured timeout is reached the user is automatically logged off The range is from 1 to 60 minutes The default is 10 minutes STEP 3 Configure HTTP and HTTPS services HTTP Server Enables access through HTTP ...

Page 37: ...rtificate Expiration Date Certificate Issuer Common Name If an SSL certificate with a pem extension exists on the WAP device you can download it to your computer as a backup In the Download SSL Certificate From Device to PC area select HTTP or TFTP for the Download Method and click Download If you select HTTP you are prompted to confirm the download and then to browse to the location to save the f...

Page 38: ...e address does not change over time To create an access list STEP 1 Select Administration Management Access Control in the navigation pane STEP 2 Select Enable for the Management ACL Mode STEP 3 Enter up to five IPv4 and five IPv6 addresses that will be allowed access STEP 4 Verify the IP addresses are correct STEP 5 Click Save The changes are saved to the Startup Configuration Manage Firmware The...

Page 39: ...normal operation with the same configuration settings it had before the upgrade TFTP Upgrade To upgrade the firmware on an access point using TFTP STEP 1 Select Administration Manage Firmware in the navigation pane The Product ID PID VID and active and inactive firmware versions appear STEP 2 Select TFTP for Transfer Method STEP 3 Enter a name 1 to 256 characters for the image file in the Source F...

Page 40: ...y the new firmware image Uploading the new software may take several minutes Do not refresh the page or navigate to another page while uploading the new software or the software upload is aborted When the process is complete the access point restarts and resumes normal operation STEP 4 To verify that the firmware upgrade completed successfully log into the user interface display the Upgrade Firmwa...

Page 41: ... enter the TFTP Server IPv4 Address The filename cannot contain the following characters spaces and two or more successive periods STEP 5 For a TFTP backup only enter the TFTP Server IPv4 Address STEP 6 Select which configuration file you want to back up Startup Configuration Configuration file type used when the WAP device last booted This does not include any configuration changes applied but no...

Page 42: ...heck then the downloaded configuration takes effect the next time the AP reboots STEP 6 Click Save to begin the upgrade or backup For HTTP downloads a window appears to enable you to browse to select the file to download When the download is finished a window indicates success CAUTION Ensure that power to the AP remains uninterrupted while the configuration file is downloading If a power failure o...

Page 43: ...iguration Configuration file type used when the WAP device last booted This does not include any configuration changes applied but not yet saved to the WAP device Backup Configuration Backup configuration file type saved on the WAP device Mirror Configuration If the Startup Configuration is not modified for at least 24 hours it is automatically saved to a Mirror Configuration file The Mirror Confi...

Page 44: ...twork configuration in small business environments The AP advertises these service types Cisco specific device description csco sb This service enables clients to discover Cisco WAP devices and other products deployed in small business networks Management user interfaces This service identifies the management interfaces available on the WAP device HTTP HTTPS and SNMP When a Bonjour enabled WAP dev...

Page 45: ...h as Wireshark and OmniPeek Remote capture method Captured packets are redirected in real time to an external computer running the Wireshark tool The WAP device can capture these types of packets 802 11 packets received and transmitted on radio interfaces Packets captured on radio interfaces include the 802 11 header 802 3 packets received and transmitted on the Ethernet interface 802 3 packets re...

Page 46: ...ent with a specified MAC address Client Filter MAC Address Specifies the MAC address for WLAN client filtering NOTE The MAC filter is active only when a capture is performed on an 802 11 interface Packet Capture Method Select one of these options Local File Captured packets are stored in a file on the WAP device Remote Captured packets are redirected in real time to an external computer running th...

Page 47: ...the capture The range is from 10 to 3600 The default is 60 Max Capture File Size Enter the maximum allowed size for the capture file in KB The range is from 64 to 4096 The default is 1024 STEP 3 Click Save The changes are saved to the Startup Configuration STEP 4 Click Start Capture In Packet File Capture mode the WAP device stores captured packets in the RAM file system Upon activation the packet...

Page 48: ...t work with the WAP device When remote capture mode is in use the WAP device does not store any captured data locally in its file system If a firewall is installed between the Wireshark computer and the WAP device the traffic for these ports must be allowed to pass through the firewall The firewall must also be configured to allow the Wireshark computer to initiate a TCP connection to the WAP devi...

Page 49: ...92 168 1 220 2002 wlan0vap1 wlan0vap7 At WAP371 VAP1 VAP7 traffic for radio 2 rpcap 192 168 1 220 2002 wlan1vap1 wlan1vap7 You can trace up to four interfaces on the WAP device at the same time However you must start a separate Wireshark session for each interface To initiate additional remote capture sessions repeat the Wireshark configuration steps no configuration needs to be done on the WAP de...

Page 50: ...apturing traffic Packet capture parameters other than mode are saved in NVRAM Enabling the packet capture feature can create a security issue Unauthorized clients may be able to connect to the WAP device and trace user data The performance of the WAP device also is negatively impacted during packet capture and this impact continues to a lesser extent even when there is no active Wireshark session ...

Page 51: ...lick OK A dialog box displays that enables you to choose a network location to save the file Support Information The Support Information page enables you to download a text file that contains detailed configuration information about the AP The file includes software and hardware version information MAC and IP addresses the administrative and operational status of features user configured settings ...

Page 52: ...Administration Support Information Cisco Small Business WAP371 Wireless Access Point Administration Guide 48 3 ...

Page 53: ...ttings STEP 1 Select LAN Port Settings in the navigation area The Operational Status area shows the type of port used for the LAN port and the Link characteristics as configured in the Administrative Settings area If the settings change through configuration or auto negotiation you can click Refresh to show the latest settings STEP 2 Enable or disable Auto Negotiation When enabled the port negotia...

Page 54: ...s Global Settings and IPv4 Settings The Global Settings area shows the MAC address of the LAN interface port This field is read only STEP 2 Configure these Global Settings Untagged VLAN Enables or disables VLAN tagging When enabled the default all traffic is tagged with a VLAN ID By default all traffic on the access point uses VLAN 1 the default untagged VLAN This means that all traffic is untagge...

Page 55: ...x xxx 192 0 2 10 Static IP Address Subnet Mask and Default Gateway If you elected to assign a static IP address enter the IP information Domain Name Servers Select an option from the list Dynamic The AP acquires DNS server addresses from a DHCP server on the LAN Manual You manually configure one or more DNS server addresses Enter up to two IP addresses in the text boxes STEP 4 Click Save The chang...

Page 56: ...dresses have already been configured automatically Static IPv6 Address Prefix Length The prefix length of the static address which is an integer in the range of 0 to 128 The default is 0 Static IPv6 Address Status One of the following values appears Operational The IP address has been verified as unique on the LAN and is usable on the interface Tentative The WAP device initiates a duplicate addres...

Page 57: ... WAP device acts as an ISATAP client An ISATAP enabled host or router must reside on the LAN The IP address or hostname of the router is configured on the WAP device by default it is isatap If configured as a hostname the WAP device communicates with a DNS server to resolve the name into one or more ISATAP router addresses The WAP device then sends solicit messages to the router s When an ISATAP e...

Page 58: ...EEE 802 1AB standard and allows the UAP to advertise information about itself such as the system name system capabilities and power requirements This information can help you identify system topology and detect bad configurations on the LAN The AP also supports the Link Layer Discovery Protocol for Media Endpoint Devices LLDP MED which standardizes additional information elements that devices can ...

Page 59: ...LAN LLDP Cisco Small Business WAP371 Wireless Access Point Administration Guide 55 4 High Low Unknown STEP 3 Click Save The settings are saved to the system ...

Page 60: ...LAN LLDP Cisco Small Business WAP371 Wireless Access Point Administration Guide 56 4 ...

Page 61: ...ue AP Detection Networks Scheduler Scheduler Association Bandwidth Utilization MAC Filtering WDS Bridge WorkGroup Bridge Quality of Service Radio Radio settings directly control the behavior of the radio in the WAP device and its interaction with the physical medium that is how and what type of signal the WAP device emits To configure radio settings STEP 1 Select Wireless Radio in the navigation p...

Page 62: ...P device should either be powered by a power adapter or an IEEE 802 3at Power Source Equipment PSE If the required power by the WAP device exceeds the maximum power delivered by the PSE then the WAP device may reboot MAC Address The Media Access Control MAC address for the interface The MAC address is assigned by the manufacturer and cannot be changed Mode The IEEE 802 11 standard and frequency th...

Page 63: ...20 MHz channel bandwidth and for legacy clients Select one of these options Upper Sets the Primary Channel as the upper 20 MHz channel in the 40 MHz band Lower Sets the Primary Channel as the lower 20 MHz channel in the 40 MHz band Lower is the default selection Channel The portion of the radio spectrum the radio uses for transmitting and receiving The range of available channels is determined by ...

Page 64: ...sage and radar interference WDS will only work if both the APs operate on the same channel For more information on WDS see WDS Bridge page 85 Short Guard Interval Supported This field is available only if the selected radio mode includes 802 11n The guard interval is the dead time in nanoseconds between OFDM symbols The guard interval prevents Inter Symbol and Inter Carrier Interference ISI ICI Th...

Page 65: ...you specify indicates how often the clients served by this WAP device should check for buffered data still on the WAP device awaiting pickup The measurement is in beacons For example if you set this field to 1 clients check for buffered data on the WAP device at every beacon If you set this field to 10 clients check on every 10th beacon Fragmentation Threshold The frame size threshold in bytes The...

Page 66: ...nly for legacy 802 11 data frames i e not for 802 11n or 802 11ac In the case of 802 11n and 802 11ac AMPDU transmissions are protected by an RTS CTS exchange regardless of the frame lengths Maximum Associated Clients The maximum number of stations allowed to access each radio of this WAP device at any one time You can enter an integer between 0 and 200 The default is 200 stations The dual radio W...

Page 67: ...s and client stations on the network It is generally more efficient to have a WAP device broadcast a subset of its supported rate sets Broadcast Multicast Rate Limiting Multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network By default the Multicast Broadcast Rate Limiting option is disabled Until you enable Mul...

Page 68: ...ry By default TSPEC Video ACM mode is off The options are On A station is required to send a TSPEC request for bandwidth to the WAP device before sending or receiving a video traffic stream The WAP device responds with the result of the request which includes the allotted medium time if the TSPEC was admitted Off A station can send and receive video priority traffic without requiring an admitted T...

Page 69: ...P listed as a rogue is legitimate you can add it to the Known AP List NOTE The Detected Rogue AP List and Trusted AP List provide information that you can use to take further action The AP does not have any control over rogue APs on the lists and cannot apply any security policies to APs detected through the RF scan To view more information about rogue APs select Wireless Rogue AP Detection in the...

Page 70: ... rogue device is an AP that supports the IEEE 802 11 Wireless Networking Framework in Infrastructure Mode Ad hoc indicates a rogue station running in Ad hoc mode Stations set to Ad hoc mode communicate with each other directly without the use of a traditional AP Ad hoc mode is an IEEE 802 11 Wireless Networking Framework also referred to as peer to peer mode or an Independent Basic Service Set IBS...

Page 71: ...When the AP sends a broadcast frame to a STA using the default rates then the field will report 1 Mbps for 2 4Ghz radios and 6 Mbps for 5 Ghz radios Clients that are idle are most likely to report the low default rates Signal The strength of the radio signal emitting from the rogue AP If you hover the mouse pointer over the bars a number representing the strength in decibels dB appears Beacons The...

Page 72: ...olons for example 00 11 22 33 44 55 You must separate entries with a single space For the AP to accept the file it must contain only MAC addresses STEP 3 Choose whether to replace the existing Trusted AP List or add the entries in the imported file to the Trusted AP List a Select Replace to import the list and replace the contents of the Known AP List b Select Merge to import the list and add the ...

Page 73: ...racter and the period ASCII 0x2E is also allowed VLAN IDs Each VAP is associated with a VLAN which is identified by a VLAN ID VID A VID can be any value from 1 to 4094 inclusive The WAP371 device supports 17 active VLANs 16 for WLAN plus one management VLAN By default the VID assigned to the configuration utility for the WAP device is 1 which is also the default untagged VID If the management VID ...

Page 74: ...VAP NOTE If you are connected as a wireless client to the same WAP device that you are administering resetting the SSID will cause you to lose connectivity to the WAP device You need to reconnect to the new SSID after you save this new setting Broadcast SSID Enables and disables the broadcast of the SSID Specify whether to allow the WAP device to broadcast the SSID in its beacon frames The Broadca...

Page 75: ...s clients can communicate with one another normally by sending traffic through the WAP device When enabled the WAP device blocks communication between wireless clients on the same VAP The WAP device still allows data traffic between its wireless clients and wired devices on the network across a WDS link and with other wireless clients associated with a different VAP but not among wireless clients ...

Page 76: ...tial network configuration or for problem solving but it is not recommended for regular use on the internal network because it is not secure Static WEP Wired Equivalent Privacy WEP is a data encryption protocol for 802 11 wireless networks All wireless stations and access points on the network are configured with a static 64 bit 40 bit secret key 24 bit initialization vector IV or 128 bit 104 bit ...

Page 77: ...equired updates automatically based on how you set the key length and key type 802 1X Authentication The authentication algorithm defines the method used to determine whether a client station is allowed to associate with WAP device when static WEP is the security mode Specify the authentication algorithm you want to use by choosing one of these options Open System authentication allows any client ...

Page 78: ...point Or they can all use the same key but using the same key is less secure because it means one station can decrypt the data being sent by another On some wireless client software you can configure multiple WEP keys and define a client station transfer key index and then set the stations to encrypt the data they transmit using different keys This ensures that neighboring access points cannot dec...

Page 79: ...s only the RADIUS server or servers for the address type you select in this field Server IP Address 1 or Server IPv6 Address 1 The address for the primary RADIUS server for this VAP When the first wireless client tries to authenticate with the WAP device the WAP device sends an authentication request to the primary server If the primary server responds to the authentication request the WAP device ...

Page 80: ...broadcast key is not refreshed Session Key Refresh Rate The interval at which the WAP device refreshes session unicast keys for each client associated with the VAP The valid range is from 0 to 86400 seconds A value of 0 indicates that the session key is not refreshed WPA Personal WPA Personal is a Wi Fi Alliance IEEE 802 11i standard which includes AES CCMP and TKIP encryption The Personal version...

Page 81: ...erent types of characters uppercase and lowercase alphabetic letters numbers and special characters are used and how long the string is If the WPA PSK complexity check feature is enabled the key is not accepted unless it meets the minimum criteria See WPA PSK Complexity for information on configuring the complexity check Broadcast Key Refresh Rate The interval at which the broadcast group key is r...

Page 82: ... IP address and RADIUS Key A valid CCMP AES IP address and RADIUS Key Use Global RADIUS Server Settings By default each VAP uses the global RADIUS settings that you define for the WAP device see RADIUS Server However you can configure each VAP to use a different set of RADIUS servers To use the global RADIUS server settings make sure the check box is selected To use a separate RADIUS server for th...

Page 83: ... Active Server Enables the administrative selection of the active RADIUS server rather than having the WAP device attempt to contact each configured server in sequence and choose the first server that is up Broadcast Key Refresh Rate The interval at which the broadcast group key is refreshed for clients associated with this VAP The default is 300 seconds The valid range is from 0 to 86400 seconds ...

Page 84: ...IsActive The scheduler is administratively enabled Administrative Mode is disabled Operational status is down because global configuration is disabled System Time is out dated System time has changed and is not in sync STEP 3 To add a profile enter a profile name in the Scheduler Profile Configuration text box and click Add The profile name can be up to 32 alphanumeric characters Configuring Sched...

Page 85: ...d click Delete Scope of Scheduler Rules The scope of scheduler rules is described below A rule that sets only a specific day does not affect the other days A rule that uses groups such as Daily Weekday or Weekend affects multiple days A rule you set for Weekend would only affect Saturday and Sunday while the rest of the days are unaffected The default scheduler behavior is that the radio is enable...

Page 86: ... effective By default there are no Scheduler profiles created and no profile is associated with any radio or VAP Only one Scheduler profile can be associated with the WLAN interface or each VAP A single profile can be associated with multiple VAPs If the Scheduler profile associated with a VAP or the WLAN interface is deleted then the association is removed To associate a Scheduler profile with th...

Page 87: ...P 4 Click Save The changes are saved to the Startup Configuration NOTE After new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients MAC Filtering Media Access Control MAC filtering can be used to exclude...

Page 88: ...he Stations List STEP 4 Continue entering MAC addresses until the list is complete and then click Save The changes are saved to the Startup Configuration NOTE To remove a MAC address from the Stations List select it and then click Remove NOTE After new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend tha...

Page 89: ...de one WAP device acts as the common link between multiple access points In this mode the central WAP device accepts client associations and communicates with the clients and other repeaters All other access points associate only with the central WAP device that forwards the packets to the appropriate wireless bridge for routing purposes The AP can also act as a repeater In this mode the AP serves...

Page 90: ...t Enable for WDS Interface STEP 4 Configure the remaining parameters Remote MAC Address Specifies the MAC address of the destination WAP device that is the WAP device on the other end of the WDS link to which data is sent or handed off and from which data is received TIP You can find the MAC address on the Status and Statistics Network Interface page Encryption The type of encryption to use on the...

Page 91: ...ou change WAP device settings when a loss of connectivity will least affect your wireless clients WEP on WDS Links These additional fields appear when you select WEP as the encryption type Key Length If WEP is enabled specify the length of the WEP key as 64 bits or 128 bits Key Type If WEP is enabled specify the WEP key type ASCII or Hex WEP Key If you selected ASCII enter any combination of 0 to ...

Page 92: ...usly The WAP device can operate in one Basic Service Set BSS as an STA device while operating on another BSS as a WAP device When WorkGroup Bridge mode is enabled the WAP device supports only one BSS for wireless clients that associate with it and another BSS with which the WAP device associates as a wireless client It is recommended that WorkGroup Bridge mode be used only when the WDS bridge feat...

Page 93: ...up Bridge must have the following identical settings Radio IEEE 802 11 Mode Channel Bandwidth Channel Auto is not recommended See Radio Basic Settings for information on configuring these settings WorkGroup Bridge mode currently supports only IPv4 traffic WorkGroup Bridge mode is not supported across a Single Point Setup It is not recommended to associate another AP to the downstream interface of ...

Page 94: ...the latest connection status STEP 5 Configure the following additional fields for the Access Point Interface Status Select Enable for the Access Point Interface SSID The SSID for the Access Point Interface does not need to be the same as the Infrastructure Client SSID However if attempting to support a roaming type of scenario the SSID and security must be the same SSID Broadcast Select if you wan...

Page 95: ...eo streaming media and traditional IP data To configure QoS on the AP you set parameters on the transmission queues for different types of wireless traffic and specify minimum and maximum wait times through contention windows for transmission WAP Enhanced Distributed Channel Access EDCA parameters affect traffic flowing from the WAP device to the client station Station EDCA parameters affect traff...

Page 96: ...ation EDCA parameters NOTE These parameters are configurable only if you selected Custom in the previous step Arbitration Inter Frame Space A wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 255 Minimum Contention Window An input to the algorithm that determines the initial random backoff wait time window for retry of a transmission This value is the...

Page 97: ...fic flowing from the WAP device to client station AP EDCA parameters and the upstream traffic flowing from the station to the AP station EDCA parameters Disabling WMM deactivates QoS control of station EDCA parameters on upstream traffic flowing from the station to the WAP device With WMM disabled you can still set some parameters on the downstream traffic flowing from the WAP device to the client...

Page 98: ...stration Guide 94 5 CAUTION After new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients ...

Page 99: ...Wireless Quality of Service Cisco Small Business WAP371 Wireless Access Point Administration Guide 95 5 ...

Page 100: ...er to authenticate clients The MAC address filtering feature where client access is restricted to a list may also be configured to use a RADIUS server to control access The Captive Portal feature also uses RADIUS to authenticate clients You can use the Radius Server page to configure the RADIUS servers that are used by these features You can configure up to four globally available IPv4 or IPv6 RAD...

Page 101: ...sent to the address specified Server IP Address 2 through 4 or Server IPv6 Address 2 through 4 Up to three backup IPv4 or IPv6 RADIUS server addresses If authentication fails with the primary server each configured backup server is tried in sequence Key 1 The shared secret key that the WAP device uses to authenticate to the primary RADIUS server You can use from 1 to 64 standard alphanumeric and s...

Page 102: ... 802 1X Supplicant in the navigation pane STEP 2 Click Refresh to update the Certificate file status STEP 3 Enter the parameters Administrative Mode Enables the 802 1X supplicant functionality EAP Method The algorithm to be used for encrypting authentication user names and passwords MD5 A hash function defined in RFC 3748 that provides basic security PEAP Protected Extensible Authentication Protoc...

Page 103: ...le will expire The range is a valid date The Certificate File Upload area enables you to upload a certificate file to the AP STEP 1 Select either HTTP or TFTP as the Transfer Method STEP 2 If you selected HTTP click Browse to select the file NOTE To configure the HTTP and HTTPS server settings see HTTP HTTPS Service If you selected TFTP enter the Filename and the TFTP Server IPv4 Address The filen...

Page 104: ...lect to have passwords expire after a configured time period Password Aging Time The number of days before a newly created password expires from 1 to 365 The default is 180 days STEP 4 Click Save The changes are saved to the Startup Configuration WPA PSK Complexity When you configure VAPs on the WAP device you can select a method of securely authenticating clients If you select the WPA Personal pr...

Page 105: ... the default WPA PSK Different From Current Select one of these options Enable Users must configure a different key after their current key expires Disable Users can use the old or previous key after their current key expires Maximum WPA PSK Length The maximum key length in number of characters is from 32 to 63 The default is 63 Minimum WPA PSK Length The minimum key length in number of characters...

Page 106: ... to enable or disable quality of service functionality on the WAP device If you disable Client QoS Mode all ACLs rate limiting and DiffServ configurations are globally disabled If you enable this mode you can also enable or disable Client QoS mode on particular VAPs See the Client QoS Mode setting on the Client QoS Association page ACL ACLs are a collection of permit and deny conditions called rul...

Page 107: ...u can configure the rules to inspect fields of a frame such as the source or destination MAC address the VLAN ID or the class of service When a frame enters or exits the WAP device port depending on whether the ACL is applied in the up or down direction the WAP device inspects the frame and checks the ACL rules against the content of the frame If any of the rules match the content a permit or deny...

Page 108: ...re the rule parameters ACL Name ACL Type The ACL to configure with the new rule The list contains all ACLs added in the ACL Configuration section Rule The action to be taken Select New Rule to configure a new rule for the selected ACL A rule cannot be modified or deleted If the rules need to be modified or deleted the entire ACL needs to be deleted and recreated The rules are specific to the ACL f...

Page 109: ...f these options Select From List Select one of these protocols IP ICMP IGMP TCP or UDP Match to Value Enter a standard IANA assigned protocol ID from 0 to 255 Choose this method to identify a protocol not listed by name in the Select From List Source IP Address Requires a packet s source IP address to match the address listed here Enter an IP address in the appropriate field to apply this criteria...

Page 110: ...en Source IP Address is selected A wildcard mask is basically the inverse of a subnet mask For example to match the criteria to a single host address use a wildcard mask of 0 0 0 0 To match the criteria to a 24 bit subnet for example 192 168 10 0 24 use a wildcard mask of 0 0 0 255 Destination Port Includes a destination port in the match condition for the rule The destination port is identified i...

Page 111: ... valued bits in the IP TOS Mask denote the bit positions in the IP TOS Bits value that are used for comparison against the IP TOS field of a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use an IP TOS Bits value of 0 and an IP TOS Mask of 00 For IPv6 ACLs configure these parameters Protocol Select the Protocol field to use a...

Page 112: ...hernet frame Select an EtherType keyword or enter an EtherType value to specify the match criteria Select from List Select one of these protocol types appletalk arp ipv4 ipv6 ipx netbios pppoe Match to Value Enter a custom protocol identifier to which packets are matched The value is a four digit hexadecimal number in the range of 0600 to FFFF Class of Service Select this field and enter an 802 1p...

Page 113: ...nificant and a 1 indicates that the address bit is ignored For example to check only the first four octets of a MAC address a MAC mask of 00 00 00 00 ff ff is used A MAC mask of 00 00 00 00 00 00 checks all address bits and is used to match a single MAC address VLAN ID Select this field and enter the specific VLAN ID to compare against an Ethernet frame This field is located in the first only 802 ...

Page 114: ...r IP protocol and other criteria Each class map can then be associated with a policy map which defines how to handle the traffic class Classes that include time sensitive traffic can be assigned to policy maps that give precedence over other traffic You can use the Class Map page to define classes of traffic Use the Policy Map page to define policies and associate class maps to them Adding a Class...

Page 115: ...sted by name Enter the protocol ID The protocol ID is a standard value assigned by IANA The range is a number from 0 to 255 Source IP Address or Source IPv6 Address Requires a packet s source IP address to match the address listed here Check the box and enter an IP address Source IP Mask IPv4 only The source IP address mask The mask for DiffServ is a network style bit mask in IP dotted decimal for...

Page 116: ...s range 0 to 1048575 IP DSCP See description under Service Type fields Source Port Includes a source port in the match condition for the rule The source port is identified in the datagram header If you select the field choose the port name or enter the port number Select From List Matches a keyword associated with the source port ftp ftpdata http smtp snmp telnet tftp www Each of these keywords tr...

Page 117: ...d for the packets The valid range is from 0 to 7 Source MAC Address A source MAC address to compare against an Ethernet frame Source MAC Mask The source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame For each bit position in the MAC mask a 1 indicates that the corresponding address bit is significant and a 0 indicates that the address bit is ignored F...

Page 118: ...the IP header as match criteria The IP TOS bit value ranges between 00 to FF The high order three bits represent the IP Precedence value The high order six bits represent the IP Differentiated Services Code Point DSCP value STEP 3 Click Save The changes are saved to the Startup Configuration NOTE To delete a class map select it in the Class Map Name list and click Delete The class map cannot be de...

Page 119: ... Committed Rate The committed rate in Kbps to which traffic must conform The range is from 1 to 1000000 Kbps Committed Burst The committed burst size in bytes to which traffic must conform The range is from 1 to 204800000 bytes Send Specifies that all packets for the associated traffic stream are to be forwarded if the class map criteria is met Drop Specifies that all packets for the associated tr...

Page 120: ...ount of bandwidth an individual client is allowed to send and receive To control general categories of traffic such as HTTP traffic or traffic from a specific subnet you can configure ACLs and assign them to one or more VAPs In addition to controlling general traffic categories Client QoS allows you to configure per client conditioning of various micro flows through Differentiated Services DiffSer...

Page 121: ... the outbound interface the ACL s rules are checked for a match The packet or frame is transmitted if it is permitted and discarded if it is denied ACL Type Up The type of ACL that is applied to traffic in the inbound client to WAP direction which can be one of these options IPv4 The ACL examines IPv4 packets for matches to ACL rules IPv6 The ACL examines IPv6 packets for matches to ACL rules MAC ...

Page 122: ...ed transmission rate from the WAP device to the client in bits per second bps The valid range is from 0 to 4294967295 bps Bandwidth Limit Up The maximum allowed transmission rate from the client to the WAP device in bits per second bps The valid range is from 0 to 4294967295 bps ACL Type Up The type of ACL that is applied to traffic in the inbound client to WAP direction which can be one of these ...

Page 123: ...rection After switching the packet or frame to the outbound interface the ACL rules are checked for a match The packet or frame is transmitted if it is permitted and discarded if it is denied DiffServ Policy Up The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound client to WAP direction DiffServ Policy Down The name of the DiffServ policy applied to traffic from...

Page 124: ...and configure basic protocol settings To configure general SNMP settings STEP 1 Select SNMP General in the navigation pane STEP 2 Select Enabled for the SNMP setting SNMP is disabled by default STEP 3 Specify a UDP Port for SNMP traffic By default an SNMP agent listens only to requests from port 161 However you can configure this so that the agent listens to requests on a different port The valid ...

Page 125: ...uests to the managed devices A DNS hostname can consist of one or more labels which are sets of up to 63 alphanumeric characters If a hostname includes multiple labels each is separated by a period The entire series of labels and periods can be up to 253 characters long As with community names this setting provides a level of security on SNMP settings The SNMP agent only accepts requests from the ...

Page 126: ... Configure the SNMPv2 trap settings Trap Community A global community string associated with SNMP traps Traps sent from the device provide this string as a community name The valid range is from 1 to 60 alphanumeric and special characters Trap Destination Table A list of up to three IP addresses or hostnames to receive SNMP traps Check the box and choose a Host IP Address Type IPv4 or IPv6 before ...

Page 127: ... default view all and view none SNMPv3 views are created on the WAP device These views cannot be deleted or modified To add and configure an SNMP view STEP 1 Select SNMP Views in the navigation pane STEP 2 Click Add to create a new row in the SNMPv3 Views table STEP 3 Check the box in the new row and click Edit View Name Enter a name that identifies the MIB view View names can contain up to 32 alp...

Page 128: ... noAuthNoPriv authNoPriv authPriv Access to Management Information Bases MIBs for each group is controlled by associating a MIB view to a group for read or write access separately By default the AP has two groups RO A read only group using authentication and data encryption Users in this group use an MD5 key password for authentication and a DES key password for encryption Both the MD5 and DES key...

Page 129: ...P messages that use an MD5 key password for authentication but not a DES key password for encryption Authentication Privacy Authentication and data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption For groups that require authentication encryption or both you must define the MD5 and DES key passwords on the SNMP Users page W...

Page 130: ...er names can contain up to 32 alphanumeric characters Group The group that the user is mapped to The default groups are RW and RO You can define additional groups on the SNMP Groups page Authentication Type The type of authentication to use on SNMPv3 requests from the user which can be one of these options MD5 Require MD5 authentication on SNMP requests from the user None SNMPv3 requests from this...

Page 131: ...figuration see the Users page should be completed before configuring SNMPv3 targets NOTE The AP supports a maximum of eight targets To add SNMP targets STEP 1 Select SNMP Targets in the navigation pane STEP 2 Click Add A new row is created in the table STEP 3 Check the box in the new row and click Edit STEP 4 Configure the parameters IP Address Enter the IPv4 address of the remote SNMP manager to ...

Page 132: ...Simple Network Management Protocol Targets Cisco Small Business WAP371 Wireless Access Point Administration Guide 128 8 ...

Page 133: ...a RADIUS server Captive Portal consists of two CP instances Each instance can be configured independently with different verification methods for each VAP or SSID Cisco WAP371 devices operate concurrently with some VAPs configured for CP authentication and other VAPs configured for normal wireless authentication methods such as WPA or WPA Enterprise This chapter includes these topics Local Groups ...

Page 134: ...ically assigned to a CP instance that is associated with a different VAP than guest users You can use the Local Users page to configure up to 128 authorized users in the local database To add and configure a local user STEP 1 Select Captive Portal Local Users in the navigation pane STEP 2 Enter a User Name and click Save Additional fields appear to configure the user STEP 3 Enter the parameters Us...

Page 135: ...rom the network The range is from 0 to 300 Mbps The default is 0 Delete User Deletes the current user STEP 4 Click Save The changes are saved to the Startup Configuration Instance Configuration You can create up to two Captive Portal instances each CP instance is a defined set of instance parameters Instances can be associated with one or more VAPs Different instances can be configured to respond ...

Page 136: ...icate users Redirect Specifies that CP should redirect the newly authenticated client to the configured URL If this option is clear the user sees the locale specific welcome page after a successful verification Redirect URL Enter the URL to which the newly authenticated client is redirected if the URL Redirect Mode is enabled The range is from 0 to 256 characters Away Timeout The amount of time a ...

Page 137: ... define for the WAP device see RADIUS Server However you can configure each instance to use a different set of RADIUS servers To use the global RADIUS server settings ensure that the check box is selected To use a separate RADIUS server for the CP instance uncheck the check box and enter values in the Server IP Address and Key fields that follow RADIUS Accounting Enables tracking and measuring the...

Page 138: ...cales associated with the instance You can create and assign up to three different locales to each CP instance from the Web Customization page Delete Instance Deletes the current instance STEP 6 Click Save Your changes are saved to the Startup Configuration Instance Association Once you create an instance you can use the Instance Association page to associate a CP instance to a VAP The associated ...

Page 139: ...nce that this locale is associated with You can associate multiple locales with an instance When a user attempts to access a particular VAP that is associated with a CP instance the locales that are associated with that instance show as links on the authentication page The user can select a link to switch to that locale STEP 5 Click Save The changes are saved to the Startup Configuration STEP 6 Fr...

Page 140: ...on for the locale from 1 to 32 characters The default is en Account Image The image file to show above the login field to depict an authenticated login Account Label The text that instructs the user to enter a user name The range is from 1 to 32 characters User Label The label for the user name text box The range is from 1 to 32 characters Password Label The label for the user password text box Th...

Page 141: ...characters The default is Error You must acknowledge the Acceptance Use Policy before connecting Work In Progress Text The text that shows during authentication The range is from 1 to 128 characters The default is Connecting please be patient Denied Text The text that shows when a user fails authentication The range is from 1 to 128 characters The default is Error Invalid Credentials please try ag...

Page 142: ...ge Name or Account Image fields The Web Portal Custom Image page appears STEP 2 Browse to select the image STEP 3 Click Upload STEP 4 Click Back to return to the Web Portal Custom Image page STEP 5 Select the Captive Portal Web Locale you want to configure STEP 6 For the Background Image Name Logo Image Name or Account Image fields select the newly uploaded image STEP 7 Click Save NOTE To delete a...

Page 143: ... to refresh the web authentication page The default authentication timeout is 300 seconds The range is from 60 to 600 seconds Additional HTTP Port HTTP traffic uses the HTTP management port which is 80 by default You can configure an additional port for HTTP traffic Enter a port number between 1025 and 65535 or 80 The HTTP and HTTPs ports cannot be the same Additional HTTPS Port HTTP traffic over ...

Page 144: ... be authenticated by a database Local The WAP device uses a local database to authenticated users RADIUS The WAP device uses a database on a remote RADIUS server to authenticate users VAP ID The VAP that the user is associated with Radio ID The ID of the radio For the dual radio WAP371 device this field shows Radio 1 or Radio 2 Captive Portal ID The ID of the Captive Portal instance to which the u...

Page 145: ...s of the client IP Address The IPv4 or IPv6 address of the client User Name The Captive Portal user name of the client Verification The method the client attempted to use to authenticate on the Captive Portal which can be one of these values Guest The user does not need to be authenticated by a database Local The WAP device uses a local database to authenticated users RADIUS The WAP device uses a ...

Page 146: ... deploy configure and secure the wireless network as a single entity After a wireless cluster is created Single Point Setup also facilitates channel planning across your wireless services to reduce radio interference and maximize bandwidth on the wireless network When you first set up your WAP device you can use the Setup Wizard to configure Single Point Setup or join an existing Single Point Setu...

Page 147: ... to all WAP devices in a cluster you must upgrade each device independently STEP 2 Set up the WAP devices that will be clustered on the same IP subnet and verify that they are interconnected and accessible across the switched LAN network STEP 3 Enable Single Point Setup on all WAP devices See Access Points STEP 4 Verify that the WAP devices all reference the same Single Point Setup name See Access...

Page 148: ...onfiguration changes in both the disconnected device and the cluster then the device with the greatest number of changes and secondarily the most recent change will be selected to propagate its configuration to the cluster That is if WAP1 has more changes but WAP2 has the most recent change WAP1 is selected If they have an equal number of changes but WAP2 has the most recent change then WAP2 is se...

Page 149: ... Point Setup Captive Portal Password Complexity Client QoS User Accounts Email Alert QoS HTTP HTTPs Service Except SSL Certificate Configuration Radio Settings Including TSpec Settings Some exceptions Log Settings Rogue AP Detection MAC Filtering Scheduler Management Access Control SNMP General and SNMPv3 Networks WPA PSK Complexity Time Settings Radio Configuration Settings and Parameters that ar...

Page 150: ...vice for Single Point Setup To configure the location and name of an individual Single Point Setup cluster member Short Guard Interval Supported Radio Configuration Settings and Parameters that are Propagated in Single Point Setup Radio Configuration Settings and Parameters that are Not Propagated in Single Point Setup Channel Beacon Interval DTIM Period Maximum Stations Transmit Power Other Confi...

Page 151: ...xample Reception The location field is optional Cluster Name Enter the name of the cluster for the WAP device to join for example Reception_Cluster The cluster name is not sent to other WAP devices You must configure the same name on each device that is a member The cluster name must be unique for each Single Point Setup you configure on the network The default is ciscosb cluster Clustering IP Ver...

Page 152: ...the WAP devices detected are listed in a table and the following information is shown Location Description of where the access point is physically located MAC Address Media Access Control MAC address of the access point The address is the MAC address for the bridge br0 and is the address by which the WAP device is known externally to other networks IP Address The IP address for the access point No...

Page 153: ...figuration changes on any WAP device in the cluster are propagated to the other members There may be situations however when you want to view or manage information on a particular WAP device For example you might want to check status information such as client associations or events for an access point In this case you can click the IP address in the table on the Access Points page to show the web...

Page 154: ...ingle Point Setup Sessions in the navigation pane The following data shows for each WLAN client session with a Single Point Setup AP Location The location of the access point The location is derived from the location specified on the Administration System Settings page User MAC The MAC address of the wireless client A MAC address is a hardware address that uniquely identifies each node of a networ...

Page 155: ...ically assigns radio channels used by WAP devices in a Single Point Setup cluster Automatic channel assignment reduces mutual interference or interference with other WAP devices outside of its cluster and maximizes Wi Fi bandwidth to help maintain efficient communication over the wireless network The automatic channel assignment feature is disabled by default The state of channel management enable...

Page 156: ...s radio channels used by WAP devices in a Single Point Setup cluster and if necessary reassigns channels to reduce interference with cluster members or with devices outside the cluster The channel policy for the radio is automatically set to static mode and the Auto option is not available for the Channel field on the Wireless Radio page See Viewing Channel Assignments and Setting Locks for inform...

Page 157: ...ation of channel distribution among devices takes into account that locked devices must remain on their current channels WAP devices that are not locked may be assigned to different channels than they were previously using depending on the results of the plan For each WAP device in the Single Point Setup the Proposed Channel Assignments table shows the location IP Address and Wireless Radio as in ...

Page 158: ...hborhood The Wireless Neighborhood page shows up to 20 devices per radio within range of each wireless radio in the cluster For example if a WAP device has two wireless radios 40 devices would be displayed for that device The Wireless Neighborhood page also distinguishes between cluster members and nonmembers The Wireless Neighborhood view can help you Detect and locate unexpected or rogue devices...

Page 159: ...ghbor can also be a cluster member itself Neighbors who are also cluster members are always shown at the top of the list with a heavy bar above and include a location indicator The colored bars to the right of each WAP device in the Neighbors list shows the signal strength for each of the neighbor WAP devices as detected by the cluster member whose IP address is shown at the top of the column The ...

Page 160: ...the top of the page The following details for the device appear below the Neighbors list SSID The Service Set Identifier for the neighboring access point MAC Address The MAC address of the neighboring access point Channel The channel on which the access point is currently broadcasting Rate The rate in megabits per second at which this access point is currently transmitting The current rate is alwa...

Page 161: ...Single Point Setup Wireless Neighborhood Cisco Small Business WAP371 Wireless Access Point Administration Guide 157 10 ...

Page 162: ...son Code Table Deauthentication Reason Code Table The following table describes the deauthentication reason codes Reason code Meaning 0 Reserved 1 Unspecified reason 2 Previous authentication no longer valid 3 Deauthenticated because sending station STA is leaving or has left Independent Basic Service Set IBSS or ESS 4 Disassociated due to inactivity 5 Disassociated because WAP device is unable to...

Page 163: ...12 Disassociated due to BSS Transition Management 13 Invalid element i e an element defined in this standard for which the content does not meet the specifications in Clause 8 14 Message integrity code MIC failure 15 4 Way Handshake timeout 16 Group Key Handshake timeout 17 Element in 4 Way Handshake different from Re Association Request Probe Response Beacon frame 18 Invalid group cipher 19 Inval...

Page 164: ...rt and Resources www cisco com go smallbizhelp Small Business Support Service Information www cisco com go sbs www cisco com go software registration login required Cisco Small Business Firmware Downloads www cisco com go smallbizfirmware Select a link to download firmware for Cisco Small Business Products No login is required Software and firmware downloads for all other Cisco Small Business prod...

Page 165: ...l Business WAP371 Wireless N Access Point Quick Start Guide and Administration Guide http www cisco com go 100_wap_resources or http www cisco com go 300_wap_resources Cisco Small Business Cisco Partner Central for Small Business Partner Login Required www cisco com web partners sell smb Cisco Small Business Home www cisco com smb ...

Page 166: ...Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Reviews:

No comments

Related manuals for WAP371

Brand: ICP DAS USA Pages: 8

Brand: Pakedge Pages: 7

Brand: Pakedge Pages: 4

Brand: Ubiquiti Pages: 18

Brand: sauter Pages: 8

F5D7132 - Wireless G Universal Range Extender/Access Point

Brand: Belkin Pages: 2

3CRWX385075A - Wireless LAN Managed Access Point...

Brand: 3Com Pages: 4

Brand: 7links Pages: 170

Jetpack MiFi 4510L

Brand: Verizon Pages: 88

Brand: Topcom Pages: 196

Brand: Ebyte Pages: 13

Wi-Fi Bubble SpitFire

Brand: NAUTITECH Pages: 22

Brand: Cambium Networks Pages: 61

Brand: Huawei Pages: 21

Brand: Huawei Pages: 7

Brand: Huawei Pages: 28

Brand: Huawei Pages: 36

Brand: Huawei Pages: 22

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands