manualshive.com logo in svg

Cisco Aironet 1100 Series, Руководство по установке и настройке, Страница: 127 / 320

Поделиться
Скачать
Cisco Aironet 1100 Series Скачать руководство пользователя страница 127

 

10-3

Cisco Aironet 1100 Series Access Point Installation and Configuration Guide

OL-2851-01

Chapter 10      Configuring Authentication Types

Understanding Authentication Types

access point allows the requesting device to authenticate. Both the unencrypted challenge and the 
encrypted challenge can be monitored, however, which leaves the access point open to attack from an 
intruder who calculates the WEP key by comparing the unencrypted and encrypted text strings. Because 
of this weakness, shared key authentication can be less secure than open authentication. Like open 
authentication, shared key authentication does not rely on a RADIUS server on your network.

Figure 10-2

 shows the authentication sequence between a device trying to authenticate and an access 

point using shared key authentication. In this example the device’s WEP key matches the access point’s 
key, so it can authenticate and communicate.

Figure 10-2 Sequence for Shared Key Authentication

EAP Authentication to the Network

This authentication type provides the highest level of security for your wireless network. By using the 
Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server, the 
access point helps a wireless client device and the RADIUS server to perform mutual authentication and 
derive a dynamic unicast WEP key. The RADIUS server sends the WEP key to the access point, which 
uses it for all unicast data signals that it sends to or receives from the client. The access point also 
encrypts its broadcast WEP key (entered in the access point’s WEP key slot 1) with the client’s unicast 
key and sends it to the client. 

When you enable EAP on your access points and client devices, authentication to the network occurs in 
the steps shown in 

Figure 10-3

:

Access point

or bridge

with WEP key = 123

Client device

with WEP key = 123

1. Authentication request

2. Unencrypted challenge

3. Encrypted challenge response

4. Authentication response

54584

Содержание Aironet 1100 Series

Страница 1: ...sman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide Cisco IOS Release 12 2 4 JA October 2002 Text Part Number OL 2851 01 ...

Страница 2: ...ON LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco Aironet 1100 Series Access Point Installation and Configuration Guide Copyright 2002 Cisco Systems Inc All rights reserved CCIP the Cisco Arrow logo the Cisco Powered Network mark the Cisco Systems Verified logo C...

Страница 3: ...al Assistance xx Cisco com xx Technical Assistance Center xxi Cisco TAC Web Site xxi Cisco TAC Escalation Center xxii C H A P T E R 1 Overview 1 1 Features 1 2 Hardware Features 1 2 Single Radio Operation 1 2 Ethernet Port 1 2 Status Indicators 1 3 Power Sources 1 3 UL 2043 Certification 1 4 Anti Theft Features 1 4 Software Features 1 4 Management Options 1 5 Roaming Client Devices 1 5 Network Con...

Страница 4: ...e Access Point for the First Time 3 1 Before You Start 3 2 Resetting the Access Point to Default Settings 3 2 Obtaining and Assigning an IP Address 3 3 Connecting to the Access Point Locally 3 3 Assigning Basic Settings 3 4 Default Settings on the Express Setup Page 3 7 Protecting Your Wireless LAN 3 8 Using the IP Setup Utility 3 8 Obtaining and Installing IPSU 3 8 Using IPSU to Find the Access P...

Страница 5: ...P T E R 6 Administering the Access Point 6 1 Preventing Unauthorized Access to Your Access Point 6 2 Protecting Access to Privileged EXEC Commands 6 2 Default Password and Privilege Level Configuration 6 2 Setting or Changing a Static Enable Password 6 3 Protecting Enable and Enable Secret Passwords with Encryption 6 4 Configuring Username and Password Pairs 6 5 Configuring Multiple Privilege Leve...

Страница 6: ...5 Configuring the Time Zone 6 26 Configuring Summer Time Daylight Saving Time 6 27 Configuring a System Name and Prompt 6 29 Default System Name and Prompt Configuration 6 29 Configuring a System Name 6 29 Understanding DNS 6 30 Default DNS Configuration 6 30 Setting Up DNS 6 30 Displaying the DNS Configuration 6 31 Creating a Banner 6 31 Default Banner Configuration 6 32 Configuring a Message of ...

Страница 7: ...tion 8 3 Creating an SSID 8 3 Using a RADIUS Server to Restrict SSIDs 8 4 C H A P T E R 9 Configuring WEP and WEP Features 9 1 Understanding WEP 9 2 Configuring WEP and WEP Features 9 2 Creating WEP Keys 9 3 Enabling and Disabling WEP and Enabling TKIP and MIC 9 3 Enabling and Disabling Broadcast Key Rotation 9 4 C H A P T E R 10 Configuring Authentication Types 10 1 Understanding Authentication T...

Страница 8: ...Proprietary RADIUS Server Communication 11 14 Displaying the RADIUS Configuration 11 15 C H A P T E R 12 Configuring VLANs 12 1 Understanding VLANs 12 2 Related Documents 12 3 Incorporating Wireless Devices Into VLANs 12 4 Configuring VLANs 12 4 Configuring a VLAN 12 4 Using a RADIUS Server to Assign Users to VLANs 12 6 Viewing VLANs Configured on the Access Point 12 6 VLAN Configuration Example 1...

Страница 9: ...Proxy Mobile IP on Your Access Point 14 7 C H A P T E R 15 Configuring Filters 15 1 Understanding Filters 15 2 Configuring Filters Using the CLI 15 2 Configuring Filters Using the Web Browser Interface 15 2 Configuring and Enabling MAC Address Filters 15 2 Creating a MAC Address Filter 15 3 Configuring and Enabling IP Filters 15 5 Creating an IP Filter 15 6 Configuring and Enabling Ethertype Filte...

Страница 10: ...10 C H A P T E R 18 Configuring Repeater and Standby Access Points 18 1 Understanding Repeater Access Points 18 2 Configuring a Repeater Access Point 18 3 Default Configuration 18 4 Guidelines for Repeaters 18 4 Setting Up a Repeater 18 4 Verifying Repeater Operation 18 5 Setting Up a Repeater as a LEAP Client 18 6 Understanding Hot Standby 18 7 Configuring a Hot Standby Access Point 18 7 C H A P ...

Страница 11: ...es by Using RCP 19 15 Preparing to Download or Upload a Configuration File by Using RCP 19 16 Downloading a Configuration File by Using RCP 19 16 Uploading a Configuration File by Using RCP 19 17 Clearing Configuration Information 19 18 Deleting a Stored Configuration File 19 18 Working with Software Images 19 18 Image Location on the Access Point 19 19 tar File Format of Images on a Server or Cis...

Страница 12: ...es Sent to the History Table and to SNMP 20 8 Setting a Logging Rate Limit 20 9 Configuring UNIX Syslog Servers 20 9 Logging Messages to a UNIX Syslog Daemon 20 10 Configuring the UNIX System Logging Facility 20 10 Displaying the Logging Configuration 20 11 C H A P T E R 21 Troubleshooting 21 1 Checking the Top Panel Indicators 21 2 Checking Basic Settings 21 4 SSID 21 4 WEP Keys 21 4 Security Set...

Страница 13: ...d Norway Iceland and Liechtenstein B 3 Declaration of Conformity with Regard to the R TTE Directive 1999 5 EC B 3 Declaration of Conformity for RF Exposure B 4 Guidelines for Operating Cisco Aironet Access Points and Bridges in Japan B 5 Japanese Translation B 5 English Translation B 5 A P P E N D I X C Channels and Antenna Settings C 1 Channels C 2 Maximum Power Levels C 3 A P P E N D I X D Mount...

Страница 14: ...ntents xiv Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 A P P E N D I X G Access Point Specifications G 1 A P P E N D I X H Error and Event Messages H 1 I N D E X ...

Страница 15: ...n set available from the Cisco com home page at Service and Support TechnicalDocuments On the Cisco Product Documentation home page select Release 12 2 from the Cisco IOS Software drop down list This guide also includes an overview of the access point web based interface APWI which contains all the funtionality of the command line interface CLI This guide does not provide field level descriptions ...

Страница 16: ...rocesses Chapter 12 Configuring VLANs describes how to configure your access point to interoperate with the VLANs set up on your wired LAN Chapter 13 Configuring QoS describes how to configure quality of service QoS on your access point With this feature you can provide preferential treatment to certain traffic at the expense of others Chapter 14 Configuring Proxy Mobile IP describes how to config...

Страница 17: ...s these conventions to convey instructions and information Command descriptions use these conventions Commands and keywords are in boldface text Arguments for which you supply values are in italic Square brackets mean optional elements Braces group required choices and vertical bars separate the alternative elements Braces and vertical bars within square brackets mean a required choice within an o...

Страница 18: ... figurant dans cette publication veuillez consulter l annexe intitulée Translated Safety Warnings Traduction des avis de sécurité Warnung Dieses Warnsymbol bedeutet Gefahr Sie befinden sich in einer Situation die zu einer Körperverletzung führen könnte Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardprakti...

Страница 19: ..._languages shtml Documentation CD ROM Cisco documentation and additional literature are available in a Cisco Documentation CD ROM package The Documentation CD ROM is updated monthly and may be more current than printed documentation The CD ROM package is available as a single unit or through an annual subscription Advertencia Este símbolo de aviso significa peligro Existe riesgo para su integridad...

Страница 20: ...You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address Cisco Systems Attn Document Resource Connection 170 West Tasman Drive San Jose CA 95134 9883 We appreciate your comments Obtaining Technical Assistance Cisco provides Cisco com as a starting point for all technical assistance Customers and partners can obta...

Страница 21: ...spects of business operations No workaround is available Priority level 1 P1 Your production network is down and a critical impact to business operations will occur if service is not restored quickly No workaround is available The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts when applicable Cisco TAC Web Site You can use the Cis...

Страница 22: ...e TAC Escalation Center with a P1 or P2 problem a Cisco TAC engineer automatically opens a case To obtain a directory of toll free Cisco TAC telephone numbers for your country go to this URL http www cisco com warp public 687 Directory DirTAC shtml Before calling please check with your network operations center to determine the level of Cisco support services to which your company is entitled for ...

Страница 23: ...ingle mini PCI radio that can be upgraded to future radio technologies such as 802 11g The access point serves as the connection point between wireless and wired networks or as the center point of a stand alone wireless network In large installations wireless users within radio range of an access point can roam throughout a facility while maintaining seamless uninterrupted access to the network Yo...

Страница 24: ...f the hardware features Figure 1 1 Access Point Layout and Connectors Single Radio Operation The access point contains a 2 4 GHz radio in a mini PCI slot and two 2 2 dBi dipole integrated antennas You can perform a field upgrade to the mini PCI radio and antennas to support future radio technologies Ethernet Port The auto sensing Ethernet port accepts an RJ 45 connector linking the access point to...

Страница 25: ...ly but is not associated with any wireless devices The radio indicator signals wireless traffic over the radio interface The light is normally off but it blinks green whenever a packet is received or transmitted over the access point radio Figure 1 2 shows the three status indicators Figure 1 2 Access Point Indicators Power Sources The access point draws up to 4 9W of DC power and can receive powe...

Страница 26: ... including maximum transmit power and available channels to world mode enabled clients Clients using world mode can be used between countries with different regulatory settings and automatically conform to local regulations Repeater mode Configure the access point as a wireless repeater to extend the coverage area of your wireless network Standby mode Configure the access point as a standby unit t...

Страница 27: ...n Most of the examples in this manual are taken from the CLI Chapter 5 Using the Command Line Interface provides a detailed description of the CLI A web browser interface which you use through a web browser Chapter 4 Using the Web Browser Interface provides a detailed description of the web browser interface Simple Network Management Protocol SNMP Chapter 17 Configuring SNMP explains how to config...

Страница 28: ...ot Unit on a Wired LAN An access point connected directly to a wired LAN provides a connection point for wireless users If more than one access point is connected to the LAN users can roam from one area of a facility to another without losing their connection to the network As users move out of range of one access point they automatically connect to the network associate through another access poi...

Страница 29: ...s users and the wired LAN by sending packets to either another repeater or to an access point connected to the wired LAN The data is sent through the route that provides the best performance for the client Figure 1 4 shows an access point acting as a repeater Consult the Configuring a Repeater Access Point section on page 18 3 for instructions on setting up an access point as a repeater Note Non C...

Страница 30: ...ess point acts as a stand alone root unit The access point is not attached to a wired LAN it functions as a hub linking all stations together The access point serves as the focal point for communications increasing the communication range of wireless users Figure 1 5 shows an access point in an all wireless network Figure 1 5 Access Point as Central Unit in All Wireless Network Access Point Root U...

Страница 31: ...t This chapter describes the setup of the access point and includes the following sections Safety Information page 2 2 Warnings page 2 2 Basic Installation Guidelines page 2 3 Unpacking the Access Point page 2 3 Before Beginning the Installation page 2 4 Installation Summary page 2 4 Connecting the Ethernet and Power Cables page 2 5 ...

Страница 32: ...any exposed parts of the body especially the face or eyes while transmitting The use of wireless devices in hazardous locations is limited to the constraints posed by the local codes the national codes and the safety directors of such environments Warnings Translated versions of the following safety warnings are provided in Appendix A Translated Safety Warnings Warning In order to comply with FCC ...

Страница 33: ... point package contains the following items Access point power pack Wall or ceiling mounting bracket Security hasp adapter Cubical partition mounting bracket assembly Horizontal surface mounting holster Mounting hardware kit Product registration card Basic Installation Guidelines Because the access point is a radio device it is susceptible to common causes of interference that can reduce throughpu...

Страница 34: ...form the following operations Connect Ethernet and power cables refer to the Connecting the Ethernet and Power Cables section on page 2 5 Configure basic settings refer to Chapter 3 Configuring the Access Point for the First Time Configure security and other access point options Use the mounting brackets or docking cradle to locate the access point on a convenient flat horizontal or vertical surfa...

Страница 35: ...e power module to the access point Using two power sources on the access point might cause the switch or patch panel to shut down the port to which the access point is connected Power cord Universal power supply SYST RPS DUPLX MODE SPEED UTIL STAT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 23 24 10Base T 100Base TX 100Base FX Catalyst 2950SERIES SYST RPS DUPLX MODE SPEED UTIL S...

Страница 36: ...e with 1100 series or 1200 series access points only Using the power injector with other Ethernet ready devices can damage the equipment Caution The Cisco Aironet Power Injector for the 1100 and 1200 series is not tested to UL 2043 and should not be placed in a building s environmental air space such as above suspended ceilings Note If you use a power supply or power injector to power the access p...

Страница 37: ...ate the starting of the IOS operating system the Status LED blinks green signifying that IOS is operational When in an operational status the Ethernet LED is steady green when no traffic is being passed and dark during periods when traffic is being passed The sequence takes about 1 minute to complete Refer to Chapter 21 Troubleshooting for LED descriptions When the sequence is complete you are rea...

Страница 38: ...2 8 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 2 Installing the Access Point Connecting the Ethernet and Power Cables ...

Страница 39: ...s described in this chapter using the CLI but it might be simplest to browse to the access point s web browser interface to complete the initial configuration and then use the CLI to enter additional settings for a more detailed configuration This chapter contains these sections Before You Start page 3 2 Obtaining and Assigning an IP Address page 3 3 Connecting to the Access Point Locally page 3 3...

Страница 40: ...to reset the access point to factory default settings using the access point MODE button Step 1 Disconnect power the power jack for external power or the Ethernet cable for in line power from the access point Step 2 Press and hold the MODE button while you reconnect power to the access point Step 3 Hold the MODE button until the Status LED turns amber approximately 1 to 2 seconds and release the b...

Страница 41: ... address to the access point if it did not receive an IP address from the DHCP server IPSU runs on most Microsoft Windows operating systems Windows 9x 2000 Me NT and XP You can download IPSU from the Software Center on Cisco com Click this link to browse to the Software Center http www cisco com public sw center sw wireless shtml Connecting to the Access Point Locally If you need to configure the ...

Страница 42: ...ge 3 2 Step 4 After configuring the access point remove the Ethernet cable from your PC and connect the access point to your wired LAN Note When you connect your PC to the access point or reconnect your PC to the wired LAN you might need to release and renew the IP address on the PC On most PCs you can perform a release and renew by rebooting your PC or by entering ipconfig release and ipconfig re...

Страница 43: ...uration Guide OL 2851 01 Chapter 3 Configuring the Access Point for the First Time Assigning Basic Settings Figure 3 1 Summary Status Page Step 5 Click Express Setup The Express Setup screen appears Figure 3 2 shows the Express Setup page Figure 3 2 Express Setup Page ...

Страница 44: ...bled leave this field blank Default Gateway Enter the default gateway IP address provided by your network administrator If DHCP is enabled leave this field blank Radio Service Set ID SSID Enter the case sensitive SSID 32 alphanumeric characters maximum provided by your network administrator The SSID is a unique identifier that client devices use to associate with the access point Broadcast SSID in...

Страница 45: ...n Note You can restore the access point to its factory defaults by unplugging the power jack and plugging it back in while holding down the Mode button for a few seconds or until the Status LED turns amber Default Settings on the Express Setup Page Table 3 1 lists the default settings for the settings on the Express Setup page Table 3 1 Default Settings on the Express Setup Page Setting Default Sy...

Страница 46: ... not been changed from the default settings Note IPSU can be used only on the following operating systems Windows 95 98 NT 2000 ME or XP Tip Another simple way to find the access point s IP address is to look on the Status screen in the Aironet Client Utility on a client device associated to the access point The sections below explain how to install the utility how to use it to find the access poi...

Страница 47: ...start the utility The IPSU screen appears see Figure 3 3 Figure 3 3 IPSU Get IP Address Screen Step 2 When the utility window opens make sure the Get IP addr radio button in the Function box is selected Step 3 Enter the access point s MAC address in the Device MAC ID field The access point s MAC address is printed on the label on the bottom of the unit It should contain six pairs of hexadecimal di...

Страница 48: ...in Follow these steps to assign an IP address and an SSID to the access point Step 1 Double click the IPSU icon on your computer desktop to start the utility Step 2 Click the Set Parameters radio button in the Function box see Figure 3 4 Figure 3 4 IPSU Set Parameters Screen Step 3 Enter the access point s MAC address in the Device MAC ID field The access point s MAC address is printed on the labe...

Страница 49: ...ng Microsoft Windows with a Telnet terminal application Check your PC operating instructions for detailed instructions for your operating system Step 1 Select Start Programs Accessories Telnet If Telnet is not listed in your Accessories menu select Start Run type Telnet in the entry field and press Enter Step 2 When the Telnet window appears click Connect and select Remote System Note In Windows 2...

Страница 50: ...3 12 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 3 Configuring the Access Point for the First Time Using a Telnet Session to Access the CLI ...

Страница 51: ... Web Browser Interface for the First Time page 4 2 Using the Management Pages in the Web Browser Interface page 4 2 Using Online Help page 4 5 The web browser interface contains management pages that you use to change access point settings upgrade firmware and monitor and configure other wireless devices on the network Note The access point web browser interface is fully compatible with Microsoft ...

Страница 52: ...dress field Internet Explorer and press Enter The Summary Status page appears Using the Management Pages in the Web Browser Interface The system management pages use consistent techniques to present and save configuration information A navigation bar is on the left side of the page and configuration action buttons appear at the bottom You use the navigation bar to browse to other management pages ...

Страница 53: ...s Button Link Description Navigation Links Home Displays access point status page with information on the number of radio devices associated to the access point the status of the Ethernet and radio interfaces and a list of recent access point activity Express Setup Displays the Express Setup page that includes basic settings such as system name IP address and SSID Network Map Displays a list of in...

Страница 54: ...roxy Mobile IP QoS SNMP SNTP and VLANs System Software Displays the version number of the firmware that the access point is running and provides links to configuration pages for upgrading and managing firmware Event Log Displays the access point event log and provides links to configuration pages where you can select events to be included in traps set event severity levels and set notification met...

Страница 55: ...nnot use them Using Online Help Click the help icon at the top of any page in the web browser interface to display online help Figure 4 2 shows the print and help icons Figure 4 2 Print and Help Icons When a help page appears in a new browser window use the Select a topic drop down menu to display the help index or instructions for common configuration tasks such as configuring VLANs Table 4 2 Ill...

Страница 56: ...4 6 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 4 Using the Web Browser Interface Using Online Help ...

Страница 57: ...LI that you can use to configure your access point It contains these sections IOS Command Modes page 5 2 Getting Help page 5 3 Abbreviating Commands page 5 3 Using no and default Forms of Commands page 5 3 Understanding CLI Messages page 5 4 Using Command History page 5 4 Using Editing Features page 5 5 Searching and Filtering Output of show and more Commands page 5 8 Accessing the CLI page 5 8 ...

Страница 58: ...e configuration these commands are stored and used when the access point reboots To access the various configuration modes you must start at global configuration mode From global configuration mode you can enter interface configuration mode and line configuration mode Table 5 1 describes the main command modes how to access each one the prompt you see in that mode and how to exit the mode The exam...

Страница 59: ...unction or reverse the action of a command For example the no shutdown interface configuration command reverses the shutdown of an interface Use the command without the keyword no to re enable a disabled feature or to enable a feature that is disabled by default Table 5 2 Help Summary Command Purpose help Obtain a brief description of the help system in any command mode abbreviated command entry O...

Страница 60: ...ds page 5 5 Disabling the Command History Feature page 5 5 Changing the Command History Buffer Size By default the access point records ten command lines in its history buffer Beginning in privileged EXEC mode enter this command to change the number of command lines that the access point records during the current terminal session ap terminal history size number of lines Table 5 3 Common CLI Error...

Страница 61: ...that can help you manipulate the command line It contains these sections Enabling and Disabling Editing Features page 5 5 Editing Commands through Keystrokes page 5 6 Editing Command Lines that Wrap page 5 7 Enabling and Disabling Editing Features Although enhanced editing mode is automatically enabled you can disable it Table 5 4 Recalling Commands Action1 1 The arrow keys function only on ANSI c...

Страница 62: ... the command line Esc B Move the cursor back one word Esc F Move the cursor forward one word Ctrl T Transpose the character to the left of the cursor with the character located at the cursor Recall commands from the buffer and paste them in the command line The access point provides a buffer with the last ten items that you deleted Ctrl Y Recall the most recent entry in the buffer Esc Y Recall the...

Страница 63: ... list 101 permit tcp 131 108 2 5 255 255 255 0 131 108 1 ap config 101 permit tcp 131 108 2 5 255 255 255 0 131 108 1 20 255 25 ap config t tcp 131 108 2 5 255 255 255 0 131 108 1 20 255 255 255 0 eq ap config 108 2 5 255 255 255 0 131 108 1 20 255 255 255 0 eq 45 After you complete the entry press Ctrl A to check the complete syntax before pressing the Return key to execute the command The dollar...

Страница 64: ...on Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed This example shows how to include in the output display only lines where the expression protocol appears ap show interfaces include protocol Vlan1 is up line protocol is up Vlan10 is up line protocol is down GigabitEthernet0 1 is ...

Страница 65: ...hat provides a secure remote connection to networking devices set up to use it Secure Shell SSH is a software package that provides secure login sessions by encrypting the entire session SSH features strong cryptographic authentication strong encryption and integrity protection For detailed information on SSH visit the homepage of SSH Communications Security Ltd at this URL http www ssh com SSH pr...

Страница 66: ...5 10 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 5 Using the Command Line Interface Accessing the CLI ...

Страница 67: ...ions Preventing Unauthorized Access to Your Access Point page 6 2 Protecting Access to Privileged EXEC Commands page 6 2 Controlling Access Point Access with RADIUS page 6 7 Configuring the Access Point for Local Authentication and Authorization page 6 12 Configuring the Access Point for Secure Shell page 6 13 Managing the System Time and Date page 6 14 Configuring a System Name and Prompt page 6 ...

Страница 68: ... Controlling Access Point Access with RADIUS section on page 6 7 Protecting Access to Privileged EXEC Commands A simple way of providing terminal access control in your network is to use passwords and assign privilege levels Password protection restricts access to a network or network device Privilege levels define what commands users can issue after they have logged into a network device Note For...

Страница 69: ...fault password is Cisco The password is encrypted in the configuration file Table 6 1 Default Password and Privilege Levels continued Feature Default Setting Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 enable password password Define a new password or change an existing password for access to privileged EXEC mode The default password is Cisco For password speci...

Страница 70: ... encrypted password or enable secret level level password encryption type encrypted password Define a new password or change an existing password for access to privileged EXEC mode or Define a secret password which is saved using a nonreversible encryption method Optional For level the range is from 0 to 15 Level 1 is normal user EXEC mode privileges The default level is 15 privileged EXEC mode pr...

Страница 71: ...ccess point These pairs are assigned to lines or interfaces and authenticate each user before that user can access the access point If you have defined privilege levels you can also assign a specific privilege level with associated rights and privileges to each username and password pair Beginning in privileged EXEC mode follow these steps to establish a username based authentication system that r...

Страница 72: ...ess to the configure command you can assign it level 3 security and distribute that password to a more restricted group of users This section includes this configuration information Setting the Privilege Level for a Command page 6 6 Logging Into and Exiting a Privilege Level page 6 7 Setting the Privilege Level for a Command Beginning in privileged EXEC mode follow these steps to set the privilege...

Страница 73: ... specified privilege level Controlling Access Point Access with RADIUS This section describes how to control administrator access to the access point using Remote Authentication Dial In User Service RADIUS For complete instructions on configuring the access point to support RADIUS see Chapter 11 Configuring RADIUS Servers RADIUS provides detailed accounting information and flexible administrative ...

Страница 74: ...re any of the defined authentication methods are performed The only exception is the default method list which by coincidence is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be queried to authenticate a user You can designate one or mo...

Страница 75: ...t situations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual method the authentication algorithm tries The additional methods of authentication are used only if the previous method returns an error not if it fails Select one of these methods local Use the local username data...

Страница 76: ... acct port port number specify the UDP destination port for accounting requests Optional For timeout seconds specify the time interval that the access point waits for the RADIUS server to reply before retransmitting The range is 1 to 1000 This setting overrides the radius server timeout global configuration command setting If no timeout is set with the radius server host command the setting of the...

Страница 77: ...s available to a user When AAA authorization is enabled the access point uses information retrieved from the user s profile which is in the local user database or on the security server to configure the user s session The user is granted access to a requested service only if the information in the user profile allows it You can use the aaa authorization global configuration command with the radius...

Страница 78: ...1 configure terminal Enter global configuration mode Step 2 aaa authorization network radius Configure the access point for user RADIUS authorization for all network related service requests Step 3 aaa authorization exec radius Configure the access point for user RADIUS authorization to determine if the user has privileged EXEC access The exec keyword might return user profile information such as ...

Страница 79: ...trolling Access Point Access with RADIUS section on page 6 7 Local authentication and authorization for more information see the Configuring the Access Point for Local Authentication and Authorization section on page 6 12 For more information about SSH refer to the Configuring Secure Shell section in the Cisco IOS Security Configuration Guide for Release 12 2 Step 6 username name privilege level p...

Страница 80: ...s configuration information Understanding the System Clock page 6 14 Understanding Network Time Protocol page 6 15 Configuring NTP page 6 16 Configuring Time and Date Manually page 6 24 Understanding the System Clock The heart of the time service is the system clock This clock runs from the moment the system starts up and keeps track of the date and time The system clock can then be set from these...

Страница 81: ...own as associations are usually statically configured each device is given the IP address of all devices with which it should form associations Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an association However in a LAN environment NTP can be configured to use IP broadcast messages instead This alternative reduces configuration complexity because e...

Страница 82: ...ands are not available This section contains this configuration information Default NTP Configuration page 6 17 Configuring NTP Authentication page 6 17 Configuring NTP Associations page 6 19 Configuring NTP Broadcast Service page 6 20 Configuring NTP Access Restrictions page 6 21 Configuring the Source IP Address for NTP Packets page 6 23 Displaying the NTP Configuration page 6 24 Catalyst 3550 s...

Страница 83: ...n Disabled No authentication key is specified NTP peer or server associations None configured NTP broadcast service Disabled no interface sends or receives NTP broadcast packets NTP access restrictions No access control is specified NTP packet source IP address The source address is determined by the outgoing interface Command Purpose Step 1 configure terminal Enter global configuration mode Step ...

Страница 84: ...vices providing authentication key 42 in the device s NTP packets AP config ntp authenticate AP config ntp authentication key 42 md5 aNiceKey AP config ntp trusted key 42 Step 4 ntp trusted key key number Specify one or more key numbers defined in Step 3 that a peer NTP device must provide in its NTP packets for this access point to synchronize to it By default no trusted keys are defined For key ...

Страница 85: ...inal Enter global configuration mode Step 2 ntp peer ip address version number key keyid source interface prefer or ntp server ip address version number key keyid source interface prefer Configure the access point system clock to synchronize a peer or to be synchronized by a peer peer association or Configure the access point system clock to be synchronized by a time server server association No p...

Страница 86: ... in privileged EXEC mode follow these steps to configure the access point to send NTP broadcast packets to peers so that they can synchronize their clock to the access point To disable the interface from sending NTP broadcast packets use the no ntp broadcast interface configuration command This example shows how to configure an interface to send NTP version 2 packets AP config interface gigabiteth...

Страница 87: ...l NTP access on two levels as described in these sections Creating an Access Group and Assigning a Basic IP Access List page 6 22 Disabling NTP Services on a Specific Interface page 6 23 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface id Enter interface configuration mode and specify the interface to receive NTP broadcast packets Step 3 ntp broa...

Страница 88: ...only serve peer access list number Create an access group and apply a basic IP access list The keywords have these meanings query only Allows only NTP control queries serve only Allows only time requests serve Allows time requests and NTP control queries but does not allow the access point to synchronize to the remote device peer Allows time requests and NTP control queries and allows the access p...

Страница 89: ...ervices are enabled on all interfaces by default Beginning in privileged EXEC mode follow these steps to disable NTP packets from being received on an interface To re enable receipt of NTP packets on an interface use the no ntp disable interface configuration command Configuring the Source IP Address for NTP Packets When the access point sends an NTP packet the source IP address is normally set to...

Страница 90: ...e for Release 12 1 Configuring Time and Date Manually If no other source of time is available you can manually configure the time and date after the system is restarted The time remains accurate until the next system restart We recommend that you use manual configuration only as a last resort If you have an outside source to which the access point can synchronize you do not need to manually set th...

Страница 91: ... has been set by a timing source such as NTP the flag is set If the time is not authoritative it is used only for display purposes Until the clock is authoritative and the authoritative flag is set the flag prevents peers from synchronizing to the clock when the peers time is invalid The symbol that precedes the show clock display has this meaning Time is not authoritative blank Time is authoritat...

Страница 92: ...ommand is clock timezone AST 3 30 To set the time to UTC use the no clock timezone global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock timezone zone hours offset minutes offset Set the time zone The access point keeps internal time in universal time coordinated UTC so this command is used only for display purposes and when the time is...

Страница 93: ...0 AP config clock summer time PDT recurring 1 Sunday April 2 00 last Sunday October 2 00 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock summer time zone recurring week day month hh mm week day month hh mm offset Configure summer time to start and end on the specified days every year Summer time is disabled by default If you specify clock summer time zone rec...

Страница 94: ...and end on April 26 2001 at 02 00 AP config clock summer time pdt date 12 October 2000 2 00 26 April 2001 2 00 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock summer time zone date month date year hh mm month date year hh mm offset or clock summer time zone date date month year hh mm date month year hh mm offset Configure summer time to start on the first dat...

Страница 95: ...this configuration information Default System Name and Prompt Configuration page 6 29 Configuring a System Name page 6 29 Understanding DNS page 6 30 Default System Name and Prompt Configuration The default access point system name and prompt is ap Configuring a System Name Beginning in privileged EXEC mode follow these steps to manually configure a system name When you set the system name it is a...

Страница 96: ...map domain names to IP addresses you must first identify the host names specify the name server that is present on your network and enable the DNS This section contains this configuration information Default DNS Configuration page 6 30 Setting Up DNS page 6 30 Displaying the DNS Configuration page 6 31 Default DNS Configuration Table 6 3 shows the default DNS configuration Setting Up DNS Beginning...

Страница 97: ...nnected terminals at login and is useful for sending messages that affect all network users such as impending system shutdowns The login banner also displays on all connected terminals It is displayed after the MOTD banner and before the login prompts Note For complete syntax and usage information for the commands used in this section refer to the Cisco IOS Configuration Fundamentals Command Refer...

Страница 98: ...ing and ending delimiter AP config banner motd This is a secure site Only authorized users are allowed For access contact technical support AP config This example shows the banner displayed from the previous configuration Unix telnet 172 2 5 4 Trying 172 2 5 4 Connected to 172 2 5 4 Escape character is This is a secure site Only authorized users are allowed For access contact technical support Com...

Страница 99: ...lar sign symbol as the beginning and ending delimiter AP config banner login Access for authorized users only Please enter your username and password AP config Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 banner login c message c Specify the login message For c enter the delimiting character of your choice such as a pound sign and press the Return key The delimi...

Страница 100: ...6 34 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 6 Administering the Access Point Creating a Banner ...

Страница 101: ...ng Radio Channel Settings page 7 6 Enabling and Disabling World Mode page 7 7 Disabling and Enabling Short Radio Preambles page 7 7 Configuring Transmit and Receive Antennas page 7 8 Disabling and Enabling Aironet Extensions page 7 9 Configuring the Ethernet Encapsulation Transformation Method page 7 10 Enabling and Disabling Reliable Multicast to Workgroup Bridges page 7 10 Enabling and Disabling...

Страница 102: ...ure your access point as a root device that is connected to the wired LAN or as a repeater non root device that is not connected to the wired LAN Figure 7 1 shows a root access point and a repeater access point Figure 7 1 Root and Repeater Access Points Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the...

Страница 103: ...es Basic this is the default state for all data rates Allows transmission at this rate for all packets both unicast and multicast At least one of the access point s data rates must be set to Basic Enabled The access point transmits only unicast packets at this rate multicast packets are sent at one of the data rates set to Basic Disabled The access point does not transmit data at this rate Note At...

Страница 104: ...e set to basic This example shows how to set up the access point for 11 Mbps service only ap1100 configure terminal ap1100 config interface dot11radio 0 ap1100 config if no speed basic 11 0 ap1100 config if end Data rate 11 is set to basic and the rest of the data rates are set to disabled Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter...

Страница 105: ...ower level on associated client devices Aironet extensions are enabled by default Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 power local 1 5 20 30 50 100 maximum Set the transmit power to one of the power levels allowed in your regulatory domain All settings are in mW Note...

Страница 106: ...site survey however we recomend that you assign a static channel setting for each access point Beginning in privileged EXEC mode follow these steps to set the access point s radio network role and fallback role Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 channel frequency l...

Страница 107: ...ta at the head of a packet that contains information that the access point and client devices need when sending and receiving packets You can set the radio preamble to long or short Short A short preamble improves throughput performance Cisco Aironet Wireless LAN Client Adapters support short preambles Early models of Cisco Aironet s Wireless LAN Adapter PC4800 and PC4800A require long preambles L...

Страница 108: ...t s back panel the right antenna is on the right Left If your access point has removeable antennas and you install a high gain antenna on the access point s left connector you should use this setting for both receive and transmit When you look at the access point s back panel the left antenna is on the left Beginning in privileged EXEC mode follow these steps to select the antennas the access poin...

Страница 109: ... the initialization vector IV in encrypted packets to calculate the WEP key Repeater mode Aironet extensions must be enabled on repeater access points and on the root access points to which they associate World mode Client devices with world mode enabled receive carrier set information from the access point and adjust their settings automatically Limiting the power level on associated client devic...

Страница 110: ...e device means that the access point reliably delivers multicast packets including Address Resolution Protocol ARP packets to the workgroup bridge The performance cost of reliable multicast delivery duplication of each multicast packet sent to each workgroup bridge limits the number of infrastructure devices including workgroup bridges that can associate to the access point To increase beyond 20 t...

Страница 111: ...ed explanation of bridge groups and instructions for implementing them in this document Cisco IOS Bridging and IBM Networking Configuration Guide Release 12 2 Click this link to browse to the Configuring Transparent Bridging chapter http www cisco com univercd cc td doc product software ios122 122cgcr fibm_c bcfpart1 bcftb htm You can also enable and disable PSPF using the web browser interface Th...

Страница 112: ...d can detect only the access point and not each other You can enter a setting ranging from 0 to 2339 bytes Maximum RTS Retries is the maximum number of times the access point issues an RTS before stopping the attempt to send the packet over the radio Enter a value from 1 to 128 The default RTS threshold is 2312 and the default maximum RTS retries setting is 32 Beginning in privileged EXEC mode fol...

Страница 113: ... interference The default setting is 2338 bytes Beginning in privileged EXEC mode follow these steps to configure the fragmentation threshold Use the no form of the command to reset the setting to defaults Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 packet retries value Set...

Страница 114: ...7 14 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 7 Configuring Radio Settings Configuring the Fragmentation Threshold ...

Страница 115: ...nfiguration Guide OL 2851 01 8 Configuring Multiple SSIDs This chapter describes how to configure and manage multiple service set identifiers SSIDs on the access point This chapter contains these sections Understanding Multiple SSIDs page 8 2 Configuring Multiple SSIDs page 8 2 ...

Страница 116: ... SSID Proxy mobile IP RADIUS accounting for traffic using the SSID Guest mode Repeater mode including authentication username and password If you want the access point to allow associations from client devices that do not specify an SSID in their configurations you can set up a guest SSID The access point includes the guest SSID in its beacon The access point s default SSID tsunami is set to guest...

Страница 117: ...eater mode Set the username and password on the SSID that the repeater access point uses to associate to a root access point or with another repeater Step 5 accounting list name Optional Enable RADIUS accounting for this SSID For list name specify the accounting method list Click this link for more information on method lists http www cisco com univercd cc td doc product software ios 122 122cgcr f...

Страница 118: ...ed on the access point 2 The client begins RADIUS authentication 3 The RADIUS server returns a list of SSIDs that the client is allowed to use The access point checks the list for a match of the SSID used by the client There are three possible outcomes a If the SSID that the client used to associate to the access point matches an entry in the allowed list returned by the RADIUS server the client i...

Страница 119: ...he supported option has vendor type 1 which is named cisco avpair The Radius server is allowed to have zero or more SSID VSAs per client In this example the following AV pair adds the SSID batman to the list of allowed SSIDs for a user cisco avpair ssid batman For instructions on configuring the access point to recognize and use VSAs see the Configuring the Access Point to Use Vendor Specific RADI...

Страница 120: ...8 6 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 8 Configuring Multiple SSIDs Configuring Multiple SSIDs ...

Страница 121: ...01 9 Configuring WEP and WEP Features This chapter describes how to configure Wired Equivalent Privacy WEP Message Integrity Check MIC Temporal Key Integrity Protocol TKIP and broadcast key rotation This chapter contains these sections Understanding WEP page 9 2 Configuring WEP and WEP Features page 9 2 ...

Страница 122: ... authentication types Three additional security features defend your wireless network s WEP keys Message Integrity Check MIC MIC prevents attacks on encrypted packets called bit flip attacks During a bit flip attack an intruder intercepts an encrypted message alters it slightly and retransmits it and the receiver accepts the retransmitted message as legitimate The MIC implemented on both the acces...

Страница 123: ... configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 encryption vlan vlan id key 1 4 size 40 128 encryption key transmit key Create a WEP key and set up its properties Optional Select the VLAN for which you want to create a key Name the key slot in which this WEP key resides You can assign up to 4 WEP keys for each VLAN Enter the key a...

Страница 124: ...on vlan vlan id mode wep optional key hash mandatory mic key hash Enable WEP MIC and TKIP Optional Select the VLAN for which you want to enable WEP and WEP features Set the WEP level and enable TKIP and MIC If you enter optional client devices can associate to the access point with or without WEP enabled You can enable TKIP with WEP set to optional but you cannot enable MIC If you enter mandatory ...

Страница 125: ... Configuring Authentication Types This chapter describes how to configure authentication types on the access point This chapter contains these sections Understanding Authentication Types page 10 2 Configuring Authentication Types page 10 6 Matching Access Point and Client Device Authentication Types page 10 9 ...

Страница 126: ... the Network page 10 5 Combining MAC Based EAP and Open Authentication page 10 5 Open Authentication to the Access Point Open authentication allows any device to authenticate and then attempt to communicate with the access point Using open authentication any wireless device can authenticate with the access point but the device can communicate only if its WEP keys match the access point s Devices n...

Страница 127: ...t can authenticate and communicate Figure 10 2 Sequence for Shared Key Authentication EAP Authentication to the Network This authentication type provides the highest level of security for your wireless network By using the Extensible Authentication Protocol EAP to interact with an EAP compatible RADIUS server the access point helps a wireless client device and the RADIUS server to perform mutual a...

Страница 128: ... the logon session During the logon session the RADIUS server encrypts and sends the WEP key called a session key over the wired LAN to the access point The access point encrypts its broadcast key with the session key and sends the encrypted broadcast key to the client which uses the session key to decrypt it The client and access point activate WEP and use the session and broadcast WEP keys for a...

Страница 129: ...SID section on page 10 6 for instructions on enabling MAC based authentication Figure 10 4 shows the authentication sequence for MAC based authentication Figure 10 4 Sequence for MAC Based Authentication Combining MAC Based EAP and Open Authentication You can set up the access point to authenticate client devices using a combination of MAC based and EAP authentication When you enable this feature ...

Страница 130: ...lt SSID on the access point is tsunami Table 10 1 shows the default authentication settings for the default SSID Assigning Authentication Types to an SSID Beginning in privileged EXEC mode follow these steps to configure authentication types for SSIDs Table 10 1 Default Authentication Configuration Feature Default Setting SSID tsunami Guest Mode SSID tsunami The access point broadcasts this SSID i...

Страница 131: ...C or EAP authentication clients that successfully complete either authentication are allowed to join the network Optional Set the SSID s authentication type to open with EAP authentication The access point forces all client devices to perform EAP authentication before they are allowed to join the network For list name specify the authentication method list Note An access point configured for EAP a...

Страница 132: ...ation type for the SSID to Network EAP Using the Extensible Authentication Protocol EAP to interact with an EAP compatible RADIUS server the access point helps a wireless client device and the RADIUS server to perform mutual authentication and derive a dynamic unicast WEP key However the access point does not force all client devices to perform EAP authentication Optional Set the SSID s authentica...

Страница 133: ...e forcing an authenticated client to reauthenticate Optional Enter the server keyword to configure the access point to use the rauthentication period specified by the authentication server If you use this option configure your authentication server with RADIUS attribute 27 Session Timeout This attribute sets the maximum number of seconds of service to be provided to the client before termination o...

Страница 134: ...d enable Use Static WEP Keys in ACU and select Enable network access control using IEEE 802 1X and MD5 Challenge as the EAP Type in Windows 2000 with Service Pack 3 or Windows XP Set up and enable WEP and enable EAP and Open authentication If using Windows XP to configure card Select Enable network access control using IEEE 802 1X and MD5 Challenge as the EAP Type Set up and enable WEP and enable ...

Страница 135: ...ss control using IEEE 802 1X and SIM Authentication as the EAP Type in Windows 2000 with Service Pack 3 or Windows XP Set up and enable WEP with full encryption and enable EAP and Open authentication If using Windows XP to configure card Select Enable network access control using IEEE 802 1X and SIM Authentication as the EAP Type Set up and enable WEP with full encryption and enable Require EAP an...

Страница 136: ...10 12 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 10 Configuring Authentication Types Matching Access Point and Client Device Authentication Types ...

Страница 137: ...exible administrative control over authentication and authorization processes RADIUS is facilitated through AAA and can be enabled only through AAA commands Note For complete syntax and usage information for the commands used in this section refer to the Cisco IOS Security Command Reference for Release 12 2 This section contains this configuration information Understanding RADIUS page 11 2 RADIUS ...

Страница 138: ...control system In one case RADIUS has been used with Enigma s security cards to validate users and to grant access to network resources Networks already using RADIUS You can add a Cisco access point containing a RADIUS client to the network Networks that require resource accounting You can use RADIUS accounting independently of RADIUS authentication or authorization The RADIUS accounting functions...

Страница 139: ...o an individual desktop The client loads this key and prepares to use it for the logon session During the logon session the RADIUS server encrypts and sends the WEP key called a session key over the wired LAN to the access point The access point encrypts its broadcast key with the session key and sends the encrypted broadcast key to the client which uses the session key to decrypt it The client an...

Страница 140: ...DIUS server before configuring RADIUS features on your access point This section contains this configuration information Default RADIUS Configuration page 11 4 Identifying the RADIUS Server Host page 11 4 required Configuring RADIUS Login Authentication page 11 7 required Defining AAA Server Groups page 11 9 optional Configuring RADIUS Authorization for User Privileged Access and Network Services ...

Страница 141: ... security commands you must specify the host running the RADIUS server daemon and a secret text key string that it shares with the access point The timeout retransmission and encryption key values can be configured globally per server for all RADIUS servers or in some combination of global and per server settings To apply these settings globally to all RADIUS servers communicating with the access ...

Страница 142: ...s server timeout command is used Optional For retransmit retries specify the number of times a RADIUS request is resent to a server if that server is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit global configuration command is used Optional For key string specify the authenti...

Страница 143: ...ethod list which by coincidence is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be queried to authenticate a user You can designate one or more security protocols to be used for authentication thus ensuring a backup system for authenti...

Страница 144: ...rns an error not if it fails Select one of these methods line Use the line password for authentication You must define a line password before you can use this authentication method Use the password password line configuration command local Use the local username database for authentication You must enter username information in the database Use the username password global configuration command ra...

Страница 145: ...P address and UDP port number allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service If you configure two different host entries on the same RADIUS server for the same service such as accounting the second configured host entry acts as a fail over backup to the first one You use the server group server configuration command to associate a particular se...

Страница 146: ...tween the access point and the RADIUS daemon running on the RADIUS server Note The key is a text string that must match the encryption key used on the RADIUS server Always configure the key as the last item in the radius server host command Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enclose the key in quotation marks unless ...

Страница 147: ...onfig sg radius exit AP config aaa group server radius group2 AP config sg radius server 172 20 0 1 auth port 2000 acct port 2001 AP config sg radius exit Configuring RADIUS Authorization for User Privileged Access and Network Services AAA authorization limits the services available to a user When AAA authorization is enabled the access point uses information retrieved from the user s profile whic...

Страница 148: ... method1 global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 aaa authorization network radius Configure the access point for user RADIUS authorization for all network related service requests Step 3 aaa authorization exec radius Configure the access point for user RADIUS authorization to determine if the user has privileged EXEC access The ...

Страница 149: ...used between the access point and all RADIUS servers Note The key is a text string that must match the encryption key used on the RADIUS server Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enclose the key in quotation marks unless the quotation marks are part of the key Step 3 radius server retransmit retries Specify the numbe...

Страница 150: ...SAs For a complete list of RADIUS attributes or more information about VSA 26 refer to the RADIUS Attributes appendix in the Cisco IOS Security Configuration Guide for Release 12 2 Configuring the Access Point for Vendor Proprietary RADIUS Server Communication Although an IETF draft standard for RADIUS specifies a method for communicating vendor proprietary information between the access point and...

Страница 151: ... server host 172 20 30 15 nonstandard AP config radius server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration use the show running config privileged EXEC command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 radius server host hostname ip address non standard Specify the IP address or host name of the remote RADIUS server host a...

Страница 152: ...11 16 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 11 Configuring RADIUS Servers Displaying the RADIUS Configuration ...

Страница 153: ... 01 12 Configuring VLANs This chapter describes how to configure your access point to operate with the VLANs set up on your wired LAN These sections describe how to configure your access point to support VLANs Understanding VLANs page 12 2 Configuring VLANs page 12 4 VLAN Configuration Example page 12 7 ...

Страница 154: ...main The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group for each VLAN VLANs provide the segmentation services traditionally provided by routers in LAN configurations VLANs address scalability security and network management You should consider several key issues when designing and building ...

Страница 155: ...gn Guide Click this link to browse to this document http www cisco com univercd cc td doc cisintwk idg4 index htm Cisco Internetworking Technology Handbook Click this link to browse to this document http www cisco com univercd cc td doc cisintwk ito_doc index htm Cisco Internetworking Troubleshooting Guide Click this link to browse to this document http www cisco com univercd cc td doc cisintwk it...

Страница 156: ...tiple access points would have to be employed to serve classes of users based on the access and permissions they were assigned These are two common strategies for deploying wireless VLANs Segmentation by user groups You can segment your wireless LAN user community and enforce a different security policy for each user group For example you can create three wired and wireless VLANs in an enterprise ...

Страница 157: ... consist of up to 32 alphanumeric characters SSIDs are case sensitive Note You use the ssid command s authentication options to configure an authentication type for each SSID See Chapter 10 Configuring Authentication Types for instructions on configuring authentication types Step 4 vlan vlan id Optional Assign the SSID to a VLAN on your network Client devices that associate using the SSID are grou...

Страница 158: ...s assigned to the VLAN specified by the SSID mapped locally on the access point These are the RADIUS user attributes used for vlan id assignment Each attribute must have a common Tag value to identify the grouped relationship IETF 64 Tunnel Type Set this attribute to VLAN IETF 65 Tunnel Medium Type Set this attribute to 802 IETF 81 Tunnel Private Group ID Set this attribute to vlan id Viewing VLAN...

Страница 159: ... other student related activities Students are allowed to join the network using static WEP In this scenario a minimum of three VLAN connections are required one for each level of access Because the access point can handle up to 16 SSIDs you can use the basic design shown in Table 12 1 Managers configure their wireless client adapters to use SSID boss faculty members configure their clients to use...

Страница 160: ...1100 config subif encapsulation dot1Q 1 native ap1100 config subif exit ap1100 config interface FastEthernet0 2 ap1100 config subif encapsulation dot1Q 2 ap1100 config subif bridge group 2 ap1100 config subif exit ap1100 config interface FastEthernet0 3 ap1100 config subif encapsulation dot1Q 3 ap1100 config subif bridge group 3 ap1100 config subif exit ap1100 config interface Dot11Radio0 1 ap1100...

Страница 161: ...roup 1 bridge group 1 subscriber loop control bridge group 1 block unknown source no bridge group 1 source learning no bridge group 1 unicast flooding bridge group 1 spanning disabled interface Dot11Radio0 2 encapsulation dot1Q 2 no ip route cache no cdp enable bridge group 2 bridge group 2 subscriber loop control bridge group 2 block unknown source no bridge group 2 source learning no bridge grou...

Страница 162: ...12 10 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 12 Configuring VLANs VLAN Configuration Example ...

Страница 163: ...out QoS the access point offers best effort service to each packet regardless of the packet contents or size It sends the packets without any assurance of reliability delay bounds or throughput Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco Aironet 1100 Series Access Point Command Reference for this release This chapter consists of these sec...

Страница 164: ... MQC class map for matching clauses They do not construct internal DSCP values they only support mapping by assigning IP DSCP Precedence or Protocol values to L2 COS values They carry out EDCF like queuing on the radio egress port only They do only FIFO queueing on the Ethernet egress port They support only 802 1Q P tagged packets Access points do not support ISL They support only MQC policy map s...

Страница 165: ...bled switch or router that has already classified the packets with non zero 802 1Q P user_priority values the access point uses that classification and does not apply other QoS policy rules to the packets An existing classification takes precedence over all other policies on the access point 2 QoS Element for Wireless Phones setting If you enable the QoS Element for Wireless Phones setting traffic...

Страница 166: ...wser Interface This section describes configuring QoS using the web browser interface For a list of IOS commands for configuring QoS using the CLI consult the Cisco Aironet 1100 Series Access Point Command Reference Follow these steps to browse to the command reference 1 Click this link to browse to the Cisco Aironet documentation home page http www cisco com univercd cc td doc product wireless in...

Страница 167: ...eate Edit Policy field type a name for the QoS policy in the Policy Name entry field The name can contain up to 25 alphanumeric characters Do not include spaces in the policy name Step 4 If the packets that you need to prioritize contain IP precedence information in the IP header TOS field select an IP precedence classification from the IP Precedence drop down menu Menu selections include Routine ...

Страница 168: ...ntrol 7 Step 6 Click the Add button beside the Class of Service menu for IP Precedence The classification appears in the Classifications field To delete a classification select it and click the Delete button beside the Classifications field Step 7 If the packets that you need to prioritize contain IP DSCP precedence information in the IP header TOS field select an IP DSCP classification from the I...

Страница 169: ... all packets on a VLAN use the Apply Class of Service drop down menu to select the class of service that the access point will apply to all packets on a VLAN The access point matches all packets with your class of service selection Step 13 Click the Add button beside the Class of Service menu for Default classification for packets on the VLAN The classification appears in the Classifications field...

Страница 170: ...n Window fields and in the Slot Time fields are based on settings recommended in IEEE Draft Standard 802 11e For detailed information on these values consult that standard We strongly recommend that you use the default settings on the Radio Traffic Classes page Changing these values can lead to unexpected blockages of traffic on your wireless LAN and the blockages might be difficult to diagnose If...

Страница 171: ... Traffic Classes page Figure 13 4 Radio Traffic Classes Page Table 13 1 Default QoS Radio Traffic Class Definitions Class of Service Min Contention Window Max Contention Window Fixed Slot Time Best Effort 5 10 2 Background 6 10 3 Spare 5 10 3 Excellent Effort 5 10 2 Controlled Load 4 10 2 Video 100ms Latency 4 8 2 Voice 100ms Latency 2 8 2 Network Control 3 8 2 ...

Страница 172: ...oritizing for Voice Traffic This section demonstrates how you can apply a QoS policy to your wireless network s voice VLAN to give priority to wireless phone traffic In this example the network administrator creates a policy named voice_policy that applies voice class of service to traffic from Spectralink phones protocol 119 packets The user applies the voice_policy to the incoming and outgoing r...

Страница 173: ... 01 Chapter 13 Configuring QoS QoS Configuration Examples Figure 13 5 QoS Policies Page for Voice Example The network administrator also enables the QoS element for wireless phones setting on the QoS Policies Advanced page This setting gives priority to all voice traffic regardless of VLAN ...

Страница 174: ...y a QoS policy to a VLAN on your network dedicated to video traffic In this example the network administrator creates a policy named video_policy that applies video class of service to video traffic The user applies the video_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port for VLAN 87 Figure 13 6 shows the administrator s QoS Policies page Figure 13 6 QoS Policies...

Страница 175: ...ion and Configuration Guide OL 2851 01 14 Configuring Proxy Mobile IP This chapter describes how to configure your access point s proxy mobile IP feature This chapter contains these sections Understanding Proxy Mobile IP page 14 2 Configuring Proxy Mobile IP page 14 6 ...

Страница 176: ...e IP addresses are in the 209 165 200 x range The guest client device keeps its 192 95 5 2 IP address and the access point forwards its packets through a Mobile IP enabled router across the Internet to a router on the client s home network Access points with proxy mobile IP enabled attempt to provide proxy service for any client device that associates and does not perform the following Does not is...

Страница 177: ... the point of attachment for the visiting client device when it is on your network delivering packets from the home agent to the visiting client Figure 14 1 shows the five participating devices Figure 14 1 Participating Devices in Proxy Mobile IP How Proxy Mobile IP Works The proxy mobile IP process has four main phases These sections describe each phase Agent Discovery page 14 3 Subnet Map Exchan...

Страница 178: ...s use the subnet map table to determine the IP address of the visiting client s home agent When an access point boots up or when proxy mobile IP is first enabled on an access point it obtains its own home agent information using the agent discovery mechanism It sends this information to another access point called an authoritative access point AAP The AAP is an access point that is responsible for...

Страница 179: ...e home agent then sends a registration reply to the visiting client through the foreign agent because the registration request was received through the foreign agent The foreign agent checks the validity of the registration reply including ensuring that an associated registration request exists in its pending list If the registration reply is valid the foreign agent adds the visiting client to its...

Страница 180: ...oreign Authentication Extension and the Foreign Home Authentication Extension are appended to protect message exchanges between a visiting client and foreign agent and between a foreign agent and home agent respectively Replay protection uses the identification field in the registration messages as a timestamp and sequence number The home agent returns its time stamp to synchronize the visiting cl...

Страница 181: ...ng Proxy Mobile IP on Your Access Point Beginning in privileged EXEC mode follow these steps to configure proxy mobile IP on your access point Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 ip proxy mobile enable Enable proxy mobile IP on the access point Step 3 ip proxy mobile aap ip address ip address ip address Designate the access points that serve as the auth...

Страница 182: ...e dot11radio 0 ap1100 config if ip proxy mobile ap1100 config if ssid tsunami ap1100 config if ssid ip proxy mobile ap1100 config if ssid exit ap1100 config if exit ap1100 config interface bvi1 ap1100 config if ip proxy mobile ap1100 config if ssid end Step 7 exit Return to global config mode Step 8 interface dot11radio 0 Enter interface configuration mode for the radio port Step 9 ip proxy mobile...

Страница 183: ...Filters This chapter describes how to configure and manage MAC address IP and Ethertype filters on the access point using the web browser interface This chapter contains these sections Understanding Filters page 15 2 Configuring Filters Using the CLI page 15 2 Configuring Filters Using the Web Browser Interface page 15 2 ...

Страница 184: ...S Bridging and IBM Networking Configuration Guide Release 12 2 Click this link to browse to the Configuring Transparent Bridging chapter http www cisco com univercd cc td doc product software ios122 122cgcr fibm_c bcfpart1 bcftb htm Catalyst 4908G L3 Cisco IOS Release 12 0 10 W5 18e Software Feature and Configuration Guide Click this link to browse to the Command Reference chapter http www cisco c...

Страница 185: ... Click Services in the page navigation bar 2 In the Services page list click Filters 3 On the Apply Filters page click the MAC Address Filters tab at the top of the page Creating a MAC Address Filter Follow these steps to create a MAC address filter Step 1 Follow the link path to the MAC Address Filters page Step 2 If you are creating a new MAC address filter make sure NEW the default is selected ...

Страница 186: ...ilter s default action must be the opposite of the action for at least one of the addresses in the filter For example if you enter several addresses and you select Block as the action for all of them you must choose Forward All as the filter s default action Tip You can create a list of allowed MAC addresses on an authentication server on your network Consult the Configuring Authentication Types s...

Страница 187: ...n the access point reboots or when the clients associate with another access point Configuring and Enabling IP Filters IP filters IP address IP protocol and IP port prevent or allow the use of specific protocols through the access point s Ethernet and radio ports and IP address filters allow or prevent the forwarding of unicast and multicast packets either sent from or addressed to specific IP add...

Страница 188: ...he Services page list click Filters 3 On the Apply Filters page click the IP Filters tab at the top of the page Creating an IP Filter Follow these steps to create an IP filter Step 1 Follow the link path to the IP Filters page Step 2 If you are creating a new filter make sure NEW the default is selected in the Create Edit Filter Index menu To edit an existing filter select the filter name from the...

Страница 189: ...s point Step 9 To filter an IP protocol select one of the commmon protocols from the IP Protocol drop down menu or select the Custom radio button and enter the number of an existing ACL in the Custom field Enter an ACL number from 0 to 255 See Appendix E Protocol Filters for a list of IP protocols and their numeric designators Step 10 Select Forward or Block from the Action menu Step 11 Click Add ...

Страница 190: ...orts and to either or both incoming and outgoing packets Step 18 Click Apply The filter is enabled on the selected ports Configuring and Enabling Ethertype Filters Ethertype filters prevent or allow the use of specific protocols through the access point s Ethernet and radio ports You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and ...

Страница 191: ...a new filter make sure NEW the default is selected in the Create Edit Filter Index menu To edit an existing filter select the filter number from the Create Edit Filter Index menu Step 3 In the Filter Index field name the filter with a number from 200 to 299 The number you assign creates an access control list ACL for the filter Step 4 Enter an Ethertype number in the Add Ethertype field See Append...

Страница 192: ... as the action for all of them you must choose Forward All as the filter s default action Step 9 Click Apply The filter is saved on the access point but it is not enabled until you apply it on the Apply Filters page Step 10 Click the Apply Filters tab to return to the Apply Filters page Figure 15 6 shows the Apply Filters page Figure 15 6 Apply Filters Page Step 11 Select the filter number from on...

Страница 193: ...our access point Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco Aironet 1100 Series Access Point Command Reference for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter contains these sections Understanding CDP page 16 2 Configuring CDP page 16 2 Monitoring and Maintaining CDP page 16 4...

Страница 194: ... Configuring the CDP Characteristics page 16 2 Disabling and Enabling CDP page 16 3 Disabling and Enabling CDP on an Interface page 16 4 Default CDP Configuration Table 16 1 lists the default CDP settings Configuring the CDP Characteristics You can configure the CDP holdtime the number of seconds before the access point discards CDP packets and the CDP timer the number of seconds between each CDP ...

Страница 195: ... Beginning in Priveleged Exec mode follow these steps to disable the CDP device discovery capability Beginning in privileged EXEC mode follow these steps to enable CDP when it has been disabled This example shows how to enable CDP if it has been disabled AP configure terminal AP config cdp run AP config end Step 3 cdp timer seconds Optional Set the transmission frequency of CDP updates in seconds ...

Страница 196: ...1 configure terminal Enter global configuration mode Step 2 interface interface id Enter interface configuration mode and enter the interface on which you are disabling CDP Step 3 no cdp enable Disable CDP on an interface Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Optional Save your entries in the configuration file Command Purpose Step 1 configure terminal...

Страница 197: ...524 XL Capabilities Trans Bridge Switch Interface GigabitEthernet0 1 Port ID outgoing port FastEthernet0 10 Holdtime 141 sec show cdp entry entry name protocol version Display information about a specific neighbor You can enter an asterisk to display all CDP neighbors or you can enter the name of the neighbor about which you want information You can also limit the display to information about the ...

Страница 198: ...thernet0 2 is up line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0 3 is administratively down line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0 4 is up line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitE...

Страница 199: ...Configuring CDP Monitoring and Maintaining CDP AP show cdp traffic CDP counters Total packets output 50882 Input 52510 Hdr syntax 0 Chksum error 0 Encaps failed 0 No memory 0 Invalid packet 0 Fragmented 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 50882 Input 52510 ...

Страница 200: ...16 8 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 16 Configuring CDP Monitoring and Maintaining CDP ...

Страница 201: ...MP on your access point Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco Aironet 1100 Series Access Point Command Reference for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Understanding SNMP page 17 2 Configuring SNMP page 17 4 Displaying SNMP Status pa...

Страница 202: ... SNMP Manager Functions page 17 3 SNMP Agent Functions page 17 3 SNMP Community Strings page 17 3 Using SNMP to Access MIB Variables page 17 4 SNMP Versions This software release supports these SNMP versions SNMPv1 The Simple Network Management Protocol a full Internet standard defined in RFC 1157 SNMPv2C which has these features SNMPv2 Version 2 of the Simple Network Management Protocol a draft I...

Страница 203: ... to when a port or module goes up or down when spanning tree topology changes occur and when authentication failures occur SNMP Community Strings SNMP community strings authenticate access to MIB objects and function as embedded passwords In order for the NMS to access the access point the community string definitions on the NMS must match at least one of the three community string definitions on ...

Страница 204: ... gathers data from the MIB The agent can send traps notification of certain events to the SNMP manager which receives and processes the traps Traps are messages alerting the SNMP manager to a condition on the network such as improper user authentication restarts link status up or down MAC address tracking and so forth The SNMP agent also responds to MIB related queries sent by the SNMP manager in ...

Страница 205: ...y one or more of these characteristics associated with the string An access list of IP addresses of the SNMP managers that are permitted to use the community string to gain access to the agent A MIB view which defines the subset of all MIB objects accessible to the given community Read and write or read only permission for the MIB objects accessible to the community Table 17 2 Default SNMP Configu...

Страница 206: ...want authorized management stations to retrieve MIB objects or specify read write rw if you want authorized management stations to retrieve and modify MIB objects By default the community string permits read only access to all objects Optional For access list number enter an IP standard access list numbered from 1 to 99 and 1300 to 1999 Step 3 access list access list number deny permit source sour...

Страница 207: ... them Some notification types cannot be controlled with the snmp server enable global configuration command such as tty and udp port These notification types are always enabled You can use the snmp server host global configuration command to a specific host to receive the notification types listed in Table 17 3 Table 17 3 Notification Types Notification Type Description authenticate fail Enable tr...

Страница 208: ...pecify informs to send SNMP informs to the host Specify the SNMP version to support Version 1 the default is not available with informs Note Though visible in the command line help string the version 3 keyword SNMPv3 is not supported For community string specify the string to send with the notification operation Though you can set this string using the snmp server host command we recommend that yo...

Страница 209: ...ion does not cause the access point to send any traps AP config snmp server community public This example shows how to permit any SNMP manager to access all objects with read only permission using the community string public The access point also sends config traps to the hosts 192 180 1 111 and 192 180 1 33 using SNMPv1 and to the host 192 180 1 27 using SNMPv2C The community string public is sen...

Страница 210: ...ricted The first line enables the access point to send Entity MIB traps in addition to any traps previously enabled The second line specifies the destination of these traps and overwrites any previous snmp server host commands for the host cisco com AP config snmp server enable traps entity AP config snmp server host cisco com restricted entity This example shows how to enable the access point to ...

Страница 211: ...tandby Access Points This chapter descibes how to configure your access point as a hot standby unit or as a repeater unit This chapter contains these sections Understanding Repeater Access Points page 18 2 Configuring a Repeater Access Point page 18 3 Understanding Hot Standby page 18 7 Configuring a Hot Standby Access Point page 18 7 ...

Страница 212: ...t the end of the repeater chain will be quite low Because each repeater must receive and then re transmit each packet on the same channel throughput is cut in half for each repeater you add to the chain A repeater access point associates to the access point with which it has the best connectivity However you can specify the access point to which the repeater associates Setting up a static specific...

Страница 213: ... a Repeater Configuring a Repeater Access Point This section provides instructions for setting up an access point as a repeater and includes these sections Default Configuration page 18 4 Guidelines for Repeaters page 18 4 Setting Up a Repeater page 18 4 Verifying Repeater Operation page 18 5 Setting Up a Repeater as a LEAP Client page 18 6 Access Point Repeater 86302 Wired LAN Access Point Root U...

Страница 214: ...ss point as a repeater Table 18 1 Default Settings for Role in Wireless LAN Feature Default Setting Station role Root Parent none Extensions Aironet Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 ssid ssid string Create the SSID that the repeater uses to associate to a root ac...

Страница 215: ...status LED on the repeater access point is steady green when it is associated with the root access point and the repeater has client devices associated to it The repeater s status LED flashes steady green for 7 8 of a second and off for 1 8 of a second when it is associated with the root access point but the repeater has no client devices associated to it The repeater access point should also appe...

Страница 216: ... Enter interface configuration mode for the radio interface Step 3 ssid ssid string Create an SSID and enter SSID configuration mode for the new SSID The SSID can consist of up to 32 alphanumeric characters SSIDs are case sensitive Step 4 authentication network eap list name Enable LEAP authentication on the repeater so that LEAP enabled client devices cxan authenticate through the repeater For li...

Страница 217: ...oint malfunctions and the standby access point takes its place repeat the hot standby setup on the standby access point when you repair or replace the monitored access point The standby access point does not revert to standby mode automatically Configuring a Hot Standby Access Point When you set up the standby access point you must enter the MAC address of the access point that the standby unit wi...

Страница 218: ...SID as an infrastructure SSID The standby uses this SSID to associate to the monitored access point If the standby access point takes the place of the monitored access point infrastructure devices must associate to the standby access point using this SSID unless you also enter the optional keyword Step 6 exit Exit SSID configuration mode and return to radio interface configuration mode Step 7 iapp...

Страница 219: ...ve upload and download software images Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco Aironet 1100 Series Access Point Command Reference for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Working with the Flash File System page 19 2 Working with Configurati...

Страница 220: ...tory page 19 4 Creating and Removing Directories page 19 4 Copying Files page 19 5 Deleting Files page 19 5 Creating Displaying and Extracting tar Files page 19 6 Displaying the Contents of a File page 19 8 Displaying Available File Systems To display the available file systems on your access point use the show file systems privileged EXEC command as shown in this example ap show file systems File...

Страница 221: ...ntain a configuration file with the same name Similarly before copying a Flash configuration file to another location you might want to verify its filename for use in another command Type Type of file system flash The file system is for a Flash memory device network The file system is for a network device nvram The file system is for a nonvolatile RAM NVRAM device opaque The file system is a local...

Страница 222: ...files on a file system show file information file url Display information about a specific file show file descriptors Display a list of open file descriptors File descriptors are the internal representations of open files You can use this command to see if another user has a file open Command Purpose Step 1 dir filesystem Display the directories on the specified file system For filesystem use flas...

Страница 223: ...he NVRAM section of Flash memory to be used as the configuration during system initialization Network file system URLs include ftp rcp and tftp and have the following syntax File Transfer Protocol FTP ftp username password location directory filename Remote Copy Protocol RCP rcp username location directory filename Trivial File Transfer Protocol TFTP tftp location directory filename Local writable...

Страница 224: ... EXEC command archive tar create destination url flash file url For destination url specify the destination URL alias for the local or network file system and the name of the tar file to create These options are supported For the local Flash file system the syntax is flash file url For the File Transfer Protocol FTP the syntax is ftp username password location directory tar filename tar For the Re...

Страница 225: ...21 6 EA1 html foo html 0 bytes c3550 i5q3l2 mz 121 6 EA1 c3550 i5q3l2 mz 121 6 EA1 bin 610856 bytes c3550 i5q3l2 mz 121 6 EA1 info 219 bytes info ver 219 bytes This example shows how to display only the c3550 i5q3l2 mz 121 6 EA1 html directory and its contents ap archive tar table flash c3550 tv0 m tar c3550 i5q3l2 mz 121 6 EA1 html c3550 i5q3l2 mz 121 6 EA1 html directory c3550 i5q3l2 mz 121 6 EA...

Страница 226: ...t contains a minimal default running configuration for interacting with the system software You can copy download configuration files from a TFTP FTP or RCP server to the running configuration of the access point for various reasons To restore a backed up configuration file To use the configuration file for another access point For example you might add another access point to your network and wan...

Страница 227: ...ftp system running config privileged EXEC command loads the configuration files on the access point as if you were entering the commands at the command line The access point does not erase the existing running configuration before adding the commands If a command in the copied configuration file replaces a command in the existing configuration file the existing command is erased For example if the...

Страница 228: ...figuration files you create download from another access point or download from a TFTP server You can copy upload configuration files to a TFTP server for storage This section includes this information Preparing to Download or Upload a Configuration File by Using TFTP page 19 10 Downloading the Configuration File by Using TFTP page 19 11 Uploading the Configuration File by Using TFTP page 19 11 Pr...

Страница 229: ...figured by referring to the Preparing to Download or Upload a Configuration File by Using TFTP section on page 19 10 Step 3 Log into the access point through a Telnet session Step 4 Download the configuration file from the TFTP server to configure the access point Specify the IP address or host name of the TFTP server and the name of the file to download Use one of these privileged EXEC commands c...

Страница 230: ...ord in this list The password specified in the copy command if a password is specified The password set by the ip ftp password password global configuration command if the command is configured The access point forms a password named username apname domain The variable username is the username associated with the current session apname is the configured host name and domain is the domain of the ac...

Страница 231: ...he FTP server it must be properly configured to accept the write request from the user on the access point For more information refer to the documentation for your FTP server Downloading a Configuration File by Using FTP Beginning in privileged EXEC mode follow these steps to download a configuration file by using FTP This example shows how to copy a configuration file named host1 confg from the n...

Страница 232: ...File by Using FTP Beginning in privileged EXEC mode follow these steps to upload a configuration file by using FTP This example shows how to copy the running configuration file named ap2 confg to the netadmin1 directory on the remote host with an IP address of 172 16 101 101 ap copy system running config ftp netadmin1 mypass 172 16 101 101 ap2 confg Write file ap2 confg on host 172 16 101 101 conf...

Страница 233: ...ying a file from one place to another you must have read permission on the source file and write permission on the destination file If the destination file does not exist RCP creates it for you The RCP requires a client to send a remote username with each RCP request to a server When you copy a configuration file from the access point to a server the Cisco IOS software sends the first valid userna...

Страница 234: ...h a Telnet session and you have a valid username this username is used and you do not need to set the RCP username Include the username in the copy command if you want to specify a username for only that copy operation When you upload a file to the RCP server it must be properly configured to accept the RCP write request from the user on the access point For UNIX systems you must add an entry to t...

Страница 235: ...255 255 172 16 101 101 Name of configuration file rtr2 confg host2 confg Configure using host2 confg from 172 16 101 101 confirm Connected to 172 16 101 101 Loading 1112 byte file host2 confg OK OK ap SYS 5 CONFIG_NV Non volatile store configured from host2 config by rcp from 172 16 101 101 Uploading a Configuration File by Using RCP Beginning in privileged EXEC mode follow these steps to upload a...

Страница 236: ... configuration from Flash memory use the delete flash filename privileged EXEC command Depending on the setting of the file prompt global configuration command you might be prompted for confirmation before you delete a file By default the access point prompts for confirmation on destructive file operations For more information about the file prompt command refer to the Cisco IOS Command Reference ...

Страница 237: ...e version number A subdirectory contains the HTML files needed for web management The image is stored on the system board Flash memory flash You can use the show version privileged EXEC command to see the software version that is currently running on your access point In the display check the line that begins with System image file is It shows the directory name in Flash memory where the image is ...

Страница 238: ...pd p s tftpboot Make sure that the etc services file contains this line tftp 69 udp Note You must restart the inetd daemon after modifying the etc inetd conf and etc services files To restart the daemon either stop the inetd process and restart it or enter a fastboot command on the SunOS 4 x or a reboot command on Solaris 2 x or SunOS 5 x For more information on the TFTP daemon refer to the docume...

Страница 239: ...g into the access point through a Telnet session Step 3 archive download sw overwrite reload tftp location directory image name Download the image file from the TFTP server to the access point and overwrite the current image The overwrite option overwrites the software image in Flash with the downloaded image The reload option reloads the system after downloading the image unless the configuration...

Страница 240: ...ete force recursive filesystem file url privileged EXEC command For filesystem use flash for the system board Flash device For file url enter the directory name of the old image All the files in the directory and the directory are removed Uploading an Image File by Using TFTP You can upload an image from the access point to a TFTP server You can later download this image to the access point or to ...

Страница 241: ...al configuration command if the command is configured Anonymous The access point sends the first valid password in this list The password specified in the archive download sw or archive upload sw privileged EXEC command if a password is specified The password set by the ip ftp password password global configuration command if the command is configured The access point forms a password named userna...

Страница 242: ...you upload an image file to the FTP server it must be properly configured to accept the write request from the user on the access point For more information refer to the documentation for your FTP server Downloading an Image File by Using FTP You can download a new image file and overwrite the current image or keep the current image Caution For the download and upload algorithms to operate properl...

Страница 243: ...the downloaded image The reload option reloads the system after downloading the image unless the configuration has been changed and not saved For username password specify the username and password these must be associated with an account on the FTP server For more information see the Preparing to Download or Upload an Image File by Using FTP section on page 19 23 For location specify the IP addre...

Страница 244: ...evice For file url enter the directory name of the old software image All the files in the directory and the directory are removed Uploading an Image File by Using FTP You can upload an image from the access point to an FTP server You can later download this image to the same access point or to another access point of the same type Caution For the download and upload algorithms to operate properly...

Страница 245: ... hosts and the access point Unlike TFTP which uses User Datagram Protocol UDP a connectionless protocol RCP uses TCP which is connection oriented To use RCP to copy files the server from or to which you will be copying files must support RCP The RCP copy commands rely on the rsh server or daemon on the remote system To copy files by using RCP you do not need to create a server for file distributio...

Страница 246: ...pports the remote shell rsh Ensure that the access point has a route to the RCP server The access point and the server must be in the same subnetwork if you do not have a router to route traffic between subnets Check connectivity to the RCP server by using the ping command If you are accessing the access point through a Telnet session and you do not have a valid username make sure that the current...

Страница 247: ...ps 1 through 6 to download a new image from an RCP server and overwrite the existing image To keep the current image skip Step 6 Command Purpose Step 1 Verify that the RCP server is properly configured by referring to the Preparing to Download or Upload an Image File by Using RCP section on page 19 27 Step 2 Log into the access point through a Telnet session Step 3 configure terminal Enter global ...

Страница 248: ...changed and not saved For username specify the username For the RCP copy request to execute successfully an account must be defined on the network server for the remote username For more information see the Preparing to Download or Upload an Image File by Using RCP section on page 19 27 For location specify the IP address of the RCP server For directory image name tar specify the directory optiona...

Страница 249: ...command For filesystem use flash for the system board Flash device For file url enter the directory name of the old software image All the files in the directory and the directory are removed Uploading an Image File by Using RCP You can upload an image from the access point to an RCP server You can later download this image to the same access point or to another access point of the same type Cauti...

Страница 250: ...later or Netscape Navigator version 4 x Step 2 Enter the access point s IP address in the browser address line and press Enter An Enter Network Password screen appears Step 3 Enter your username in the User Name field Step 4 Enter the access point password in the Password field and press Enter The Summary Status page appears Step 5 Click the System Software tab and then click Software Upgrade The ...

Страница 251: ...nd press Enter An Enter Network Password screen appears Step 3 Enter your username in the User Name field Step 4 Enter the access point password in the Password field and press Enter The Summary Status page appears Step 5 Click the System Software tab and then click Software Upgrade The HTTP Upgrade screen appears Step 6 Click the TFTP Upgrade tab Step 7 Enter the IP address for the TFTP server in...

Страница 252: ...19 34 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 19 Managing Firmware and Configurations Working with Software Images ...

Страница 253: ...em message logging on your access point Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Understanding System Message Logging page 20 2 Configuring System Message Logging page 20 2 Displaying the Logging Configuration page 20 11 ...

Страница 254: ...or by saving them to a properly configured syslog server The access point software saves syslog messages in an internal buffer You can remotely monitor system messages by accessing the access point through Telnet or by viewing the logs on a syslog server Configuring System Message Logging This section describes how to configure system message logging It contains this configuration information Syst...

Страница 255: ...ence number only if the service sequence numbers global configuration command is configured For more information see the Enabling and Disabling Sequence Numbers in Log Messages section on page 20 6 timestamp formats mm dd hh mm ss or hh mm ss short uptime or d h long uptime Date and time of the message or event This information appears only if the service timestamps log datetime log global configu...

Страница 256: ... command output The logging synchronous global configuration command also affects the display of messages to the console When this command is enabled messages appear only after you press Return For more information see the Enabling and Disabling Timestamps on Log Messages section on page 20 6 To re enable message logging after it has been disabled use the logging on global configuration command Ti...

Страница 257: ...gging buffered size level Log messages to an internal buffer The default buffer size is 4096 The range is 4096 to 2147483647 bytes Levels include emergencies 0 alerts 1 critical 2 errors 3 warnings 4 notifications 5 informational 6 and debugging 7 Note Do not make the buffer size too large because the access point could run out of memory for other tasks Use the show memory privileged EXEC command ...

Страница 258: ...sly refer to a single message By default sequence numbers in log messages are not displayed Beginning in privileged EXEC mode follow these steps to enable sequence numbers in log messages To disable sequence numbers use the no service sequence numbers global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 service timestamps log uptime or servi...

Страница 259: ...vel keywords It also lists the corresponding UNIX syslog definitions from the most severe level to the least severe level Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 logging console level Limit messages logged to the console By default the console receives debugging messages and numerically lower levels see Table 20 3 on page 20 7 Step 3 logging monitor level L...

Страница 260: ...ry table You can also change the number of messages that are stored in the history table Messages are stored in the history table because SNMP traps are not guaranteed to reach their destination By default one message of the level warning and numerically lower levels see Table 20 3 on page 20 7 are stored in the history table even if syslog traps are not enabled Beginning in privileged EXEC mode f...

Страница 261: ...exempt from the limit Beginning in privileged EXEC mode follow these steps to enable a logging rate limit To disable the rate limit use the no logging rate limit global configuration command Configuring UNIX Syslog Servers The next sections describe how to configure the 4 3 BSD UNIX server syslog daemon and define the UNIX system logging facility Step 5 show running config Verify your entries Step...

Страница 262: ...is level or at a more severe level to the file specified in the next field The file must already exist and the syslog daemon must have permission to write to it Step 2 Create the log file by entering these commands at the UNIX shell prompt touch usr adm log cisco log chmod 666 usr adm log cisco log Step 3 Make sure the syslog daemon reads the new changes by entering this command kill HUP cat etc s...

Страница 263: ...out the fields in this display refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 To display the logging history file use the show logging history privileged EXEC command Step 4 logging facility facility type Configure the syslog facility See Table 20 4 on page 20 11 for facility type keywords The default is local7 Step 5 end Return to privileged EXEC mode Step 6 ...

Страница 264: ...20 12 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Chapter 20 Configuring System Message Logging Displaying the Logging Configuration ...

Страница 265: ...cess point For the most up to date detailed troubleshooting information refer to the Cisco TAC website at the following URL select Top Issues and then select Wireless Technologies http www cisco com tac Sections in this chapter include Checking the Top Panel Indicators page 21 2 Checking Basic Settings page 21 4 Resetting to the Default Configuration page 21 4 Reloading the Access Point Image page...

Страница 266: ...the wired LAN or Ethernet infrastructure This indicator is normally green when an Ethernet cable is connected and blinks green when a packet is received or transmitted over the Ethernet infrastructure The indicator is off when the Ethernet cable is not connected The status indicator signals operational status Steady green indicates that the access point is associated with at least one wireless cli...

Страница 267: ... the unit s SSID and WEP settings Operating status Green Blinking green Transmitting receiving radio packets Green Ethernet link is operational Blinking green Transmitting receiving Ethernet packets Boot Loader Errors Red Red DRAM memory test failure Red Red File system failure Red Red Ethernet failure during image recovery Amber Green Amber Boot environment error Red Green Red No IOS image file A...

Страница 268: ...guring WEP and WEP Features for instructions on setting the access point s WEP keys Security Settings Wireless clients attempting to authenticate with your access point must support the same security options configured in the access point such as EAP or LEAP MAC address authentication Message Integrity Check MIC WEP key hashing and 802 1X protocol versions If a wireless client is unable to authent...

Страница 269: ...address set to receive an IP address using DHCP Using the Web Browser Interface Follow the steps below to delete the current configuration and return all access point settings to the factory defaults using the web browser interface Step 1 Open your Internet browser You must use Microsoft Internet Explorer version 5 x or later or Netscape Navigator version 4 x Step 2 Enter the access point s IP add...

Страница 270: ... resets all configuration settings to factory defaults including passwords WEP keys the access point IP address and SSIDs Follow the steps below to reload the access point image file Step 1 The PC you intend to use must be configured with a static IP address in the range of 10 0 0 2 to 10 0 0 30 Step 2 Make sure the PC contains the access point image file c1100 k9w7 tar default in the TFTP server ...

Страница 271: ...access point password in the Password field and press Enter The Summary Status page appears Step 5 Click the System Software tab and then click Software Upgrade The HTTP Upgrade screen appears Step 6 Click the Browse button to locate the image file on your PC Step 7 Click the Upload button For additional information click the Help icon on the Software Upgrade screen Browser TFTP Interface The TFTP...

Страница 272: ... Access Point Image File The access point image file can be obtained from the Cisco com software center using the following steps Step 1 Use your Internet browser to access the Cisco Software Center at the following URL http www cisco com public sw center sw wireless shtml Step 2 Locate the access point firmware and utilities section and click on the link for the 1100 series access point Step 3 Do...

Страница 273: ... safety warnings that appear in this publication These translated warnings apply to other documents in which they appear in English The following safety warnings appear in this appendix Dipole Antenna Installation Warning page A 2 Explosive Device Proximity Warning page A 3 Lightning Activity Warning page A 4 Installation Warning page A 5 Circuit Breaker 15A Warning page A 5 ...

Страница 274: ...te personne Warnung Um die in den FCC Richtlinien festgelegten Expositionshöchstgrenzen für Radiofrequenzen RF nicht zu überschreiten sollten Dipolantennen mindestens 20 cm 7 9 Zoll vom Körper aller Person entfernt aufgestellt werden Avvertenza Per conformarsi ai limiti FCC di esposizione a radiofrequenza RF le antenne a dipolo devono stare ad una distanza minima di 20 cm dal corpo di ogni persona...

Страница 275: ... été modifié à cet effet Warnung Benutzen Sie Ihr drahtloses Netzwerkgerät nicht in der Nähe ungeschützter Sprengkapseln oder anderer explosiver Stoffe es sei denn Ihr Gerät wurde eigens für diesen Gebrauch modifiziert und bestimmt Avvertenza Non utilizzare la periferica di rete senza fili in prossimità di un detonatore non protetto o di esplosivi a meno che la periferica non sia stata modificata ...

Страница 276: ...pas travailler sur le système ni brancher ou débrancher les câbles pendant un orage Warnung Arbeiten Sie nicht am System und schließen Sie keine Kabel an bzw trennen Sie keine ab wenn es gewittert Avvertenza Non lavorare sul sistema o collegare oppure scollegare i cavi durante un temporale con fulmini Advarsel Utfør aldri arbeid på systemet eller koble kabler til eller fra systemet når det tordner...

Страница 277: ...nvisningarna innan du kopplar systemet till dess strömförsörjningsenhet Warning This product relies on the building s installation for short circuit overcurrent protection Ensure that a fuse or circuit breaker no larger than 120 VAC 15A U S 240 VAC 10A international is used on the phase conductors all current carrying conductors Waarschuwing Dit produkt is afhankelijk van de installatie van het ge...

Страница 278: ...eskyttelse overstrøm Kontroller at det brukes en sikring eller strømbryter som ikke er større enn 120 VAC 15 A USA 240 VAC 10 A internasjonalt på faselederne alle strømførende ledere Aviso Este produto depende das instalações existentes para protecção contra curto circuito sobrecarga Assegure se de que um fusível ou disjuntor não superior a 240 VAC 10A é utilizado nos condutores de fase todos os c...

Страница 279: ...n for the Cisco Aironet 1100 Series Access Points This appendix contains the following sections Manufacturers Federal Communication Commission Declaration of Conformity Statement page B 2 Department of Communications Canada page B 2 European Community Switzerland Norway Iceland and Liechtenstein page B 3 Declaration of Conformity for RF Exposure page B 4 Guidelines for Operating Cisco Aironet Acce...

Страница 280: ...nvironment This equipment generates uses and radiates radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference However there is no guarantee that interference will not occur If this equipment does cause interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to co...

Страница 281: ...tion of Conformity with Regard to the R TTE Directive 1999 5 EC English This equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Deutsch Dieses Gerät entspricht den grundlegenden Anforderungen und den weiteren entsprecheneden Vorgaben der Richtlinie 1999 5 EU Dansk Dette udstyr er i overensstemmelse med de væsentlige krav og andre relevan...

Страница 282: ...e Combinations of power levels and antennas resulting in a radiated power level of above 100 mW eirp are considered as not compliant with the above mentioned directive and are not allowed for use within the European community and countries that have adopted the European R TTE directive 1999 5 EC and or the CEPT recommendation Rec 70 03 For more details on legal combinations of power levels and ant...

Страница 283: ...as industrial scientific and medical devices such as microwave ovens and mobile object identification RF ID systems licensed premises radio stations and unlicensed specified low power radio stations used in factory production lines 1 Before using this equipment make sure that no premises radio stations or specified low power radio stations of RF ID are used in the vicinity 2 If this equipment caus...

Страница 284: ...net 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Appendix B Declarations of Conformity and Regulatory Information Guidelines for Operating Cisco Aironet Access Points and Bridges in Japan ...

Страница 285: ...OL 2851 01 A P P E N D I X C Channels and Antenna Settings This appendix lists the access point radio channels and the maximum power levels supported by the world s regulatory domains The following topics are covered in this appendix Channels page C 2 Maximum Power Levels page C 3 ...

Страница 286: ...to 650mW EIRP Users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of Mexico Note France is included in the ETSI regulatory domain however channels 1 through 9 can be used with up to 10 mW EIRP and channels 10 through 13 can be used with up to 100mW EIRP Users are responsible for ensuring that the channel set configuration is in compl...

Страница 287: ...an be used with up to 10mW EIRP and channels 10 through 13 can be used with up to 100mW EIRP Users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of France Note Mexico is included in the Americas regulatory domain however channels 1 through 8 are for indoor use only while channels 9 through 13 can be used indoors and outdoors with up ...

Страница 288: ...C 4 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Appendix C Channels and Antenna Settings Maximum Power Levels ...

Страница 289: ...ns mounting instructions for the access point and contains the following topics Overview page D 2 Mounting on a Horizontal or Vertical Surface page D 3 Mounting on a Suspended Ceiling page D 4 Using the Security Hasp Adapter page D 6 Mounting on a Cubical Wall Partition page D 7 Using the Desktop Holster page D 8 Using the Cable Lock Feature page D 9 ...

Страница 290: ...a Kensington lock Notebook Microstar model number 64068 which you must provide to make the access point more secure when you mount it using any of the mounting options You can use the security hasp adapter provided by Cisco to secure the access point with a padlock when you use the wall or ceiling mounting bracket The security hasp adapter provides maximum physical security for your access point A...

Страница 291: ... the mounting holes You can use any of the 10 holes around the periphery three of which are identified in the illustration of the bracket to mount it using the supplied 8 fasteners Step 2 Drill one of the following sized holes at the locations you marked 3 16 in 4 7 mm if you are using wall anchors 3 32 in 2 3 mm if you are not using wall anchors Step 3 Install the anchors into the wall if you are...

Страница 292: ...ling mounting bracket to adjust the distance between the caddy fasteners so that they align with the holes in the bracket The distance between the caddy fastener studs is 2 5 in 6 35 cm Step 4 Use a standard screwdriver to tighten the caddy fastener studs in place on the T rail Do not overtighten Step 5 Install a plastic spacer on each caddy fastener stud The spacer s legs should contact the ceili...

Страница 293: ...ix D Mounting Instructions Mounting on a Suspended Ceiling Step 8 Line up the mounting slots on the access point with the mounting rail on the wall or ceiling mounting bracket and slide it down the mounting rails until it clicks into place See Figure D 3 Figure D 3 Access Point Mounting Slots 81224 ...

Страница 294: ...g bracket follow these steps to secure it with a padlock Master Lock model 120T 121T or equivalent Step 1 Connect the Ethernet cable and power jack Step 2 Insert the T shaped tab on the security hasp adapter into the Kensington lock slot on the access point See Figure D 4 Figure D 4 Security Hasp Adapter Step 3 Rotate the adapter to engage it with the security hasp The hole in the adapter should b...

Страница 295: ...s point on Step 3 Assemble the cubical partition mounting bracket by sliding the two pieces together You can use either the short or long part of the bracket to obtain the proper fit to the partition wall The bracket is adjustable from 2 125 in 5 39 cm to 4 25 in 10 79 cm Step 4 Connect the Ethernet and power cables Step 5 Line up the mounting slots on the access point with the mounting rails on t...

Страница 296: ...er Step 1 Select a suitable location to place the holster Step 2 Connect the Ethernet and power cables If you are going to secure the access point with a Kensington lock attach it now Step 3 Position the holster so that its back side is facing you Step 4 Insert the access point into the holster while guiding the cables so that they do not interfere with the sides of the holster You will hear a cli...

Страница 297: ...ty cable Follow these steps to install the security cable Note Cisco recommends using a Kensington Notebook Microstar model number 64068 to secure your access point Step 1 Loop the security cable around a nearby immovable object Step 2 Insert the key into the lock Step 3 Insert the lock into the security slot on the access point Step 4 Rotate the key right or left to secure the lock to the access ...

Страница 298: ...D 10 Cisco Aironet 1100 Series Access Point Installation and Configuration Guide OL 2851 01 Appendix D Mounting Instructions Using the Cable Lock Feature ...

Страница 299: ... of the protocols that you can filter on the access point The tables include Table E 1 Ethertype Protocols Table E 2 IP Protocols Table E 3 IP Port Protocols In each table the Protocol column lists the protocol name the Additional Identifier column lists other names for the same protocol and the ISO Designator column lists the numeric designator for each protocol ...

Страница 300: ...rkeley Trailer Negotiation 0x1000 LAN Test 0x0708 X 25 Level3 X 25 0x0805 Banyan 0x0BAD CDP 0x2000 DEC XNS XNS 0x6000 DEC MOP Dump Load 0x6001 DEC MOP MOP 0x6002 DEC LAT LAT 0x6004 Ethertalk 0x809B Appletalk ARP Appletalk AARP 0x80F3 IPX 802 2 0x00E0 IPX 802 3 0x00FF Novell IPX old 0x8137 Novell IPX new IPX 0x8138 EAPOL old 0x8180 EAPOL new 0x888E Telxon TXP TXP 0x8729 Aironet DDP DDP 0x872D Enet ...

Страница 301: ...SO Designator dummy 0 Internet Control Message Protocol ICMP 1 Internet Group Management Protocol IGMP 2 Transmission Control Protocol TCP 6 Exterior Gateway Protocol EGP 8 PUP 12 CHAOS 16 User Datagram Protocol UDP 17 XNS IDP IDP 22 ISO TP4 TP4 29 ISO CNLP CNLP 80 Banyan VINES VINES 83 Encapsulation Header encap_hdr 98 Spectralink Voice Protocol SVP Spectralink 119 raw 255 ...

Страница 302: ...quote 17 Message Send Protocol msp 18 ttytst source chargen 19 FTP Data ftp data 20 FTP Control 21 ftp 21 Secure Shell 22 ssh 22 Telnet 23 Simple Mail Transport Protocol SMTP mail 25 time timserver 37 Resource Location Protocol RLP 39 IEN 116 Name Server name 42 whois nicname 43 43 Domain Name Server DNS domain 53 MTP 57 BOOTP Server 67 BOOTP Client 68 TFTP 69 gopher 70 rje netrjs 77 finger 79 Hyp...

Страница 303: ...news nntp 119 Network Time Protocol ntp 123 NETBIOS Name Service netbios ns 137 NETBIOS Datagram Service netbios dgm 138 NETBIOS Session Service netbios ssn 139 Interim Mail Access Protocol v2 Interim Mail Access Protocol IMAP2 143 Simple Network Management Protocol SNMP 161 SNMP Traps snmp trap 162 ISO CMIP Management Over IP CMIP Management Over IP cmip man CMOT 163 ISO CMIP Agent Over IP cmip a...

Страница 304: ...er 515 talk 517 ntalk 518 route RIP 520 timeserver timed 525 newdate tempo 526 courier RPC 530 conference chat 531 netnews 532 netwall wall 533 UUCP Daemon UUCP uucpd 540 Kerberos rlogin klogin 543 Kerberos rsh kshell 544 rfs_server remotefs 556 Kerberos kadmin kerberos adm 749 network dictionary webster 765 SUP server supfilesrv 871 swat for SAMBA swat 901 SUP debugging supfiledbg 1127 ingreslock...

Страница 305: ... SNMPv2 This appendix contains these sections MIB List page F 1 Using FTP to Access the MIB Files page F 2 MIB List IEEE802dot11 MIB Q BRIDGE MIB P BRIDGE MIB CISCO DOT11 IF MIB CISCO WLAN VLAN MIB CISCO IETF DOT11 QOS MIB CISCO IETF DOT11 QOS EXT MIB CISCO DOT11 ASSOCIATION MIB CISCO L2 DEV MONITORING MIB CISCO DDP IAPP MIB CISCO IP PROTOCOL FILTER MIB CISCO SYSLOG EVENT EXT MIB CISCO TBRIDGE DEV...

Страница 306: ...NMPv2 MIB SNMPv2 SMI SNMPv2 TC Using FTP to Access the MIB Files Follow these steps to obtain each MIB file by using FTP Step 1 Use FTP to access the server ftp cisco com Step 2 Log in with the username anonymous Step 3 Enter your e mail username when prompted for the password Step 4 At the ftp prompt change directories to pub mibs v1 or pub mibs v2 Step 5 Use the get MIB_filename command to obtai...

Страница 307: ... in H 10 4 cm W x 3 8 cm D x 20 6 cm H Status Indicators Three indicators on the top panel Ethernet traffic Status Radio traffic Connectors End panel left to right RJ 45 connector for 10 100 BASE T Ethernet connections power connector for plug in AC power module Input Voltage 48 VDC nominal Operational up to 60 VDC Voltage higher than 60 VDC can damage the unit Input Current 150 mA Operating Tempe...

Страница 308: ...th DOC regulations Complies with the following EN 300 328 FCC Part 15 107 and 15 109 Class B ICES 003 Class B Canada EN 55022 Class B AS NZS 3548 Class B VCCI Class B EN 301 489 1 and 17 UL 60950 CSA 22 2 No 60950 EN 60950 IEC 60950 VCCI FCC Part 15 247 RSS 210 RSS 139 1 UL 2043 and others see Appendix B The 1100 Series access point provides adequate fire resistance and low smoke producing charact...

Страница 309: ...grade of the software failed Copy the error message exactly as it appears and report it to your technical support representative SW_AUTO_UPGRADE 7 FAILURE boot_file_pathent creation failed Auto upgrade of the software failed due to error in creation of pathent internal data structure Copy the error message exactly as it appears and report it to your technical support representative Association Man...

Страница 310: ...d the access point PMIP 3 REG_HA_FAIL Mobile Node 10 4 1 3 registration failed due to Home Agent denial When a Mobile node MN moves to a foreign network the access point registers the MN to its Home Agent This message indicates that the registration was denied by the Home Agent Make sure the correct authentication information is configured on the Home Agent the Foreign Agent and the access point P...

Страница 311: ...he wrong firmware version was found The radio will be loaded with the required version None DOT11 2 VERSION_INVALID Unable to find required radio version hex int When trying to reflash the radio firmware the access point recognized that the radio firmware packaged with the IOS firmware had the incorrect version None DOT11 4 NO_SSID No SSIDs configured radio not started All SSIDs were deleted from ...

Страница 312: ...s reported Reason chars A station has reported a potential rogue access point for the stated reason None SCHED 3 UNEXPECTEDMESSAGE Unknown message hex received ptr arg hex num arg hex A process can register to be notified when various events occur in the router This message indicates that a process received a message from another process that it does not know how to handle Copy the error message e...

Страница 313: ...hentication types Network EAP 10 3 open 10 2 shared key 10 3 authoritative time source described 6 15 authorization with RADIUS 6 11 11 11 B Back button 4 4 banners configuring login 6 33 message of the day login 6 32 default configuration 6 32 when displayed 6 31 basic settings checking 21 4 broadcast key rotation 9 1 C Cancel button 4 4 CDP disabling for routing device 16 4 enabling and disablin...

Страница 314: ... copying 19 5 system contact and location information 17 9 types and location 19 9 uploading preparing 19 10 19 13 19 16 reasons for 19 8 using FTP 19 14 using RCP 19 17 using TFTP 19 11 connections secure remote 6 13 connectors G 1 G 2 crypto software image 6 13 D data rates G 2 daylight saving time 6 27 declarations of conformity B 1 default configuration resetting 21 5 default commands 5 3 defa...

Страница 315: ...ng command entry 5 4 setting the display destination device 20 5 severity levels 20 7 system message format 20 2 Ethernet indicator 21 2 extended temperature range 2 3 F fallback role 7 3 FCC Declaration of Conformity B 2 FCC Safety Compliance 2 2 files copying 19 5 deleting 19 5 displaying the contents of 19 8 tar creating 19 6 displaying the contents of 19 6 extracting 19 7 image file format 19 ...

Страница 316: ...tion mode 5 2 IP address finding and setting 3 9 IPSU 3 8 ISO designators for protocols E 1 K key features 1 2 L LEAP authentication setting on client and access point 10 9 LED indicators Ethernet 21 2 radio traffic 21 2 status 21 2 limiting client power level 7 5 login authentication with RADIUS 6 8 11 7 login banners 6 31 log messages See system message logging M MAC 3 9 3 10 management options ...

Страница 317: ...encrypting 6 4 overview 6 2 setting enable 6 3 enable secret 6 4 with usernames 6 5 PEAP authentication setting on client and access point 10 10 power connecting 2 5 injector 2 5 input G 1 output G 2 power level maximum C 3 preferential treatment of traffic See QoS preventing unauthorized access 6 2 privileged EXEC mode 5 2 privilege levels exiting 6 7 logging into 6 7 overview 6 2 6 6 setting a c...

Страница 318: ...e See RADIUS Remote Copy Protocol See RCP repeater chain of access points 18 2 restricting access NTP services 6 21 overview 6 2 passwords and privilege levels 6 2 RADIUS 6 7 11 1 RFC 1157 SNMPv1 17 2 1305 NTP 6 15 1901 SNMPv2C 17 2 1902 to 1907 SNMPv2 17 2 RF exposure B 4 roaming 1 5 rotation broadcast key 9 1 S safety warnings translated A 1 secure remote connections 6 13 Secure Shell See SSH se...

Страница 319: ... NTP 6 15 summer time 6 27 syslog See system message logging system clock configuring daylight saving time 6 27 manually 6 25 summer time 6 27 time zones 6 26 displaying the time and date 6 25 overview 6 14 See also NTP system message logging default configuration 20 3 defining error message severity levels 20 7 disabling 20 4 displaying the configuration 20 11 enabling 20 4 facility keywords desc...

Страница 320: ...s 17 7 overview 17 2 17 4 troubleshooting 21 1 with CiscoWorks 17 4 with system message logging 20 2 U UNIX syslog servers daemon configuration 20 10 facilities supported 20 11 message logging configuration 20 10 unpacking 2 3 upgrading software images See downloading uploading configuration files preparing 19 10 19 13 19 16 reasons for 19 8 using FTP 19 14 using RCP 19 17 using TFTP 19 11 image f...

Отзывы:

Нет отзывов