manualshive.com logo in svg

Cisco WAP571, Руководство администратора

Cisco WAP571 - мощный беспроводной точка доступа с широкими возможностями управления и настройки. Скачайте бесплатное административное руководство для этого устройства на нашем сайте. Легко управляйте своей сетью с помощью этого руководства. Безопасно и эффективно. Скачивайте с manualshive.com.

Поделиться
Скачать
background image

9

Cisco WAP571/E Administration Guide

133

ACL

This section describes how to configure the ACL feature on the WAP device. It 
contains these topics:

ACL Rule

ACL Association

ACL Status

ACL Rule

ACLs are a collection of permit and deny conditions, called rules, that provide 
security by blocking unauthorized users and allowing authorized users to access 
specific resources. ACLs can block any unwarranted attempts to reach network 
resources.

The WAP device supports up to 50 IPv4, IPv6, and MAC ACL rules.

IPv4 and IPv6 ACLs

IP ACLs classify traffic for Layers 3 and 4.

Each ACL is a set of rules applied to traffic received by the WAP device. Each rule 
specifies whether the contents of a given field should be used to permit or deny 
access to the network. Rules can be based on various criteria and may apply to 
one or more fields within a packet, such as the source or destination IP address, 
the source or destination port, or the protocol carried in the packet.

NOTE

There is an implicit deny at the end of every rule created. To avoid deny all, we 
strongly recommend that you add a permit rule within the ACL to allow traffic.

MAC ACLs

Содержание WAP571

Страница 1: ...Cisco WAP571 Wireless AC N Premium Dual Radio Access Point with PoE Cisco WAP571E Wireless AC N Premium Dual Radio Out door Access Point ADMINISTRATION GUIDE ...

Страница 2: ......

Страница 3: ...twork Interfaces 19 Traffic Statistics 21 Wireless Multicast Forwarding Statistics 22 WorkGroup Bridge Transmit Receive 24 Associated Clients 24 TSPEC Client Associations 26 TSPEC Status and Statistics 28 TSPEC AP Statistics 30 Radio Statistics 30 Email Alert Status 32 Log 32 Chapter 3 Administration 33 System Settings 34 User Accounts 34 Adding a User 35 Changing a User Password 35 Time Settings ...

Страница 4: ...7 TFTP Upgrade 48 HTTP Upgrade 49 Download Backup Configuration File 49 Backing Up a Configuration File 50 Downloading a Configuration File 51 Configuration Files Properties 52 Copy Save Configuration 52 Reboot 53 Discovery Bonjour 54 Packet Capture 54 Local Packet Capture 56 Remote Packet Capture 58 Packet Capture File Download 61 Support Information 61 Spanning Tree Settings 62 Chapter 4 LAN 63 ...

Страница 5: ...84 VLAN IDs 85 Configuring VAPs 85 Configuring Security Settings 88 Wireless Multicast Forwarding 96 Scheduler 97 Adding Scheduler Profiles 98 Configuring Scheduler Rules 98 Scope of Scheduler Rules 99 Scheduler Association 100 MAC Filtering 101 Configuring a MAC Filter List Locally on the WAP Device 101 Configuring MAC Authentication on the RADIUS Server 102 Bridge 102 WEP on WDS Links 105 WPA PS...

Страница 6: ... 119 WPA PSK Complexity 120 Chapter 8 Client Quality of Service 121 Client QoS Global Settings 121 Class Map 122 Adding a Class Map 127 Policy Map 129 Client QoS Association 131 QoS Status 132 Chapter 9 ACL 133 ACL Rule 133 ACL Association 142 ACL Status 143 144 Chapter 10 SNMP 145 SNMP Overview 145 General SNMP Settings 146 Views 148 Groups 149 Users 151 Targets 153 ...

Страница 7: ...up Across Access Points 170 Single Point Setup Negotiation 171 Operation of a Device Dropped From a Single Point Setup 171 Configuration Parameters Propagated and Not Propagated to Single Point Setup Access Points 172 Access Points 174 Sessions 177 Channel Management 179 Viewing Channel Assignments and Setting Locks 180 Configuring Advanced Settings 181 Wireless Neighborhood 182 Viewing Details fo...

Страница 8: ...Cisco WAP571 E Administration Guide 8 Contents ...

Страница 9: ...n utility Supported Browsers Internet Explorer 7 0 or later Chrome 5 0 or later Firefox 3 0 or later Safari 3 0 or later Browser Restrictions If you are using Internet Explorer 6 you cannot directly use an IPv6 address to access the Access Point You can however use the Domain Name System DNS server to create a domain name that contains the IPv6 address and then use that domain name in the address ...

Страница 10: ...irst time that you log into the Access Point or after it has been reset to the factory default settings the Access Point Setup Wizard appears to help you perform initial configurations Follow these steps to complete the wizard You must log in again after changing your password STEP 1 Click Next on the Welcome page of the Wizard The Configure Device IP Address window appears STEP 2 Click Dynamic IP...

Страница 11: ...w appears STEP 8 Enter a New Password and enter it again in the Confirm Password text box For more information about passwords see User Accounts NOTE You can uncheck the Password Complexity box if you want to disable the password security rules However we strongly recommend keeping the password security rules enabled STEP 9 Click Next The Enable Security Name Your Wireless Network window appears f...

Страница 12: ...Radio 1 or Radio 2 STEP 19 Click Next The Wizard displays the Enable Captive Portal Secure Your Guest Network window STEP 20 Choose a security encryption type for the guest network and enter a security key For a description of these options see System Security STEP 21 Click Next The Wizard displays the Enable Captive Portal Assign the VLAN ID window STEP 22 Specify a VLAN ID for the guest network ...

Страница 13: ...arted page is the default window every time you log into the web based AP configuration utility Links on the Getting Started Page Category Link Name on the Page Linked Page Initial Setup Run Setup Wizard Using the Access Point Setup Wizard Configure Radio Settings Radio Configure Wireless Network Settings Networks Configure LAN Settings LAN Configure Single Point Setup Single Point Setup Overview ...

Страница 14: ... is preceded by an arrow select to expand and display the submenu of each group You can then select the desired submenu item to open the associated page Button Name Description User The account name Administrator or Guest of the user logged into the AP The factory default user name is cisco Log Out Click to log out of the web based AP configuration utility Language Hover the mouse pointer over the...

Страница 15: ...ble or database Cancel Cancels the changes made to the page Clear All Clears all entries in the log table About Click to show the AP type and version number Delete Deletes an entry in a table Select an entry first Edit Edits or modifies an existing entry Select an entry first Refresh Redisplays the current page with the latest data Save Saves the settings or configuration Update Updates the new in...

Страница 16: ...Getting Started Window Navigation Cisco WAP571 E Administration Guide 16 1 ...

Страница 17: ...tus and statistics and contains these topics System Summary Network Interfaces Traffic Statistics Wireless Multicast Forwarding Statistics WorkGroup Bridge Transmit Receive Associated Clients TSPEC Client Associations TSPEC Status and Statistics TSPEC AP Statistics Radio Statistics Email Alert Status Log ...

Страница 18: ...tive image Firmware MD5 Checksum Active Image The checksum for the active image Firmware Version Non active The firmware version number of the backup image Firmware MD5 Checksum Non active The checksum for the backup image Host Name A name assigned to the device System Uptime The time that has elapsed since the last reboot System Time The current system time Power Source The system is receiving po...

Страница 19: ...device and a server or client depending on the role of each device with respect to this protocol Time Wait The closing sequence has been initiated and the WAP is waiting for a system defined timeout period typically 60 seconds before closing the connection You can click Refresh to refresh the screen and show the most current information Network Interfaces The Network Interfaces page shows the conf...

Страница 20: ...to change any of these settings You will be redirected to the IPv4 Setting page Port Status Displays the status for LAN interfaces Interfaces Number of the Ethernet interface Link Status Status of the Ethernet interface Port Speed Speed of the Ethernet interface Duplex Mode Duplex mode of the Ethernet interface Green Ethernet Status The status of the Ether interface Click the Edit link to change a...

Страница 21: ...e wireless interface name Status The administrative status up or down of the VAP MAC Address The MAC address of the radio interface VLAN ID The VLAN ID of the radio interface Profile The name of any associated scheduler profile State The current state active or inactive The state indicates whether the VAP is exchanging data with a client Click Refresh to refresh the screen and show the most curren...

Страница 22: ...s WAP device Errors The total number of errors related to sending and receiving data on this WAP device You can click Refresh to refresh the screen and show the most current information Wireless Multicast Forwarding Statistics The Wireless Multicast Forwarding Statistics page provides some basic information about the current AP and a real time display of the transmit and receive statistics for the...

Страница 23: ...ede the VAP interface name to indicate the radio interface WLAN0 represents radio 1 and WLAN1 represents radio 2 IGMP Frames Shows IGMP frames received IGMP Frames Fwd Show IGMP membership queries received IGMP Frames Sentup Shows IGMP membership reports seen Mfdb cache Hits Shows MFDB cache hits Mfdb Cache Misses Shows MFDB cache misses Multicast Group Network Interface Name of the Ethernet inter...

Страница 24: ...VLAN ID Virtual LAN VLAN ID You can use VLANs to establish multiple internal and guest networks on the same WAP device The VLAN ID is set on the VAP tab Name SSID Wireless network name Also known as the SSID this alphanumeric key uniquely identifies a wireless local area network The SSID is set on the VAP tab Additional information appears for the transmit and receive direction for each WorkGroup ...

Страница 25: ...WEP the authentication and association status of clients appears as expected that is if a client shows as authenticated to the WAP device it is able to transmit and receive data The reason why is that Static WEP uses only IEEE 802 11 authentication If the WAP device uses IEEE 802 1X or WPA security it is possible for a client association to appear as authenticated through IEEE 802 11 security alth...

Страница 26: ... along with status information A TSPEC is a traffic specification that is sent from a QoS capable wireless client to a WAP device requesting a certain amount of network access for the Traffic Stream TS it represents A traffic stream is a collection of data packets identified by the wireless client as belonging to a particular user priority An example of a voice traffic stream is a Wi Fi CERTIFIED ...

Страница 27: ...t the TS traffic occupies the transmission medium Excess Usage Events Number of times that the client has exceeded the medium time established for its TSPEC Minor infrequent violations are ignored VAP MAC Address Virtual Access Point MAC address Statistics Network Interface Radio interface used by the client Station Client station MAC address TS Identifier TSPEC Traffic Session Identifier range 0 ...

Страница 28: ...s by VAP Real time transmit and receive statistics for the radio interface and the network interface s All of the transmit and receive statistics shown are totals since the WAP device was last started If you reboot the WAP device these figures indicate transmit and receive totals since the reboot To view TSPEC status and statistics select Status and Statistics TSPEC Status and Statistics in the na...

Страница 29: ... Stream voice or video Total Packets Total number of TS packets sent in Transmit table or received in Received table by this Radio for the specified Access Category Total Bytes Total number of bytes received in the specified access category These statistics appear separately for the transmit and receive paths on the network interfaces VAPs Total Voice Packets Total number of TS voice packets sent ...

Страница 30: ...ge to show packet level and byte level statistics for each wireless radio interface To view the Radio Statistics page select Status and Statistics Radio Statistics in the navigation pane For the WAP571 E device select the Radio for which you want to view statistics Packets Received Total packets received by the WAP device Packets Transmitted Total packets transmitted by the WAP device Bytes Receiv...

Страница 31: ...etry limit FCS Error Count Count of FCS errors detected in a received MPDU frame Transmit Retry Count Number of times an MSDU is successfully transmitted after one or more retries ACK Failure Count Count of ACK frames not received when expected RTS Failure Count Count of CTS frames not received in response to an RTS frame WEP Undecryptable Count Number of frames discarded because they could not be...

Страница 32: ...efault is 0 Time Last Email Sent The day date and time when the last email was sent You can click Refresh to show the most current information Log The Log page shows a list of system events that generated a log entry such as login attempts and configuration changes The log is cleared upon a reboot and can be cleared by an administrator Up to 512 events can be shown Older entries are removed from t...

Страница 33: ...It contains these topics System Settings User Accounts Time Settings Log Settings Email Alert LED Display Management Access ControlManagement Access Control Manage Firmware Download Backup Configuration File Configuration Files Properties Copy Save Configuration Reboot Discovery Bonjour Packet Capture Support Information Spanning Tree Settings ...

Страница 34: ...igits and hyphens Host Name labels cannot begin or end with a hyphen No other symbols punctuation characters or blank spaces are permitted The Host Name can be 1 to 63 characters long System Contact A contact person for the WAP device The System Contact can be 0 to 255 characters long and can include spaces and special characters System Location Description of the physical location of the WAP devi...

Страница 35: ... 9 and letters a to z upper or lower are allowed for user names STEP 5 Enter a New Password between 1 and 64 characters and then enter the same password in the Confirm New Password text box As you enter a password the number and color of vertical bars changes to indicate the password strength as follows Red The password fails to meet the minimum complexity requirements Orange The password meets th...

Страница 36: ...s but the password strength is weak Green The password is strong STEP 4 Click Save The changes are saved to the Startup Configuration NOTE If you change your password you must log in again to the system Time Settings A system clock provides a network synchronized time stamping service for software events such as message logs You can configure the system clock manually or configure the WAP device a...

Страница 37: ...lected configure these fields Daylight Savings Start Select the week day month and time when daylight savings time starts Daylight Savings End Select the week day month and time when daylight savings time ends Daylight Savings Offset Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends STEP 4 Click Save The changes are saved to the Sta...

Страница 38: ...are saved to the Startup Configuration Log Settings You can use the Log Settings page to enable log messages to be saved in permanent memory You can also send logs to a remote host Configuring the Persistent Log If the system unexpectedly reboots log messages can be useful to diagnose the cause However log messages are erased when the system reboots unless you enable persistent logging CAUTION Ena...

Страница 39: ...ure in this field is reached the oldest log event is overwritten by the newest log event Note that the maximum number of log messages that can be stored in nonvolatile memory the persistent log is 128 which is not configurable STEP 3 Click Save The changes are saved to the Startup Configuration Remote Log Server The Kernel Log is a comprehensive list of system events shown in the System Log and ke...

Страница 40: ...a Remote Log host clicking Save activates remote logging The WAP device sends its kernel messages real time for display to the remote log server monitor a specified kernel log file or other storage depending on your configurations If you disabled a Remote Log host clicking Save disables remote logging NOTE After new settings are saved the corresponding processes may be stopped and restarted When t...

Страница 41: ...l address at the frequency specified by the Log Duration Select from these values None Emergency Alert Critical Error Warning Notice Info and Debug If set to None then no scheduled severity messages are sent The default severity is Warning Urgent Message Severity Log messages of this severity level or higher are sent to the configured email address immediately Select from these values None Emergen...

Страница 42: ...c characters Password Enter the password for the email account that will be used to send these mails The password can be from 1 to 64 characters STEP 4 Configure the email addresses and subject line To Email Address 1 2 3 Enter up to three addresses to receive email alerts Each email address must be valid Email Subject Enter the text to appear in the email subject line This can be up to a 255 char...

Страница 43: ...ver com Sent Wednesday September 09 2009 11 16 AM To administrator mailserver com Subject log message from AP TIME PriorityProcess Id Message Sep 8 03 48 25 info login 1457 root login on ttyp0 Sep 8 03 48 26 info mini_http ssl 1175 Max concurrent connections of 20 reached LED Display The WAP device has one LED Use the LED Display page to enable or disable the LED and associate LED with a configure...

Страница 44: ...L certificates Configuring HTTP and HTTPS Services To configure HTTP and HTTP services STEP 1 Select Administration HTTP HTTPS Service in the navigation pane STEP 2 Configure these Global Settings Maximum Sessions The number of web sessions including both HTTP and HTTPS that can be in use at the same time When a user logs on to the WAP device configuration utility a session is created This session...

Страница 45: ...s attempts on the HTTP port to the HTTPS port This field is available only when HTTP access is disabled STEP 4 Click Save The changes are saved to the Startup Configuration Managing SSL Certificates To use HTTPS services the WAP device must have a valid SSL certificate The WAP device can generate a certificate or you can download it from your network or from a TFTP server To generate the certifica...

Страница 46: ...work location select the file and click Upload For TFTP enter the File Name as it exists on the TFTP server and the TFTP Server IPv4 Address then click Upload The filename cannot contain the following characters spaces and two or more successive periods A confirmation appears when the upload was successful Management Access Control You can create an access control list ACL that lists up to five IP...

Страница 47: ... bootup the inactive image is loaded and becomes the active image You can also swap the active and inactive images As new versions of the AP firmware become available you can upgrade the firmware on your devices to take advantage of new features and enhancements The AP uses a TFTP or HTTP client for firmware upgrades After you upload new firmware and the system reboots the newly added firmware bec...

Страница 48: ... for the image file in the Source File Name field including the path to the directory that contains the image to upload For example to upload the ap_upgrade tar image located in the share builds ap directory enter share builds ap ap_upgrade tar The firmware upgrade file supplied must be a tar file Do not attempt to use bin files or files of other formats for the upgrade these types of files do not...

Страница 49: ...the firmware upgrade completed successfully log into the user interface display the Upgrade Firmware page and view the active firmware version Download Backup Configuration File The AP configuration files are in XML format and contain all the information about the WAP device settings You can back up upload the configuration files to a network host or TFTP server to manually edit the content or cre...

Страница 50: ...TP Server IPv4 Address The filename cannot contain the following characters spaces and two or more successive periods STEP 5 For a TFTP backup only enter the TFTP Server IPv4 Address STEP 6 Select which configuration file you want to back up Startup Configuration Configuration file type used when the WAP device last booted This does not include any configuration changes applied but not yet saved t...

Страница 51: ...ver IPv4 Address The filename cannot contain the following characters spaces and two or more successive periods STEP 5 Select which configuration file on the AP that you want replaced with the downloaded file the Startup Configuration or the Backup Configuration If the downloaded file overwrites the Startup Configuration file and the file passes a validity check then the downloaded configuration t...

Страница 52: ...p Configuration file STEP 1 Select Administration Configuration Files Properties in the navigation pane STEP 2 Select the Startup Configuration or Backup Configuration file type STEP 3 Click Clear Files Copy Save Configuration The Copy Save Configuration page enables you to copy files within the AP file system For example you can copy the Backup Configuration file to the Startup Configuration file...

Страница 53: ...STEP 3 For the Destination File Name select the file type to be replaced with the file you are copying STEP 4 Click Save to begin the copy process When complete a window shows the message Copy Operation Successful Reboot You can use the Reboot page reboot the AP STEP 1 To reboot the WAP select Administration Reboot in the navigation pane STEP 2 Select one of these options Reboot Reboots the WAP us...

Страница 54: ...ed to a network any Bonjour client can discover and get access to the configuration utility without prior configuration A system administrator can use an installed Internet Explorer plug in to discover the WAP device The web based configuration utility shows up as a tab in the browser Bonjour works in both IPv4 and IPv6 networks Bonjour is enabled by default To change the administrative status STE...

Страница 55: ...ernal logical interfaces such as VAPs and WDS interfaces Select Administration Packet Capture to display the Packet Capture page From the Packet Capture page you can Configure packet capture parameters Start a local or remote packet capture View the current packet capture status Download a packet capture file The Packet Capture Configuration area enables you to configure parameters and initiate a ...

Страница 56: ...rnal computer running the Wireshark tool STEP 2 Depending on the selected method refer to the steps in the Local Packet Capture or Remote Packet Capture section to continue NOTE Changes to packet capture configuration parameters take affect after packet capture is restarted Modifying the parameters while the packet capture is running does not affect the current packet capture session To begin usin...

Страница 57: ...4 STEP 3 Click Save The changes are saved to the Startup Configuration STEP 4 Click Start Capture In Packet File Capture mode the WAP device stores captured packets in the RAM file system Upon activation the packet capture proceeds until one of these events occurs The capture time reaches the configured duration The capture file reaches its maximum size The administrator stops the capture The Pack...

Страница 58: ...he WAP device When remote capture mode is in use the WAP device does not store any captured data locally in its file system If a firewall is installed between the Wireshark computer and the WAP device the traffic for these ports must be allowed to pass through the firewall The firewall must also be configured to allow the Wireshark computer to initiate a TCP connection to the WAP device To initiat...

Страница 59: ... wlan0 802 11 traffic rpcap 192 168 1 220 2002 radio1 At WAP571 E VAP1 VAP7 traffic for radio 1 rpcap 192 168 1 220 2002 wlan0vap1 wlan0vap7 At WAP571 E VAP1 VAP7 traffic for radio 2 rpcap 192 168 1 220 2002 wlan1vap1 wlan1vap7 You can trace up to four interfaces on the WAP device at the same time However you must start a separate Wireshark session for each interface To initiate additional remote ...

Страница 60: ...curity issues the packet capture mode is not saved in NVRAM on the WAP device if the WAP device resets the capture mode is disabled and then you must reenable it to resume capturing traffic Packet capture parameters other than mode are saved in NVRAM Enabling the packet capture feature can create a security issue Unauthorized clients may be able to connect to the WAP device and trace user data The...

Страница 61: ...EP 3 Specify a TFTP Server IPv4 Address in the field provided STEP 4 Click Download To download a packet capture file using HTTP STEP 1 Clear Use TFTP to download the captured file STEP 2 Click Download A confirmation window appears STEP 3 Click OK A dialog box displays that enables you to choose a network location to save the file Support Information The Support Information page enables you to do...

Страница 62: ...appears to enable you to save the file to your computer Spanning Tree Settings Use the Spanning Tree Settings page to configure the STP settings on the Cisco WAP571 E To configure the STP settings on the Cisco WAP571 E STEP 1 Select Administration Spanning Tree Settings STEP 2 Configure parameter STP Status Enables or disables STP globally on the Cisco WAP571 E By default STP is enabled STEP 3 Cli...

Страница 63: ...ings for the port that physically connects the WAP device to a local area network To configure the port settings STEP 1 Select LAN Port Settings The Port Settings Table includes the following status and configurations for two Interfaces Eth0 to Eth1 Link Status Shows the current port link status Port Speed In review mode it shows the current port speed In edit mode if Auto Negotiation is disabled ...

Страница 64: ...d it resumes normal operation when energy is detected EEE mode supports QUIET times during low link utilization allowing both side of a link to disable portions of each PHY s operating circuit and save power Green Ethernet Status Shows the current EEE status STEP 2 Check the interfaces that you want to edit then click the Edit button to enter the edit mode Then input your settings STEP 3 Click Sav...

Страница 65: ...gged packet received by the port will be classified to the VLAN tagged Tagged The port is a member of the VLAN A packet of the VLAN sent out from the port will be tagged with the VLAN header Excluded The port does not belong to the VLAN NOTE The VLAN ID 1 cannot be deleted If a port wired or wireless related to the VLAN has been deleted the WAP device will set its VLAN ID to 1 automatically NOTE A...

Страница 66: ...ress enter the IP information in these fields Domain Name Servers Select one of the following options Dynamic The WAP device acquires the DNS server addresses from a DHCP server on the LAN Manual Manually configure one or more DNS server addresses Enter up to two IP addresses in the fields provided STEP 3 Click Save The changes are saved to the Startup Configuration NOTE After new settings are sav...

Страница 67: ... multiple autoconfigured IPv6 addresses Static IPv6 Address The static IPv6 address The WAP device can have a static IPv6 address even if addresses have already been configured automatically Static IPv6 Address Prefix Length The prefix length of the static address which is an integer in the range of 0 to 128 The default is 0 Static IPv6 Address Status Select one of the following options Operationa...

Страница 68: ... the Intra Site Automatic Tunnel Addressing Protocol ISATAP ISATAP enables the WAP device to transmit IPv6 packets encapsulated within IPv4 packets over the LAN The protocol enables the WAP device to communicate with remote IPv6 capable hosts even when the LAN that connects them does not support IPv6 The WAP device acts as an ISATAP client An ISATAP enabled host or router must reside on the LAN Th...

Страница 69: ... it learns about through the DNS query messages The WAP sends router solicitation messages only when there is no active ISATAP router The valid range is 120 to 3600 seconds The default value is 120 seconds STEP 3 Click Save The settings are saved to the Startup Configuration When the tunnel is established the ISATAP IPv6 Link Local Address and ISATAP IPv6 Global Address show on the page These are ...

Страница 70: ...sions The valid range is 5 to 32768 seconds The default value is 30 seconds POE Priority The priority level transmitted by the AP in the Extended Power information element The PoE priority level helps the Power Sourcing Equipment PSE such as a switch determine which powered devices should be given priority in power allocation when the PSE does not have enough capacity to supply power to all connec...

Страница 71: ... Radio settings directly control the behavior of the radio in the WAP device and its interaction with the physical medium that is how and what type of signal the WAP device emits To configure radio settings STEP 1 Select Wireless Radio in the navigation pane STEP 2 In the Global Settings area configure the TSPEC Violation Interval which is the time interval in seconds for the WAP device to report ...

Страница 72: ...imum power delivered by the PSE then the WAP device may reboot MAC Address The Media Access Control MAC address for the interface The MAC address is assigned by the manufacturer and cannot be changed Mode The IEEE 802 11 standard and frequency the radio uses The default value of Mode is 802 11a n ac for Radio 1 and 802 11b g n for Radio 2 For each radio select one of the available modes Radio 1 su...

Страница 73: ...nts that support only a 20 MHz channel bandwidth and for legacy clients Select one of these options Upper Sets the Primary Channel as the upper 20 MHz channel in the 40 MHz band Lower Sets the Primary Channel as the lower 20 MHz channel in the 40 MHz band Lower is the default selection Channel The portion of the radio spectrum the radio uses for transmitting and receiving The range of available ch...

Страница 74: ...r on the channel then the AP automatically selects a different channel When 802 11h is enabled the AP will not be operational in the 5 GHz band for at least 60 seconds due to radar scanning Setting up WDS links may be difficult when 802 11h is operational This is because the operating channels of the two APs on the WDS link may keep changing depending on channel usage and radar interference WDS wi...

Страница 75: ...WAP device Beacon Interval The interval between the transmission of beacon frames The WAP device transmits these at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second Enter an integer from 20 to 2000 milliseconds The default is 100 milliseconds DTIM Period The Delivery Traffic Information M...

Страница 76: ...entation is applicable only for legacy radio modes 802 11a or 802 11b g By default fragmentation is off We recommend not using fragmentation unless you suspect radio interference The additional headers applied to each fragment increase the overhead on the network and can greatly reduce throughput RTS Threshold The Request to Send RTS Threshold value The valid integer range must be from 0 to 65535 ...

Страница 77: ... of the transmit power This helps reduce overlap and interference among access points A lower transmit power setting can also keep your network more secure because weaker wireless signals are less likely to propagate outside of the physical location of your network Some channel ranges and country code combinations have relatively low maximum transmit power When attempting to set the transmit power...

Страница 78: ...ate limit for multicast and broadcast traffic The limit should be greater than 1 but less than 50 packets per second Any traffic that falls below this rate limit will always conform and be transmitted to the appropriate destination The default and maximum rate limit setting is 50 packets per second Rate Limit Burst An amount of traffic measured in bytes which is allowed to pass as a temporary burs...

Страница 79: ... station can send and receive video priority traffic without requiring an admitted TSPEC the WAP device ignores video TSPEC requests from client stations TSPEC Video ACM Limit The upper limit on the amount of traffic that the WAP device attempts to transmit on the wireless medium using a video AC to gain access The default limit is 15 percent of total traffic TSPEC AP Inactivity Timeout The amount...

Страница 80: ...nnels on each radio to detect all APs in the vicinity of the network If rogue APs are detected they are shown on the Rogue AP Detection page If an AP listed as a rogue is legitimate you can add it to the Known AP List NOTE The Detected Rogue AP List and Trusted AP List provide information that you can use to take further action The AP does not have any control over rogue APs on the lists and canno...

Страница 81: ...intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second NOTE The Beacon Interval is set on the Radio page Type The type of device AP indicates the rogue device is an AP that supports the IEEE 802 11 Wireless Networking Framework in Infrastructure Mode Ad hoc indicates a rogue station running in Ad hoc m...

Страница 82: ...Rogue APs will be detected Rate The rate in megabits per second at which the rogue AP is currently transmitting The current rate is always one of the rates shown in Supported Rates The reported rate is the speed of the last packet transmitted from the AP to the client This value can vary within the advertised rate set based on the signal quality between the AP and client and the rate at which broa...

Страница 83: ...the Download Backup Trusted AP List area select Backup AP to PC STEP 3 Click Save The list contains the MAC addresses of all APs that have been added to the Known AP List By default the filename is Rogue2 cfg You can use a text editor or web browser to open the file and view its contents Importing a Trusted AP List You can import a list of known APs from a saved list The list might be acquired fro...

Страница 84: ...own AP List Networks Virtual Access Points VAPs segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs VAPs simulate multiple access points in one physical WAP device The AP supports up to 16 VAPs Each VAP can be independently enabled or disabled with the exception of VAP0 VAP0 is the physical radio interface and remains enabled as long as the r...

Страница 85: ...AN clients associated with this specific VAP can administer the WAP device If needed an access control list ACL can be created to disable administration from WLAN clients Configuring VAPs To configure VAPs STEP 1 Select Wireless Networks in the navigation pane STEP 2 Select the Radio interface on which you want to configure VAPs Radio 1 or Radio 2 STEP 3 Select the Enabled check box for the VAP yo...

Страница 86: ...reconnect to the new SSID after you save this new setting SSID Broadcast Enables and disables the broadcast of the SSID Specify whether to allow the WAP device to broadcast the SSID in its beacon frames The Broadcast SSID parameter is enabled by default When the VAP does not broadcast its SSID the network name is not shown in the list of available networks on a client station Instead you must ente...

Страница 87: ... server Channel Isolation Enables and disables station isolation When disabled wireless clients can communicate with one another normally by sending traffic through the WAP device When enabled the WAP device blocks communication between wireless clients on the same VAP The WAP device still allows data traffic between its wireless clients and wired devices on the network across a WDS link and with ...

Страница 88: ...s not encrypted This security mode can be useful during initial network configuration or for problem solving but it is not recommended for regular use on the internal network because it is not secure Static WEP Wired Equivalent Privacy WEP is a data encryption protocol for 802 11 wireless networks All wireless stations and access points on the network are configured with a static 64 bit 40 bit sec...

Страница 89: ... one of these same WEP keys in the same slot as specified on the WAP device Characters Required The number of characters you enter into the WEP Key fields is determined by the key length and key type you select For example if you use 128 bit ASCII keys you must enter 26 characters in the WEP key The number of characters required updates automatically based on how you set the key length and key typ...

Страница 90: ... WEP Rules If you use Static WEP these rules apply All client stations must have the Wireless LAN WLAN security set to WEP and all clients must have one of the WEP keys specified on the WAP device in order to decode AP to station data transmissions The WAP device must have all keys used by clients for station to AP transmit so that it can decode the station transmissions The same key must occupy t...

Страница 91: ...a variety of authentication methods that the IEEE 802 1X mode supports including certificates Kerberos and public key authentication You must configure the client stations to use the same authentication method the WAP device uses These parameters configure Dynamic WEP Use Global RADIUS Server Settings By default each VAP uses the global RADIUS settings that you define for the WAP device see RADIUS...

Страница 92: ... is case sensitive and must match the key configured on the RADIUS server The text you enter is shown as asterisks Key 2 to Key 4 The RADIUS key associated with the configured backup RADIUS servers The server at Server IP IPv6 Address 2 uses Key 2 the server at Server IP IPv6 Address 3 uses Key 3 and so on Enable RADIUS Accounting Enables tracking and measuring of the resources a particular user h...

Страница 93: ...ent WPA2 AES All client stations on the network support WPA2 version and AES CCMP cipher security protocol This WPA version provides the best security per the IEEE 802 11i standard As per the latest WiFi Alliance requirement the AP has to support this mode all the time If the network has a mix of clients some of which support WPA2 and others which support only the original WPA select both of the c...

Страница 94: ...ireless clients that support the original WPA These parameters configure WPA Enterprise WPA Versions The types of client stations to be supported WPA TKIP The network has some client stations that only support original WPA and TKIP security protocol Note that selecting only WPA TKIP for the access point is not allowed as per the latest WiFi Alliance requirement WPA2 AES All client stations on the ...

Страница 95: ...RADIUS servers To use the global RADIUS server settings make sure the check box is selected To use a separate RADIUS server for the VAP uncheck the box and enter the RADIUS server IP address and key in these fields Server IP Address Type The IP version that the RADIUS server uses You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address settings but the WAP device c...

Страница 96: ...administrative selection of the active RADIUS server rather than having the WAP device attempt to contact each configured server in sequence and choose the first server that is up Broadcast Key Refresh Rate The interval at which the broadcast group key is refreshed for clients associated with this VAP The default is 300 seconds The valid range is from 0 to 86400 seconds A value of 0 indicates that...

Страница 97: ...settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients Scheduler The Radio and VAP Scheduler allows you to configure a rule with a specific time interval for VAPs or radios to be operational which automates ...

Страница 98: ...is disabled Operational status is down because global configuration is disabled System Time is out dated System time is not in sync STEP 3 To add a profile enter a profile name in the Scheduler Profile Configuration text box and click Add The profile name can be up to 32 alphanumeric characters Configuring Scheduler Rules You can configure up to 16 rules for a profile Each rule specifies the start...

Страница 99: ...rmat The range is 00 23 00 59 The default is 00 00 STEP 6 Click Save The changes are saved to the Startup Configuration NOTE A Scheduler profile must be associated with a radio interface or a VAP interface to be in effect See the Scheduler Association page NOTE To delete a rule select the profile from the Profile Name column and click Delete Scope of Scheduler Rules The scope of scheduler rules is...

Страница 100: ...inute from midnight to 12 01 This means the radio is only on for 1 minute every day We can then add exceptions for every time period where we want the radio to be active A common use case would be Enable Radio 9AM to 5PM Monday through Friday No Radio enabled on Weekends Create a Profile using two rules WeekDays StartTime 9 00 EndTime 17 00 WeekEnds StartTime 00 00 EndTime 00 01 Scheduler Associat...

Страница 101: ...evice may refer to a MAC filter list stored on an external RADlUS server or may refer a MAC filter list stored locally on the WAP device Configuring a MAC Filter List Locally on the WAP Device The WAP device supports one local MAC filter list only that is the same list applies to all VAPs that are enabled to use the local list The filter can be configured to grant access only to the MAC addresses ...

Страница 102: ... processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients Configuring MAC Authentication on the RADIUS Server If one or more VAPs are configured to use a MAC filter stored on a RADIUS authentication server you must configure the station list on t...

Страница 103: ... as the common link between multiple access points In this mode the central WAP device accepts client associations and communicates with the clients and other repeaters All other access points associate only with the central WAP device that forwards the packets to the appropriate wireless bridge for routing purposes The AP can also act as a repeater In this mode the AP serves as a connection betwe...

Страница 104: ...ant to configure STEP 4 Configure the remaining parameters Remote MAC Address Specifies the MAC address of the destination WAP device that is the WAP device on the other end of the WDS link to which data is sent or handed off and from which data is received TIP You can find the MAC address on the Status and Statistics Network Interface page Encryption The type of encryption to use on the WDS link ...

Страница 105: ...new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients WEP on WDS Links These additional fields appear when you select WEP as the encryption type Key Length If WEP is enabled specify the length of the WE...

Страница 106: ...de the AP acts as a wireless station STA on the wireless LAN It can bridge traffic between a remote wired network and the wireless LAN that is connected using the WorkGroup Bridge mode The WorkGroup Bridge feature enables support for STA mode The WAP device can operate on Basic Service Set BSS as an STA device When WorkGroup Bridge mode is enabled the AP supports only one BSS with which the AP ass...

Страница 107: ... not supported across a Single Point Setup To configure WorkGroup Bridge mode STEP 1 Select Wireless Bridge in the navigation pane STEP 2 Select the WorkGroup Bridge Mode from the drop down selection STEP 3 Select Enable for the WorkGroup Bridge Mode STEP 4 Select the radio interface on which to configure WorkGroup Bridge mode Radio 1 or Radio 2 STEP 5 Configure these parameters for the Infrastruc...

Страница 108: ...s applicable only when the radio is operating in legacy mode 802 11a for 5 GHz radio and 802 11b g for 2 4 GHz radio Quality of Service The quality of service QoS settings provide you with the ability to configure transmission queues for optimized throughput and better performance when handling differentiated wireless traffic such as Voice over IP VoIP other types of audio video streaming media an...

Страница 109: ...data such as VoIP and streaming media are automatically sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput a...

Страница 110: ...gth allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information The decreased overhead results in higher throughput and better performance Valid values are 0 0 through 999 Wi Fi MultiMedia WMM Select Enable to enable Wi Fi MultiMedia WMM extensions This field is enabled by default With WMM enabled QoS prioritization and...

Страница 111: ...ve Delivery Select Enable to enable APSD which is a power management method APSD is recommended if VoIP phones access the network through the WAP device STEP 5 Click Save The changes are saved to the Startup Configuration CAUTION After new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change ...

Страница 112: ...Wireless Quality of Service Cisco WAP571 E Administration Guide 112 5 ...

Страница 113: ...nts in local event logs at the edge of the network NOTE The Spectrum Analyzer can record the following interference analog cordless phone wireless video camera microwave oven S band Motion Detector Narrowband jammer Wideband jammer and Unknown interferer The Spectrum Analyzer page provide the status of spectrum analyzer capability and provide the link to view the spectrum data To configure the Spe...

Страница 114: ...Spectrum Analyzer Cisco WAP571 E Administration Guide 114 6 ...

Страница 115: ...e clients The MAC address filtering feature where client access is restricted to a list may also be configured to use a RADIUS server to control access The Captive Portal feature also uses RADIUS to authenticate clients You can use the Radius Server page to configure the RADIUS servers that are used by these features You can configure up to four globally available IPv4 or IPv6 RADIUS servers howev...

Страница 116: ...ss specified Server IP Address 2 through 4 or Server IPv6 Address 2 through 4 Up to three backup IPv4 or IPv6 RADIUS server addresses If authentication fails with the primary server each configured backup server is tried in sequence Key 1 The shared secret key that the WAP device uses to authenticate to the primary RADIUS server You can use from 1 to 64 standard alphanumeric and special characters...

Страница 117: ... Configuration area enables you to configure the 802 1X operational status and basic settings To configure the 802 1X Supplicant STEP 1 Select System Security 802 1X Supplicant in the navigation pane STEP 2 Click Refresh to update the Certificate file status STEP 3 Enter the parameters Administrative Mode Enables the 802 1X supplicant functionality EAP Method The algorithm to be used for encryptin...

Страница 118: ...fter new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients The Certificate File Status area shows whether a current certificate exists Certificate File Present Indicates whether the HTTP SSL Certificate...

Страница 119: ...resented in the password string The four possible character classes are uppercase letters lowercase letters numbers and special characters available on a standard keyboard Password Different From Current Select to have users enter a different password when their current password expires If not selected users can reenter the same password when it expires Maximum Password Length The maximum password...

Страница 120: ...ox none of these settings are used WPA PSK Complexity is disabled by default STEP 3 Configure the parameters WPA PSK Minimum Character Class The minimum number of character classes that must be represented in the key string The four possible character classes are uppercase letters lowercase letters numbers and special characters available on a standard keyboard Three is the default WPA PSK Differe...

Страница 121: ...ss Map Policy Map Client QoS Association QoS Status Client QoS Global Settings You can use the Client QoS Global Settings page to enable or disable quality of service functionality on the WAP device If you disable Client QoS rate limiting and DiffServ configurations are globally disabled If you enable this mode you can also enable or disable Client QoS mode on particular VAPs or Ethernet See the C...

Страница 122: ... with a policy map which defines how to handle the traffic class Classes that include time sensitive traffic can be assigned to policy maps that give precedence over other traffic You can use the Class Map page to define classes of traffic Use the Policy Map page to define policies and associate class maps to them To add and configure an IPv4 class map STEP 1 Select Client QoS Class Map STEP 2 In ...

Страница 123: ...a to a single host address use a mask of 255 255 255 255 To match the criteria to a 24 bit subnet for example 192 168 10 0 24 use a mask of 255 255 255 0 Source Port Includes a source port in the match condition for the rule The source port is identified in the datagram header Select From List Matches a keyword associated with the source port ftp ftpdata http smtp snmp telnet tftp www Each of thes...

Страница 124: ...4 to 49151 Registered Ports 49152 to 65535 Dynamic and or Private Ports Mask The port mask The mask determines which bits are used and which bits are ignored Only the hexadecimal digit 0 0xFFFF is allowed 1 means the bit matters and 0 means that we should ignore this bit Service Type Specifies the type of service to use in matching the packets to the class criteria IP DSCP Select From List Choose ...

Страница 125: ...ass map cannot be deleted if it is already attached to a policy To add and configure an IPv6 class map STEP 1 Select Client QoS Class Map STEP 2 In the Class Map Name field enter the name for the new class map The name can contain from 1 to 31 alphanumeric and special characters Spaces are not allowed STEP 3 Choose IPv6 as the type of class map from the Class Map Type list The IPv6 class map appli...

Страница 126: ...atagram header to an IANA port number that you specify The port range is from 0 to 65535 and includes three different types of ports 0 to 1023 Well Known Ports 1024 to 49151 Registered Ports 49152 to 65535 Dynamic and or Private Ports Mask The port mask The mask determines which bits are used and which bits are ignored Only the hexadecimal digit 0 to 0xFFFF is allowed 1 means the bit matters and 0...

Страница 127: ...andling in routers range 0 to 1048575 IP DSCP Uses the DSCP value as a match criterion Select from List Choose the DSCP type from the list Match to Value Enter a custom DSCP value from 0 to 63 STEP 5 Click Save The changes are saved to the Startup Configuration NOTE To delete a class map choose it in the Class Map Name list and click Delete The class map cannot be deleted if it is already attached...

Страница 128: ...The valid range is from 0 to 7 Source MAC Includes a source MAC address in the match condition for the rule Source MAC Address Enter the source MAC address to compare against an Ethernet frame Source MAC Mask Enter the source MAC address mask specifying which bits in the destination MAC address to compare against an Ethernet frame For each bit position in the MAC mask a 0 indicates that the corres...

Страница 129: ... and determine how traffic that matches the class criteria is handled The WAP device supports up to 50 policy maps A policy map can contain up to 10 class maps To add and configure a policy map STEP 1 Select Client QoS Policy Map STEP 2 In the Policy Map Name field enter the name for the policy map The name can include from 1 to 31 alphanumeric characters and special characters Spaces are not allo...

Страница 130: ...n integer from 0 to 7 Mark IP DSCP Marks all packets for the associated traffic stream with the IP DSCP value that you select from the list Select From List A list of DSCP types Mark IP Precedence Marks all packets for the associated traffic stream with the specified IP precedence value The IP precedence value is an integer from 0 to 7 Disassociate Class Map Removes the class selected in the Class...

Страница 131: ...und and outbound when it is authenticated on the network To configure QoS association parameters STEP 1 Select Client QoS Client QoS Association STEP 2 In the Interface field choose the radio or Ethernet interface on which you want to configure the QoS parameters STEP 3 Select Enabled for the selected interface STEP 4 Configure these parameters for the selected interface Bandwidth Limit Down Enter...

Страница 132: ...ss map name Match All Shows if this map matches all packets Rule Field Shows the detailed definition of this class map See Class Map for more information The Policy Map table shows information for the policy maps defined on the Policy Map page including Policy Map Name Policy map name Interface Bound Shows which interface this policy map has been associated to Class Map Name Lists the class maps t...

Страница 133: ...p to 50 IPv4 IPv6 and MAC ACL rules IPv4 and IPv6 ACLs IP ACLs classify traffic for Layers 3 and 4 Each ACL is a set of rules applied to traffic received by the WAP device Each rule specifies whether the contents of a given field should be used to permit or deny access to the network Rules can be based on various criteria and may apply to one or more fields within a packet such as the source or de...

Страница 134: ...1 Select ACL ACL Rule STEP 2 Specify a name for the ACL STEP 3 Select the type of ACL to add STEP 4 Add the ACL STEP 5 Add new rules to the ACL STEP 6 Configure the match criteria for the rules STEP 7 Use the ACL Association page to apply the ACL to one or more interfaces Configure IPv4 ACLs To configure an IPv4 ACL STEP 1 Select ACL ACL Rule STEP 2 In the ACL Name field enter the name to identify...

Страница 135: ...raffic that is not explicitly permitted is dropped Match Every Packet If enabled the rule which either has a permit or deny action matches the frame or packet regardless of its contents If you enable this feature you cannot configure any additional match criteria This option is selected by default for a new rule You must disable the option to configure other match fields Protocol Uses a Layer 3 or...

Страница 136: ...o the source port identified in the datagram header The port range is 0 to 65535 and includes three different types of ports 0 to 1023 Well Known Ports 1024 to 49151 Registered Ports 49152 to 65535 Dynamic and or Private Ports Mask Enter the port mask The mask determines which bits are used and which bits are ignored Only the hexadecimal digit 0 0xFFFF is allowed 0 means the bit matters and 1 mean...

Страница 137: ...he hexadecimal digit 0 0xFFFF is allowed 0 means the bit matters and 1 means that we should ignore this bit Service Type Matches the packets based on specific service type IP DSCP Select From List Matches the packets based on their DSCP Assured Forwarding AS Class of Service CS or Expedited Forwarding EF values IP DSCP Match to Value Matches the packets based on a custom DSCP value If selected ent...

Страница 138: ...cted in the ACL Name ACL Type list select Delete ACL and click Save Configure IPv6 ACLs To configure an IPv6 ACL STEP 1 Select ACL ACL Rule STEP 2 In the ACL Name field enter the name to identify the ACL STEP 3 Choose IPv6 as the type of ACL from the ACL Type list IPv6 ACLs control access to network resources based on Layer 3 and Layer 4 criteria STEP 4 Click Add ACL STEP 5 In the ACL Rule Configu...

Страница 139: ...Address Enter the IPv6 address to apply this criteria Source IPv6 Prefix Length Enter the prefix length of the source IPv6 address Source Port Includes a source port in the match condition for the rule The source port is identified in the datagram header Select From List If selected choose the port name from the list Match to Port Enter the IANA port number to match to the source port identified i...

Страница 140: ...git 0 0xFFFF is allowed 0 means the bit matters and 1 means that we should ignore this bit IPv6 Flow Label Specifies a 20 bit number that is unique to an IPv6 packet It is used by end stations to signify QoS handling in routers range 0 to 1048575 IPv6 DSCP Matches the packets based on their IP DSCP value If selected choose one of these options as the match criteria Select From List Choose one of t...

Страница 141: ...eet the criteria is forwarded unless this rule is the final rule Because there is an implicit deny all rule at the end of every ACL traffic that is not explicitly permitted is dropped Match Every Packet If enabled the rule which either has a permit or deny action matches the frame or packet regardless of its contents If you enable this feature you cannot configure any additional match criteria Thi...

Страница 142: ...ss Destination MAC Requires the packet s destination MAC address to match the address defined in the appropriate fields Destination MAC Address Enter the destination MAC address to compare against an Ethernet frame Destination MAC Mask Enter the destination MAC address mask to specify which bits in the destination MAC to compare against an Ethernet frame VLAN ID Enter the specific VLAN ID to compa...

Страница 143: ...ne Does not examine the traffic entering the WAP device ACL Name Choose the name of the ACL applied to traffic entering the WAP device When a packet or frame is received by the WAP device the ACL rules are checked for a match The packet or frame is processed if it is permitted and discarded if it is denied STEP 4 Click Save The changes are saved to the Startup Configuration ACL Status The ACL Stat...

Страница 144: ...tus Cisco WAP571 E Administration Guide 144 9 Rule Field Shows the detailed settings for the ACL See ACL Rule for more information You can click Refresh to refresh the screen and show the most current information ...

Страница 145: ...troubleshooting and maintenance The WAP device supports SNMP versions 1 2 and 3 Unless specifically noted all configuration parameters apply to SNMPv1 and SNMPv2c only Key components of any SNMP managed network are managed devices SNMP agents and a management system The agents store data about their devices in Management Information Bases MIBs and return this data to the SNMP manager when requeste...

Страница 146: ...ge is 1 to 256 alphanumeric and special characters The community name acts as a simple authentication feature to restrict the machines on the network that can request data to the SNMP agent The name functions as a password and the request is assumed to be authentic if the sender knows the password Read write Community A read write community name to be used for SNMP set requests The valid range is ...

Страница 147: ...net of the designated NMS Only machines with IP addresses in this range are permitted to execute get and set requests on the managed device Given the example above the machines with addresses from 192 168 1 1 through 192 168 1 254 can execute SNMP commands on the device The address identified by suffix 0 in a subnetwork range is always reserved for the subnet address and the address identified by ...

Страница 148: ...Startup Configuration NOTE After new settings are saved the corresponding processes may be stopped and restarted When this happens the WAP device may lose connectivity We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients Views An SNMP MIB view is a family of view subtrees in the MIB hierarchy A view subtree is identified by the pairin...

Страница 149: ...mat of the OID mask is xx xx xx or xx xx xx and is 16 octets in length Each octet is two hexadecimal characters separated by either a period or a colon Only hex characters are accepted in this field For example OID mask FA 80 is 11111010 10000000 A family mask is used to define a family of view subtrees The family mask indicates which subidentifiers of the associated family OID string are signific...

Страница 150: ... password for authentication and a DES key password for encryption Both the MD5 and DES key passwords must be defined By default users of this group have read and write access to the default all MIB view NOTE The default groups RO and RW cannot be deleted NOTE The AP supports a maximum of eight groups To add and configure an SNMP group STEP 1 Select SNMP Groups in the navigation pane STEP 2 Click ...

Страница 151: ... delete MIBs view none The group cannot create alter or delete MIBs Read Views The read access to MIBs for the group view all The group is allowed to view and read all MIBs view none The group cannot view or read MIBs STEP 5 Click Save The group is added to the SNMPv3 Groups list and your changes are saved to the Startup Configuration NOTE To remove a group select the group in the list and click D...

Страница 152: ...he user None SNMPv3 requests from this user require no authentication Authentication Pass Phrase If you specify MD5 as the Authentication Type A pass phrase to enable the SNMP agent to authenticate requests sent by the user The pass phrase must be between 8 and 32 characters in length Encryption Type The type of privacy to use on SNMP requests from the user which can be one of these options DES Us...

Страница 153: ...targets To add SNMP targets STEP 1 Select SNMP Targets in the navigation pane STEP 2 Click Add A new row is created in the table STEP 3 Check the box in the new row and click Edit STEP 4 Configure the parameters IP Address Enter the IPv4 address of the remote SNMP manager to receive the target UDP Port Enter the UDP port to use for sending SNMPv3 targets Users Enter the name of the SNMP user to as...

Страница 154: ...SNMP Targets Cisco WAP571 E Administration Guide 154 10 ...

Страница 155: ... consists of two CP instances Each instance can be configured independently with different verification methods for each VAP or SSID The Cisco WAP571 E devices operate concurrently with some VAPs configured for CP authentication and other VAPs configured for normal wireless authentication methods such as WPA or WPA Enterprise This section includes these topics Global Configuration Local Groups Use...

Страница 156: ...ic uses the HTTP management port which is 80 by default You can configure an additional port for HTTP traffic Enter a port number between 1025 and 65535 or 80 The HTTP and HTTPS ports cannot be the same Additional HTTPS Port HTTP traffic over SSL HTTPS uses the HTTPS management port which is 443 by default You can configure an additional port for HTTPS traffic Enter a port number between 1025 and ...

Страница 157: ...wo additional user groups To add a local user group STEP 1 Select Captive Portal Local Groups Users STEP 2 In the Local Groups Settings area configure these parameters Captive Portal Groups Choose Create to create a new group Group Name Enter the name for the new group STEP 3 Click Add Group The changes are saved to the Startup Configuration To delete a local user group STEP 1 Select Captive Porta...

Страница 158: ...rs Settings area reappears with additional options Configure these parameters User Password Enter the password from 8 to 64 alphanumeric and special characters A user must enter the password to log into the network through the Captive Portal Show Password as Clear Text When enabled the text you type is visible When disabled the text is not masked as you enter it Away Timeout Enter the period of ti...

Страница 159: ...d to the Startup Configuration To delete a local user STEP 1 Select Captive Portal Local Groups Users STEP 2 In the Local Users Settings area choose the user that you want to delete STEP 3 Check the Delete User option STEP 4 Click Delete User The changes are saved to the Startup Configuration Instance Configuration You can create up to two CP instances each CP instance is a defined set of instance...

Страница 160: ...at connection time Verification Choose the authentication method for CP to use to verify clients Guest The users do not need to be authenticated by a database Local The WAP device uses a local database to authenticate the users RADIUS The WAP device uses a database on a remote RADIUS server to authenticate the users Redirect When enabled Captive Portal should redirect the newly authenticated clien...

Страница 161: ...o 1300 Mbps The default value is 0 User Group Name If the Verification Mode is set to Local or RADIUS assigns an existing User Group to the CP instance All users who belong to the group are permitted to access the network through this portal RADIUS IP Network Choose if the WAP RADIUS client uses the configured IPv4 or IPv6 RADIUS server addresses Global RADIUS If the Verification mode is set to RA...

Страница 162: ...c and special characters The key is case sensitive and must match the key configured on the RADIUS server The text you enter is shown as asterisks Key 2 to Key 4 Enter the RADIUS key associated with the configured backup RADIUS servers The server at Server IP IPv6 Address 1uses Key 1 the server at Server IP IPv6 Address 2uses Key 2 and so on Locale Count The number of locales associated with the i...

Страница 163: ... Captive Portal Web Locale list You can create up to three different authentication pages with different locales on your network STEP 3 In the Captive Portal Web Locale Parameters area configure these parameters Web Locale Name Enter a web locale name to assign to the page The name can be from 1 to 32 alphanumeric characters Captive Portal Instances Choose the CP instance with which this locale is...

Страница 164: ...rom 1 to 32 characters The default is BFBFBF Separator Enter the HTML code for the color of the thick horizontal line that separates the page header from the page body in 6 digit hexadecimal format The range is from 1 to 32 characters The default is BFBFBF Locale Label Enter the descriptive label for the locale from 1 to 32 characters The default locale is English Locale Enter the abbreviation for...

Страница 165: ...als and click the connect button Acceptance Use Policy The text that appears in the Acceptance Use Policy box The range is from 1 to 4096 characters The default is Acceptance Use Policy Accept Label The text that instructs users to select the check box to acknowledge reading and accepting the Acceptance Use Policy The range is from 1 to 128 characters No Accept Text The text that shows in a pop up...

Страница 166: ... are resized to fit the specified dimensions For best results your logo and account images should be similar in proportion to the default images as follows To upload binary graphic files to the WAP device STEP 1 On the Web Portal Customization page click Upload Delete Custom Image next to the Background Image Name Logo Image Name or Account Image fields The Web Portal Custom Image page appears STE...

Страница 167: ...nts that attempted to authenticate on a Captive Portal and failed To view the list of authenticated clients or the list of clients who failed the authentication select Captive Portal Authenticated Clients The following information is displayed MAC Address The MAC address of the client IP Address The IP address of the client User Name The Captive Portal user name of the client Protocol The protocol...

Страница 168: ...tes from the CP After the time reaches zero the client is deauthenticated Received Packets The number of IP packets received by the WAP device from the user station Transmitted Packets The number of IP packets transmitted from the WAP device to the user station Received Bytes The number of bytes received by the WAP device from the user station Transmitted Bytes The number of bytes transmitted from...

Страница 169: ...evices You use Single Point Setup to create a single group or cluster of wireless devices After the WAP devices are clustered you can view deploy configure and secure the wireless network as a single entity After a wireless cluster is created Single Point Setup also facilitates channel planning across your wireless services to reduce radio interference and maximize bandwidth on the wireless networ...

Страница 170: ... cluster To form a cluster make sure the following prerequisites or conditions are met STEP 1 Plan your Single Point Setup cluster Be sure the two or more WAP devices you want to cluster are compatible with each other For example Cisco WAP571 E devices can only cluster with other Cisco WAP571 E devices NOTE It is strongly recommended to run the latest firmware version on all clustered WAP devices ...

Страница 171: ...n 60 seconds for example if the device loses connectivity to other devices in the cluster the device is removed from the cluster If a WAP device in Single Point Setup mode loses connectivity it is not immediately dropped from the cluster If it regains connectivity and rejoins the cluster without having been dropped and configuration changes were made to that device during the lost connectivity per...

Страница 172: ...th that WAP device from continued access to network resources If the loss of contact with the cluster is due to a physical or logical disconnect with the LAN infrastructure network services out to the wireless clients may be impacted depending on the nature of the failure Configuration Parameters Propagated and Not Propagated to Single Point Setup Access Points The tables summarize configurations ...

Страница 173: ...in Single Point Setup Radio Configuration Settings and Parameters that are Propagated in Single Point Setup Mode Fragmentation Threshold RTS Threshold Rate Sets Primary Channel Protection Fixed Multicast Rate Broadcast or Multicast Rate Limiting Channel Bandwidth Short Guard Interval Supported Radio Configuration Settings and Parameters that are Not Propagated in Single Point Setup Channel Beacon ...

Страница 174: ...le Single Point Setup button is visible You can edit Single Point Setup options only when Single Point Setup is disabled Icons on the right side of the page indicate whether Single Point Setup is enabled and if it is the number of WAP devices that are currently joined in the cluster STEP 2 With Single Point Setup disabled configure the following information for each individual member of a Single P...

Страница 175: ...searching for other WAP devices in the subnet that are configured with the same cluster name and IP version A potential cluster member sends advertisements every 10 seconds to announce its presence While searching for other cluster members the status indicates that the configuration is being applied Refresh the page to see the new configuration If one or more WAP devices are already configured wit...

Страница 176: ...IP address for the clustered WAP device you want to remove The web based configuration utility for that WAP device shows STEP 2 Select Single Point Setup Access Points in the navigation pane STEP 3 Click Disable Single Point Setup The Single Point Setup status field for that access point will now show Disabled Navigating to Configuration Information for a Specific Device All WAP devices in a Singl...

Страница 177: ...or a WLAN client session select an item from the Display list and click Go You can view information about idle time data rate and signal strength A session in this context is the period of time in which a user on a client device station with a unique MAC address maintains a connection with the wireless network The session begins when the WLAN client logs on to the network and the session ends when...

Страница 178: ...ent and the rate at which broadcast or multicast frames are sent When the AP sends a broadcast frame to a STA using the default rates then the field will report 1 Mbit sec for 2 4Ghz radios and 6 Mbit sec for 5 GHz radios Clients that are idle are most likely to report the low default rates Signal The strength of the radio frequency RF signal the WLAN client receives from the access point The meas...

Страница 179: ...evices to different channels and measures interference levels of the cluster members If significant channel interference is detected the channel manager automatically reassigns some or all of the devices to new channels per an efficiency algorithm or automated channel plan If the channel manager determines that a change is necessary then the reassignment information is sent to all members of the c...

Страница 180: ...ents and Setting Locks for information on the current and proposed channel assignments STEP 3 To stop automatic channel assignment click Stop No channel usage maps or channel reassignments are made Only manual updates affect the channel assignment Viewing Channel Assignments and Setting Locks When channel management is enabled the page shows the Current Channel Assignations table and the Proposed ...

Страница 181: ...st remain on their current channels WAP devices that are not locked may be assigned to different channels than they were previously using depending on the results of the plan For each WAP device in the Single Point Setup the Proposed Channel Assignments table shows the location IP Address and Wireless Radio as in the Current Channel Assignations table It also shows the Proposed Channel which is th...

Страница 182: ...ing that channel usage is reassessed and the resulting channel plan is applied every hour If you change these settings click Save The changes are saved to the active configuration and the Startup Configuration Wireless Neighborhood The Wireless Neighborhood page shows up to 20 devices per radio within range of each wireless radio in the cluster For example if a WAP device has two wireless radios 4...

Страница 183: ...ter The list at the top of the table shows IP addresses for all WAP devices that are clustered together This list is the same as the members list on the Single Point Setup Access Points page If there is only one WAP device in the cluster only a single IP address column shows indicating that the WAP device is grouped with itself You can click on an IP address to view more details on a particular WA...

Страница 184: ... in decibels dB Beacon Interval The beacon interval used by the access point Beacon Age The date and time of the last beacon received from this access point Cluster Firmware Upgrade Cluster provides a centralized cluster firmware upgrade feature that allows all the APs in the cluster to be upgraded from the Dominant AP Cluster Controller The Cluster firmware upgrade can be performed only from the ...

Страница 185: ...grade status Click Refresh To upgrade the firmware on a cluster member using TFTP STEP 1 Select TFTP for Transfer Method STEP 2 Enter a name 1 to 128 characters for the image file in the Source File Name field including the path to the directory that contains the image to upload For example to upload the ap_upgrade tar image located in the share builds ap directory enter share builds ap ap_upgrade...

Страница 186: ...rmware image file on your network The firmware upgrade file supplied must be a tar file Do not attempt to use bin files or files of other formats for the upgrade these types of files do not work STEP 3 Click Start Upgrade to apply the new firmware image NOTE Overall upgrade status shows the combined upgrade status Not Initialized In Progress Completed Fail Abort_admin None of all the cluster membe...

Страница 187: ...deauthentication reason codes Reason code Meaning 0 Reserved 1 Unspecified reason 2 Previous authentication no longer valid 3 Deauthenticated because sending station STA is leaving or has left Independent Basic Service Set IBSS or ESS 4 Disassociated due to inactivity 5 Disassociated because WAP device is unable to handle all currently associated STAs 6 Class 2 frame received from nonauthenticated...

Страница 188: ...alid element that is an element defined in this standard for which the content does not meet the specifications in Clause 8 14 Message integrity code MIC failure 15 4 Way Handshake timeout 16 Group Key Handshake timeout 17 Element in 4 Way Handshake different from Re Association Request Probe Response Beacon frame 18 Invalid group cipher 19 Invalid pairwise cipher 20 Invalid AKMP 21 Unsupported RS...

Страница 189: ...rt and Resources www cisco com go smallbizhelp Support Service Information www cisco com go sbs www cisco com go software registration login required Cisco Firmware Downloads www cisco com go smallbizfirmware Select a link to download firmware for Cisco Products No login is required Software and firmware downloads for all other Cisco products are available in the Download Area on Cisco com at www ...

Страница 190: ...90 B Cisco Partner Central Partner Login Required www cisco com web partners sell smb Product Documentation Cisco WAP571 E Wireless AC N Premium Dual Radio Access Point with PoE Quick Start Guide and Administration Guide http www cisco com go 500_wap_resources ...

Страница 191: ...liates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R 2015 Cisco Systems Inc All rights reserved ...

Страница 192: ... 2015 Cisco Systems Inc All rights reserved OL 31792 01 ...

Отзывы:

Нет отзывов

Похожие инструкции для WAP571

Maestro E206XT Manual preview
E206XT
Бренд: Maestro Страницы: 4
Ublox ODIN-W2 Series System Integration Manual preview
ODIN-W2 Series
Бренд: Ublox Страницы: 43
Arris RUCKUS T750 Quick Setup Manual preview
RUCKUS T750
Бренд: Arris Страницы: 4
ZyXEL Communications MWR211 Manual preview
MWR211
Бренд: ZyXEL Communications Страницы: 340
ARGtek ARG-1220 Quick Installation Manual preview
ARG-1220
Бренд: ARGtek Страницы: 14
Philips NetX Getting Started Manual preview
NetX
Бренд: Philips Страницы: 2
Philips PAC03X User Manual preview
PAC03X
Бренд: Philips Страницы: 2
Philips CKA7740N/05 Quick Start Manual preview
CKA7740N/05
Бренд: Philips Страницы: 2
Philips BT6000C37 User Manual preview
BT6000C37
Бренд: Philips Страницы: 18
Philips BM7 User Manual preview
BM7
Бренд: Philips Страницы: 20
Philips ITS4843B Installation Manual preview
ITS4843B
Бренд: Philips Страницы: 78
Colubris Networks CN3300 Quick Start preview
CN3300
Бренд: Colubris Networks Страницы: 3
EnGenius ENH200EXT Specifications preview
ENH200EXT
Бренд: EnGenius Страницы: 4
HomeMatic HmIP-HAP-UK Mounting Instruction And Operating Manual preview
HmIP-HAP-UK
Бренд: HomeMatic Страницы: 23
HomeMatic HmIP-HAP Mounting Instruction And Operating Manual preview
HmIP-HAP
Бренд: HomeMatic Страницы: 45
EnGenius EAP600 Manual preview
EAP600
Бренд: EnGenius Страницы: 85
Proxim ORiNOCO AP-2500 Quick Installation Manual preview
ORiNOCO AP-2500
Бренд: Proxim Страницы: 2
Watchguard AP 320 Hardware Manual preview
AP 320
Бренд: Watchguard Страницы: 32

Бренды по названию

Популярные бренды

Загрузить еще бренды