Welcome to the Product Guide! Product Guide Cisco WLAN Solution 3.0: Last Updated May 26, 2005 The Product Guide describes the Cisco Wireless LAN Solution (Cisco WLAN Solution) products. Refer to the OVERVIEWS section to see a big picture view of Cisco WLAN Solution products and features. See the SOLUTIONS section to look through real-world network and application-specific solutions to real-world problems.
Legal Information Legal Information This section includes the following legal information: • Products • End User License Agreement • Limited Warranty • General Terms Applicable to the Limited Warranty Statement and End User License Agreement • Additional Open Source Terms • Trademarks and Service Marks The following describes the Cisco Systems, Inc. standard Product Warranty for End Customers. Products Products • Cisco 1000 Series Lightweight Access Points.
Customer’s license to use the Software shall be limited to, and Customer shall not use the Software in excess of, a single hardware chassis or card or that number of agent(s), concurrent users, sessions, IP addresses, port(s), seat(s), server(s) or site(s), as set forth in the applicable Purchase Order which has been accepted by Cisco and for which Customer has paid to Cisco the required license fee.
Proprietary Notices. Customer agrees to maintain and reproduce all copyright and other proprietary notices on all copies, in any form, of the Software in the same form and manner that such copyright and other proprietary notices are included on the Software. Except as expressly authorized in this Agreement, Customer shall not make any copies or duplicates of any Software without the prior written permission of Cisco. Open Source Content.
Limited Warranty Limited Warranty Hardware for 1000 Series Access Points. Cisco Systems, Inc., or the Cisco Systems, Inc. subsidiary selling the Product (“Cisco”) warrants that commencing from the date of shipment to Customer (and in case of resale by a Cisco reseller, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of one (1) year, the Hardware will be free from defects in material and workmanship under normal use.
negligence, or accident; or (d) is licensed, for beta, evaluation, testing or demonstration purposes for which Cisco does not charge a purchase price or license fee.
Additional Open Source Terms Additional Open Source Terms GNU General Public License. Certain portions of the Software are licensed under and Customer’s use of such portions are subject to the GNU General Public License version 2. A copy of the license is available at www.fsf.org or by writing to licensing@fsf.org or the Free Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307.
Obtaining Documentation Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.
Documentation Feedback Documentation Feedback You can send comments about technical documentation to bug-doc@cisco.com. You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address: Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.
Obtaining Technical Assistance Obtaining Technical Assistance For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Definitions of Service Request Severity Definitions of Service Request Severity To ensure that all service requests are reported in a standard format, Cisco has established severity definitions. • Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
FCC Statements for Cisco 1000 Series Lightweight Access Points FCC Statements for Cisco 1000 Series Lightweight Access Points This section includes the following FCC statements for Cisco 1000 Series lightweight access points: • Class A Statement • RF Radiation Hazard Warning • Non-Modification Statement • Deployment Statement Class A Statement Class A Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points This device has been designed to operate with antennae having maximum gains of 7.8 dBi (2.4 GHz) and 7.4 dBi (5 GHz). Antennae having higher gains is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms.
FCC Statements for Cisco 2000 Series Wireless LAN Controllers FCC Statements for Cisco 2000 Series Wireless LAN Controllers This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers The Cisco 4100 Series Wireless LAN Controller and Cisco 4400 Series Wireless LAN Controller equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Safety Considerations Safety Considerations Warning • This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.
• The Cisco 1000 Series lightweight access points with or without external antenna ports are only intended for installation in Environment A as defined in IEEE 802.3af. All interconnected equipment must be contained within the same building including the interconnected equipment's associated LAN connections.
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024 Waarschuwing Deze apparatuur dient geaard te zijn.
Warning To prevent bodily injury when mounting or servicing a unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety: • This unit should be mounted at the bottom of the rack if it is the only unit in the rack. • When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
Attention Pour éviter toute blessure corporelle pendant les opérations de montage ou de réparation de cette unité en casier, il convient de prendre des précautions spéciales afin de maintenir la stabilité du système. Les directives ci-dessous sont destinées à assurer la protection du personnelþ: • Si cette unité constitue la seule unité montée en casier, elle doit être placée dans le bas.
Aviso Para se prevenir contra danos corporais ao montar ou reparar esta unidade numa estante, deverá tomar precauções especiais para se certificar de que o sistema possui um suporte estável. As seguintes directrizes ajudá-lo-ão a efectuar o seu trabalho com segurança: • Esta unidade deverá ser montada na parte inferior da estante, caso seja esta a única unidade a ser montada.
• • • • • • • • • Aviso Para evitar lesões corporais ao montar ou dar manutenção a esta unidade em um rack, é necessário tomar todas as precauções para garantir a estabilidade do sistema. As seguintes orientações são fornecidas para garantir a sua segurança: • Se esta for a única unidade, ela deverá ser montada na parte inferior do rack. • Ao montar esta unidade em um rack parcialmente preenchido, carregue-o de baixo para cima com o componente mais pesado em sua parte inferior.
Advarsel For at forhindre legemesbeskadigelse ved montering eller service af denne enhed i et rack, skal du sikre at systemet står stabilt. Følgende retningslinjer er også for din sikkerheds skyld: • Enheden skal monteres i bunden af dit rack, hvis det er den eneste enhed i racket. • Ved montering af denne enhed i et delvist fyldt rack, skal enhederne installeres fra bunden og opad med den tungeste enhed nederst.
Warning Waarschuwing Varoitus 5/26/05 OL-7426-03 There is the danger of explosion if the Cisco 4400 Series Wireless LAN Controller battery is replaced incorrectly. Replace the battery only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s instructions. Statement 1015 Er is ontploffingsgevaar als de batterij verkeerd vervangen wordt.
Attention Danger d'explosion si la pile n'est pas remplacée correctement. Ne la remplacer que par une pile de type semblable ou équivalent, recommandée par le fabricant. Jeter les piles usagées conformément aux instructions du fabricant. Warnung Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp. Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers.
Varoitus Tämän laitteen saa asentaa, vaihtaa tai huoltaa ainoastaan koulutettu ja laitteen tunteva henkilökunta. Attention Il est vivement recommandé de confier l'installation, le remplacement et la maintenance de ces équipements à des personnels qualifiés et expérimentés. Warnung Das Installieren, Ersetzen oder Bedienen dieser Ausrüstung sollte nur geschultem, qualifiziertem Personal gestattet werden.
Warning Waarschuwing Varoitus The Cisco 4400 Series Wireless LAN Controller might have more than one power supply connection. All connections must be removed to de-energize the unit. Statement 1028 Deze eenheid kan meer dan één stroomtoevoeraansluiting bevatten. Alle aansluitingen dienen ontkoppeld te worden om de eenheid te ontkrachten. Tässä laitteessa voi olla useampia kuin yksi virtakytkentä. Kaikki liitännät on irrotettava, jotta jännite poistetaan laitteesta.
Aviso Advarsel 5/26/05 OL-7426-03 Esta unidade pode ter mais de uma conexão de fonte de alimentação. Todas as conexões devem ser removidas para interromper a alimentação da unidade. Denne enhed har muligvis mere end en strømforsyningstilslutning. Alle tilslutninger skal fjernes for at aflade strømmen fra enheden.
5/26/05 OL-7426-03 Safety Considerations
Notes: Notes 5/26/05 OL-7426-03 Notes
Table of Contents Welcome to the Product Guide! Legal Information Products ii End User License Agreement ii Limited Warranty v Disclaimer of Warranty vi General Terms Applicable to the Limited Warranty Statement and End User License Agreement vi Additional Open Source Terms vii Trademarks and Service Marks vii Obtaining Documentation Cisco.
About the Master Cisco Wireless LAN Controller 10 About the Primary, Secondary, and Tertiary Cisco Wireless LAN Controller 10 About Client Roaming 11 Same-Cisco Wireless LAN Controller (Layer 2) Roaming 11 Inter-Cisco Wireless LAN Controller (Layer 2) Roaming 11 Inter-Subnet (Layer 3) Roaming 11 Special Case: Voice Over IP Telephone Roaming 11 About Client Location 12 About External DHCP Servers 13 Per-WLAN Assignment 13 Per-Interface Assignment 13 Security Considerations 13 About Cisco WLAN Solution Mobi
External Antenna Connectors 38 Antenna Sectorization 38 802.11a Internal Antenna Patterns 38 802.
Using the Web User Interface 72 Configuring a WLAN for a DHCP Server Using the Command Line Interface 73 Using the Web User Interface 73 Customizing the Web Auth Login Screen Default Web Auth Operation 74 Customizing Web Auth Operation 75 Clearing and Restoring the Cisco WLAN Solution Logo 76 Changing the Web Title 76 Changing the Web Message 76 Changing the Logo 76 Creating a Custom URL Redirect 78 Verifying your Web Auth Changes 78 Sample Customized Web Auth Login Page 78 Configuring Identity Networki
Configuring Other Ports and Parameters 109 Service Port 109 Radio Resource Management (RRM) 110 Serial (CLI Console) Port 110 802.
Monitoring Channels on a Floor Map 164 Monitoring Transmit Power Levels on a Floor Map 164 Monitoring Coverage Holes on a Floor Map 164 Monitoring Users on a Floor Map 165 Monitoring Clients on a Floor Map 165 Troubleshooting with Cisco WCS Detecting and Locating Rogue Access Points 166 Acknowledging Rogue Access Points 170 Locating Clients 170 Finding Coverage Holes 172 Pinging a Network Device from a Cisco Wireless LAN Controller 172 Viewing Current Cisco Wireless LAN Controller Status and Configurations
Deleting and Clearing Location Appliance Alarms 200 Viewing Location Appliance Alarm Events 200 Viewing Location Appliance Events 201 Backing Up Location Appliance Historical Data 201 Restoring Location Appliance Historical Data 201 Viewing Cisco Wireless LAN Controller and Location Appliance Synchronization Status 202 Re-Synchronizing Cisco Wireless LAN Controller and Location Appliance Databases 202 Viewing Location Appliance Current Status 203 Downloading Location Appliance Log Files to Your Cisco WCS Te
Notes: Notes 5/26/05 OL-7426-03 Notes
OVERVIEWS OVERVIEWS Refer to the following for information about the Cisco Wireless LAN Solution (Cisco WLAN Solution) and other high-level subjects: • About the Cisco Wireless LAN Solution - Single-Cisco Wireless LAN Controller Deployments - Multiple-Cisco Wireless LAN Controller Deployments - Operating System Software - Operating System Security - Cisco WLAN Solution Wired Security - Layer 2 and Layer 3 LWAPP Operation - Radio Resource Management (RRM) - Master Cisco Wireless LAN Contr
- Cisco WCS Location Calibration • Cisco 2700 Series Location Appliances • REFERENCES 5/26/05 OL-7426-03 OVERVIEWS
About the Cisco Wireless LAN Solution About the Cisco Wireless LAN Solution The Cisco Wireless LAN Solution (Cisco WLAN Solution) is designed to provide 802.11 wireless networking solutions for enterprises and service providers. The Cisco WLAN Solution simplifies deploying and managing large-scale wireless LANs and enables a unique best-in-class security infrastructure.
Figure - Cisco WLAN Solution Components Refer to the following for more information: • Single-Cisco Wireless LAN Controller Deployments • Multiple-Cisco Wireless LAN Controller Deployments • Operating System Software • Operating System Security • Cisco WLAN Solution Wired Security • Layer 2 and Layer 3 LWAPP Operation • Radio Resource Management (RRM) - Master Cisco Wireless LAN Controller - Primary, Secondary, and Tertiary Cisco Wireless LAN Controller - Client Roaming - Client Locat
• Cisco Wireless Control System - Cisco WCS User Interface - Floor Plan Editor - Cisco WCS Cisco Wireless LAN Controller Autodiscovery • Cisco 2700 Series Location Appliances • REFERENCES Single-Cisco Wireless LAN Controller Deployments Single-Cisco Wireless LAN Controller Deployments As described in About the Cisco Wireless LAN Solution, a standalone Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously, and s
Multiple-Cisco Wireless LAN Controller Deployments Multiple-Cisco Wireless LAN Controller Deployments Each Cisco Wireless LAN Controller can support Cisco 1000 Series lightweight access points across multiple floors and buildings simultaneously. However, full functionality of the Cisco WLAN Solution is realized when it includes multiple Cisco Wireless LAN Controllers.
About the Operating System Software Operating System Software The Operating System Software controls Cisco Wireless LAN Controllers and Cisco 1000 Series Lightweight Access Points. It includes full Operating System Security and Radio Resource Management (RRM) features.
• The Cisco WLAN Solution also uses manual and automated Disabling to block access to network services. In manual Disabling, the operator blocks access using client MAC addresses. In automated Disabling, which is always active, the Operating System software automatically blocks access to network services for an operator-defined period of time when a client fails to authenticate for a fixed number of consecutive attempts. This can be used to deter brute-force login attacks.
About Radio Resource Management (RRM) Radio Resource Management (RRM) Radio Resource Management (also known as RRM) allows Cisco Wireless LAN Controllers to continually monitor their associated Cisco 1000 Series lightweight access points for the following information: • Traffic Load -- How much total bandwidth is used for transmitting and receiving traffic. This allows WLAN managers to track and plan network growth ahead of client demand. • Interference -- How much traffic is coming from other 802.
ually monitor the network for noise and interference problems, which can be transient and difficult to troubleshoot. Finally, Radio Resource Management controls ensure that clients enjoy a seamless, trouble-free connection through the Cisco WLAN Solution 802.11 network.
About Client Roaming Client Roaming The Cisco WLAN Solution supports seamless client roaming across Cisco 1000 Series lightweight access points managed by the same Cisco Wireless LAN Controller, between Cisco Wireless LAN Controllers in the same Cisco WLAN Solution Mobility Group on the same subnet, and across Cisco Wireless LAN Controllers in the same Mobility Group on different subnets. The following chapters describe the three modes of roaming supported by the Cisco WLAN Solution.
VoIP telephone to continue using the same DHCP-assigned IP Address as long as the session remains active. Note that the tunnel is torn down and the VoIP client must reauthenticate when the VoIP telephone sends a DHCP Discover with a 0.0.0.0 VoIP telephone IP Address or a 169.254.*.* VoIP telephone auto-IP Address, or when the operator-set session timeout is exceeded.
About External DHCP Servers External DHCP Servers The Operating System is designed to appear as a DHCP Relay to the network and as a DHCP Server to clients with industry-standard external DHCP Servers that support DHCP Relay. This means that each Cisco Wireless LAN Controller appears as a DHCP Relay agent to the DHCP Server. This also means that the Cisco Wireless LAN Controller appears as a DHCP Server at the virtual IP Address to wireless clients.
About Cisco WLAN Solution Mobility Groups Cisco WLAN Solution Mobility Group Cisco WLAN Solution operators can define Mobility Groups to allow client roaming across groups of Cisco Wireless LAN Controllers. Because the Cisco Wireless LAN Controllers in Multiple-Cisco Wireless LAN Controller Deployments can detect each other across the network and over the air, it is important that each enterprise, institution, and wireless internet service provider isolate their Cisco Wireless LAN Controllers.
CAUTION: Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Management Interfaces to ensure that Cisco Wireless LAN Controllers properly route VLAN traffic. The Cisco WLAN Solution Mobility Group feature can also be used to limit roaming between different floors, buildings, or campuses in the same enterprise by assigning different Mobility Group names to different Cisco Wireless LAN Controllers within the same wireless network.
Ethernet (PoE) capability. This power distribution plan can be used to reduce the cost of individual AP power supplies and related cabling. About Cisco WLAN Solution WLANs Cisco WLAN Solution WLANs The Cisco WLAN Solution can control up to 16 Wireless LANs for Cisco 1000 Series Lightweight Access Points. Each WLAN has a separate WLAN ID (1 through 16), a separate WLAN SSID (WLAN Name), and can be assigned unique security policies.
However, when Allow AAA Override is enabled, the RADIUS (or other AAA) server can alternatively be configured to return QoS and ACL on a per-MAC Address basis. Allow AAA Override gives the AAA Override precedence over the MAC Filtering parameters set in the Cisco Wireless LAN Controller; if there are no AAA Overrides available for a given MAC Address, the OS uses the MAC Filtering parameters already in the Cisco Wireless LAN Controller.
Pico Cell Functionality Pico Cell Functionality Pico Cell functionality includes optimization of the Operating System (OS) to support this functionality as follows: • The Cisco WCS Pico Cell Mode parameter reconfigures OS parameters, allowing OS to function efficiently in pico cell deployments. Note that when the operator is deploying a pico cell network the OS must also have more memory allocated (512 to 2048 MB) using the config database size 2048 CLI command.
Intrusion Detection Service (IDS) Intrusion Detection Service (IDS) Intrusion Detection Service includes the following: • Sensing Clients probing for “ANY” SSID • Sensing if Cisco 1000 Series lightweight access points are being contained • Notification of MiM Attacks, NetStumbler, Wellenreiter • Management Frame Detection and RF Jamming Detection • Spoofed Deauthentication Detection (AirJack, for example) • Broadcast Deauthorization Detection • Null Probe Response Detection • Fake AP Detec
About Cisco Wireless LAN Controllers Cisco Wireless LAN Controllers Cisco Wireless LAN Controllers are enterprise-class high-performance wireless switching platforms that support 802.11a and 802.11b/802.11g protocols. They operate under control of the Operating System, which includes the Radio Resource Management (RRM), creating a Cisco WLAN Solution that can automatically adjust to real-time changes in the 802.11 RF environment.
Cisco 4100 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers The Cisco 4100 Series Wireless LAN Controllers are part of the Cisco WLAN Solution. Each Cisco 4100 Series Wireless LAN Controller controls up to 36 Cisco 1000 Series lightweight access points, making it ideal for medium-sized enterprises and medium-density applications.
passive. Upon a network failure, the active connection becomes passive, and the passive connection becomes active. The Cisco 4400 Series Wireless LAN Controller can be equipped with one or two Cisco 4400 series power supplies. When the Cisco Wireless LAN Controller is equipped with two Cisco 4400 series power supplies, the power supplies are redundant and either power supply can continue to power the Cisco 4400 Series Wireless LAN Controller if the other power supply fails.
Wireless LAN Controller GigE connections is active and the other is passive. Upon a network failure, the active connection becomes passive, and the passive connection becomes active. • AIR-WLC4402-25-K9 - The 4402 Cisco Wireless LAN Controller uses two redundant GigE connections to bypass single network failures, and communicates with up to 25 Cisco 1000 Series lightweight access points.
Each physical Distribution System port can also have between one and 512 Operator-Defined Interfaces assigned to it. Each Operator-Defined Interface is individually configured, and allows VLAN communications to exist on the Distribution System port(s). Refer to the Configuring the Cisco Wireless LAN Controller section for configuration instructions.
About the AP-Manager Interface AP-Manager Interface The logical AP-Manager Interface controls Layer 3 communications between Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access points. The AP-Manager Interface is assigned to one physical port (Cisco WLAN Solution Wired Connections), and can be on the same subnet and physical port as the Management Interface.
Each Operator-Defined Interface must be configured for the following: • VLAN number. • Fixed IP Address, IP netmask, and default gateway. • Physical port assignment. • Primary and Secondary DHCP Servers. • Access Control List, if required. Refer to the Configuring the Cisco Wireless LAN Controller section for configuration instructions.
About the Service-Port Interface Service-Port Interface The Service-Port Interface controls communications through the dedicated Cisco Wireless LAN Controller Service Port. Note: The Service-Port Interface can only be assigned to the dedicated Cisco Wireless LAN Controller Service Port. The Service-Port Interface uses the burned-in Cisco Wireless LAN Controller Service Port MAC address, and must be configured for the following: • Whether or not DHCP Protocol is activated. • IP Address and IP netmask.
About Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Memory The Cisco Wireless LAN Controller contain two kinds of memory: volatile RAM, which holds the current, active Cisco Wireless LAN Controller configuration, and NVRAM (non-volatile RAM), which holds the reboot configuration.
• If the Cisco 1000 Series lightweight access point finds no Master Cisco Wireless LAN Controller on the same subnet, it attempts to contact stored Mobility Group members by IP address.
Cisco 2000 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers can communicate with the network through any one of its physical ports, as the logical Management Interface can be assigned to the one of the physical ports. The physical port description follows: • Up to four 10/100BASE-T cables can plug into the four back-panel connectors on the Cisco 2000 Series Wireless LAN Controller chassis.
Cisco 4100 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers can communicate with the network through one or two physical ports, and the logical Management Interface can be assigned to the one or two physical ports. The physical port description follows: • Two GigE 1000BASE-SX fiber-optic cables can plug into the LC connectors on the front of the Cisco 4100 Series Wireless LAN Controller, and they must be connected to the same subnet.
Cisco 4400 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers can communicate with the network through one or two pairs of physical ports, and the logical Management Interface can be assigned to the physical ports.
Cisco 4100 Series Wireless LAN Controller VPN/Enhanced Security Module Cisco 4100 Series Wireless LAN Controller VPN/Enhanced Security Module All Cisco 4100 Series Wireless LAN Controllers can be equipped with an optional VPN/Enhanced Security Module (AIR-VPN-4100), which slides into the rear panel of the Cisco 4100 Series Wireless LAN Controller.
About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points Cisco 1000 Series Lightweight Access Points The Cisco 1000 Series lightweight access point is a part of the innovative Cisco Wireless LAN Solution (Cisco WLAN Solution). When associated with Cisco Wireless LAN Controllers as described below, the Cisco 1000 Series lightweight access point provides advanced 802.11a and/or 802.11b/g Access Point functions in a single aesthetically pleasing plenum-rated enclosure.
• Cisco 1000 Series Lightweight Access Point LEDs • Cisco 1000 Series Lightweight Access Point Connectors • Cisco 1000 Series Lightweight Access Point Power Requirements • Cisco 1000 Series Lightweight Access Point External Power Supply • Cisco 1000 Series Lightweight Access Point Mounting Options • Cisco 1000 Series Lightweight Access Point Physical Security • Cisco 1000 Series Lightweight Access Point Monitor Mode • Cisco 1000 Series IEEE 802.
The following figure shows a typical Cisco 1030 remote edge lightweight access point configuration: Note that the Cisco 1030 remote edge lightweight access point must have a DHCP server available on its local subnet, so it can obtain an IP address upon reboot. Also note that the Cisco 1030 remote edge lightweight access points at each remote location must be on the same subnet to allow client roaming.
About Cisco 1000 Series Lightweight Access Point Part Numbers Cisco 1000 Series Lightweight Access Point Part Numbers The Cisco 1000 Series lightweight access point includes one 802.11a and one 802.11b/g radio.
The following sections contain more information about Cisco 1000 Series lightweight access point internal and external antennas: • External Antenna Connectors • Antenna Sectorization • 802.11a Internal Antenna Patterns • 802.
When equipped with an optional factory-supplied external antenna, the 802.11a Cisco Radio supports receive and transmit diversity between the internal antennas and the external antenna. The diversity function provided by Cisco Radios can result in lower multipath fading, fewer packet retransmissions, and higher client throughput. Figure - Cisco 1000 Series Lightweight Access Point 802.11a OMNI (Dual Internal) Azimuth Antenna Gain Pattern Figure - Cisco 1000 Series Lightweight Access Point 802.
Figure - Cisco 1000 Series Lightweight Access Point 802.11a Sectorized (Single Internal) Azimuth Antenna Gain Pattern Figure - Cisco 1000 Series Lightweight Access Point 802.
802.11b/g Internal Antenna Patterns 802.11b/g Internal Antenna Patterns The Cisco 1000 Series lightweight access points contain one 802.11b/g radio which drives two fully enclosed high-gain antennas which can provide a large 360-degree coverage area. The two internal antennas can be used at the same time to provide a 360-degree omnidirectional coverage area, or either antenna can be disabled to provide a 180-degrees sectorized coverage area. The 802.
Figure - Cisco 1000 Series Lightweight Access Point 802.11b/g Sectorized (Single Internal) Azimuth Antenna Gain Pattern Figure - Cisco 1000 Series Lightweight Access Point 802.11b/g Sectorized (Single Internal) Elevation Antenna Gain Pattern About Cisco 1000 Series Lightweight Access Point LEDs Cisco 1000 Series Lightweight Access Point LEDs Each Cisco 1000 Series lightweight access point is equipped with four LEDs across the top of the case. They can be viewed from nearly any angle.
About Cisco 1000 Series Lightweight Access Point Connectors Cisco 1000 Series Lightweight Access Point Connectors The AP1020 and AP1030 Cisco 1000 Series lightweight access points have the following external connectors: • One RJ-45 Ethernet jack, used for connecting the Cisco 1000 Series lightweight access point to the network. • One 48 VDC power input jack, used to plug in an optional factory-supplied external power adapter.
The Cisco 1000 Series lightweight access point communicates with a Cisco Wireless LAN Controller using standard CAT-5 (Category 5) or higher 10/100 Mbps twisted pair cable with RJ-45 connectors. Plug the CAT-5 cable into the RJ-45 jack on the side of the Cisco 1000 Series lightweight access point. Note that the Cisco 1000 Series lightweight access point can receive power over the CAT-5 cable from network equipment. Refer to Power Over Ethernet for more information about this option.
About Cisco 1000 Series Lightweight Access Point Power Requirements Cisco 1000 Series Lightweight Access Point Power Requirements Each Cisco 1000 Series lightweight access point requires a 48 VDC nominal (between 38 and 57 VDC) power source capable of providing 7 Watts. The polarity of the DC source does not matter because the Cisco 1000 Series lightweight access point can use either a +48 VDC or a -48 VDC nominal source.
About Cisco 1000 Series Lightweight Access Point Mounting Options Cisco 1000 Series Lightweight Access Point Mounting Options Refer to the Internal-Antenna AP1010 Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point Quick Start Guide or the External-Antenna AP1020 and AP1030 Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point Quick Start Guide for the Cisco 1000 Series lightweight access point mounting options.
About Rogue Access Points Rogue Access Points Because they are inexpensive and readily available, employees are plugging unauthorized rogue access points into existing LANs and building ad hoc wireless networks without IT department knowledge or consent. These rogue access points can be a serious breach of network security, because they can be plugged into a network port behind the corporate firewall.
Wireless LAN Controller, and sniffs all ARP packets. If it finds a match between an ARP request and a MAC address it receives from the Cisco Wireless LAN Controller, it generates a rogue access point alert to the Cisco Wireless LAN Controller.
About the Web User Interface Web User Interface The Web User Interface is built into each Cisco Wireless LAN Controller. The Web User Interface allows up to five users to simultaneously browse into the built-in Cisco Wireless LAN Controller http or https (http + SSL) Web server, configure parameters, and monitor operational status for the Cisco Wireless LAN Controller and its associated Access Points.
About the Command Line Interface Command Line Interface The Cisco WLAN Solution command line interface (CLI) is built into each Cisco Wireless LAN Controller, and is one of the Operating System user interfaces described in About the Cisco Wireless LAN Solution. The CLI allows operators to use a VT-100 emulator to locally or remotely configure, monitor and control individual Cisco Wireless LAN Controllers, and to access extensive debugging capabilities.
About the Cisco Wireless Control System Cisco Wireless Control System The Cisco Wireless Control System (Cisco WCS) is the Cisco Wireless LAN Solution network management tool that adds to the capabilities of the Web User Interface and the Command Line Interface, moving from individual Cisco Wireless LAN Controllers to a network of Cisco Wireless LAN Controllers. The Cisco Wireless Control System runs on Windows 2000, Windows 2003, and Red Hat Enterprise Linux ES servers.
Cisco WCS Base Cisco WCS Location • Windows 2000 or Windows 2003 Yes Yes • Red Hat Enterprise Linux ES Server Yes Yes Features Supported Workstations: The Cisco Wireless Control System runs on Windows 2000 or 2003 and Red Hat Enterprise Linux ES servers. The Windows Cisco WCS can run as a normal Windows application, or can be installed as a service, which runs continuously and resumes running after a reboot. The Linux Cisco WCS always runs as a normal Linux application.
• System-wide control: - Network, Cisco Wireless LAN Controller, and managed Cisco 1000 Series lightweight access point configuration is streamlined using customer-defined templates. - Network, Cisco Wireless LAN Controller, and managed Cisco 1000 Series lightweight access point status and alarm monitoring. - Automated and manual data client monitoring and control functions.
The Cisco WCS administrator creates new usernames passwords and assigns them to predefined permissions groups. This task is described in Managing Cisco WCS and Database. Cisco WCS User Interface operators perform their tasks as described in Using the Cisco Wireless Control System.
After the Cisco 1000 Series lightweight access point information is in the Cisco WCS database, operators can add the Cisco 1000 Series lightweight access point to the appropriate spot on a Cisco WCS User Interface map using Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Open Area Maps, so the topological map of the air space remains current.
About Cisco 2700 Series Location Appliances Cisco 2700 Series Location Appliances The Cisco 2700 Series Location Appliance (location appliance) enhances the high-accuracy built-in Cisco WCS Location abilities by computing, collecting and storing historical location data, which can be displayed in Cisco WCS. In this role, the location appliance acts as a server to one or more Cisco WCS Servers, collecting, storing, and passing on data from its associated Cisco Wireless LAN Controllers.
SOLUTIONS SOLUTIONS • Cisco WLAN Solution Security • Converting a Cisco WLAN Solution from Layer 2 to Layer 3 Mode • Converting a Cisco WLAN Solution from Layer 3 to Layer 2 Mode • Configuring a Firewall for Cisco WCS • Configuring the System for SpectraLink NetLink Telephones • Management over Wireless • Configuring a WLAN for a DHCP Server • Customizing the Web Auth Login Screen • Configuring Identity Networking for Operating System 5/26/05 OL-7426-03 SOLUTIONS
Cisco WLAN Solution Security Cisco WLAN Solution Security Cisco WLAN Solution Security includes the following sections: • Overview • Layer 1 Solutions • Layer 2 Solutions • Layer 3 Solutions • Single Point of Configuration Policy Manager Solutions • Rogue Access Point Solutions • Integrated Security Solutions • Simple, Cost-Effective Solutions Overview Overview The industry-leading Cisco WLAN Solution Security solution bundles potentially complicated Layer 1, Layer 2 and Layer 3 802.
Layer 3 Solutions Layer 3 Solutions The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as VPNs (virtual private networks), L2TP (Layer Two Tunneling Protocol), and IPSec (IP security) protocols. The Cisco WLAN Solution L2TP implementation includes IPsec, and the IPSec implementation includes IKE (internet key exchange), DH (Diffie-Hellman) groups, and three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES (ANSI X9.
marking them as Alert rogue access points (watch for and notify when active), or marking them as Contained rogue access points (have between one and four Cisco 1000 Series lightweight access points discourage rogue access point clients by sending the clients deauthenticate and disassociate messages whenever they associate with the rogue access point). Integrated Security Solutions Integrated Security Solutions • Cisco WLAN Solution Operating System Security is built around a robust 802.
Converting a Cisco WLAN Solution from Layer 2 to Layer 3 Mode Converting a Cisco WLAN Solution from Layer 2 to Layer 3 Mode When you wish to convert a Cisco WLAN Solution from Layer 2 to Layer 3 Mode, use one of the following procedures: • Using the Web User Interface • Using the Cisco WCS User Interface Using the Web User Interface Using the Web User Interface When you wish to convert a Cisco WLAN Solution from Layer 2 to Layer 3 LWAPP Transport Mode using the Web User Interface, complete the fol
4. Select WIRELESS/Cisco APs to navigate to the Cisco APs page, and MAKE SURE that all the Cisco 1000 Series lightweight access points are listed before you continue with the next step. If you do not complete this step, the Cisco 1000 Series lightweight access points may fail to associate with the Cisco Wireless LAN Controller after completing the conversion. 5. Change the LWAPP Transport Mode from Layer 2 to Layer 3: A.
14. Connect each Cisco 1000 Series lightweight access point to its final location in the network. Each Cisco 1000 Series lightweight access point connects to its Primary, Secondary, or Tertiary Cisco Wireless LAN Controller, downloads a copy of the latest Operating System code, and starts reporting its status to the Cisco Wireless LAN Controller. Note that this can take a few minutes for each Cisco 1000 Series lightweight access point.
5. 6. Change the LWAPP Transport Mode from Layer 2 to Layer 3: A. Select CONFIGURE/Controllers to navigate to the All Controllers page, and select the Cisco Wireless LAN Controller by IP address to have Cisco WCS display the > Controller General page. B. From the > Controller General page, select System/Networking to display the > Networking Setups page. C.
E. 9. On the > Controller Commands page, under Administrative Commands, select Reboot and click GO to reboot the Cisco Wireless LAN Controller. Then click OK to confirm the save and reboot. After the Cisco Wireless LAN Controller has rebooted, verify that the LWAPP Transport Mode is now Layer 3: A.
Converting a Cisco WLAN Solution from Layer 3 to Layer 2 Mode Converting a Cisco WLAN Solution from Layer 3 to Layer 2 Mode When you wish to convert Cisco WLAN Solution from Layer 3 to Layer 2 Mode, perform one of the following tasks: • Using the Web User Interface • Using the Cisco WCS User Interface Using the Web User Interface Using the Web User Interface When you wish to convert a Cisco WLAN Solution from Layer 3 to Layer 2 LWAPP Transport Mode using the Web User Interface, complete the follow
Using the Cisco WCS User Interface Using the Cisco WCS User Interface When you wish to convert a Cisco WLAN Solution from Layer 3 to Layer 2 LWAPP Transport Mode using the Cisco WCS User Interface, complete the following steps: CAUTION: This procedure causes your Cisco 1000 Series lightweight access points to go offline until the Cisco Wireless LAN Controller reboots and the associated Cisco 1000 Series lightweight access points reassociate with the Cisco Wireless LAN Controller. 1.
Configuring a Firewall for Cisco WCS Configuring a Firewall for Cisco WCS When a Cisco WCS Server and a Cisco WCS User Interface are on different sides of a firewall, they cannot communicate unless the following ports on the firewall are opened to two-way traffic: • 80 (TCP) • 1299 (TCP) • 4000 (TCP) • 5009 (TCP) • 5010 (TCP) • 6789 (RMI) Open these ports to configure your firewall to allow communications between a Cisco WCS Server and a Cisco WCS User Interface.
Configuring the System for SpectraLink NetLink Telephones Configuring the System for SpectraLink NetLink Telephones SpectraLink NetLink Telephones require an extra Operating System configuration step to optimize integration with Operating System.
• When the Short Preamble Enabled box is checked, the Operating System is set to the default, Short Preamble Enabled; if this is the case, continue with this procedure. If this parameter indicates that Short Preamble is Disabled (box is unchecked), this Cisco Wireless LAN Controller is already optimized for SpectraLink NetLink Telephones; if desired, continue with the Product Guide. • Enable long preambles by unchecking the Short Preamble Enabled box.
• The Cisco Wireless LAN Controller reboots. This will take some time, during which Cisco WCS loses its connection to the Cisco Wireless LAN Controller. Note: You can use a CLI session to view the Cisco Wireless LAN Controller reboot process. When you can log into the Cisco Wireless LAN Controller CLI, continue with this procedure.
Using Management over Wireless Management over Wireless The Cisco WLAN Solution Management over Wireless feature allows Cisco WLAN Solution operators to monitor and configure their local Cisco Wireless LAN Controller using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the Cisco Wireless LAN Controller.
Configuring a WLAN for a DHCP Server Configuring a WLAN for a DHCP Server Using the Command Line Interface Using the Command Line Interface 1. In the CLI, use the show wlan command to verify whether you have a valid DHCP server assigned to the WLAN. If you have no DHCP server assigned to the WLAN, continue with Step 2. Otherwise, continue with Step 4. 2.
Customizing the Web Auth Login Screen Customizing the Web Auth Login Screen When a Cisco system operator uses Web Authorization (Web Auth) to authenticate clients, the operator must define User Names and Passwords for each client, and then the clients must enter a valid username and password when prompted. Because the Cisco WLAN Solution operator may want to customize the Web Auth Login screen, the following two sections describe the default operation and how to customize the Web Auth Login screen.
• The Web Message “Cisco WLAN Solution is pleased to provide the Wireless LAN infrastructure for your network. Please login and put your air space to work.” • A blank area on the right side of the screen for a user-supplied Logo or other graphic. The Cisco WLAN Solution logo, Web Title, Web Message, and Logo can be customized for each Cisco WLAN Solution as described in the Customizing Web Auth Operation section.
Clearing and Restoring the Cisco WLAN Solution Logo Clearing and Restoring the Cisco WLAN Solution Logo You can delete or restore the Cisco WLAN Solution logo shown in the Default Web Auth Operation section using the config custom-web weblogo command: >config custom-web weblogo Refer to the Sample Customized Web Auth Login Page for an example.
Copying the Logo or Graphic to the TFTP Server Copying the Logo or Graphic to the TFTP Server • Create a Logo or Graphic image in .JPG, .GIF, or .PNG format with a maximum size of 30 kilobits (recommended size of 180 W x 360 H pixels). • Make sure the Logo or Graphic image filename contains no spaces. • Copy the desired Logo or Graphic image file to the default directory on your TFTP server.
Creating a Custom URL Redirect Creating a Custom URL Redirect To have Operating System redirect all clients to a specific URL (including http:// or https://) after Web Authentication, use the config custom-web redirect url command: >config custom-web redirecturl To change the Web Message again, enter the config custom-web redirect-url command again with a new . For example, if you want to redirect all clients to www.AcompanyBC.com, use the following command: >config custom-web redirecturl www.
This may take some time. Are you sure you want to start? (y/n) y TFTP Image transfer starting. Image installed. >config custom-web redirecturl http://www.AcompanyBC.com >show custom-web Cisco Logo................................. Disabled CustomLogo..................................... 00_logo.gif Custom Title................................... Welcome to the AcompanyBC Wireless LAN! Custom Message................................. Contact the System Administrator for a Username and Password.
Configuring Identity Networking for Operating System Configuring Identity Networking for Operating System This document explains the Identity Networking feature of Operating System, how it is configured and the expected behavior for various security policies. In previous Operating System releases, each WLAN had a static policy that would be applied to all mobile clients associated with the SSID.
• Type - 26 for Vendor-Specific • Length - 10 • Vendor-Id - 14179 • Vendor type - 2 • Vendor length - 4 • Value - Three octets: - 0 - Bronze (Background) - 1 - Silver (Best Effort) - 2 - Gold (Video) - 3 - Platinum (Voice) ACL-Name ACL-Name This attribute indicates the ACL name to be applied to the client. A summary of the ACL-Name Attribute format is shown below. The fields are transmitted from left to right.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+- • Type - 26 for Vendor-Specific • Length - >7 • Vendor-Id - 14179 • Vendor type - 5 • Vendor length - >0 • Value - A string that includes the name of the interface the client is to be assigned to. Note: This Attribute only works when MAC Filtering is enabled, or if 802.1X or WPA is used as the security policy.
Reference [RFC2868] defines RADIUS tunnel attributes used for authentication and authorization, and [RFC2867] defines tunnel attributes used for accounting. Where the IEEE 802.1X Authenticator supports tunneling, a compulsory tunnel may be set up for the Supplicant as a result of the authentication. In particular, it may be desirable to allow a port to be placed into a particular Virtual LAN (VLAN), defined in [IEEE8021Q], based on the result of the authentication.
Notes: Notes 5/26/05 OL-7426-03 Notes
TASKS TASKS You can perform the following tasks using the Cisco Wireless LAN Solution (Cisco WLAN Solution): Deployment and Quick Start Guides • The Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point Deployment Guide helps you determine the number of Cisco 1000 Series lightweight access points a site needs, where to place the Cisco 1000 Series lightweight access points, and to perform a minimal site survey, if necessary. • The Internal-Antenna AP1010 Cisco 1000 Series IEEE 802.
• Viewing Network Status helps you monitor the Cisco WLAN Solution network status. Cisco 2700 Series Location Appliances • Configuring and Operating Cisco 2700 Series Location Appliances Troubleshooting • Troubleshooting Tips contains information you can use to troubleshoot the Cisco WLAN Solution.
Using the Cisco WLAN Solution CLI Using the Cisco WLAN Solution CLI The Command Line Interface allows operators to configure any Cisco Wireless LAN Controller and its associated Cisco 1000 Series lightweight access points using the command line interface.
Use this procedure to configure a serial connection to your Cisco Wireless LAN Controller: 1. Connect your computer to the Cisco Wireless LAN Controller using the DB-9 null-modem serial cable as shown in the following figure. 2. Verify that your terminal emulation (HyperTerminal, ProComm, minicom, tip, or other) interface is configured with the following parameters: - 9600 baud - 8 data bits - 1 stop bit - no parity - no hardware flow control 3.
Using a Remote Ethernet Connection Using a Remote Ethernet Connection You will need: • A computer with access to the Cisco Wireless LAN Controller over the Ethernet network • The IP Address of the Cisco Wireless LAN Controller • You may use either a terminal emulation program or a DOS shell for the Telnet session. Note: By default, Telnet sessions are not allowed. You will need to enable Telnet sessions using your serial connection, and using the Cisco WLAN Solution CLI or Web User Interface.
Logging Out of the CLI Logging Out of the CLI • When you are done using the command line interface, navigate to the root level and enter logout. You will be prompted to save any changes you have made to the volatile RAM. Note: If you have recently cleared the volatile RAM configurations using Clearing Configurations and you save the configuration from the volatile RAM to the NVRAM, you will have to reconfigure the Cisco Wireless LAN Controller after reboot using the Startup Wizard.
Navigating the CLI Navigating the CLI • You start at the root level. • At the root level, type ‘help’ to see systemwide navigation commands. • At all levels, type ‘?’ to view the commands available from the current location. • At all levels, type a command followed by ‘?’ or ‘ ?’ to view the parameters available for the command. • Type any command name to move up to that level. • Type ‘exit’ to go down a level. • Enter to return to the root level.
Configuring the Cisco Wireless LAN Controller Configuring the Cisco Wireless LAN Controller This section assumes that the Cisco Wireless LAN Controller is already installed, initially configured, and connected as described in the appropriate Cisco Wireless LAN Controller Quick Start Guide.
- Distribution System physical port (1000BASE-T, 1000BASE-SX, or 10/100BASE-T). Note that 1000BASE-SX SFP modules provide a 1000 Mbps wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector. 1000BASE-LX SFP modules provide a 1000 Mbps wired connection to a network through a 1300nM (LX/LH) fiber-optic link using an LC physical connector.
Country Country The Cisco Wireless LAN Controller has been designed to be used in countries with different 802.11 country codes. • Use the show country command to view the current Cisco Wireless LAN Controller country. • If necessary, set the Cisco Wireless LAN Controller country code by entering: >config country Where = - US (United States of America), which allows 802.11b and 802.11g operation and 802.11a Low, Medium, and High bands. - USL (US Low), which allows 802.11b and 802.
Supported 802.11a and 802.11b/g Protocols Supported 802.11a and 802.11b/g Protocols The 802.11a and 802.11b/g protocols can be independently enabled or disabled. • Use the show sysinfo command to view the 802.11a and 802.11b/g enabled/disabled status. • Make sure these protocols are configured to agree with your wireless network plan and to comply with the Country regulations entered in the previous step using the following commands: >config >config >config >config • 802.11a 802.11a 802.11b 802.
configured, and allows separate communication streams to exist on any or all of the physical port(s). • The Virtual Interface controls Layer 3 Security and Mobility manager communications for Cisco Wireless LAN Controllers for all physical Ports. It also maintains the DNS Gateway hostname used by Layer 3 Security and Mobility managers to verify the source of certificates when Layer 3 Web Authorization is enabled.
Creating and Assigning the AP-Manager Interface Creating and Assigning the AP-Manager Interface The static AP-Manager Interface only exists when the Cisco WLAN Solution is operating in LWAPP Layer 3 Mode (see Layer 2 and Layer 3 LWAPP Operation). • Use the show interface summary command to view the current Interfaces. If the Cisco WLAN Solution is operating in Layer 2 Mode, the ap-manager interface will not be listed.
• To view the details of an Operator-Defined Interface, use the show interface detailed command to view the current Operator-Defined Interface settings. • To change any of the parameters or add another Operator-Defined Interface, disable all WLANs.
• And then use the following: >config interface address virtual where is any fictitious, unassigned, unused Gateway IP Address. >config interface hostname virtual using the values collected from the network planner in Collecting Cisco Wireless LAN Controller Parameters. Note: If you change any of the Virtual Interface settings, reset the Cisco Wireless LAN Controller and save the configuration as described in Resetting the Cisco Wireless LAN Controller.
• Configure port priority on the STP ports using the following command: >config spanningtree port priority <0-255> where <0-255> = STP priority for this port (default priority = 128). • If required, configure the Cisco Wireless LAN Controller STP bridge priority using the following command: >config spanningtree switch bridgepriority <0-65535> where <0-65535> = STP bridge priority for this Cisco Wireless LAN Controller (default priority = 32768).
Configuring WLANs Configuring WLANs Cisco Wireless LAN Controllers can control up to 16 Cisco WLAN Solution Wireless LANs as described in Cisco WLAN Solution WLANs. If you are not configuring WLANs at this time, skip this section and continue with Configuring Mobility Groups. WLANs WLANs • Use the show wlan summary command to display the current WLANs and whether they are enabled or disabled. Note that each Cisco WLAN Solution WLAN is assigned a WLAN ID from 1 to 16.
• If necessary, use the following command: >config wlan mac-filtering enable where = 1 through 16. • Use the show wlan command to verify that you have MAC filtering enabled or disabled for each WLAN. Local MAC Filter Local MAC Filter Cisco Wireless LAN Controllers have built-in MAC filtering capability, similar to that provided by a RADIUS authorization server. • Use the show macfilter command to verify that you have MAC addresses assigned to WLANs.
• To remove a VLAN assignment from a WLAN, use the following command: >config wlan vlan untagged where = 1 through 16. • Use the show wlan command to verify that you have correctly assigned a VLAN to the WLAN. Layer 2 Security Layer 2 Security Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them. Dynamic 802.1X Keys and Authorization Dynamic 802.1X Keys and Authorization Cisco Wireless LAN Controllers can control 802.
for 104-bit/128-bit keys, or 32 hexadecimal or 16 ASCII characters for 128-bit/152-bit keys; and - = 1 through 4. Note: One unique WEP Key Index can be applied to each WLAN. Because there are only four numbers, only four WLANs can be configured for Static WEP Layer 2 encryption. Also note that some legacy clients can only access Key Index 1 through 3 but cannot access Key Index 4.
IPSec Authentication IPSec Authentication IPSec uses hmac-sha-1 authentication as the default for encrypting WLAN data, but can also use hmac-md5, or no authentication. • Use the show wlan command to view the current IPSec authentication protocol. • Use the following command to configure the IPSec IP authentication: >config wlan security ipsec authentication [hmac-md5/hmac-sha-1/none] where = 1 through 16.
IKE Phase 1 Aggressive and Main Modes IKE Phase 1 Aggressive and Main Modes IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption between clients and the Cisco Wireless LAN Controller. • Use the show wlan command to see if the Cisco Wireless LAN Controller has IPSec IKE Aggressive mode enabled.
Local Netuser Local Netuser Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them. Cisco Wireless LAN Controllers have built-in network client authentication capability, similar to that provided by a RADIUS authentication server. • Use the show netuser command to see if the Cisco Wireless LAN Controller has network client names assigned to WLANs.
Configuring Mobility Groups Configuring Mobility Groups All Cisco Wireless LAN Controllers that can communicate with each other through their Distribution System (network) ports can automatically discover each other and form themselves into groups. After they are grouped, the Cisco WLAN Solution Radio Resource Management (RRM) function maximizes its inter-Cisco Wireless LAN Controller processing efficiency and mobility processing, described in the Client Roaming section.
Configuring SNMP • Configuring SNMP When your Cisco WLAN Solution is to send SNMP protocol to the Cisco Wireless Control System or any other SNMP manager, configure the SNMP environment using the following commands. If you are not configuring SNMP traps at this time, continue with Configuring Other Ports and Parameters.
Radio Resource Management (RRM) Radio Resource Management (RRM) • The Operating System Radio Resource Management (RRM) function automatically recognizes Cisco 1000 Series lightweight access points as they appear in the air space, and when they are part of the same Cisco WLAN Solution Mobility Group, automatically configures them for optimal operation in their respective frequency bands. Typically, you will not need to manually configure anything after enabling and/or disabling the 802.11a and 802.
Adding SSL to the Web User Interface Adding SSL to the Web User Interface When you plan to secure the Cisco Wireless LAN Controller HTTP: Web User Interface using the https: (HTTP + SSL) protocol, note that the Operating System automatically generates its own local Web Administration SSL certificate and automatically applies it to the Web User Interface. Verify whether or not the locally-generated Web Administration certificate is already loaded: >show certificate summary Web Administration Certificate...
Externally-Generated Certificate Externally-Generated Certificate Should you desire to use your own Web Administration SSL certificate, complete the following: • Make sure you have a TFTP server available for the certificate download: - If you are downloading through the Service port, the TFTP server MUST be on the same subnet as the Service port, because the Service port is not routable.
• Enter the password for the .PEM file, so Operating System can decrypt the Web Administration SSL key and certificate: >transfer download certpassword >Setting password to • In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’ to the prompt to confirm the current download settings and start the certificate and key download: >transfer download start Mode........................................... Data Type..........
Transferring Files To and From a Cisco Wireless LAN Controller Transferring Files To and From a Cisco Wireless LAN Controller Cisco Wireless LAN Controllers have built-in utilities for uploading and downloading Operating System software, certificate and configuration files. Refer to the following for additional information. CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from 512 bits, which is relatively insecure, through thousands of bits, which is very secure.
• Download the desired Operating System software update file from the Cisco website to the default directory on your TFTP server. - The Operating System code update file is named AS_2000_3_0_x_x for Cisco 2000 Series Wireless LAN Controllers, or AS_4100_3_0_x_x for Cisco 4100 Series Wireless LAN Controllers, or AS_4400_3_0_x_x for Cisco 4400 Series Wireless LAN Controllers. Note that the Cisco Wireless LAN Controller can be updated or reverted between the 2.2 and 3.0 OS releases.
TFTP receive complete... extracting components. Writing new bootloader to flash. Making backup copy of RTOS. Writing new RTOS to flash. Making backup copy of Code. Writing new Code to flash. TFTP File transfer operation completed successfully. Please restart the switch (reset system) for update to complete.
• Network Interface (Distribution System) Physical Port number: * Cisco 2000 Series Wireless LAN Controllers: 1 through 4 for a back panel Ethernet port * Cisco 4100 Series Wireless LAN Controllers: 1 or 2 for a front panel GigE port * Cisco 4400 Series Wireless LAN Controllers: 1 through 4 for a front panel GigE port • Enter the IP address of the default DHCP Server that will supply IP Addresses to clients, the Cisco Wireless LAN Controller Management Interface, and optionally to the Service Port Interf
Locally-Generated Certificate Locally-Generated Certificate Should you desire to have the Operating System generate a new Web Administration SSL certificate, complete the following: • In the CLI, enter: >config certificate generate webadmin Wait a few seconds, and the Cisco Wireless LAN Controller returns: Web Administration certificate has been generated • Verify that the Web Administration certificate is properly loaded: >show certificate summary Web Administration Certificate.................
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from 512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is AT LEAST 768 Bits. • Buy or create your own Web Administration SSL key and certificate.
Certificate installed. Please restart the switch (reset system) to use the new certificate. • Verify that the Web Administration certificate is properly loaded: >show certificate summary Web Administration Certificate................. Locally Generated Web Authentication Certificate................. Locally Generated Certificate compatibility mode:................
• Verify that the Web Administration certificate is properly loaded: >show certificate summary Web Administration Certificate................. Locally Generated Web Authentication Certificate................. Locally Generated Certificate compatibility mode:................
• In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view the current download settings: >transfer download start Mode........................................... Data Type...................................... TFTP Server IP................................. TFTP Path...................................... TFTP Filename.................................. TFTP Site Cert xxx.xxx.xxx.
• Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile RAM) so your changes are retained across reboots: >save config Are you sure you want to save? (y/n) y Configuration Saved! • Reboot the Cisco Wireless LAN Controller: >reset system Are you sure you would like to reset the system? (y/n) y System will now restart! The Cisco Wireless LAN Controller completes the bootup process as described in the Connecting and Using the CLI Console Step in the appropria
Clearing Configurations Clearing Configurations As described in Cisco Wireless LAN Controller Memory, the Cisco Wireless LAN Controller contains two kinds of memory: volatile RAM and NVRAM. To clear the active configuration in the non-volatile RAM, complete the following.
Resetting the Cisco Wireless LAN Controller Resetting the Cisco Wireless LAN Controller After you have installed and configured a Cisco Wireless LAN Controller, you can reset the Cisco Wireless LAN Controller and view the reboot process on the CLI console using one of the following two methods: • Unplug the Cisco Wireless LAN Controller from its power source. • Enter the reset system command. The reset script prompts you if there are any unsaved changes.
Using the Cisco Wireless Control System Using the Cisco Wireless Control System Refer to the following to start, stop, use, and manage Cisco WCS.
- Acknowledging Rogue Access Points - Locating Clients - Finding Coverage Holes - Pinging a Network Device from a Cisco Wireless LAN Controller • Updating OS Software from Cisco WCS • Managing Cisco WCS and Database - Installing Cisco WCS - Updating the Windows Cisco WCS - Updating the Linux Cisco WCS - Reinitializing the Windows Cisco WCS Database - Updating the Linux Cisco WCS 5/26/05 OL-7426-03 Using the Cisco Wireless Control System
Starting and Stopping Windows Cisco WCS Starting and Stopping Windows Cisco WCS • Starting Cisco WCS as a Windows Application • Starting Cisco WCS as a Windows Service • Stopping the Cisco WCS Windows Application • Stopping the Cisco WCS Windows Service • Checking the Cisco WCS Windows Service Status Starting Cisco WCS as a Windows Application Starting Cisco WCS as a Windows Application When the Cisco WCS has been installed as an application, you can start the Cisco WCS application at any time
Starting Cisco WCS as a Windows Service Starting Cisco WCS as a Windows Service When the Cisco WCS has been installed as a service, you can start the Cisco WCS service at any time. • From the Windows START button, select the Programs menu, and select Wireless Control System/Start WCS. The start Cisco WCS script opens a Start WCS DOS window, which displays the following messages: The Nms Server service is starting. . The Nms Server service was started successfully.
Stopping the Cisco WCS Windows Application Stopping the Cisco WCS Windows Application You can stop the Cisco WCS application at any time. Note: If there are any Cisco WCS User Interfaces logged in when you stop the Cisco WCS, the Cisco WCS User Interface sessions stop functioning. • From the Windows START button, select the Programs menu, and select Wireless Control System/Stop WCS. The stop Cisco WCS script opens a Stop WCS DOS window, which displays the Shutdown Web NMS Server window.
Checking the Cisco WCS Windows Service Status Checking the Cisco WCS Windows Service Status When Cisco WCS is installed as a Service, it runs in the background. That is, it has no windows open, so you cannot directly view its current status. To allow you to check the Cisco WCS Service status, the Cisco WLAN Solution has a convenient Cisco WCS Status utility.
Starting and Stopping Linux Cisco WCS Starting and Stopping Linux Cisco WCS • Starting the Linux Cisco WCS Application • Stopping the Linux Cisco WCS Application • Cisco WCSChecking the Linux Cisco WCS Status Starting the Linux Cisco WCS Application Starting the Linux Cisco WCS Application Linux Cisco WCS is always installed as an application, and you can start the Linux Cisco WCS application at any time.
Checking the Linux Cisco WCS Status Cisco WCSChecking the Linux Cisco WCS Status You can check the status of the Linux Cisco WCS at any time. • Using the Linux command line interface, navigate to the default /opt/WCS30 directory (or the directory chosen during installation). • Enter ./CheckServerStatus to view the Wireless Control System Server Status window. The Wireless Control System Server Status window shows Wireless Control System Server is up.
Starting and Stopping the Cisco WCS Web Interface Starting and Stopping the Cisco WCS Web Interface Starting a Cisco WCS User Interface Starting a Cisco WCS User Interface This Cisco WCS interface is used by Cisco WCS operators as described in Cisco WCS User Interface. Starting a Cisco WCS User Interface is a simple task. • If not already done, start the Cisco WCS as described in Starting and Stopping Windows Cisco WCS or Starting and Stopping Linux Cisco WCS. • Launch Internet Explorer 6.0.
The Cisco WCS User Interface is now active and available for your use, and displays the Network Summary (Network Dashboard) similar to the following figure, which provides a summary of the Cisco WLAN Solution, including reported coverage holes, Cisco 1000 Series lightweight access point operational data, most recent detected rogue access points, and client distribution over time. Continue with the Using the Cisco Wireless Control System or Stopping a Cisco WCS User Interface section.
Using Cisco WCS Using Cisco WCS • Checking the Cisco WLAN Solution Network Summary • Adding a Cisco Wireless LAN Controller to Cisco WCS • Creating an RF Calibration Model • Adding a Campus Map to the Cisco WCS Database • Adding a Building to a Campus • Adding a Standalone Building to the Cisco WCS Database • Adding an Outdoor Area to a Campus • Adding Floor Plans to a Campus Building • Adding Floor Plans to a Standalone Building • Adding Cisco 1000 Series Lightweight Access Points to F
Checking the Cisco WLAN Solution Network Summary Checking the Cisco WLAN Solution Network Summary When you use Cisco WCS for the first time, the Network Summary page shows that the Cisco Wireless LAN Controllers, Coverage Areas, Most Recent Rogue Access Points, Top Five Cisco 1000 Series lightweight access points, and the Most Recent Coverage Holes database is empty, as shown in the following figure.
After you have configured the Cisco WCS database with one or more Cisco Wireless LAN Controllers, the Network Summary page shows that the Cisco Wireless LAN Controllers, Coverage Areas, Most Recent Rogue Access Points, the Top Five Cisco 1000 Series lightweight access points, and the Top Five Coverage Holes databases are updated, as shown in the following figure. The following figure also shows that there has been one Client connected to the Cisco WLAN Solution over the last 24 hours.
Adding a Cisco Wireless LAN Controller to Cisco WCS Adding a Cisco Wireless LAN Controller to Cisco WCS When you know the IP Address of a Cisco Wireless LAN Controller Service Port or a Cisco Wireless LAN Controller name, do the following to add the Cisco Wireless LAN Controller to the Cisco WCS database. Note: Cisco recommends that you manage Cisco Wireless LAN Controllers via the dedicated Service Port for improved security.
• Click OK, and the Cisco WCS User Interface displays the Please wait. . . dialog screen while it contacts the Cisco Wireless LAN Controller, adds the current Cisco Wireless LAN Controller configuration to the Cisco WCS database, and then returns you to the Add Controller page. Note: If Cisco WCS does not find a Cisco Wireless LAN Controller at the selected IP Address, the Discovery Status page displays a No response from device, check SNMP. . . message.
Adding a Campus Map to the Cisco WCS Database Adding a Campus Map to the Cisco WCS Database Rather than forcing the Cisco WCS operator to use only a text-based map to manage the Cisco Wireless LAN Solution (Cisco WLAN Solution), Cisco WCS allows the operator to view the managed System on realistic campus, building, and floor plan maps. This section describes how to add a single campus map to the Cisco WCS database. • First, save your maps in .PNG, .JPG, .JPEG, or .GIF format.
• Ensure that the graphic has been added correctly by clicking the new Campus Name to have the Cisco WCS User Interface display the Maps > page as shown in the following figure. • Repeat this section for any remaining Campuses. When you have completed this section, continue with Adding an Outdoor Area to a Campus or Adding a Standalone Building to the Cisco WCS Database.
• From the Select a command drop-down menu, select New Building and click GO to have the Cisco WCS User Interface display the > New Building page. • In the > New Building page, you can create a virtual Building to organize related Floor Plan maps. To do this: - Enter the Building Name. - Enter the Building Contact Name. - Enter the number of Floors and Basements. - Enter an approximate Building Horizontal Span and Vertical Span (width and depth on the map) in feet.
• - Click on the Building rectangle and drag it to the desired position on the Campus map. - Click Save to save the Building definition and its Campus location in the Cisco WCS database. Cisco WCS saves the Building name in the Building rectangle on the Campus map. Note that there will be a hyperlink associated with the Building that takes you to the corresponding Map page. Repeat this section for any remaining Campus Buildings.
Adding a Standalone Building to the Cisco WCS Database Adding a Standalone Building to the Cisco WCS Database You can add Buildings to the Cisco WCS database whether or not you have added maps or Campuses as described in Adding a Campus Map to the Cisco WCS Database. To add a building to a Campus in the Cisco WCS database, continue with Adding a Building to a Campus. To add an Outdoor Area to a Campus in the Cisco WCS database, continue with Adding an Outdoor Area to a Campus.
Adding an Outdoor Area to a Campus Adding an Outdoor Area to a Campus You can add Outdoor Areas to a Campus in the Cisco WCS database whether or not you have added Outdoor Area maps to the Cisco WCS database. To add a building to the Cisco WCS database without associating it with a Campus, continue with Adding a Standalone Building to the Cisco WCS Database. To add a building to a Campus in the Cisco WCS database, continue with Adding a Building to a Campus.
• Click GO to have the Cisco WCS User Interface display the > New Outdoor Area page. • In the > New Outdoor Area page, you can create a manageable Outdoor Area. To do this: - Enter the Outdoor Area Name. - Enter the Outdoor Area Contact Name. - Enter the Outdoor Area Map filename (optional). - Enter an approximate Outdoor Area Horizontal Span and Vertical Span (width and depth on the map) in feet.
- • Click Save to save the Outdoor Area definition and its Campus location in the Cisco WCS database. Cisco WCS saves the Outdoor Area name in the Outdoor Area rectangle on the Campus map. Note that there will be a hyperlink associated with the Building Name or Outdoor Area. Repeat this section for any remaining Outdoor Areas. When you have completed this section for all Outdoor Areas, continue with Using the Cisco Wireless Control System.
Adding Floor Plans to a Campus Building Adding Floor Plans to a Campus Building After you have added a Building to a Campus as described in Adding a Building to a Campus, you can add individual floor plan and basement maps to the Building. Proceed with the following: • If not already done, save your floor plan map(s) in .FPE, .PNG, .JPG, or .GIF format. They can be any size, as Cisco WCS automatically resizes the map(s) to fit in its working areas. Note: When you are importing a .
• From the Select a command drop-down menu, select New Floor Area and click GO to have the Cisco WCS User Interface display the > New Floor page. • In the > New Floor page, you can add floors to a Building to organize related Floor Plan maps. To do this: - Enter the Floor or Basement Name. - Enter the Floor or Basement Contact Name. - Select the Floor or Basement number. - Enter the Floor-to-Floor Height in feet. - Also, when you are importing a .
- Click Save to save the Building definition to the Cisco WCS database. The Cisco WCS User Interface displays the floor plan graphic in the Maps > > page. • In the Maps > > page, left-click any of the Floor or Basement images to view the floor plan or basement map as shown in the following figure. Note that you can zoom in and out to view the map at different sizes, and can add access points.
Using Map Editor Using Map Editor Map Editor allows you to define, draw, and enhance floor plan related information. It allows you to create and specify the type of obstacles so that they can be taken into consideration while computing RF prediction heatmaps for access points. You can also add coverage areas for Location Appliances that locate clients and tags in that particular area. To access the Map Editor: • Highlight the Monitor tab and click Maps to bring up the Maps page.
Adding Floor Plans to a Standalone Building Adding Floor Plans to a Standalone Building After you have added a standalone Building to the Cisco WCS database as described in Adding a Standalone Building to the Cisco WCS Database, you can add individual floor plan maps to the Building. Proceed with the following: • If not already done, save your floor plan map(s) in .FPE, .PNG, .JPG, or .GIF format. They can be any size, as Cisco WCS automatically resizes the map(s) to fit in its working areas.
• From the Select a command drop-down menu, select New Floor Area. • Click GO to have the Cisco WCS User Interface display the > New Floor page.
• In the > New Floor page, you can add floors to a Building to organize related Floor Plan maps. To do this: - Enter the Floor or Basement Name. - Enter the Floor or Basement Contact Name. - Select the Floor or Basement number. - Enter the Floor-to-Floor Height in feet. - When you are importing a .FPE floor plan map file from the Floor Plan Editor, check the Import FPE File box. Otherwise, leave this box unchecked. Also, when you are importing a .
• In the Maps > page, left-click any of the Floor or Basement images to view the floor plan or basement map as shown in the following figure. Note that you can zoom in and out to view the map at different sizes, and can add access points from this page. • Repeat this section for any remaining Floors or Basements. Continue with Adding Floor Plans to a Campus Building or Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Open Area Maps.
Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Outdoor Area Maps Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Open Area Maps This procedure assumes that you have added the Floor Plan and/or Outdoor Area maps as described in Adding Floor Plans to a Campus Building, Adding Floor Plans to a Standalone Building and Adding an Outdoor Area to a Campus.
Cisco WCS displays the associated Coverage Area Map similar to the following: 5/26/05 Area Maps OL-7426-03 Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Open
• From the Select a command drop-down menu, select Add Access Points and click GO to have the Cisco WCS User Interface display the Add Access Points page. • In the Add Access Points page, check the Cisco 1000 Series lightweight access points to add to the map.
• Click OK to have the Cisco WCS User Interface add the Cisco 1000 Series lightweight access points to the map and display the Position Access Points map similar to the following: Note that the Cisco 1000 Series lightweight access point icons appear in the upper left area of the map. • Left-click and drag the Cisco 1000 Series lightweight access point icons to indicate their physical locations. • Highlight each Cisco 1000 Series lightweight access point icon in turn, and select the Antenna Angle.
• When you have imported a .PNG, .JPG, or .GIF format Coverage Area map, click Save to store the Cisco 1000 Series lightweight access point locations and orientations, and have Cisco WCS compute the first-order RF prediction (or “Heat Map”) for the Coverage Area.
• When you have imported a .FPE and a .PNG, .JPG, or .GIF format Coverage Area map, click Save to store the Cisco 1000 Series lightweight access point locations and orientations, and have Cisco WCS compute the second-order RF prediction (or “Heat Map”) for the Coverage Area. Note: In the following example, AP1 is set to 0 degrees, and AP2 and AP3 are set to 90 degrees, so the three Cisco 1000 Series lightweight access points provide maximum coverage for the right wing of the building.
Monitoring Predicted Coverage (RSSI) Monitoring Predicted Coverage (RSSI) Use MONITOR/Maps, click an item in the Name column, left-click the floor map, from the Protocol drop-down menu, select a protocol to access this page. This page assumes that you have already added active access points to the selected map. The display of predicted RF coverage on the map is determined by the selection you make from the Protocol pulldown: • For 802.11a and 802.
Monitoring Channels on a Floor Map Monitoring Channels on a Floor Map Use MONITOR/Maps, click an item in the Name column, double-click the floor map, from the Display drop-down menu, select Channel to access this page. When you select this option, the channel number being used by the Cisco Radio is displayed on the panel next to each Cisco 1000 Series lightweight access point. This display depends upon the selection made from the Protocol pulldown as follows: • 802.
Monitoring Users on a Floor Map Monitoring Users on a Floor Map Use MONITOR/Maps, click an item in the Name column, single-click the floor map, from the Display drop-down menu, select Users to access this page. When you select this option, the number of clients being used by the Cisco Radio is displayed on the panel next to each Cisco 1000 Series lightweight access point. This display depends upon the selection made from the Protocol pulldown as follows: • 802.
Troubleshooting with Cisco WCS Troubleshooting with Cisco WCS • Checking the Cisco WLAN Solution Network Summary • Detecting and Locating Rogue Access Points • Acknowledging Rogue Access Points • Locating Clients • Finding Coverage Holes • Pinging a Network Device from a Cisco Wireless LAN Controller • Viewing Current Cisco Wireless LAN Controller Status and Configurations • Viewing Cisco WCS Statistics Reports • Checking the Cisco WLAN Solution Network Summary • Viewing Current Cisco W
• To see more detail on the rogue access points, click the Rogues indicator to display the Rogue AP Alarms page. In the Rogue AP Alarms page, you can see the severity of the alarms, the rogue access point MAC addresses, the rogue access point types, the owners (Cisco WCS operators), the date and time when the rogue access points were first detected, the channel numbers they are broadcasting on, and their SSIDs.
• To see more rogue access point information, click any Rogue MAC Address link to have Cisco WCS display the associated Alarms > Rogue AP page.
The Alarms > Rogue AP page shows detailed information about the rogue access point alarm, and allows you to modify the rogue access point alarm with the following commands: - Assign to me. - Unassign. - Delete. - Show the Event History. - Display the Detecting APs (with Radio Band, Location, SSID, Channel Number, WEP state, short or long preamble, RSSI and SNR).
• In the Alarms > Rogue AP page, select Map to have Cisco WCS display the current calculated rogue access point location on the Maps > > page. Note that Cisco WCS Location compares RSSI signal strength from two or more Cisco 1000 Series lightweight access points to find the most probable location of the rogue access point, and places a small “skull-and-crossbones” indicator at its most likely location.
• From the Clients page, click the User Name of the client you want to locate. Cisco WCS displays the corresponding Clients page. • From the Clients page, you have two choices for locating the client: - In the drop-down menu, select Recent Map (high/low resolution) to locate the client without dissociating it. - In the drop-down menu, select Present Map (high/low resolution) to dissociate and then locate the client after reassociation.
Finding Coverage Holes Finding Coverage Holes Coverage holes are areas where clients cannot receive a signal from the wireless network. The Operating System Radio Resource Management (RRM) identifies these coverage hole areas and reports them to Cisco WCS, allowing the IT manager to fill holes based on user demand.
Viewing Current Cisco Wireless LAN Controller Status and Configurations Viewing Current Cisco Wireless LAN Controller Status and Configurations After you have added Cisco Wireless LAN Controllers and Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points to the Cisco WCS database as described in Using Cisco WCS, you can view the Cisco WLAN Solution status as follows: • In the Cisco WCS User Interface, click MONITOR/Network to display the Monitor Network Summary.
Updating OS Software from Cisco WCS Updating OS Software from Cisco WCS When you plan to update Cisco Wireless LAN Controllers (and Cisco 1000 Series lightweight access point) Operating System software from Cisco WCS, complete the following. Note: For the Cisco 2000 Series Wireless LAN Controller, the Cisco WCS Server MUST be on the same subnet as the Cisco 2000 Series Wireless LAN Controller management interface because this Cisco Wireless LAN Controller does not have a service port.
• In the Download Software to Switch page, click the Browse button and navigate to the OS code update file named AS_2000_.aes for Cisco 2000 Series Wireless LAN Controllers, or AS_4100_.aes for Cisco 4100 Series Wireless LAN Controllers, or AS_4400_.aes for Cisco 4400 Series Wireless LAN Controllers. (For example, AS_4100_3_0_60_0.aes.) The path and filename of the OS code appear in the File Name box.
Managing Cisco WCS and Database Managing Cisco WCS and Database • Installing Cisco WCS • Updating the Windows Cisco WCS • Updating the Linux Cisco WCS • Reinitializing the Windows Cisco WCS Database • Reinitializing the Linux Cisco WCS Database • Administering Cisco WCS Users and Passwords Installing Cisco WCS Installing Cisco WCS Refer to the Windows Cisco WCS Quick Start Guide or Linux Cisco WCS Quick Start Guide the for instructions on how to install Cisco WCS on a Cisco WCS Server.
Updating the Windows Cisco WCS Updating the Windows Cisco WCS Do the following: • If possible, stop all Cisco WCS User Interfaces (Stopping a Cisco WCS User Interface) to stabilize the database. • Stop the Cisco WCS (Stopping the Cisco WCS Windows Application or Stopping the Cisco WCS Windows Service). • Manually create a backup directory with no spaces in the name, such as C:\WCS30_Backup\.
Note: If you fail to delete the previous Cisco WCS installation, you will receive the following error message upon reinstall: Cisco WCS already installed. Please uninstall the older version before installing this version. • Reinstall the Cisco WCS application as described in Installing Cisco WCS. • From the Windows START button, select the Programs menu, and then select Cisco Wireless Control System/Restore.
Uninstall the Old Cisco WCS Server Application • Enter ./uninstallAirespaceControlSystem to uninstall the Cisco WCS application. • Click Yes to continue with the uninstallation. • Click Finished when the uninstallation is completed. Restore the Cisco WCS Server Database • Navigate to the default /opt/WCS30 directory (or the directory chosen during installation). • Enter ./Restore to start the Cisco WCS database backup. The Backup script displays the Select Backup directory window.
Reinitializing the Windows Cisco WCS Database Reinitializing the Windows Cisco WCS Database You only have to reinitialize the Windows Cisco WCS database when the Cisco WCS database becomes corrupted. CAUTION: If you reinitialize the Cisco WCS database after you have been working in the Cisco WCS application, you will delete all your saved Cisco WCS data! • Navigate to the \WCS30 directory. • Navigate to the \bin subdirectory. • In the \bin subdirectory, double-click the reinitDatabase.bat file.
Administering Cisco WCS Users and Passwords Administering Cisco WCS Users and Passwords Cisco WCS supports four user groups: • To monitor Cisco WCS operations, users must be part of the System Monitoring Group. • To monitor and configure Cisco WCS operations, users must be part of the ConfigManagers Group. • To monitor and configure Cisco WCS operations, and perform all system administration tasks except administering Cisco WCS users and passwords, users must be part of the Admin Group.
Changing Passwords Changing Passwords • If not already done, start the Cisco WCS as described in the Starting Cisco WCS as a Windows Application or Starting Cisco WCS as a Windows Service. • If not already done, log into Cisco WCS Administration as a user assigned to the SuperUsers Group as described in Adding User Accounts. • Select User Admin/Security Administration to display the Security Administration page.
Using the Web User Interface Using the Web User Interface The Web User Interface is described in Web User Interface section. Note that you can use either the Service-Port Interface (recommended) or Management Interface, whose IP Address(es) were set using the Startup Wizard or the Configuring System Parameters section.
• For an unsecure http connection, enter the Cisco Wireless LAN Controller IP Address (http:// /) in the web browser Address field and press . --OR-For a secure https (HTTP + SSL) connection, enter the Cisco Wireless LAN Controller IP Address (https:///) in the web browser Address field and press . (This connection was configured using the Adding SSL to the Web User Interface procedure.
Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller Cisco 1000 Series lightweight access points connect to the Cisco Wireless LAN Controller through the network as described in Cisco WLAN Solution Wired Connections. When a Cisco 1000 Series lightweight access point powers up, it searches for a Cisco Wireless LAN Controller as described in Cisco Wireless LAN Controller Failover Protection.
Adding ID Certificates to a Cisco Wireless LAN Controller Adding ID Certificates to a Cisco Wireless LAN Controller ID Certificates and Private Keys are used by Web server operators to ensure secure server operation. The ID certificate and key are used to authenticate the server and encrypt data transmissions between server and browser. Note: You can obtain an ID Certificate and Private Key from three sources: Factory-supplied, Operator-generated, and Purchased from a trusted CA.
Configuring and Operating Cisco 2700 Series Location Appliances Configuring and Operating Cisco 2700 Series Location Appliances The Cisco 2700 Series Location Appliance (location appliance) is a Cisco server that collects and stores up to 30 days of historical location data for up to 1,500 Laptop Clients, Palmtop Clients, VoIP Telephone Clients, RFID (Radio Frequency IDentifier) Asset Tags, Rogue Access Points, and Rogue Access Point Clients for each location appliance.
Configuring Location Appliances Configuring Location Appliances After initial configuration using a CLI console, the Cisco 2700 Series Location Appliance (location appliance) is very easy to configure using Cisco WCS 3.0.
10. Click Save. Cisco WCS searches for the location appliance and adds it to the Cisco WCS database. Note: When Cisco WCS has Network Designs (campus, building, or outdoor maps) or Cisco Wireless LAN Controllers that are unassigned to a location appliance, Cisco WCS may automatically redirect you to the Synchronize Cisco WCS and Location Appliance(s) page.
When you have successfully associated the Controller and location appliance databases, the Sync. Status shows a green two-arrow icon. You have edited the location appliance General Properties in the Cisco WCS and location appliance databases. Return to Configuring Location Appliances or Operating the Location Appliances.
Editing Location Appliance Polling Parameters Editing Location Appliance Polling Parameters After adding a Cisco 2700 Series Location Appliance (location appliance) to the Cisco WCS database, you can modify the independent Client, Rogue Access Point, Asset Tag, and Statistics polling periods that the location appliance uses to poll its associated Cisco Wireless LAN Controllers. Note that this is independent of the number of times Cisco WCS users may request a data refresh from the location appliance.
Note: Before the location appliance can collect Asset Tag data, its associated Cisco Wireless LAN Controllers must have the following command entered in their CLI interfaces: config rfid status enable. - Statistics Polling and Interval: Select the check box to turn Polling on, and enter the number of seconds between Statistics polling attempts between 1 and 99999, default = disabled and a 900 second interval.
- Rogue AP History and Interval: Select the check box to turn Historical data collection on, and enter the number of minutes between Historical data storage events between 1 and 99999, default = History Collection disabled and a 720 minute interval. You may want to leave rogue access point History Collection off, and you may want to change the History Collection Interval to a shorter or longer value for more or less granular data collection, respectively.
Adding Location Appliance User Groups Adding Location Appliance User Groups The Cisco 2700 Series Location Appliance (location appliance) allows superusers to add and delete user groups and users. Perform the following to add a new user group: 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
3. Click Groups to have Cisco WCS display the Location Appliance > Groups > page. 4. Check the desired Group. 5. In the right-hand command drop-down menu, select Delete Group and then click GO to start the deletion. 6. Click OK to complete the deletion. To add a new user group, refer to Adding Location Appliance User Groups. To change permissions for an existing user group, refer to Changing Location Appliance User Group Permissions.
5. Change the User Password, Group Name, or permission to Read Access, Write Access, or Full Access. 6. Click Save to save the new user values to the location appliance, and return to the Location Appliance > Users > page. To add a new user, refer to Adding Location Appliance User Groups. To delete a user, refer to Deleting Location Appliance Users. Otherwise, continue with Configuring Location Appliances or Operating the Location Appliances.
Deleting Location Appliance Host Access Deleting Location Appliance Host Access The Cisco 2700 Series Location Appliance (location appliance) allows superusers to add and delete host access. Perform the following to delete an existing host access: 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
Location Appliance Application Software, and Restarting the Location Appliance Application Software. Otherwise, continue with Configuring Location Appliances or Operating the Location Appliances. Clearing Location Appliance Configurations Clearing the Location Appliance Configurations At any time you can clear the Cisco 2700 Series Location Appliance (location appliance) configurations and restore the factory defaults: 1.
Operating Location Appliances Operating the Location Appliances • Viewing Location Appliance Alarms • Assigning and Unassigning Location Appliance Alarms • Deleting and Clearing Location Appliance Alarms • Viewing Location Appliance Alarm Events • Viewing Location Appliance Events • Backing Up Location Appliance Historical Data • Restoring Location Appliance Historical Data • Viewing Cisco Wireless LAN Controller and Location Appliance Synchronization Status • Re-Synchronizing Cisco Wirel
Assigning and Unassigning Location Appliance Alarms Assigning and Unassigning Location Appliance Alarms 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3. Click Alarms to have Cisco WCS display the Alarms page. 4.
Viewing Location Appliance Events Viewing Location Appliance Events Cisco WCS users can download zipped log files from a Cisco 2700 Series Location Appliance (location appliance) at any time. 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
6. Click Submit to start the restore process. 7. Click OK to restore the historical data from the Cisco WCS Server hard drive. This task is completed when Cisco WCS displays the Restore has been completed message. Continue with Configuring Location Appliances or Operating the Location Appliances.
Viewing Location Appliance Current Status Viewing Location Appliance Current Status At any time, you can follow these steps to view the Cisco 2700 Series Location Appliance (location appliance) current status. 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
Downloading Location Appliance Log Files to Your Cisco WCS Terminal Downloading Location Appliance Log Files to Your Cisco WCS Terminal Cisco WCS users can download zipped log files from a Cisco 2700 Series Location Appliance (location appliance) at any time. 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
Defragmenting the Location Appliance Database Defragmenting the Location Appliance Database At any time, you can defragment the Cisco 2700 Series Location Appliance (location appliance) database: 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
Rebooting the Location Appliance Rebooting the Location Appliance At any time, you can reboot the Cisco 2700 Series Location Appliance (location appliance): 1. In the Cisco WCS interface, select LOCATE to display the All Location Appliances page. 2. Click the desired Server Name to have Cisco WCS display the Location Appliance > General Properties > page. 3.
Troubleshooting Tips Troubleshooting Tips You can use the following sections to troubleshoot your Cisco WLAN Solution: • Using Error Messages • Using Reason and Status Codes in the Trap Log • Using Cisco 1000 Series Lightweight Access Point LEDs Using Error Messages Using Error Messages The Operating System may display any of the error messages described below.
Table - Error Messages and Descriptions (Continued) Error Message Description LRADIF_COVERAGE_PROFILE_FAILED Possible coverage hole detected - check Cisco 1000 Series lightweight access point history to see if common problem - add Cisco 1000 Series lightweight access points if necessary. LRADIF_LOAD_PROFILE_PASSED Load is now within threshold limits. LRADIF_NOISE_PROFILE_PASSED Detected noise is now less than threshold.
Table - Error Messages and Descriptions (Continued) Error Message Description IPSEC_ESP_POLICY_FAILURE Check for IPSec configuration mismatch between WLAN and client. IPSEC_ESP_INVALID_SPI Informational message. IPSEC_OTHER_POLICY_FAILURE Check for IPSec configuration mismatch between WLAN and client. IPSEC_IKE_NEG_FAILURE Check for IPSec IKE configuration mismatch between WLAN and client. IPSEC_SUITE_NEG_FAILURE Check for IPSec IKE configuration mismatch between WLAN and client.
Table - Error Messages and Descriptions (Continued) Error Message Description COLD_START Cisco Wireless LAN Controller may have been rebooted. WARM_START Cisco Wireless LAN Controller may have been rebooted. Using Client Reason and Status Codes in the Trap Log Using Reason and Status Codes in the Trap Log As described in Web User Interface Online Help, the Clients > Detail page lists the Reason and Status Codes you are likely to encounter when reviewing the Trap Logs.
Client Status Codes Client Status Codes The Client Status code may be any of the following: Table - Client Status Code Descriptions and Meanings Client Status Code Description Meaning 0 idle normal operation -- no rejections of client association requests 1 aaaPending completing an aaa transaction 2 authenticated 802.11 authentication completed 3 associated 802.11 association completed 4 powersave client in powersave mode 5 disassociated 802.
Table - Cisco 1000 Series Lightweight Access Point LED Conditions and Status (Continued) LED Conditions Status Power Alarm 2.4 GHz 5 GHz off Red FLASHING off off 5/26/05 OL-7426-03 Duplicate Cisco 1000 Series lightweight access point IP address.
REFERENCES REFERENCES The following references are available: • Glossary • Cisco WLAN Solution Supported Country Codes • Cisco WLAN Solution CLI Reference • Web User Interface Online Help • Cisco WCS User Interface Online Help • Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point Deployment Guide • Internal-Antenna AP1010 Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Point Quick Start Guide • External-Antenna AP1020 and AP1030 Cisco 1000 Series IEEE 802.
Glossary Glossary 10BASE-T An IEEE standard (802.3) for operating 10 Mbps Ethernet networks (LANs) with twisted pair cabling and wiring hubs. 100BASE-T An IEEE standard (802.3) for operating 100 Mbps Ethernet networks (LANs) with twisted pair cabling and wiring hubs. 1000BASE-SX An IEEE standard (802.3) for operating 1000 Mbps Ethernet networks (LANs) with fiber optic cables and wiring hubs. Also known as Gigabit Ethernet (GigE).
802.11i A developing IEEE wireless LAN security standard. A subset of the 802.11i standard, WPA, is being deployed at this time. 802.1X An IEEE authentication framework for 802.11 networks. Allows multiple authentication algorithms, including EAP and RADIUS. Access Point A wireless LAN transceiver or “base station” that can connect a wired LAN to one or many wireless devices. Some access points can also bridge to each other. ACL ACL Access Control List.
Applet An application or utility program that is designed to do a very specific and limited task. Application Software A computer program that is designed to do a general task. For example, word processing, payroll, Internet browsers and graphic design programs would all be considered applications. Association The process used by a client to connect to an Access Point.
Bridge A product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link buildings in campuses. Broadband A comparatively fast Internet connection. Services such as ISDN, cable modem, DSL and satellite are all considered broadband as compared to dial-up Internet access.
Crossover Cable A special cable used for networking two computers without the use of a hub. Crossover cables may also be required for connecting a cable or DSL modem to a wireless gateway or access point. Instead of the signals transferring in parallel paths from one plug to another, the signals cross over. For instance, in an eight-wire crossover cable, the signal starts on pin one at one end of the cable and ends up on pin eight at the other end.
Disable Obsolete reference to the Exclusion List. Diversity Antenna A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce interference. DMZ Demilitarized Zone. A network layer added between the outside network (least secure) and internal network (most secure) in order to add an extra level of security protection. Many companies choose to locate Wireless Controllers, mail servers, Web servers, and remote access servers in the DMZ.
Encryption Key An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network. WEP uses an encryption key that automatically encrypts outgoing wireless data. On the receiving side, the same encryption key enables the computer to automatically decrypt the information so it can be read. Enterprise A term that is often applied to large corporations and businesses.
GARP General Attribute Registration Protocol. Gateway In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, etc. GigE A Gigabit Ethernet IEEE standard (802.3) for operating 1000 Mbps Ethernet networks (LANs) with fiber optic cables and wiring hubs. See also 1000BASE-SX. GUI Graphical User Interface.
IEEE 802.11 A set of specifications for LANs from The Institute of Electrical and Electronics Engineers (IEEE). Most wired networks conform to 802.3, the specification for CSMA/CD based Ethernet networks or 802.5, the specification for token ring networks. 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS) and Infrared. See also 802.11, 802.11a, 802.11b, 802.
Higher-level protocols, such as SPX and NCP, are used for additional error recovery services. Sequenced Packet Exchange, SPX, a transport layer protocol (layer 4 of the OSI Model) used in Novell Netware networks. The SPX layer sits on top of the IPX layer (layer 3) and provides connection-oriented services between two nodes on the network. SPX is used primarily by client/server applications. Whereas the IPX protocol is similar to IP, SPX is similar to TCP.
LEAP Cisco Wireless EAP. EAP used by Cisco equipment to secure wireless networks with WEP-based devices. LWAPP LWAPP The pending IETF (Internet Engineering Task Force) Lightweight Access Point Protocol standard defining communications between Wireless LAN Controllers and “Light” Access Points. MAC Medium Access Control. This is the function of a network controller that determines who gets to transmit when. Each network adapter must be uniquely identified. Every wireless 802.
NVRAM Non-Volatile Random Access Memory. Any type of memory that does not lose its contents when the main power is removed. (See also Volatile RAM.) OFDM Orthogonal Frequency Division Multiplexing. A multi-carrier modulation technique used for 802.11a and 802.11g transmissions. PC Card A removable, credit-card-sized memory or I/O device that fits into a Type 2 PCMCIA standard slot, PC Cards are used primarily in PCs, portable computers, PDAs and laptops.
ppcboot ppcboot Cisco Wireless LAN Controller Bootloader. PPP Point-to-Point Protocol. Proxy Server Used in larger companies and organizations to improve network operations and security, a proxy server is able to prevent direct communication between two or more networks. The proxy server forwards allowable data requests to remote servers and/or responds to data requests directly from stored remote server data. QoS QoS Quality of Service. A term that guarantees a specific throughput level.
RSSI Received Signal Strength Indicator, also known as Signal Strength. A measure of received RF energy, measured in dBm. RTOS Real-time operating system. An operating system that features a guaranteed performance per time unit. Rx Receive. Satellite Broadband A wireless high-speed Internet connection provided by satellites. Some satellite broadband connections are two-way-up and down.
SSL Secure Sockets Layer. Commonly used encryption protocol used by many enterprises to protect the security and integrity of transactions. When an SSL session begins, the server sends its public key to the browser. The browser then sends a randomly generated secret key back to the server to complete a secret key exchange for that session.
TIM TIM Traffic Indication Map. An element in all 802.11 beacons when a client has frames buffered in the AP. The buffered frames are broadcasted or multicasted at each DTIM, when all power-saving clients expecting this data should be awake. See also DTIM. TKIP Temporal Key Integrity Protocol. Generates new keys every 10 kb of payload traffic. Tx Transmit. USB A high-speed bidirectional serial connection between a PC and a peripheral that transmits data at the rate of 12 megabits per second.
WebAuth Web Authentication. An application-layer authentication of a user by username and password contained in either a local or RADIUS database. WECA Wireless Ethernet Compatibility Alliance, the former name of the Wi-Fi Alliance. WEP Wired Equivalent Privacy. Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or small-business user needs to protect wireless data. Cisco WLAN Solution equipment supports the following WEP versions: • 40-bit, also called 64-bit encryption.
Cisco WLAN Solution Supported Country Codes Cisco WLAN Solution Supported Country Codes The Cisco WLAN Solution has been approved or is being approved to operate in the following countries, and fully conforms with current country requirements. Note that some of these entries may change over time; consult www.cisco.com/go/aironet/compliance for current approvals and Regulatory Domain information.
CY/ Cyprus CZ/ Czech Republic -E 36, 40, 44, 48 52, 56, 60, 64 200 mW EIRP 200 mW EIRP In In 5.15-5.25 5.25-5.35 b/g 1 - 11 100 mW EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 149, 153, 157, 161 50 mW+6 dBi=200 mW 250 mW+6 dBi=1 W 1 W+6 dBi=4 W In Both Both 5.15-5.25 5.25-5.35 5.725-5.85 b/g 1 - 11 1 W+Restricted Antennas Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 149, 153, 157, 161 200 mW EIRP 200 mW EIRP 1 W EIRP In In Both 5.15-5.25 5.25-5.35 5.725-5.
GB/ United Kingdom GR/ Greece HK/ Hong Kong 5/26/05 OL-7426-03 -E Regulatory Authority 36, 40, 44, 48 52, 56, 60, 64 104, 108, 112, 116, 120, 124, 128, 132, 140 200 mW EIRP 200 mW EIRP 1 W EIRP In In Both 5.15-5.25 5.25-5.35 5.47-5.725 b/g 1 - 11 100 mW EIRP In 2.412-2.472 a 36, 40, 44, 48 52, 56, 60, 64 104, 108, 112, 116, 120, 124, 128, 132, 140 200 mW EIRP 200 mW EIRP 1 W EIRP In In Both 5.15-5.25 5.25-5.35 5.47-5.725 b/g 1 - 11 100 mW EIRP Both 2.4-2.
IE/ Ireland IL/ Israel 200 mW EIRP In 5.15-5.25 5.25-5.35 b/g 1 - 11 1 W EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 200 mW EIRP 200 mW EIRP 1 W EIRP In In Both 5.15-5.25 5.25-5.35 5.47-5.725 b/g 1 - 11 100 mW EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 200 mW EIRP 200 mW EIRP In In 5.15-5.25 5.25-5.35 b/g 1 - 13 100 mW EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 200 mW EIRP 200 mW EIRP In In 5.15-5.25 5.25-5.35 b/g 5 - 13 100 mW EIRP Both 2.
-J KR/ Republic of Korea LT/ Lithuania LU/ Luxembourg LV/ Latvia MY/ Malaysia NL/ Netherlands 5/26/05 OL-7426-03 -C Regulatory Authority Frequency Range (GHz) a 1-3 1-4 100 mW EIRP 100 mW EIRP Both In 5.03-5.09 5.15-5.25 b 1-14 10 mW/MHz~200mW EIRP Both 2.4-2.497 g 1-13 10 mW/MHz~200mW EIRP Both 2.4-2.497 a 149, 153, 157, 161 150 mW+6 dBi~600 mW Both 5.725-5.825 b/g 1-13 150 mW+6 dBi~600 mW Both 2.4-2.
PH/ Philippines 36, 40, 44, 48 52, 56, 60, 64 104, 108, 112, 116, 120, 124, 128, 132, 140 200 mW EIRP 200 mW EIRP 1 W EIRP In In Both 5.15-5.25 5.25-5.35 5.47-5.725 b/g 1 - 11 100 mW EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 149, 153, 157, 161 50 mW+6 dBi=200 mW 250 mW+6 dBi=1 W 1 W+6 dBi=4 W In Both Both 5.15-5.25 5.25-5.35 5.725-5.85 b/g 1 - 11 1 W+Restricted Antennas Both 2.4-2.4835 a (tbd) (tbd) (tbd) 5.725-5.875 b (tbd) 100 mW EIRP (tbd) 2.4-2.
SI/ Slovenia SK/ Slovak Republic TH/ Thailand TW/ Taiwan US/ United States of America USE/ United States of America USL/ United States of America LOW 5/26/05 OL-7426-03 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161 200 mW EIRP 200 mW EIRP 1 W EIRP Both Both Both 5.15-5.25 5.25-5.35 5.725-5.85 b/g 1 - 13 200 mW EIRP Both 2.4-2.4835 a 36, 40, 44, 48 52, 56, 60, 64 149, 153, 157, 161 50 mW+6 dBi=200 mW 250 mW+6 dBi=1 W 1 W+6 dBi=4 W In Both Both 5.15-5.25 5.25-5.35 5.725-5.
ZA/ South Africa 5/26/05 OL-7426-03 (TBD) a 36, 40, 44, 48 52, 56, 60, 64 50 mW+6 dBi=200 mW 250 mW+6 dBi=1 W In Both 5.15-5.25 5.25-5.35 b/g 1 - 11 1 W Conducted Output Both 2.4-2.4835 a N/A N/A N/A 5.25-5.35 5.725-5.825 b/g 1-13 1 W EIRP Both 2.4-2.4835 (TBD) Regulatory Authority Frequency Range (GHz) Indoor/ Outdoor Use 802.
