manualshive.com logo in svg

Cisco Aironet 1400 Series, Руководство пользователя программного обеспечения

Поделиться
Скачать
Cisco Aironet 1400 Series Скачать руководство пользователя страница 57

 

5-5

Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide

OL-4059-01

Chapter 5      Administering the Bridge

Protecting Access to Privileged EXEC Commands

If both the enable and enable secret passwords are defined, users must enter the enable secret password.

Use the 

level

 keyword to define a password for a specific privilege level. After you specify the level and 

set a password, give the password only to users who need to have access at this level. Use the 

privilege 

level

 global configuration command to specify commands accessible at various levels. For more 

information, see the 

“Configuring Multiple Privilege Levels” section on page 5-6

.

If you enable password encryption, it applies to all passwords including username passwords, 
authentication key passwords, the privileged command password, and console and virtual terminal line 
passwords.

To remove a password and level, use the 

no enable password

 [

level

 

level

] or 

no enable secret 

[

level

 

level

] global configuration command. To disable password encryption, use the 

no service 

password-encryption

 global configuration command.

This example shows how to configure the encrypted password 

$1$FaD0$Xyti5Rkls3LoyxzS8

 for 

privilege level 2:

bridge(config)# 

enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8

Configuring Username and Password Pairs

You can configure username and password pairs, which are locally stored on the bridge. These pairs are 
assigned to lines or interfaces and authenticate each user before that user can access the bridge. If you 
have defined privilege levels, you can also assign a specific privilege level (with associated rights and 
privileges) to each username and password pair.

Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication 
system that requests a login username and a password:

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

username

 

name

 [

privilege

 

level

{

password

 

encryption-type

 

password

Enter the username, privilege level, and password for each user.

For 

name

, specify the user ID as one word. Spaces and quotation 

marks are not allowed.

(Optional) For 

level

, specify the privilege level the user has after 

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC 
mode access. Level 1 gives user EXEC mode access.

For 

encryption-type

, enter 0 to specify that an unencrypted password 

will follow. Enter 7 to specify that a hidden password will follow.

For 

password

, specify the password the user must enter to gain access 

to the bridge. The password must be from 1 to 25 characters, can 
contain embedded spaces, and must be the last option specified in the 

username

 command.

Step 3

login local

Enable local password checking at login time. Authentication is based on 
the username specified in Step 2.

Step 4

end

Return to privileged EXEC mode.

Step 5

show running-config

Verify your entries.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Содержание Aironet 1400 Series

Страница 1: ...t Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Cisco Aironet 1400 Series Wireless Bridge Software Configuration Guide Cisco IOS Release 12 2 11 JA June 2003 Text Part Number OL 4059 01 ...

Страница 2: ...HE POSSIBILITY OF SUCH DAMAGES CCDE CCENT CCSI Cisco Eos Cisco Explorer Cisco HealthPresence Cisco IronPort the Cisco logo Cisco Nurse Connect Cisco Pulse Cisco SensorBase Cisco StackPower Cisco StadiumVision Cisco TelePresence Cisco TrustSec Cisco Unified Computing System Cisco WebEx DCE Flip Channels Flip for Good Flip Mino Flipshare Design Flip Ultra Flip Video Flip Video Design Instant Broadba...

Страница 3: ...ssistance Center xix Cisco TAC Website xix Cisco TAC Escalation Center xix Obtaining Additional Publications and Information xx C H A P T E R 1 Overview 1 1 Features 1 2 Management Options 1 2 Network Configuration Examples 1 3 Point to Point Bridging 1 3 Point to Multipoint Bridging 1 4 Redundant Bridging 1 4 C H A P T E R 2 Configuring the Bridge for the First Time 2 1 Before You Start 2 2 Reset...

Страница 4: ...ry Fields 3 4 Using Online Help 3 5 C H A P T E R 4 Using the Command Line Interface 4 1 IOS Command Modes 4 2 Getting Help 4 3 Abbreviating Commands 4 3 Using no and default Forms of Commands 4 3 Understanding CLI Messages 4 4 Using Command History 4 4 Changing the Command History Buffer Size 4 4 Recalling Commands 4 5 Disabling the Command History Feature 4 5 Using Editing Features 4 5 Enabling ...

Страница 5: ...on 5 13 Configuring TACACS Login Authentication 5 13 Configuring TACACS Authorization for Privileged EXEC Access and Network Services 5 14 Displaying the TACACS Configuration 5 15 Configuring the Bridge for Local Authentication and Authorization 5 15 Configuring the Bridge for Secure Shell 5 16 Understanding SSH 5 16 Configuring SSH 5 17 Managing the System Time and Date 5 17 Understanding the Sys...

Страница 6: ...uring the Radio Distance Setting 6 3 Configuring Radio Data Rates 6 3 Configuring Radio Transmit Power 6 4 Configuring Radio Channel Settings 6 5 Disabling and Enabling Aironet Extensions 6 6 Configuring the Ethernet Encapsulation Transformation Method 6 6 Configuring the Beacon Period 6 6 Configuring RTS Threshold and Retries 6 7 Configuring the Maximum Data Retries 6 7 Configuring the Fragmentat...

Страница 7: ...with VLANs 8 12 Displaying Spanning Tree Status 8 14 C H A P T E R 9 Configuring WEP and WEP Features 9 1 Understanding WEP 9 2 Configuring WEP and WEP Features 9 2 Creating WEP Keys 9 2 Enabling and Disabling WEP and Enabling TKIP and MIC 9 3 C H A P T E R 10 Configuring Authentication Types 10 1 Understanding Authentication Types 10 2 Open Authentication to the Bridge 10 2 Shared Key Authenticat...

Страница 8: ...Communication 11 14 Displaying the RADIUS Configuration 11 15 Configuring and Enabling TACACS 11 16 Understanding TACACS 11 16 TACACS Operation 11 17 Configuring TACACS 11 17 Default TACACS Configuration 11 18 Identifying the TACACS Server Host and Setting the Authentication Key 11 18 Configuring TACACS Login Authentication 11 19 Configuring TACACS Authorization for Privileged EXEC Access and Netw...

Страница 9: ...b Browser Interface 14 2 Configuring and Enabling MAC Address Filters 14 3 Creating a MAC Address Filter 14 4 Configuring and Enabling IP Filters 14 5 Creating an IP Filter 14 7 Configuring and Enabling Ethertype Filters 14 8 Creating an Ethertype Filter 14 9 C H A P T E R 15 Configuring CDP 15 1 Understanding CDP 15 2 Configuring CDP 15 2 Default CDP Configuration 15 2 Configuring the CDP Charact...

Страница 10: ...g the Contents of a tar File 17 7 Extracting a tar File 17 7 Displaying the Contents of a File 17 8 Working with Configuration Files 17 8 Guidelines for Creating and Using Configuration Files 17 9 Configuration File Types and Location 17 9 Creating a Configuration File by Using a Text Editor 17 10 Copying Configuration Files by Using TFTP 17 10 Preparing to Download or Upload a Configuration File ...

Страница 11: ...ing RCP 17 29 Uploading an Image File by Using RCP 17 31 Reloading the Image Using the Web Browser Interface 17 32 Browser HTTP Interface 17 32 Browser TFTP Interface 17 32 Reloading the Image Using the Power Injector MODE button 17 33 C H A P T E R 18 Configuring System Message Logging 18 1 Understanding System Message Logging 18 2 Configuring System Message Logging 18 2 System Log Message Format...

Страница 12: ... Button 19 8 Using the Web Browser Interface 19 9 Reloading the Bridge Image 19 9 Using the MODE button 19 9 Web Browser Interface 19 10 Browser HTTP Interface 19 10 Browser TFTP Interface 19 11 Obtaining the Bridge Image File 19 11 Obtaining the TFTP Server Software 19 12 A P P E N D I X A Channels and Antenna Settings A 1 Channels A 2 IEEE 802 11a 5 GHz Band A 2 Maximum Power Levels A 2 5 8 GHz ...

Страница 13: ...vice and Support TechnicalDocuments On the Cisco Product Documentation home page select Release 12 2 from the Cisco IOS Software drop down list This guide also includes an overview of the bridge web based interface which contains all the funtionality of the command line interface CLI This guide does not provide field level descriptions of the web based windows nor does it provide the procedures fo...

Страница 14: ... and flexible administrative control over authentication and authorization processes Chapter 12 Configuring VLANs describes how to configure your bridge to interoperate with the VLANs set up on your wired LAN Chapter 13 Configuring QoS describes how to configure quality of service QoS on your bridge With this feature you can provide preferential treatment to certain traffic at the expense of other...

Страница 15: ...action but could be useful information Note Means reader take note Notes contain helpful suggestions or references to materials not contained in this manual Caution Means reader be careful In this situation you might do something that could result equipment damage or loss of data Warning This warning symbol means danger You are in a situation that could cause bodily injury Before you work on any e...

Страница 16: ...nte delle pratiche standard per la prevenzione di incidenti La traduzione delle avvertenze riportate in questa pubblicazione si trova nell appendice Translated Safety Warnings Traduzione delle avvertenze di sicurezza Advarsel Dette varselsymbolet betyr fare Du befinner deg i en situasjon som kan føre til personskade Før du utfører arbeid på utstyr må du være oppmerksom på de faremomentene som elek...

Страница 17: ... Wireless Outdoor Wireless Cisco Aironet 1400 Series Obtaining Documentation and Submitting a Service Request For information on obtaining documentation submitting a service request and gathering additional information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsn...

Страница 18: ...xviii Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Preface Related Publications ...

Страница 19: ...The bridge is a self contained unit designed for outdoor installations You can connect external antennas to the bridge to attain various antenna gains and coverage patterns The bridge supports both point to point and point to multipoint configurations You can configure and monitor the bridge using the command line interface CLI the browser based management system or Simple Network Management Proto...

Страница 20: ...ect against sophisticated attacks on your wireless network s WEP keys Message Integrity Check MIC and WEP key hashing Enhanced authentication services Set up non root bridges to authenticate to your network like other wireless client devices After you provide a network username and password for the non root bridge it authenticates to your network using LEAP Cisco s wireless authentication method a...

Страница 21: ...ge associates to a root bridge In installation mode the bridge listens for another 1400 series bridge If it does not recognize another bridge the bridge becomes a root bridge If it recognizes another bridge it becomes a non root bridge associated to the bridge it recognizes See Chapter 2 Configuring the Bridge for the First Time for instructions on initial bridge setup Figure 1 1 shows bridges in ...

Страница 22: ...on Figure 1 2 Point to Multipoint Bridge Configuration Note If your bridges connect one or more large flat networks a network containing more than 256 users on the same subnet we recommend that you use a router to connect the bridge to the large flat network Redundant Bridging You can set up two pairs of bridges to add redundancy or load balancing to your bridge link The bridges must use non adjac...

Страница 23: ...figuration Guide OL 4059 01 Chapter 1 Overview Network Configuration Examples Figure 1 3 shows two pairs of redundant bridges Figure 1 3 Redundant Bridge Configuration 88900 Switch on LAN 1 Switch on LAN 2 Root Bridge Non Root Bridge Non Root Bridge Root Bridge ...

Страница 24: ...1 6 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 1 Overview Network Configuration Examples ...

Страница 25: ...but it might be simplest to browse to the bridge s web browser interface to complete the initial configuration and then use the CLI to enter additional settings for a more detailed configuration This chapter contains these sections Before You Start page 2 2 Obtaining and Assigning an IP Address page 2 3 Assigning Basic Settings page 2 4 Protecting Your Wireless LAN page 2 8 Using the IP Setup Util...

Страница 26: ...e MODE button on the long reach power injector Step 1 Disconnect power from the power injector Step 2 Press and hold the MODE button while you reconnect the power cable Step 3 Hold the MODE button until the Status LED on the power injector turns amber approximately 3 to 4 seconds and release the button Wait until the status LED turns green to indicate that the bridge has booted up All bridge setti...

Страница 27: ...to the Associations page on the root bridge to which the non root is associated The non root bridge s MAC address and IP address appear on the root bridge s Associations page Connecting to the Bridge Locally If you need to configure the bridge locally without connecting the bridge to a wired LAN you can connect a PC to the Ethernet port on the long reach power injector using a Category 5 Ethernet ...

Страница 28: ...by rebooting your PC or by entering ipconfig release and ipconfig renew commands in a command prompt window Consult your PC operating instructions for detailed instructions Assigning Basic Settings After you determine or assign the bridge s IP address you can browse to the bridge s Express Setup page and perform an initial configuration Step 1 Open your Internet browser The bridge web browser inte...

Страница 29: ... Software Configuration Guide OL 4059 01 Chapter 2 Configuring the Bridge for the First Time Assigning Basic Settings Figure 2 1 Summary Status Page Step 5 Click Express Setup The Express Setup screen appears Figure 2 2 shows the Express Setup page ...

Страница 30: ...e automatically assigned by your network s DHCP server Static IP The bridge uses a static IP address that you enter in the IP address field IP Address Use this setting to assign or change the bridge s IP address If DHCP is enabled for your network leave this field blank Note If the bridge s IP address changes while you are configuring the bridge using the web browser interface or a Telnet session ...

Страница 31: ...ing Radio Data Rates section on page 6 3 for more information on data rates and throughput Throughput Maximizes the data volume handled by the bridge but might reduce its range When you select Throughput the bridge sets all data rates to basic Range Maximizes the bridge s range but might reduce throughput When you select Range the bridge sets the 6 Mbps rate to basic and the other rates to enabled...

Страница 32: ...IP Setup Utility IPSU enables you to find the bridge s IP address when it has been assigned by a DHCP server You can also use IPSU to set the bridge s IP address and SSID if they have not been changed from the default settings This section explains how to download the utility from Cisco com and install it how to use it to find the bridge s IP address and how to use it to set the IP address and the...

Страница 33: ...se Agreement Step 7 Download and save the file to a temporary directory on your hard drive and then exit the Internet browser Step 8 Double click IPSUvxxxxxx exe in the temporary directory to expand the file Step 9 Double click Setup exe and follow the steps provided by the installation wizard to install IPSU The IPSU icon appears on your computer desktop Using IPSU to Find the Bridge s IP Address...

Страница 34: ...ive a DHCP assigned IP address To change the bridge IP address from the default value using IPSU refer to the Using IPSU to Set the Bridge s IP Address and SSID section on page 2 10 Using IPSU to Set the Bridge s IP Address and SSID If you want to change the default IP address 10 0 0 1 of the bridge you can use IPSU You can also set the bridge s SSID at the same time Note IPSU can change the bridg...

Страница 35: ...ign to the bridge in the IP Address field Step 5 Enter the SSID you want to assign to the bridge in the SSID field Note You cannot set the SSID without also setting the IP address However you can set the IP address without setting the SSID Step 6 Click Set Parameters to change the bridge s IP address and SSID settings Step 7 Click Exit to exit IPSU Assigning an IP Address Using the CLI When you co...

Страница 36: ...et is not listed in your Accessories menu select Start Run type Telnet in the entry field and press Enter Step 2 When the Telnet window appears click Connect and select Remote System Note In Windows 2000 the Telnet window does not contain drop down menus To start the Telnet session in Windows 2000 type open followed by the bridge s IP address Step 3 In the Host Name field type the bridge s IP addr...

Страница 37: ...erface for the First Time page 3 2 Using the Management Pages in the Web Browser Interface page 3 2 Using Online Help page 3 5 The web browser interface contains management pages that you use to change bridge settings upgrade firmware and monitor and configure other wireless devices on the network Note The bridge web browser interface is fully compatible with these browsers Microsoft Internet Expl...

Страница 38: ...sername and password and press Enter The default username is Cisco and the default password is Cisco The Summary Status page appears Using the Management Pages in the Web Browser Interface The system management pages use consistent techniques to present and save configuration information A navigation bar is on the left side of the page and configuration action buttons appear at the bottom You use ...

Страница 39: ...ist of recent bridge activity Express Setup Displays the Express Setup page that includes basic settings such as system name IP address and SSID Network Map Displays a list of infrastructure devices on your wireless LAN Association Displays a list of all devices on your wireless LAN listing their system names network roles and parent client relationships Network Interfaces Displays status and stat...

Страница 40: ...naging firmware Event Log Displays the bridge event log and provides links to configuration pages where you can select events to be included in traps set event severity levels and set notification methods Configuration Action Buttons Apply Saves changes made on the page and remains on the page Refresh Updates status information or statistics displayed on a page Cancel Discards changes to the page ...

Страница 41: ... Help Click the help icon at the top of any page in the web browser interface to display online help Figure 3 2 shows the print and help icons Figure 3 2 Print and Help Icons When a help page appears in a new browser window use the Select a topic drop down menu to display the help index or instructions for common configuration tasks such as configuring VLANs ...

Страница 42: ...3 6 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 3 Using the Web Browser Interface Using Online Help ...

Страница 43: ...CLI that you can use to configure your bridge It contains these sections IOS Command Modes page 4 2 Getting Help page 4 3 Abbreviating Commands page 4 3 Using no and default Forms of Commands page 4 3 Understanding CLI Messages page 4 4 Using Command History page 4 4 Using Editing Features page 4 5 Searching and Filtering Output of show and more Commands page 4 8 Accessing the CLI page 4 8 ...

Страница 44: ... stored and used when the bridge reboots To access the various configuration modes you must start at global configuration mode From global configuration mode you can enter interface configuration mode and line configuration mode Table 4 1 describes the main command modes how to access each one the prompt you see in that mode and how to exit the mode The examples in the table use the host name BR T...

Страница 45: ...or reverse the action of a command For example the no shutdown interface configuration command reverses the shutdown of an interface Use the command without the keyword no to re enable a disabled feature or to enable a feature that is disabled by default Table 4 2 Help Summary Command Purpose help Obtains a brief description of the help system in any command mode abbreviated command entry Obtains ...

Страница 46: ...mmands page 4 5 Disabling the Command History Feature page 4 5 Changing the Command History Buffer Size By default the bridge records ten command lines in its history buffer Beginning in privileged EXEC mode enter this command to change the number of command lines that the bridge records during the current terminal session BR terminal history size number of lines Table 4 3 Common CLI Error Message...

Страница 47: ...eatures This section describes the editing features that can help you manipulate the command line It contains these sections Enabling and Disabling Editing Features page 4 6 Editing Commands Through Keystrokes page 4 6 Editing Command Lines that Wrap page 4 7 Table 4 4 Recalling Commands Action1 1 The arrow keys function only on ANSI compatible terminals such as VT100s Result Press Ctrl P or the u...

Страница 48: ...l F or the right arrow key Move the cursor forward one character Ctrl A Move the cursor to the beginning of the command line Ctrl E Move the cursor to the end of the command line Esc B Move the cursor back one word Esc F Move the cursor forward one word Ctrl T Transpose the character to the left of the cursor with the character located at the cursor Recall commands from the buffer and paste them i...

Страница 49: ...shifted ten spaces to the left BR config access list 101 permit tcp 131 108 2 5 255 255 255 0 131 108 1 BR config 101 permit tcp 131 108 2 5 255 255 255 0 131 108 1 20 255 25 BR config t tcp 131 108 2 5 255 255 255 0 131 108 1 20 255 255 255 0 eq BR config 108 2 5 255 255 255 0 131 108 1 20 255 255 255 0 eq 45 Capitalize or lowercase words or capitalize a set of letters Esc C Capitalize at the cur...

Страница 50: ...ude output that you do not need to see To use this functionality enter a show or more command followed by the pipe character one of the keywords begin include or exclude and an expression that you want to search for or filter out command begin include exclude regular expression Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed bu...

Страница 51: ...lso Cisco Usernames and passwords are case sensitive Opening the CLI with Secure Shell Secure Shell Protocol is a protocol that provides a secure remote connection to networking devices set up to use it Secure Shell SSH is a software package that provides secure login sessions by encrypting the entire session SSH features strong cryptographic authentication strong encryption and integrity protecti...

Страница 52: ...4 10 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 4 Using the Command Line Interface Accessing the CLI ...

Страница 53: ...thorized Access to Your Bridge page 5 2 Protecting Access to Privileged EXEC Commands page 5 2 Controlling Bridge Access with RADIUS page 5 7 Controlling Bridge Access with TACACS page 5 12 Configuring the Bridge for Local Authentication and Authorization page 5 15 Configuring the Bridge for Secure Shell page 5 16 Managing the System Time and Date page 5 17 Configuring a System Name and Prompt pag...

Страница 54: ...ess with RADIUS section on page 5 7 Protecting Access to Privileged EXEC Commands A simple way of providing terminal access control in your network is to use passwords and assign privilege levels Password protection restricts access to a network or network device Privilege levels define what commands users can issue after they have logged into a network device Note For complete syntax and usage in...

Страница 55: ...fault password is Cisco The password is encrypted in the configuration file Table 5 1 Default Password and Privilege Levels continued Feature Default Setting Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 enable password password Define a new password or change an existing password for access to privileged EXEC mode The default password is Cisco For password speci...

Страница 56: ...ncrypted password or enable secret level level password encryption type encrypted password Define a new password or change an existing password for access to privileged EXEC mode or Define a secret password which is saved using a nonreversible encryption method Optional For level the range is from 0 to 15 Level 1 is normal user EXEC mode privileges The default level is 15 privileged EXEC mode priv...

Страница 57: ... the bridge These pairs are assigned to lines or interfaces and authenticate each user before that user can access the bridge If you have defined privilege levels you can also assign a specific privilege level with associated rights and privileges to each username and password pair Beginning in privileged EXEC mode follow these steps to establish a username based authentication system that request...

Страница 58: ...configure command you can assign it level 3 security and distribute that password to a more restricted group of users This section includes this configuration information Setting the Privilege Level for a Command page 5 6 Logging Into and Exiting a Privilege Level page 5 7 Setting the Privilege Level for a Command Beginning in privileged EXEC mode follow these steps to set the privilege level for ...

Страница 59: ... specified privilege level Controlling Bridge Access with RADIUS This section describes how to control administrator access to the bridge using Remote Authentication Dial In User Service RADIUS For complete instructions on configuring the bridge to support RADIUS see Chapter 11 Configuring RADIUS and TACACS Servers RADIUS provides detailed accounting information and flexible administrative control...

Страница 60: ...he defined authentication methods are performed The only exception is the default method list which by coincidence is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be queried to authenticate a user You can designate one or more security...

Страница 61: ...n authentication method list To create a default list that is used when a named list is not specified in the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual...

Страница 62: ... timeout command is used Optional For retransmit retries specify the number of times a RADIUS request is resent to a server if that server is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit global configuration command is used Optional For key string specify the authentication a...

Страница 63: ...dius server 172 20 0 1 auth port 2000 acct port 2001 bridge config sg radius exit Configuring RADIUS Authorization for User Privileged Access and Network Services AAA authorization limits the services available to a user When AAA authorization is enabled the bridge uses information retrieved from the user s profile which is in the local user database or on the security server to configure the user...

Страница 64: ...rization processes TACACS is facilitated through AAA and can be enabled only through AAA commands Note For complete syntax and usage information for the commands used in this section refer to the Cisco IOS Security Command Reference for Release 12 2 These sections describe TACACS configuration Default TACACS Configuration page 5 13 Configuring TACACS Login Authentication page 5 13 Configuring TACA...

Страница 65: ... all interfaces except those that have a named method list explicitly defined A defined method list overrides the default method list A method list describes the sequence and authentication methods to be queried to authenticate a user You can designate one or more security protocols to be used for authentication thus ensuring a backup system for authentication in case the initial method fails The ...

Страница 66: ...authentication method list To create a default list that is used when a named list is not specified in the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual m...

Страница 67: ...for Local Authentication and Authorization You can configure AAA to operate without a server by setting the bridge to implement AAA in local mode The bridge then handles authentication and authorization No accounting is available in this configuration Beginning in privileged EXEC mode follow these steps to configure the bridge for local AAA Command Purpose Step 1 configure terminal Enter global co...

Страница 68: ... 4 aaa authorization exec local Configure user AAA authorization to determine if the user is allowed to run an EXEC shell by checking the local database Step 5 aaa authorization network local Configure user AAA authorization for all network related service requests Step 6 username name privilege level password encryption type password Enter the local database and establish a username based authent...

Страница 69: ...om Cisco com For more information refer to the release notes for this release For information about configuring SSH and displaying SSH settings refer to the Configuring Secure Shell section in the Cisco IOS Security Configuration Guide for Release 12 2 Managing the System Time and Date You can manage the system time and date on your bridge automatically using the Network Time Protocol NTP or manua...

Страница 70: ...ing to a device whose time might not be accurate by never synchronizing to a device that is not synchronized NTP also compares the time reported by several devices and does not synchronize to a device whose time is significantly different than the others even if its stratum is lower The communications between devices running NTP known as associations are usually statically configured each device i...

Страница 71: ...t available This section contains this configuration information Default NTP Configuration page 5 20 Configuring NTP Authentication page 5 20 Configuring NTP Associations page 5 21 Configuring NTP Broadcast Service page 5 22 Configuring NTP Access Restrictions page 5 23 Configuring the Source IP Address for NTP Packets page 5 25 Displaying the NTP Configuration page 5 26 Catalyst 3550 switch Catal...

Страница 72: ...rictions No access control is specified NTP packet source IP address The source address is determined by the outgoing interface Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 ntp authenticate Enable the NTP authentication feature which is disabled by default Step 3 ntp authentication key number md5 value Define the authentication keys By default none are defined F...

Страница 73: ...ify your entries Step 7 copy running config startup config Optional Save your entries in the configuration file Command Purpose Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 ntp peer ip address version number key keyid source interface prefer or ntp server ip address version number key keyid source interface prefer Configure the bridge system clock to synchronize...

Страница 74: ...nd or receive NTP broadcast packets on an interface by interface basis if there is an NTP broadcast server such as a router broadcasting time information on the network The bridge can send NTP broadcast packets to a peer so that the peer can synchronize to it The bridge can also receive NTP broadcast packets to synchronize its own clock This section provides procedures for both sending and receivi...

Страница 75: ...ess Restrictions You can control NTP access on two levels as described in these sections Creating an Access Group and Assigning a Basic IP Access List page 5 24 Disabling NTP Services on a Specific Interface page 5 25 Step 6 copy running config startup config Optional Save your entries in the configuration file Step 7 Configure the connected peers to receive NTP broadcast packets as described in t...

Страница 76: ...ly serve peer access list number Create an access group and apply a basic IP access list The keywords have these meanings query only Allows only NTP control queries serve only Allows only time requests serve Allows time requests and NTP control queries but does not allow the bridge to synchronize to the remote device peer Allows time requests and NTP control queries and allows the bridge to synchr...

Страница 77: ... on an interface use the no ntp disable interface configuration command Configuring the Source IP Address for NTP Packets When the bridge sends an NTP packet the source IP address is normally set to the address of the interface through which the NTP packet is sent Use the ntp source global configuration command when you want to use a particular source IP address for all NTP packets The address is ...

Страница 78: ...co IOS Configuration Fundamentals Command Reference for Release 12 1 Configuring Time and Date Manually If no other source of time is available you can manually configure the time and date after the system is restarted The time remains accurate until the next system restart We recommend that you use manual configuration only as a last resort If you have an outside source to which the bridge can sy...

Страница 79: ...s been set by a timing source such as NTP the flag is set If the time is not authoritative it is used only for display purposes Until the clock is authoritative and the authoritative flag is set the flag prevents peers from synchronizing to the clock when the peers time is invalid The symbol that precedes the show clock display has this meaning Time is not authoritative blank Time is authoritative...

Страница 80: ...mand is clock timezone AST 3 30 To set the time to UTC use the no clock timezone global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock timezone zone hours offset minutes offset Set the time zone The bridge keeps internal time in universal time coordinated UTC so this command is used only for display purposes and when the time is manuall...

Страница 81: ...e config clock summer time PDT recurring 1 Sunday April 2 00 last Sunday October 2 00 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock summer time zone recurring week day month hh mm week day month hh mm offset Configure summer time to start and end on the specified days every year Summer time is disabled by default If you specify clock summer time zone recurr...

Страница 82: ... on April 26 2001 at 02 00 bridge config clock summer time pdt date 12 October 2000 2 00 26 April 2001 2 00 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 clock summer time zone date month date year hh mm month date year hh mm offset or clock summer time zone date date month year hh mm date month year hh mm offset Configure summer time to start on the first date a...

Страница 83: ...nfiguration information Default System Name and Prompt Configuration page 5 31 Configuring a System Name page 5 31 Understanding DNS page 5 32 Default System Name and Prompt Configuration The default bridge system name and prompt is bridge Configuring a System Name Beginning in privileged EXEC mode follow these steps to manually configure a system name When you set the system name it is also used ...

Страница 84: ...p domain names to IP addresses you must first identify the host names specify the name server that is present on your network and enable the DNS This section contains this configuration information Default DNS Configuration page 5 32 Setting Up DNS page 5 32 Displaying the DNS Configuration page 5 33 Default DNS Configuration Table 5 3 shows the default DNS configuration Setting Up DNS Beginning i...

Страница 85: ...cted terminals at login and is useful for sending messages that affect all network users such as impending system shutdowns The login banner also appears on all connected terminals It appears after the MOTD banner and before the login prompts Note For complete syntax and usage information for the commands used in this section refer to the Cisco IOS Configuration Fundamentals Command Reference for ...

Страница 86: ...delimiter bridge config banner motd This is a secure site Only authorized users are allowed For access contact technical support bridge config This example shows the banner displayed from the previous configuration Unix telnet 172 2 5 4 Trying 172 2 5 4 Connected to 172 2 5 4 Escape character is This is a secure site Only authorized users are allowed For access contact technical support Command Pu...

Страница 87: ... the beginning and ending delimiter bridge config banner login Access for authorized users only Please enter your username and password bridge config Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 banner login c message c Specify the login message For c enter the delimiting character of your choice such as a pound sign and press the Return key The delimiting chara...

Страница 88: ...5 36 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 5 Administering the Bridge Creating a Banner ...

Страница 89: ...ing the Radio Distance Setting page 6 3 Configuring Radio Data Rates page 6 3 Configuring Radio Transmit Power page 6 4 Configuring Radio Channel Settings page 6 5 Disabling and Enabling Aironet Extensions page 6 6 Configuring the Ethernet Encapsulation Transformation Method page 6 6 Configuring the Beacon Period page 6 6 Configuring RTS Threshold and Retries page 6 7 Configuring the Maximum Data ...

Страница 90: ...ure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 shutdown Disable the radio port Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Optional Save your entries in the configuration file 88906 Switch Switch Non Root Bridge Root Bridge Command Purpose Step 1 configure terminal ...

Страница 91: ...te that allows data transmission You can set each data rate to one of three states Basic this is the default state for all data rates Allows transmission at this rate for all packets both unicast and multicast At least one of the bridge s data rates must be set to Basic Enabled The bridge transmits only unicast packets at this rate multicast packets are sent at one of the data rates set to Basic D...

Страница 92: ...ps to set the transmit power on your bridge radio Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 3 speed 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 basic 6 0 basic 9 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 basic 54 0 range throughput Set each data rate to basic or en...

Страница 93: ... 5785 for bridges that are close to each other Beginning in privileged EXEC mode follow these steps to set the bridge s radio channel Step 3 power local 12 15 18 21 22 23 24 maximum Set the transmit power to one of the power levels allowed in your regulatory domain All settings are in dBm Note The settings allowed in your regulatory domain might differ from the settings listed here Step 4 end Retu...

Страница 94: ...e between bridge beacons in Kilomicroseconds One Kµsec equals 1 024 microseconds The default beacon period is 100 Beginning in privileged EXEC mode follow these steps to configure the beacon period Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 1 Enter interface configuration mode for the radio interface The 2 4 GHz radio is radio 0 and the ...

Страница 95: ...et the RTS settings to defaults Configuring the Maximum Data Retries The maximum data retries setting determines the number of attempts the bridge makes to send a packet before giving up and dropping the packet The default setting is 32 Beginning in privileged EXEC mode follow these steps to configure the maximum data retries Use the no form of the command to reset the setting to defaults Command ...

Страница 96: ...nts Prior to configuring the packet concatenation feature ensure all your network devices support packet concatenation Also ensure that all bridges are running Cisco IOS Release 12 2 11 JA or later If connectivity problems develop after implementing packet concatenation deactivate the concatenation feature to determine if that is the cause of the problem Beginning in privileged EXEC mode follow th...

Страница 97: ...max Settings for Point to Point and Point to Multipoint Bridge Links section on page 13 9 for instructions on adjusting these settings Performing a Carrier Busy Test You can perform a carrier busy test to check the radio activity on bridge channels During the carrier busy test the bridge drops all associations with wireless networking devices for around 4 seconds while it conducts the carrier test...

Страница 98: ...6 10 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 6 Configuring Radio Settings Performing a Carrier Busy Test ...

Страница 99: ...ess Bridges Software Configuration Guide OL 4059 01 7 Configuring SSIDs This chapter describes how to configure a service set identifier SSID on the bridge This chapter contains these sections Understanding SSIDs page 7 2 Configuring the SSID page 7 2 ...

Страница 100: ...nt authentication types see Chapter 10 Configuring Authentication Types If you want the bridge to allow associations from bridges that do not specify an SSID in their configurations you can include the SSID in the bridge s beacon The bridge s default SSID autoinstall is included in the beacon However to keep your network secure you should remove the SSID from the beacon You can assign an authentic...

Страница 101: ...an SSID and enter SSID configuration mode for the new SSID The SSID can consist of up to 32 alphanumeric characters SSIDs are case sensitive Note You can include spaces in an SSID but be careful not to add spaces to an SSID accidentally especially at the end of an SSID Step 4 authentication client username username password password Optional Set an authentication username and password that the bri...

Страница 102: ...ironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 7 Configuring SSIDs Configuring the SSID bridge config ssid vlan 1 bridge config ssid infrastructure ssid bridge config ssid end ...

Страница 103: ...re Spanning Tree Protocol STP on your bridge This chapter contains these sections Understanding Spanning Tree Protocol page 8 2 Configuring STP Features page 8 8 Displaying Spanning Tree Status page 8 14 Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Command Reference for Access Points and Bridges for this release ...

Страница 104: ...ructure devices might also learn end station MAC addresses on multiple Layer 2 interfaces These conditions result in an unstable network STP defines a tree with a root bridge and a loop free path from the root to all infrastructure devices in the Layer 2 network Note STP discussions use the term root to describe two concepts the bridge on the network that serves as a central point in the spanning ...

Страница 105: ... age protocol timers When a bridge receives a configuration BPDU that contains superior information lower bridge ID lower path cost and so forth it stores the information for that port If this BPDU is received on the root port of the bridge the bridge also forwards it with an updated message to all attached LANs for which it is the designated bridge If a bridge receives a configuration BPDU that c...

Страница 106: ...ogy All paths that are not needed to reach the spanning tree root from anywhere in the network are placed in the spanning tree blocking mode BPDUs contain information about the sending bridge and its ports including bridge and MAC addresses bridge priority port priority and path cost STP uses this information to elect the spanning tree root and root port for the network and the root port and desig...

Страница 107: ...to expire for forwarded frames that have used the old topology Each interface on a bridge using spanning tree exists in one of these states Blocking The interface does not participate in frame forwarding Listening The first transitional state after the blocking state when the spanning tree determines that the interface should participate in frame forwarding Learning The interface prepares to parti...

Страница 108: ...n the learning state the interface continues to block frame forwarding as the bridge learns end station location information for the forwarding database 4 When the forward delay timer expires spanning tree moves the interface to the forwarding state where both learning and frame forwarding are enabled Blocking State An interface in the blocking state does not participate in frame forwarding After ...

Страница 109: ...ived on the port Does not learn addresses Receives BPDUs Learning State An interface in the learning state prepares to participate in frame forwarding The interface enters the learning state from the listening state An interface in the learning state performs as follows Discards frames received on the port Learns addresses Receives BPDUs Forwarding State An interface in the forwarding state forwar...

Страница 110: ...bridge are assigned to bridge group 1 by default When you enable STP and assign a priority on bridge group 1 STP is enabled on the radio and Ethernet interfaces and on the primary VLAN and those interfaces adopt the priority assigned to bridge group 1 You can create bridge groups for sub interfaces and assign different STP settings to those bridge groups Configuring STP Settings Beginning in privi...

Страница 111: ...d 2312 station role root no cdp enable infrastructure client bridge group 1 Step 3 bridge group number Assign the interface to a bridge group You can number your bridge groups from 1 to 255 Step 4 no bridge group number spanning disabled Counteract the command that automatically disables STP for a bridge group STP is enabled on the interface when you enter the bridge n protocol ieee command Step 5...

Страница 112: ...meout 0 0 line vty 0 4 login line vty 5 15 login end Non Root Bridge Without VLANs This example shows the configuration of a non root bridge with no VLANs configured with STP enabled hostname client bridge north ip subnet zero bridge irb interface Dot11Radio0 no ip address no ip route cache ssid tsunami authentication open guest mode speed basic 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 rts threshold ...

Страница 113: ...me out 120 ip ssh authentication retries 3 bridge irb interface Dot11Radio0 no ip address no ip route cache ssid vlan1 vlan 1 infrastructure ssid authentication open speed basic 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 rts threshold 2312 station role root no cdp enable infrastructure client interface Dot11Radio0 1 encapsulation dot1Q 1 native no ip route cache no cdp enable bridge group 1 interface D...

Страница 114: ...5 255 0 0 no ip route cache ip default gateway 1 4 0 1 bridge 1 protocol ieee bridge 1 route ip bridge 1 priority 9000 bridge 2 protocol ieee bridge 2 priority 10000 bridge 3 protocol ieee bridge 3 priority 3100 line con 0 exec timeout 0 0 line vty 5 15 end Non Root Bridge with VLANs This example shows the configuration of a non root bridge with VLANs configured with STP enabled hostname client br...

Страница 115: ... cache no cdp enable bridge group 3 interface FastEthernet0 no ip address no ip route cache duplex auto speed auto interface FastEthernet0 1 encapsulation dot1Q 1 native no ip route cache bridge group 1 interface FastEthernet0 2 encapsulation dot1Q 2 no ip route cache bridge group 2 interface FastEthernet0 3 encapsulation dot1Q 3 no ip route cache bridge group 3 bridge group 3 path cost 400 interf...

Страница 116: ... 8 3 Commands for Displaying Spanning Tree Status Command Purpose show spanning tree Displays information on your network s spanning tree show spanning tree blocked ports Displays a list of blocked ports on this bridge show spanning tree bridge Displays status and configuration of this bridge show spanning tree active Displays spanning tree information on active interfaces only show spanning tree ...

Страница 117: ... OL 4059 01 9 Configuring WEP and WEP Features This chapter describes how to configure Wired Equivalent Privacy WEP Message Integrity Check MIC and Temporal Key Integrity Protocol TKIP This chapter contains these sections Understanding WEP page 9 2 Configuring WEP and WEP Features page 9 2 ...

Страница 118: ...key See Chapter 10 Configuring Authentication Types for detailed information on EAP and other authentication types Two additional security features defend your wireless network s WEP keys Message Integrity Check MIC MIC prevents attacks on encrypted packets called bit flip attacks During a bit flip attack an intruder intercepts an encrypted message alters it slightly and retransmits it and the rec...

Страница 119: ...ect the VLAN for which you want to create a key WEP MIC and TKIP are supported only on the native VLAN Name the key slot in which this WEP key resides You can assign up to 4 WEP keys for each VLAN but key slot 4 is reserved for the session key Enter the key and set the size of the key either 40 bit or 128 bit 40 bit keys contain 10 hexadecimal digits 128 bit keys contain 26 hexadecimal digits Opti...

Страница 120: ...ry mic key hash Enable WEP MIC and TKIP Optional Select the VLAN for which you want to enable WEP and WEP features Set the WEP level and enable TKIP and MIC If you enter optional another bridge can associate to the bridge with or without WEP enabled You can enable TKIP with WEP set to optional but you cannot enable MIC If you enter mandatory other bridges must have WEP enabled to associate to the ...

Страница 121: ...10 Configuring Authentication Types This chapter describes how to configure authentication types on the bridge This chapter contains these sections Understanding Authentication Types page 10 2 Configuring Authentication Types page 10 5 Matching Authentication Types on Root and Non Root Bridges page 10 9 ...

Страница 122: ...root bridge can communicate only if its WEP keys match the root bridge s A bridge that is not using WEP does not attempt to authenticate with a bridge that is using WEP Open authentication does not rely on a RADIUS server on your network Figure 10 1 shows the authentication sequence between a non root bridge trying to authenticate and a root bridge using open authentication In this example the dev...

Страница 123: ... for Shared Key Authentication EAP Authentication to the Network This authentication type provides the highest level of security for your wireless network By using the Extensible Authentication Protocol EAP to interact with an EAP compatible RADIUS server the root bridge helps another bridge and the RADIUS server to perform mutual authentication and derive a dynamic unicast WEP key The RADIUS serv...

Страница 124: ... access thereby approximating the level of security in a wired switched segment to an individual desktop The non root bridge loads this key and prepares to use it for the logon session During the logon session the RADIUS server encrypts and sends the WEP key called a session key over the wired LAN to the root bridge The root bridge encrypts its broadcast key with the session key and sends the encr...

Страница 125: ...outs and Intervals page 10 7 Default Authentication Settings The default SSID on the bridge is autoinstall Table 10 1 shows the default authentication settings for the default SSID Assigning Authentication Types to an SSID Beginning in privileged EXEC mode follow these steps to configure authentication types for SSIDs Table 10 1 Default Authentication Configuration Feature Default Setting SSID aut...

Страница 126: ...authentication type to open with EAP authentication The bridge forces all other bridges to perform EAP authentication before they are allowed to join the network For list name specify the authentication method list Note A bridge configured for EAP authentication forces all bridges that associate to perform EAP authentication Bridges that do not use EAP cannot communicate with the bridge Step 5 aut...

Страница 127: ...ds to reset the values to default settings Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 dot11 holdoff time seconds Enter the number of seconds a non root bridge must wait before it can reattempt to authenticate following a failed authentication Enter a value from 1 to 65555 seconds Step 3 interface dot11radio 0 Enter interface configuration mode for the radio in...

Страница 128: ...onfigures Network EAP as the authentication type for the SSID on the non root bridge bridge configure terminal bridge config configure interface dot11radio 0 bridge config if ssid bridgeman bridge config ssid authentication client username bugsy password run4yerlife bridge config ssid authentication network eap romeo bridge config ssid end Command Purpose Step 1 configure terminal Enter global con...

Страница 129: ...ists the settings required for each authentication type on the root and non root bridges Table 10 2 Client and Bridge Security Settings Security Feature Non Root Bridge Setting Root Bridge Setting Static WEP with open authentication Set up and enable WEP Set up and enable WEP and enable Open Authentication Static WEP with shared key authentication Set up and enable WEP and enable Shared Key Authen...

Страница 130: ...10 10 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 10 Configuring Authentication Types Matching Authentication Types on Root and Non Root Bridges ...

Страница 131: ...us TACACS which provide detailed accounting information and flexible administrative control over authentication and authorization processes RADIUS and TACACS are facilitated through AAA and can be enabled only through AAA commands Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Security Command Reference for Release 12 2 This chapter cont...

Страница 132: ...re authenticated through a RADIUS server that is customized to work with the Kerberos security system Turnkey network security environments in which applications support the RADIUS protocol such as an access environment that uses a smart card access control system In one case RADIUS has been used with Enigma s security cards to validate users and to grant access to network resources Networks alrea...

Страница 133: ... with the appropriate level of network access thereby approximating the level of security in a wired switched segment to an individual desktop The non root bridge loads this key and prepares to use it for the logon session During the logon session the RADIUS server encrypts and sends the WEP key called a session key over the wired LAN to the root bridge The root bridge encrypts its broadcast key w...

Страница 134: ... should configure a RADIUS server before configuring RADIUS features on your bridge This section contains this configuration information Default RADIUS Configuration page 11 4 Identifying the RADIUS Server Host page 11 4 required Configuring RADIUS Login Authentication page 11 7 required Defining AAA Server Groups page 11 9 optional Configuring RADIUS Authorization for User Privileged Access and N...

Страница 135: ... the AAA security commands you must specify the host running the RADIUS server daemon and a secret text key string that it shares with the bridge The timeout retransmission and encryption key values can be configured globally per server for all RADIUS servers or in some combination of global and per server settings To apply these settings globally to all RADIUS servers communicating with the bridg...

Страница 136: ... of the radius server timeout command is used Optional For retransmit retries specify the number of times a RADIUS request is resent to a server if that server is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit global configuration command is used Optional For key string specify...

Страница 137: ...which by coincidence is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be queried to authenticate a user in this case a non root bridge You can designate one or more security protocols to be used for authentication thus ensuring a backup...

Страница 138: ...s method returns an error not if it fails Select one of these methods line Use the line password for authentication You must define a line password before you can use this authentication method Use the password password line configuration command local Use the local username database for authentication You must enter username information in the database Use the username password global configurati...

Страница 139: ...f the IP address and UDP port number allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service If you configure two different host entries on the same RADIUS server for the same service such as accounting the second configured host entry acts as a fail over backup to the first one You use the server group server configuration command to associate a partic...

Страница 140: ...ryption key used between the bridge and the RADIUS daemon running on the RADIUS server Note The key is a text string that must match the encryption key used on the RADIUS server Always configure the key as the last item in the radius server host command Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enclose the key in quotation ...

Страница 141: ...port 1000 acct port 1001 BR config sg radius exit BR config aaa group server radius group2 BR config sg radius server 172 20 0 1 auth port 2000 acct port 2001 BR config sg radius exit Configuring RADIUS Authorization for User Privileged Access and Network Services AAA authorization limits the services available to a user When AAA authorization is enabled the bridge uses information retrieved from ...

Страница 142: ... exec start stop method1 global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 aaa authorization network radius Configure the bridge for user RADIUS authorization for all network related service requests Step 3 aaa authorization exec radius Configure the bridge for user RADIUS authorization to determine if the user has privileged EXEC access ...

Страница 143: ... Note The key is a text string that must match the encryption key used on the RADIUS server Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enclose the key in quotation marks unless the quotation marks are part of the key Step 3 radius server retransmit retries Specify the number of times the bridge sends each RADIUS request to t...

Страница 144: ...ecurity Configuration Guide for Release 12 2 Configuring the Bridge for Vendor Proprietary RADIUS Server Communication Although an IETF draft standard for RADIUS specifies a method for communicating vendor proprietary information between the bridge and the RADIUS server some vendors have extended the RADIUS attribute set in a unique way Cisco IOS software supports a subset of vendor proprietary RA...

Страница 145: ...ow running config privileged EXEC command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 radius server host hostname ip address non standard Specify the IP address or host name of the remote RADIUS server host and identify that it is using a vendor proprietary implementation of RADIUS Step 3 radius server key string Specify the shared secret text string used betwe...

Страница 146: ...thentication of administrators through login and password dialog challenge and response and messaging support The authentication facility can conduct a dialog with the administrator for example after a username and password are provided to challenge a user with several questions such as home address mother s maiden name service type and social security number The TACACS authentication service can ...

Страница 147: ...ge typically tries to use an alternative method for authenticating the administrator CONTINUE The administrator is prompted for additional authentication information After authentication the administrator undergoes an additional authorization phase if authorization has been enabled on the bridge Administrators must first successfully complete TACACS authentication before proceeding to TACACS autho...

Страница 148: ...t and contains the list of IP addresses of the selected server hosts Beginning in privileged EXEC mode follow these steps to identify the IP host or host maintaining TACACS server and optionally set the encryption key Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 tacacs server host hostname port integer timeout integer key string Identify the IP host or hosts mai...

Страница 149: ...es the sequence and authentication methods to be queried to authenticate an administrator You can designate one or more security protocols to be used for authentication thus ensuring a backup system for authentication in case the initial method fails The software uses the first method listed to authenticate users if that method fails to respond the software selects the next authentication method i...

Страница 150: ...d in the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual method the authentication algorithm tries The additional methods of authentication are used only if...

Страница 151: ...ng attribute value AV pairs and is stored on the security server This data can then be analyzed for network management client billing or auditing Beginning in privileged EXEC mode follow these steps to enable TACACS accounting for each Cisco IOS privilege level and for network services Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 aaa authorization network tacacs...

Страница 152: ...sable accounting use the no aaa accounting network exec start stop method1 global configuration command Displaying the TACACS Configuration To display TACACS server statistics use the show tacacs privileged EXEC command Step 5 show running config Verify your entries Step 6 copy running config startup config Optional Save your entries in the configuration file Command Purpose ...

Страница 153: ...guration Guide OL 4059 01 12 Configuring VLANs This chapter describes how to configure your bridge to operate with the VLANs set up on your wired LAN These sections describe how to configure your bridge to support VLANs Understanding VLANs page 12 2 Configuring VLANs page 12 4 ...

Страница 154: ...ts of a number of end systems either hosts or network equipment such as bridges and routers connected by a single bridging domain The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group for each VLAN VLANs provide the segmentation services traditionally provided by routers in LAN configurations ...

Страница 155: ...wse to this document http www cisco com en US docs internetworking design guide idg4 html Cisco Internetworking Technology Handbook Click this link to browse to this document http www cisco com en US docs internetworking technology handbook ito_doc html Cisco Internetworking Troubleshooting Guide Click this link to browse to this document http www cisco com en US docs internetworking troubleshooti...

Страница 156: ...AN page 12 4 Viewing VLANs Configured on the Bridge page 12 7 Configuring a VLAN Configuring your bridge to support VLANs is a five step process 1 Create subinterfaces on the radio and Ethernet interfaces 2 Enable 802 1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN 3 Assign a bridge group to each VLAN 4 Optional Enable WEP on the native VLAN 5 Assign the bridge...

Страница 157: ...signate the VLAN as the native VLAN On many networks the native VLAN is VLAN 1 Step 8 bridge group number Assign the subinterface to a bridge group You can number your bridge groups from 1 to 255 Step 9 exit Return to global configuration mode Step 10 interface dot11radio 0 Enter interface configuration mode for the radio interface Step 11 ssid ssid string Create an SSID and enter SSID configurati...

Страница 158: ...ional Enable WEP and WEP features on the native VLAN Optional Select the VLAN for which you want to enable WEP and WEP features Set the WEP level and enable TKIP and MIC If you enter optional another bridge can associate to the bridge with or without WEP enabled You can enable TKIP with WEP set to optional but you cannot enable MIC If you enter mandatory other bridges must have WEP enabled to asso...

Страница 159: ...N ID 1 IEEE 802 1Q Encapsulation vLAN Trunk Interfaces Dot11Radio0 FastEthernet0 Virtual Dot11Radio0 This is configured as native Vlan for the following interface s Dot11Radio0 FastEthernet0 Virtual Dot11Radio0 Protocols Configured Address Received Transmitted Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Virtual LAN ID 2 IEEE 802 1Q Encapsulati...

Страница 160: ...12 8 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 12 Configuring VLANs Configuring VLANs ...

Страница 161: ...he bridge offers best effort service to each packet regardless of the packet contents or size It sends the packets without any assurance of reliability delay bounds or throughput Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release This chapter consists of these sec...

Страница 162: ...t construct internal DSCP values they only support mapping by assigning IP DSCP Precedence or Protocol values to Layer 2 COS values They carry out EDCF like queuing on the radio egress port only They do only FIFO queueing on the Ethernet egress port They support only 802 1Q P tagged packets Bridges do not support ISL They support only MQC policy map set cos action To contrast the wireless LAN QoS ...

Страница 163: ...after previously classified packets 3 Default classification for all packets on VLAN If you set a default classification for all packets on a VLAN that policy is third in the precedence list Note Because client devices cannot associate to the bridge the QoS element for wireless phones setting is not supported on the bridge Configuring QoS QoS is disabled by default This section describes how to co...

Страница 164: ...s link to browse to the Cisco Aironet documentation home page http www cisco com cisco web psa default html 2 Follow this path to the product document and chapter Aironet 1400 Series Wireless LAN Products Cisco Aironet 1400 Series Bridges Cisco Aironet 1400 Series Bridge Command Reference Follow these steps to configure QoS Step 1 If you use VLANs on your wireless LAN make sure the necessary VLAN ...

Страница 165: ...1 Chapter 13 Configuring QoS Configuring QoS Figure 13 1 QoS Policies Page Step 3 With NEW selected in the Create Edit Policy field type a name for the QoS policy in the Policy Name entry field The name can contain up to 25 alphanumeric characters Do not include spaces in the policy name ...

Страница 166: ...lude Best Effort 0 Background 1 Spare 2 Excellent 3 Control Lead 4 Video 100ms Latency 5 Voice 10ms Latency 6 Network Control 7 Step 6 Click the Add button beside the Class of Service menu for IP Precedence The classification appears in the Classifications field To delete a classification select it and click the Delete button beside the Classifications field Step 7 If the packets that you need to ...

Страница 167: ...at you selected from the Filter menu The bridge matches your filter selection with your class of service selection Step 12 Click the Add button beside the Class of Service menu for Filter The classification appears in the Classifications field Step 13 If you want to set a default classification for all packets on a VLAN use the Apply Class of Service drop down menu to select the class of service t...

Страница 168: ...e or that you use the settings described in section x Changing these values can lead to unexpected blockages of traffic on your wireless LAN and the blockages might be difficult to diagnose If you change these values and find that you need to reset them to defaults use the default settings listed in Table 13 1 The values listed in Table 13 1 are to the power of 2 The bridge computes Contention Win...

Страница 169: ... for point to point links However for point to multipoint links you should adjust the settings depending on the number of non root bridges that associate to the root bridge Note If packet concatenation is enabled you need to adjust the CW min and CW max settings only for traffic class 0 Concatenation is enabled by default Table 13 2 CW min and CW max Settings for Point to Point and Point to Multip...

Страница 170: ... of service to traffic from Spectralink phones protocol 119 packets The user applies the voice_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port for VLAN 77 Figure 13 3 shows the administrator s QoS Policies page Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface dot11radio 0 Enter interface configuration mode for the radio in...

Страница 171: ...13 11 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 13 Configuring QoS QoS Configuration Examples Figure 13 3 QoS Policies Page for Voice Example ...

Страница 172: ... a QoS policy to a VLAN on your network dedicated to video traffic In this example the network administrator creates a policy named video_policy that applies video class of service to video traffic The user applies the video_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port for VLAN 87 Figure 13 4 shows the administrator s QoS Policies page Figure 13 4 QoS Policies ...

Страница 173: ... Filters This chapter describes how to configure and manage MAC address IP and Ethertype filters on the bridge using the web browser interface This chapter contains these sections Understanding Filters page 14 2 Configuring Filters Using the CLI page 14 2 Configuring Filters Using the Web Browser Interface page 14 2 ...

Страница 174: ...figuring QoS for detailed instructions on setting up QoS policies Configuring Filters Using the CLI To configure filters using IOS commands you use access control lists ACLs and bridge groups You can find explanations of these concepts and instructions for implementing them in these documents Cisco IOS Bridging and IBM Networking Configuration Guide Release 12 2 Click this link to browse to the Co...

Страница 175: ...er or both the Ethernet and radio ports and to either or both incoming and outgoing packets Note MAC address filters are powerful and you can lock yourself out of the bridge if you make a mistake setting up the filters If you accidentally lock yourself out of your bridge use the CLI to disable the filters or use the Mode button on the bridge power injector to reset the bridge to factory defaults U...

Страница 176: ...s from left to right the filter checks against the MAC address For example to require an exact match with the MAC address to check all bits enter FFFF FFFF FFFF To check only the first 4 bytes enter FFFF FFFF 0000 Step 6 Select Forward or Block from the Action menu Step 7 Click Add The MAC address appears in the Filters Classes field To remove the MAC address from the Filters Classes list select i...

Страница 177: ...allow the use of specific protocols through the bridge s Ethernet and radio ports and IP address filters allow or prevent the forwarding of unicast and multicast packets either sent from or addressed to specific IP addresses You can create a filter that passes traffic to all addresses except those you specify or you can create a filter that blocks traffic to all addresses except those you specify ...

Страница 178: ...uring Filters Configuring Filters Using the Web Browser Interface Figure 14 3 IP Filters Page Follow this link path to reach the IP Filters page 1 Click Services in the page navigation bar 2 In the Services page list click Filters 3 On the Apply Filters page click the IP Filters tab at the top of the page ...

Страница 179: ...tion menu Step 8 Click Add The address appears in the Filters Classes field To remove the address from the Filters Classes list select it and click Delete Class Repeat Step 5 through Step 8 to add addresses to the filter If you do not need to add IP protocol or IP port elements to the filter skip to Step 15 to save the filter on the bridge Step 9 To filter an IP protocol select one of the commmon ...

Страница 180: ...io ports and to either or both incoming and outgoing packets Step 18 Click Apply The filter is enabled on the selected ports Configuring and Enabling Ethertype Filters Ethertype filters prevent or allow the use of specific protocols through the bridge s Ethernet and radio ports You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and ou...

Страница 181: ...new filter make sure NEW the default is selected in the Create Edit Filter Index menu To edit an existing filter select the filter number from the Create Edit Filter Index menu Step 3 In the Filter Index field name the filter with a number from 200 to 299 The number you assign creates an access control list ACL for the filter Step 4 Enter an Ethertype number in the Add Ethertype field See Appendix...

Страница 182: ...k as the action for all of them you must choose Forward All as the filter s default action Step 9 Click Apply The filter is saved on the bridge but it is not enabled until you apply it on the Apply Filters page Step 10 Click the Apply Filters tab to return to the Apply Filters page Figure 14 6 shows the Apply Filters page Figure 14 6 Apply Filters Page Step 11 Select the filter number from one of ...

Страница 183: ...on your bridge Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco Aironet 1400 Series Bridge Command Reference for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter contains these sections Understanding CDP page 15 2 Configuring CDP page 15 2 Monitoring and Maintaining CDP page 15 5 ...

Страница 184: ...thernet and radio ports by default Note For best performance on your wireless LAN disable CDP on all radio interfaces and on sub interfaces if VLANs are enabled on the bridge Configuring CDP This section contains CDP configuration information and procedures Default CDP Configuration page 15 2 Configuring the CDP Characteristics page 15 3 Disabling and Enabling CDP page 15 3 Disabling and Enabling ...

Страница 185: ...oldtime value of 120 seconds Sending CDP packets every 50 seconds For additional CDP show commands see the Monitoring and Maintaining CDP section on page 15 5 Disabling and Enabling CDP CDP is enabled by default Beginning in Priveleged Exec mode follow these steps to disable the CDP device discovery capability Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 cdp hol...

Страница 186: ...fig if end Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 cdp run Enable CDP after disabling it Step 3 end Return to privileged EXEC mode Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface id Enter interface configuration mode and enter the interface on which you are disabling CDP Step 3 no cdp enable Disable CDP o...

Страница 187: ...P table of information about neighbors show cdp Display global information such as frequency of transmissions and the holdtime for packets being sent show cdp entry entry name protocol version Display information about a specific neighbor You can enter an asterisk to display all CDP neighbors or you can enter the name of the neighbor about which you want information You can also limit the display ...

Страница 188: ...formation for talSwitch14 IP address 172 20 135 194 Protocol information for tstswitch2 IP address 172 20 135 204 IP address 172 20 135 202 Protocol information for tstswitch2 IP address 172 20 135 204 IP address 172 20 135 202 bridge show cdp interface GigabitEthernet0 1 is up line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0 2 is...

Страница 189: ...or Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater Device IDLocal IntrfceHoldtmeCapabilityPlatformPort ID Perdido2Gig 0 6125R S IWS C3550 1Gig0 6 Perdido2Gig 0 5125R S IWS C3550 1Gig 0 5 bridge show cdp traffic CDP counters Total packets output 50882 Input 52510 Hdr syntax 0 Chksum error 0 Encaps failed 0 No memory 0 Invalid packet 0 Fragmented 0 CD...

Страница 190: ...15 8 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 15 Configuring CDP Monitoring and Maintaining CDP ...

Страница 191: ...your bridge Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Understanding SNMP page 16 2 Configuring SNMP page 16 4 Displaying SNMP Status...

Страница 192: ...nager Functions page 16 3 SNMP Agent Functions page 16 3 SNMP Community Strings page 16 3 Using SNMP to Access MIB Variables page 16 4 SNMP Versions This software release supports these SNMP versions SNMPv1 The Simple Network Management Protocol a full Internet standard defined in RFC 1157 SNMPv2C which has these features SNMPv2 Version 2 of the Simple Network Management Protocol a draft Internet ...

Страница 193: ...ited to when a port or module goes up or down when spanning tree topology changes occur and when authentication failures occur SNMP Community Strings SNMP community strings authenticate access to MIB objects and function as embedded passwords In order for the NMS to access the bridge the community string definitions on the NMS must match at least one of the three community string definitions on th...

Страница 194: ...ertain events to the SNMP manager which receives and processes the traps Traps are messages alerting the SNMP manager to a condition on the network such as improper user authentication restarts link status up or down MAC address tracking and so forth The SNMP agent also responds to MIB related queries sent by the SNMP manager in get request get next request and set request format Figure 16 1 SNMP ...

Страница 195: ...ne or more of these characteristics associated with the string An access list of IP addresses of the SNMP managers that are permitted to use the community string to gain access to the agent A MIB view which defines the subset of all MIB objects accessible to the given community Read and write or read only permission for the MIB objects accessible to the community Note In the current IOS MIB agent ...

Страница 196: ... management stations to retrieve and modify MIB objects By default the community string permits read only access to all objects Note To access the IEEE802dot11 MIB you must enable either a separate community string and view on the IEEE802dot11 MIB or a common view and community string on the ISO object in the MIB object tree Step 3 access list access list number deny permit source source wildcard ...

Страница 197: ...d and no traps are issued Bridges running this IOS release can have an unlimited number of trap managers Community strings can be any length Table 16 3 describes the supported bridge traps notification types You can enable any or all of these traps and configure a trap manager to receive them Some notification types cannot be controlled with the snmp server enable global configuration command such...

Страница 198: ...cify informs to send SNMP informs to the host Specify the SNMP version to support Version 1 the default is not available with informs Note Though visible in the command line help string the version 3 keyword SNMPv3 is not supported For community string specify the string to send with the notification operation Though you can set this string using the snmp server host command we recommend that you ...

Страница 199: ...d only permissions using the community string public This configuration does not cause the bridge to send any traps bridge config snmp server community public This example shows how to assign the strings open and ieee to SNMP to allow read write access for both and to specify that open is the community string for queries on non IEEE802dot11 MIB objects and ieee is the community string for queries ...

Страница 200: ...e community string public bridge config snmp server community comaccess ro 4 bridge config snmp server enable traps snmp authentication bridge config snmp server host cisco com version 2c public This example shows how to send Entity MIB traps to the host cisco com The community string is restricted The first line enables the bridge to send Entity MIB traps in addition to any traps previously enabl...

Страница 201: ... and download software images Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Working with the Flash File System page 17 2 Working with Confi...

Страница 202: ...ry page 17 4 Creating and Removing Directories page 17 4 Copying Files page 17 5 Deleting Files page 17 5 Creating Displaying and Extracting tar Files page 17 6 Displaying the Contents of a File page 17 8 Displaying Available File Systems To display the available file systems on your bridge use the show file systems privileged EXEC command as shown in this example BR show file systems File Systems...

Страница 203: ...ain a configuration file with the same name Similarly before copying a Flash configuration file to another location you might want to verify its filename for use in another command Type Type of file system flash The file system is for a Flash memory device network The file system is for a network device nvram The file system is for a nonvolatile RAM NVRAM device opaque The file system is a locally...

Страница 204: ...les on a file system show file information file url Display information about a specific file show file descriptors Display a list of open file descriptors File descriptors are the internal representations of open files You can use this command to see if another user has a file open Command Purpose Step 1 dir filesystem Display the directories on the specified file system For filesystem use flash ...

Страница 205: ... NVRAM section of Flash memory to be used as the configuration during system initialization Network file system URLs include ftp rcp and tftp and have the following syntax File Transfer Protocol FTP ftp username password location directory filename Remote Copy Protocol RCP rcp username location directory filename Trivial File Transfer Protocol TFTP tftp location directory filename Local writable f...

Страница 206: ...r File To create a tar file and write files into it use this privileged EXEC command archive tar create destination url flash file url For destination url specify the destination URL alias for the local or network file system and the name of the tar file to create These options are supported For the local Flash file system the syntax is flash file url For the File Transfer Protocol FTP the syntax ...

Страница 207: ...ws how to display the contents of the c1200 k9w7 mx 122 8 JA tar file that is in Flash memory BR archive tar table flash c1200 k9w7 mx 122 8 JA tar info 219 bytes c1400 k9w7 mx 122 11 JA directory c1400 k9w7 mx 122 11 JA html directory c1400 k9w7 mx 122 11 JA html foo html 0 bytes c1400 k9w7 mx 122 11 JA c1200 k9w7 mx 122 8 JA bin 610856 bytes c1400 k9w7 mx 122 11 JA info 219 bytes info ver 219 by...

Страница 208: ...Files This section describes how to create load and maintain configuration files Configuration files contain commands entered to customize the function of the Cisco IOS software To better benefit from these instructions your bridge contains a minimal default running configuration for interacting with the system software You can copy download configuration files from a TFTP FTP or RCP server to the...

Страница 209: ...nds as it executes the file The copy ftp rcp tftp system running config privileged EXEC command loads the configuration files on the bridge as if you were entering the commands at the command line The bridge does not erase the existing running configuration before adding the commands If a command in the copied configuration file replaces a command in the existing configuration file the existing co...

Страница 210: ...nfiguration files you create download from another bridge or download from a TFTP server You can copy upload configuration files to a TFTP server for storage This section includes this information Preparing to Download or Upload a Configuration File by Using TFTP page 17 10 Downloading the Configuration File by Using TFTP page 17 11 Uploading the Configuration File by Using TFTP page 17 11 Prepari...

Страница 211: ...ation File by Using TFTP section on page 17 10 Step 3 Log into the bridge through a Telnet session Step 4 Download the configuration file from the TFTP server to configure the bridge Specify the IP address or host name of the TFTP server and the name of the file to download Use one of these privileged EXEC commands copy tftp location directory filename system running config copy tftp location dire...

Страница 212: ...d The password set by the ip ftp password password global configuration command if the command is configured The bridge forms a password named username apname domain The variable username is the username associated with the current session apname is the configured host name and domain is the domain of the bridge The username and password must be associated with an account on the FTP server If you ...

Страница 213: ... FTP server it must be properly configured to accept the write request from the user on the bridge For more information refer to the documentation for your FTP server Downloading a Configuration File by Using FTP Beginning in privileged EXEC mode follow these steps to download a configuration file by using FTP This example shows how to copy a configuration file named host1 confg from the netadmin1...

Страница 214: ... File by Using FTP Beginning in privileged EXEC mode follow these steps to upload a configuration file by using FTP This example shows how to copy the running configuration file named ap2 confg to the netadmin1 directory on the remote host with an IP address of 172 16 101 101 BR copy system running config ftp netadmin1 mypass 172 16 101 101 ap2 confg Write file ap2 confg on host 172 16 101 101 con...

Страница 215: ... copying a file from one place to another you must have read permission on the source file and write permission on the destination file If the destination file does not exist RCP creates it for you The RCP requires a client to send a remote username with each RCP request to a server When you copy a configuration file from the bridge to a server the Cisco IOS software sends the first valid username...

Страница 216: ...a Telnet session and you have a valid username this username is used and you do not need to set the RCP username Include the username in the copy command if you want to specify a username for only that copy operation When you upload a file to the RCP server it must be properly configured to accept the RCP write request from the user on the bridge For UNIX systems you must add an entry to the rhost...

Страница 217: ...5 255 172 16 101 101 Name of configuration file rtr2 confg host2 confg Configure using host2 confg from 172 16 101 101 confirm Connected to 172 16 101 101 Loading 1112 byte file host2 confg OK OK BR SYS 5 CONFIG_NV Non volatile store configured from host2 config by rcp from 172 16 101 101 Uploading a Configuration File by Using RCP Beginning in privileged EXEC mode follow these steps to upload a c...

Страница 218: ...ap2 confg on host 172 16 101 101 confirm OK Clearing Configuration Information This section describes how to clear configuration information Deleting a Stored Configuration File Caution You cannot restore a file after it has been deleted To delete a saved configuration from Flash memory use the delete flash filename privileged EXEC command Depending on the setting of the file prompt global configu...

Страница 219: ...age 17 20 Copying Image Files by Using FTP page 17 23 Copying Image Files by Using RCP page 17 27 Reloading the Image Using the Web Browser Interface page 17 32 Reloading the Image Using the Power Injector MODE button page 17 33 Note For a list of software images and supported upgrade paths refer to the release notes for your bridge Image Location on the Bridge The IOS image is stored in a directo...

Страница 220: ... TFTP page 17 22 Preparing to Download or Upload an Image File by Using TFTP Before you begin downloading or uploading an image file by using TFTP perform these tasks Ensure that the workstation acting as the TFTP server is properly configured On a Sun workstation make sure that the etc inetd conf file contains this line tftp dgram udp wait root usr etc in tftpd in tftpd p s tftpboot Make sure tha...

Страница 221: ...Make sure the TFTP server is properly configured see the Preparing to Download or Upload an Image File by Using TFTP section on page 17 20 Step 2 Log into the bridge through a Telnet session Step 3 archive download sw overwrite reload tftp location directory image name Download the image file from the TFTP server to the bridge and overwrite the current image The overwrite option overwrites the sof...

Страница 222: ...sion string and the system boot path variable is updated to point to the newly installed image If you kept the old image during the download process you specified the leave old sw keyword you can remove it by entering the delete force recursive filesystem file url privileged EXEC command For filesystem use flash for the system board Flash device For file url enter the directory name of the old ima...

Страница 223: ...bridge to a server by using FTP the Cisco IOS software sends the first valid username in this list The username specified in the archive download sw or archive upload sw privileged EXEC command if a username is specified The username set by the ip ftp username username global configuration command if the command is configured Anonymous The bridge sends the first valid password in this list The pas...

Страница 224: ...rname Include the username in the archive download sw or archive upload sw privileged EXEC command if you want to specify a username for that operation only When you upload an image file to the FTP server it must be properly configured to accept the write request from the user on the bridge For more information refer to the documentation for your FTP server Downloading an Image File by Using FTP Y...

Страница 225: ...ownloaded image The reload option reloads the system after downloading the image unless the configuration has been changed and not saved For username password specify the username and password these must be associated with an account on the FTP server For more information see the Preparing to Download or Upload an Image File by Using FTP section on page 17 23 For location specify the IP address of...

Страница 226: ...rd Flash device For file url enter the directory name of the old software image All the files in the directory and the directory are removed Uploading an Image File by Using FTP You can upload an image from the bridge to an FTP server You can later download this image to the same bridge or to another bridge of the same type Caution For the download and upload algorithms to operate properly do not ...

Страница 227: ... bridge Unlike TFTP which uses User Datagram Protocol UDP a connectionless protocol RCP uses TCP which is connection oriented To use RCP to copy files the server from or to which you will be copying files must support RCP The RCP copy commands rely on the rsh server or daemon on the remote system To copy files by using RCP you do not need to create a server for file distribution as you do with TFT...

Страница 228: ... server supports the remote shell rsh Ensure that the bridge has a route to the RCP server The bridge and the server must be in the same subnetwork if you do not have a router to route traffic between subnets Check connectivity to the RCP server by using the ping command If you are accessing the bridge through a Telnet session and you do not have a valid username make sure that the current RCP use...

Страница 229: ...tep is required only if you override the default remote username see Steps 4 and 5 Step 4 ip rcmd remote username username Optional Specify the remote username Step 5 end Return to privileged EXEC mode Step 6 archive download sw overwrite reload rcp username location directory image na me tar Download the image file from the RCP server to the bridge and overwrite the current image The overwrite op...

Страница 230: ... flash The image is placed into a new directory named with the software version string and the BOOT environment variable is updated to point to the newly installed image If you kept the old software during the download process you specified the leave old sw keyword you can remove it by entering the delete force recursive filesystem file url privileged EXEC command For filesystem use flash for the ...

Страница 231: ...Step 1 Verify that the RCP server is properly configured by referring to the Preparing to Download or Upload an Image File by Using RCP section on page 17 27 Step 2 Log into the bridge through a Telnet session Step 3 configure terminal Enter global configuration mode This step is required only if you override the default remote username see Steps 4 and 5 Step 4 ip rcmd remote username username Opt...

Страница 232: ...re Upgrade The HTTP Upgrade screen appears Step 6 Click the Browse button to locate the image file on your PC Step 7 Click the Upload button For additional information click the Help icon on the Software Upgrade screen Browser TFTP Interface The TFTP interface allows you to use a TFTP server on a network device to load the bridge image file Follow the instructions below to use a TFTP server Step 1...

Страница 233: ...ion settings to factory defaults including passwords WEP keys the bridge IP address and SSIDs Follow the steps below to reload the bridge image file Step 1 The PC you intend to use must be configured with a static IP address in the range of 10 0 0 2 to 10 0 0 30 Step 2 Make sure that the PC contains the bridge image file in the TFTP server folder and the TFTP server is activated Step 3 Connect the...

Страница 234: ...17 34 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Chapter 17 Managing Firmware and Configurations Working with Software Images ...

Страница 235: ...tem message logging on your bridge Note For complete syntax and usage information for the commands used in this chapter refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 This chapter consists of these sections Understanding System Message Logging page 18 2 Configuring System Message Logging page 18 2 Displaying the Logging Configuration page 18 12 ...

Страница 236: ...by saving them to a properly configured syslog server The bridge software saves syslog messages in an internal buffer You can remotely monitor system messages by accessing the bridge through Telnet or by viewing the logs on a syslog server Configuring System Message Logging This section describes how to configure system message logging It contains this configuration information System Log Message ...

Страница 237: ...number only if the service sequence numbers global configuration command is configured For more information see the Enabling and Disabling Sequence Numbers in Log Messages section on page 18 6 timestamp formats mm dd hh mm ss or hh mm ss short uptime or d h long uptime Date and time of the message or event This information appears only if the service timestamps log datetime log global configuratio...

Страница 238: ...and output The logging synchronous global configuration command also affects the display of messages to the console When this command is enabled messages appear only after you press Return For more information see the Enabling and Disabling Timestamps on Log Messages section on page 18 6 To re enable message logging after it has been disabled use the logging on global configuration command Timesta...

Страница 239: ...2 logging buffered size level Log messages to an internal buffer The default buffer size is 4096 The range is 4096 to 2147483647 bytes Levels include emergencies 0 alerts 1 critical 2 errors 3 warnings 4 notifications 5 informational 6 and debugging 7 Note Do not make the buffer size too large because the bridge could run out of memory for other tasks Use the show memory privileged EXEC command to...

Страница 240: ...y refer to a single message By default sequence numbers in log messages are not displayed Beginning in privileged EXEC mode follow these steps to enable sequence numbers in log messages To disable sequence numbers use the no service sequence numbers global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 service timestamps log uptime or service...

Страница 241: ...ging monitor global configuration command To disable logging to syslog servers use the no logging trap global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 logging console level Limit messages logged to the console By default the console receives debugging messages and numerically lower levels see Table 18 3 on page 18 8 Step 3 logging monit...

Страница 242: ...age is only for information bridge functionality is not affected Limiting Syslog Messages Sent to the History Table and to SNMP If you have enabled syslog message traps to be sent to an SNMP network management station by using the snmp server enable trap global configuration command you can change the level of messages sent and stored in the bridge history table You can also change the number of m...

Страница 243: ...gging rate limit global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 logging history level1 1 Table 18 3 lists the level keywords and severity level For SNMP usage the severity level values increase by 1 For example emergencies equal 1 not 0 and critical equals 3 not 2 Change the default level of syslog messages stored in the history file a...

Страница 244: ...ion on the facilities The debug keyword specifies the syslog level see Table 18 3 on page 18 8 for information on the severity levels The syslog daemon sends messages at this level or at a more severe level to the file specified in the next field The file must already exist and the syslog daemon must have permission to write to it Step 2 Create the log file by entering these commands at the UNIX s...

Страница 245: ...slog servers receive informational messages and lower See Table 18 3 on page 18 8 for level keywords Step 4 logging facility facility type Configure the syslog facility See Table 18 4 on page 18 11 for facility type keywords The default is local7 Step 5 end Return to privileged EXEC mode Step 6 show running config Verify your entries Step 7 copy running config startup config Optional Save your ent...

Страница 246: ...aying the Logging Configuration To display the current logging configuration and the contents of the log buffer use the show logging privileged EXEC command For information about the fields in this display refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 2 To display the logging history file use the show logging history privileged EXEC command ...

Страница 247: ... to date detailed troubleshooting information refer to the Cisco TAC website at the following URL select Hardware Support Wireless Devices http www cisco com tac Sections in this chapter include Checking the Bridge LEDs page 19 2 Power Injector LEDs page 19 4 Checking Basic Configuration Settings page 19 7 Antenna Alignment page 19 8 Resetting to the Default Configuration page 19 8 Reloading the B...

Страница 248: ...s the unit s status For information on using the LEDs during the installation and alignment of the bridge antenna refer to the Bridge LEDs section in the Cisco Aironet 1400 Series Wireless Bridge Hardware Installation Guide Click this link to browse to the Hardware Installation Guide http www cisco com en US docs wireless bridge 1400 installation guide 1400hig4 html Figure 19 1 shows the bridge LE...

Страница 249: ...s or improper antenna alignment You should check the SSID and security settings of all bridges and verify antenna alignment If the problem continues contact technical support for assistance Green Root mode associated to at least one remote bridge Non root mode associated to the root bridge This is normal operation Blinking amber General warning disconnect and reconnect the power injector power jac...

Страница 250: ...ector detects the returned discovery tone it applies 48 VDC to the dual coax cables to the bridge When power is applied to the bridge the bridge activates the bootloader and begins the POST operations The bridge begins to load the IOS image when the Post operations are successfully completed Upon successfully loading the IOS image the bridge initializes and tests the radio Table 19 2 Bridge LED Bl...

Страница 251: ...D Indications Uplink Activity Injector Status Ethernet Activity Description Off Wired LAN Ethernet link is not active Green Wired LAN Ethernet link is operational Blinking Green Transmitting and receiving packets over the wired LAN Ethernet link Amber Power injector internal memory error disconnect and reconnect the power injector power plug If the problem continues contact technical support for a...

Страница 252: ... the IOS image Blinking Green Bridge power is active and the bridge is loading IOS image or POST operation has started Blinking Amber Bridge has not been detected and bridge power is not active This might be caused by bad connections or a defective cable or connector Verify that the dual coax cables are connected correctly to the power injector grounding block and bridge If the cables are connecte...

Страница 253: ...perly connected to the power injector the grounding block and the bridge If the dual coax cable is connected properly and not defective contact technical support for assistance Checking Basic Configuration Settings Mismatched basic settings are the most common causes of lost wireless connectivity If the bridge does not associate with a remote bridge check the following areas SSID To associate all ...

Страница 254: ...ignment instructions refer to the Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions that shipped with your bridge Resetting to the Default Configuration If you forget the password that allows you to configure the bridge you may need to completely reset the configuration You can use the MODE button on the power injector or the web browser interface Note The following steps reset all c...

Страница 255: ... static IP address the IP address does not change Step 8 After the bridge reboots you must reconfigure the bridge by using the Web browser interface the Telnet interface or IOS commands Reloading the Bridge Image If your bridge has a firmware failure you must reload the complete bridge image file using the Web browser interface or by pressing and holding the MODE button for around 30 seconds You c...

Страница 256: ...elnet interface or IOS commands Note The bridge is configured with the factory default values including the IP address set to receive an IP address using DHCP To obtain the bridge s new IP address refer to the Using the IP Setup Utility section on page 2 8 Web Browser Interface You can also use the Web browser interface to reload the bridge image file The Web browser interface supports loading the...

Страница 257: ...me for the bridge image file c1410 k9w7 tar 122 13 JA tar in the Upload New System Image Tar File field If the file is located in a subdirectory of the TFTP server root directory include the relative path of the TFTP server root directory with the filename If the file is in the TFTP root directory enter only the filename Step 9 Click Upload For additional information click the Help icon on the Sof...

Страница 258: ...ile again to download it Step 10 Save the file to a directory on your hard drive and then exit the Internet browser Obtaining the TFTP Server Software You can download TFTP server software from several web sites Cisco recommends the shareware TFTP utility available at this URL http tftpd32 jounin net Follow the instructions on the website for installing and using the utility ...

Страница 259: ...4059 01 A P P E N D I X A Channels and Antenna Settings This appendix lists the IEEE 802 11a 5 GHz channels and maximum power levels for the bridge supported by the Americas regulatory domain These topics are covered in this appendix Channels page A 2 Maximum Power Levels page A 2 ...

Страница 260: ...s the maximum power levels and antenna gains allowed Table A 1 Channels for IEEE 802 11a Channel Identifier Center Frequency MHz Regulatory Domains Americas A 149 5745 X 153 5765 X 157 5785 X 161 5805 X Table A 2 Maximum Power Levels and Antenna Gains Regulatory Domains Maximum Power Settings Orientation 9 dBi Omnidirectional Antenna 9 5 dBi Sector Antenna 22 5 dBi Integrated Antenna 28 dBi Dish A...

Страница 261: ...e of the protocols that you can filter on the bridge The tables include Table E 1 Ethertype Protocols Table E 2 IP Protocols Table E 3 IP Port Protocols In each table the Protocol column lists the protocol name the Additional Identifier column lists other names for the same protocol and the ISO Designator column lists the numeric designator for each protocol ...

Страница 262: ...eley Trailer Negotiation 0x1000 LAN Test 0x0708 X 25 Level3 X 25 0x0805 Banyan 0x0BAD CDP 0x2000 DEC XNS XNS 0x6000 DEC MOP Dump Load 0x6001 DEC MOP MOP 0x6002 DEC LAT LAT 0x6004 Ethertalk 0x809B Appletalk ARP Appletalk AARP 0x80F3 IPX 802 2 0x00E0 IPX 802 3 0x00FF Novell IPX old 0x8137 Novell IPX new IPX 0x8138 EAPOL old 0x8180 EAPOL new 0x888E Telxon TXP TXP 0x8729 Aironet DDP DDP 0x872D Enet Co...

Страница 263: ... Designator dummy 0 Internet Control Message Protocol ICMP 1 Internet Group Management Protocol IGMP 2 Transmission Control Protocol TCP 6 Exterior Gateway Protocol EGP 8 PUP 12 CHAOS 16 User Datagram Protocol UDP 17 XNS IDP IDP 22 ISO TP4 TP4 29 ISO CNLP CNLP 80 Banyan VINES VINES 83 Encapsulation Header encap_hdr 98 Spectralink Voice Protocol SVP Spectralink 119 raw 255 ...

Страница 264: ...ote 17 Message Send Protocol msp 18 ttytst source chargen 19 FTP Data ftp data 20 FTP Control 21 ftp 21 Secure Shell 22 ssh 22 Telnet 23 Simple Mail Transport Protocol SMTP mail 25 time timserver 37 Resource Location Protocol RLP 39 IEN 116 Name Server name 42 whois nicname 43 43 Domain Name Server DNS domain 53 MTP 57 BOOTP Server 67 BOOTP Client 68 TFTP 69 gopher 70 rje netrjs 77 finger 79 Hyper...

Страница 265: ...ws nntp 119 Network Time Protocol ntp 123 NETBIOS Name Service netbios ns 137 NETBIOS Datagram Service netbios dgm 138 NETBIOS Session Service netbios ssn 139 Interim Mail Access Protocol v2 Interim Mail Access Protocol IMAP2 143 Simple Network Management Protocol SNMP 161 SNMP Traps snmp trap 162 ISO CMIP Management Over IP CMIP Management Over IP cmip man CMOT 163 ISO CMIP Agent Over IP cmip age...

Страница 266: ... 515 talk 517 ntalk 518 route RIP 520 timeserver timed 525 newdate tempo 526 courier RPC 530 conference chat 531 netnews 532 netwall wall 533 UUCP Daemon UUCP uucpd 540 Kerberos rlogin klogin 543 Kerberos rsh kshell 544 rfs_server remotefs 556 Kerberos kadmin kerberos adm 749 network dictionary webster 765 SUP server supfilesrv 871 swat for SAMBA swat 901 SUP debugging supfiledbg 1127 ingreslock 1...

Страница 267: ...Pv2 This appendix contains these sections MIB List page C 1 Using FTP to Access the MIB Files page C 2 MIB List BRIDGE MIB CISCO AAA SERVER MIB CISCO CDP MIB CISCO CLASS BASED QOS MIB CISCO CONFIG COPY MIB CISCO CONFIG MAN MIB CISCO DOT11 ASSOCIATION MIB CISCO DOT11 IF MIB CISCO ENTITY VENDORTYPE OID MIB CISCO ENV MON MIB CISCO FLASH MIB CISCO IETF DOT11 QOS MIB CISCO IETF DOT11 QOS EXT MIB CISCO ...

Страница 268: ...RFC1213 MIB RFC1398 MIB SNMPv2 MIB SNMPv2 SMI SNMPv2 TC Using FTP to Access the MIB Files Follow these steps to obtain each MIB file by using FTP Step 1 Use FTP to access the server ftp cisco com Step 2 Log in with the username anonymous Step 3 Enter your e mail username when prompted for the password Step 4 At the ftp prompt change directories to pub mibs v1 or pub mibs v2 Step 5 Use the get MIB_...

Страница 269: ...essage exactly as it appears and report it to your technical support representative SW_AUTO_UPGRADE 7 FAILURE boot_file_pathent creation failed Auto upgrade of the software failed due to error in creation of pathent internal data structure Copy the error message exactly as it appears and report it to your technical support representative Association Management Messages DOT11 2 RADIO_HW_RESET Radio...

Страница 270: ... disassociated from a bridge None DOT11 6 ROAMED Station mac address Roamed to mac address A station has roamed to a new bridge None Unzip Messages SOAP 4 UNZIP_OVERFLOW Failed to unzip Flash c1200 k9w7 mx 122 3 6 JA1 ht ml level15 ap_xxx htm gz exceeds maximum uncompressed html size The HTTP server cannot retrieve a compressed file in response to an HTTP GET request because the size of the file i...

Страница 271: ...ne DOT11 4 CANT_ASSOC Cannot associate chars The unit could not establish a connection to a parent bridge for the displayed reason Check the configuration of both the parent bridge and this unit to make sure the basic settings SSID WEP and others match Inter Bridge Protocol Messages DOT11 6 ROAMED Station mac address Roamed to mac address A station has roamed to a new bridge None DOT11 6 STANDBY_A...

Страница 272: ...D 4 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL 4059 01 Appendix D Error and Event Messages ...

Страница 273: ...ed of stations without access points antenna gain The gain of an antenna is a measure of the antenna s ability to direct or focus radio energy over a region of space High gain antennas have a more focused radiation pattern in a specific direction associated A station is configured properly to enable it to wirelessly communicate with an access point B beacon A wireless LAN packet that signals the a...

Страница 274: ...sion the type of antenna used and the physical environment as well as other factors client A radio device that uses the services of an access point to communicate wirelessly with other devices on a local area network CSMA Carrier sense multiple access A wireless LAN media access method specified by the IEEE 802 11 specification D data rates The range of data transmission rates supported by a devic...

Страница 275: ...pending on the physical layer used F file server A repository for files so that a local area network can share files mail and programs firmware Software that is programmed on a memory chip G gateway A device that connects two otherwise incompatible networks GHz Gigahertz One billion cycles per second A unit of measure for frequency I IEEE Institute of Electrical and Electronic Engineers A professi...

Страница 276: ... to a primarily circular antenna radiation pattern Orthogonal Frequency Division Multiplex OFDM A modulation technique used by IEEE 802 11a compliant wireless LANs for transmission at 6 9 12 18 24 36 48 and 54 Mbps P packet A basic message unit for communication across a network A packet usually includes routing information data and sometimes error detection information Q quadruple phase shift key...

Страница 277: ...h than otherwise required in order to gain benefits such as improved interference tolerance and unlicensed operation SSID Service Set Identifier also referred to as Radio Network Name A unique identifier used to identify a radio network and which stations must use to be able to communicate with each other or to an access point The SSID can be any alphanumeric entry up to a maximum of 32 characters...

Страница 278: ...e The WLSE is a specialized appliance for managing Cisco Aironet wireless LAN infrastructures It centrally identifies and configures access points in customer defined groups and reports on throughput and client associations WLSE centralized management capabilities are further enhanced with an integrated template based configuration tool for added configuration ease and improved productivity workst...

Страница 279: ...cation types Network EAP 10 3 open 10 2 shared key 10 3 authoritative time source described 5 18 authorization with RADIUS 5 11 11 11 with TACACS 5 14 11 16 11 20 B Back button 3 4 banners configuring login 5 35 message of the day login 5 34 default configuration 5 34 when displayed 5 33 basic settings checking 19 7 bridge image 19 9 C Cancel button 3 4 carrier busy test 6 9 CDP disabling for rout...

Страница 280: ...ions when copying 17 5 system contact and location information 16 9 types and location 17 9 uploading preparing 17 10 17 13 17 16 reasons for 17 8 using FTP 17 14 using RCP 17 17 using TFTP 17 11 connections secure remote 5 16 crypto software image 5 16 D daylight saving time 5 29 default commands 4 3 default configuration banners 5 34 DNS 5 32 NTP 5 20 password and privilege level 5 2 RADIUS 5 8 ...

Страница 281: ...g the contents of 17 8 tar creating 17 6 displaying the contents of 17 7 extracting 17 7 image file format 17 19 file system displaying available file systems 17 2 displaying file information 17 3 local file system names 17 2 network file system names 17 5 setting the default 17 3 filtering show and more command output 4 8 Flash device number of 17 2 forward delay time STP 8 6 frequencies A 2 FTP ...

Страница 282: ...ogging M MAC 2 10 2 11 management options CLI 4 1 Message Integrity Check 9 1 messages to users through banners 5 33 MIBs accessing files with FTP C 2 location of files C 2 overview 16 2 SNMP interaction with 16 4 MIC 9 1 Mode button 17 33 19 9 monitoring CDP 15 5 N Network EAP 10 3 Network Time Protocol See NTP no commands 4 3 NTP associations authenticating 5 20 defined 5 18 enabling broadcast m...

Страница 283: ...13 configuring accounting 11 12 authentication 5 8 11 7 authorization 5 11 11 11 communication global 11 5 11 13 communication per server 11 4 11 5 multiple UDP ports 11 5 default configuration 5 8 11 4 defining AAA server groups 5 9 11 9 displaying the configuration 5 12 11 15 identifying the server 11 4 limiting the services to the user 5 11 11 11 method list defined 11 4 operation of 11 3 overv...

Страница 284: ...log messages to NMS 18 8 manager functions 16 3 MIBs location of C 2 overview 16 2 16 4 snmp server view 16 9 status displaying 16 10 system contact and location 16 9 trap manager configuring 16 8 traps described 16 3 enabling 16 7 overview 16 2 16 4 types of 16 7 versions supported 16 2 software images location in Flash 17 19 tar file format described 17 19 SSH 4 9 configuring 5 17 crypto softwar...

Страница 285: ...tination device 18 5 timestamps enabling and disabling 18 6 UNIX syslog servers configuring the daemon 18 10 configuring the logging facility 18 10 facilities supported 18 11 system name default configuration 5 31 manual configuration 5 31 See also DNS system prompt default setting 5 31 T TAC 19 1 TACACS accounting defined 11 16 authentication defined 11 16 authorization defined 11 16 configuring ...

Страница 286: ...ting 19 1 with CiscoWorks 16 4 with system message logging 18 2 U UNIX syslog servers daemon configuration 18 10 facilities supported 18 11 message logging configuration 18 10 upgrading software images See downloading uploading configuration files preparing 17 10 17 13 17 16 reasons for 17 8 using FTP 17 14 using RCP 17 17 using TFTP 17 11 image files preparing 17 20 17 23 17 27 reasons for 17 19 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды