Cisco WLAN Controller Web Interface User Guide Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface ix Audience Purpose x x Conventions x Obtaining Documentation xi Cisco.
Contents Rogue Clients 2-20 Rogue Client Detail 2-21 Adhoc Rogues 2-22 802.11a Radios 2-23 Radio > Statistics 2-24 802.
Contents Port > Edit Configuration 4-21 Master Controller Configuration 4-24 NTP Servers 4-25 NTP Servers > New 4-25 NTP Servers > Edit 4-26 QoS Profiles 4-27 Edit QoS Profile CHAPTER 5 4-28 Wireless Menu Bar Selection Cisco APs 5-3 Cisco APs > Details 5-1 5-4 802.11a Cisco radio 5-11 802.11a Cisco APs > Configure 5-13 802.11 AP Interfaces > Performance Profile 802.11a AP Interfaces > Details 5-17 802.11b/g Cisco Radios 5-21 802.11b/g Cisco Radios > Configure 802.
Contents Local Net Users > Edit 6-14 MAC Filtering 6-15 MAC Filters > New 6-15 MAC Filters > Edit 6-16 Disabled Clients 6-17 Disabled Client > New 6-17 Disabled Client > Edit 6-17 User Policies AP Policies 6-18 6-19 Access Control Lists 6-21 Access Control Lists > New 6-21 Access Control Lists > Edit 6-21 Access Control Lists > Rules > Edit 6-23 Access Control Lists > Edit > Add New Rule 6-24 Network Access Control 6-26 Network Access Control > New 6-26 Network Access Control > Edit 6-27 NAC Statisti
Contents SNMP v1/v2c Community > Edit 7-7 SNMP Trap Receiver 7-8 SNMP Trap Receiver > New 7-8 SNMP Trap Receiver > Edit 7-9 SNMP Trap Controls 7-10 Trap Logs 7-12 HTTP Configuration 7-15 Telnet-SSH Configuration 7-17 Serial Port Configuration 7-18 Local Management Users 7-19 Local Management Users > New CLI Sessions 7-20 Syslog Configuration 7-21 Management Via Wireless Message Logs 7-19 7-22 7-23 System Resource Information 7-24 Controller Crash Information 7-24 AP Log Information 7-24 Web
Contents WLAN Policy Configuration 8-10 RADIUS Server Configuration 8-11 802.
Preface Welcome to the Web User Interface Online Help! This help system is designed for use with Cisco WIreless LAN Controllers and comes bundled with the Operating System software. Note The Web User Interface Online Help pages require that cookies be enabled on your Web Browser. If the Web User Interface fails to appear when you attempt to log on, make sure that cookies are enabled on your Web Browser. Note The Web User Interface Online Help pages can be blocked by Internet Explorer Content Advisor.
Preface Audience Note • Chapter 7, “Management Menu Bar Selection,” describes the various management features that can be implemented on the controller. • Chapter 8, “Commands Menu Bar Selection,” describes how to download and upload a file through a TFTP server, reboot and reset the controller to factory settings, and so on. If you are configuring the Cisco 4100 Series Wireless LAN Controllers for the very first time, refer to Using the Configuration Wizard.
Preface Obtaining Documentation Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual. Caution Means reader be careful. In this situation, you might do something that could result equipment damage or loss of data. Warning This warning symbol means danger. You are in a situation that could cause bodily injury.
Preface Obtaining Documentation Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm You can order Cisco documentation in these ways: • Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool: http://www.cisco.com/en/US/partner/ordering/ • Nonregistered Cisco.
Preface Obtaining Technical Assistance Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT: Tip • Emergencies —security-alert@cisco.com • Nonemergencies —psirt@cisco.
Preface Obtaining Additional Publications and Information certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call. Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests.
Preface Obtaining Additional Publications and Information http://www.cisco.com/go/marketplace/ • Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com • Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments.
Preface Obtaining Additional Publications and Information Cisco WLAN Controller Web Interface User Guide xvi OL-7416-04
C H A P T E R 1 Using Controller Web User Interface The Web User Interface is built into each Cisco Wireless LAN Controller. The Web User Interface allows up to five users to simultaneously browse into the built-in controller http or https (http + SSL) Web server, configure parameters, and monitor operational status for the controller and its associated access points.
Chapter 1 Using Controller Web User Interface Web User Interface Areas Refer to the following for more information: • Applying Parameters • Refreshing the Screen • Troubleshooting Web User Interface Areas The following sections describe the Web User Interface page areas and how to use them: • Menu Bar • Selector Area • Main Data Page • Administrative Tools • Button Area Menu Bar The menu bar shows the names of the main configuration areas of the controller.
Chapter 1 Using Controller Web User Interface Web User Interface Areas Note Microsoft Internet Explorer generates a submit action on the next available button when you press the enter key while in an input field. On most menus this triggers the apply function. Administrative Tools This area provides shortcuts to administration functions used on a regular basis when configuring a controller through the Web User Interface.
Chapter 1 Using Controller Web User Interface Web User Interface Areas Refreshing the Screen Using the refresh function from the Web User Interface refreshes all screens and displays the default initial screen in the main data area. If you want to refresh a screen in the main data area, and there is no refresh button present on that screen, use your mouse to right-click on the main data area screen, then select the refresh option.
C H A P T E R 2 Monitor Menu Bar Selection This menu bar selection provides access to the controller and access points’ summary details. Use the selector area to access the respective network details. Making this selection from the menu bar displays the system Summary page.
Chapter 2 Monitor Menu Bar Selection Summary Summary Use MONITOR > Summary to navigate to this page. The summary page provides a top level description of your controller, access points, clients, WLANs, and rogues. Rogues are unauthorized devices (access points, clients) which are connected to your network. The controller image is displayed at the top of the summary page and gives information about the controller model number and the number of access points supported by the controller.
Chapter 2 Monitor Menu Bar Selection Summary Table 2-1 Summary Parameters (continued) Parameter Description Active Rogue Clients Active clients associated with a rogue access point. Click Detail for additional information about Rogue Client Detail. Adhoc Rogues Click Detail for additional information about Adhoc Rogues. Top WLANs WLAN Name of the WLAN as specified by the operator. # of Clients by SSID Number of clients associated with the WLAN based on SSID.
Chapter 2 Monitor Menu Bar Selection Controller Statistics Controller Statistics Use MONITOR > Statistics > Controller to navigate to this page. The following table describes the controller statistics displayed on this page. Table 2-2 Controller Summary Statistics Parameter Description Octets Received The total number of octets of data received by the processor (excluding framing bits but including FCS octets). Packets Received Without Error The total number of packets received by the processor.
Chapter 2 Monitor Menu Bar Selection Controller Statistics Table 2-2 Controller Summary Statistics (continued) Parameter Description Most VLAN Entries Ever Used The largest number of VLANs that have been active on this controller since the last reboot. Static VLAN Entries The number of presently active VLAN entries on this controller that have been created statically. VLAN Deletes The number of VLANs on this controller that have been created and then deleted since the last reboot.
Chapter 2 Monitor Menu Bar Selection Ports Statistics Ports Statistics Use MONITOR > Statistics > Ports to navigate to this page. This page displays the status of each port on the controller. The following table provides a description and the range for each parameter. Table 2-3 Summary Parameters Parameter Description Range Port No Port number on the controller. 1-12 for 10/100Base-T, 13 for 1000Base-T or -SX . 1-24 for 10/100Base-T, 25 for 1000Base-T or -SX .
Chapter 2 Monitor Menu Bar Selection Ports Statistics Ports > Statistics Use MONITOR > Statistics > Ports and then click View Stats to navigate to this page. This page displays statistics on a per port basis. The Port Number appears on the main data page directly below the page title and above the Traffic Statistics tables. The following tables explain the port statistics.
Chapter 2 Monitor Menu Bar Selection Ports Statistics Table 2-4 Traffic Statistics (continued) Parameter Received Description Transmitted Description Packets The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets). The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Chapter 2 Monitor Menu Bar Selection Ports Statistics Table 2-6 Protocol Statistics Parameter Received Description Transmitted Description BPDUs The count of Bridge Protocol Data Units The count of Bridge Protocol Data (BPDUs) received in the spanning tree Units (BPDUs) transmitted from the layer. spanning tree layer. N/A. 802.3x Pause Frames A count of Media Access Control Received (MAC) frames received on this interface with an opcode indicating a PAUSE.
Chapter 2 Monitor Menu Bar Selection Ports Statistics Table 2-8 Received Packets Not Forwarded Parameter Description Total A count of valid frames received which were discarded, or filtered, by the forwarding process. Local Traffic Frames The total number of frames dropped in the forwarding process because the destination address was located off of this port. 802.3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation.
Chapter 2 Monitor Menu Bar Selection Ports Statistics Table 2-10 Transmit Discards Parameter Description Total Discards The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Chapter 2 Monitor Menu Bar Selection Rogue APs Rogue APs Use MONITOR > Summary > Rogue Summary > Active Rogue APs > Detail or MONITOR > Wireless > Rogue APs or WIRELESS > Rogue APs to navigate to this page. This page displays access points in your air space which are not part of your configured network. These rogue access point radios may be one of the following four types: • Pending or Alert radio: This type of radio may present a threat to the integrity and security of your network.
Chapter 2 Monitor Menu Bar Selection Rogue APs Command Buttons • Next: Displays the next page of the listing. • Help: Request that the help page be displayed in a new browser window. Rogue AP Detail Use MONITOR > Summary > Rogue Summary > Active Rogue APs > Detail and then click Edit to navigate to this page. This page displays the access point details of the unauthorized or unknown radio.
Chapter 2 Monitor Menu Bar Selection Rogue APs Cisco APs that Detected this Rogue This table provides a detailed list of access points that detect the unauthorized radio as well as the transmit characteristics of the radio. The following information physically identifies the location of the rogue access point. • MAC address of the Cisco access point that identified the rogue access point radio. • Name of the Cisco access point that identified the rogue access point radio.
Chapter 2 Monitor Menu Bar Selection Rogue APs Known Rogue APs Use MONITOR > Wireless > Known Rogue APs or WIRELESS > Rogues > Known Rogue APs to navigate to this page. This page displays details about Known Rogue APs that have been configured on the network. Table 2-13 Known Rogue Access Points Parameter Description MAC Address Media Access Control Address of the known rogue access point. SSID Service Set Identifier being broadcast by the known rogue access point radio.
Chapter 2 Monitor Menu Bar Selection Known Rogue APs > New Known Rogue APs > New Use MONITOR > Wireless > Known Rogue APs or Wireless > Rogues > Known Rogue APs and then click New to navigate to this page. This page allows you to add an access point to the Known Rogue APs list. To add an access point, perform these steps: Step 1 Enter the MAC address of the access point in the MAC Address field.
Chapter 2 Monitor Menu Bar Selection Known Rogue APs > New Table 2-14 Known Rogue AP Detail (continued) Parameter Description Current Status The status of this radio is: Update Status (Note) • Alert (Unknown access point) • Known (Internal access point) • Acknowledge (External access point) • Contain (Rogue access point) • Pending (unidentified) Configurable state of this known rogue access point in the controller.
Chapter 2 Monitor Menu Bar Selection Known Rogue APs > New Clients associated to this Known Rogue AP This table provides a detailed list of clients associated to this known rogue access point. • MAC address - Media Access Control of the known rogue client. • Last Time Heard - The last time the Cisco access point detected the known rogue access point client. • Back: Return to the previous window.
Chapter 2 Monitor Menu Bar Selection Rogue Clients Rogue Clients Use MONITOR > Wireless > Rogue Clients or MONITOR > Summary > Rogue Clients to navigate to this page. This page contains information about detected rogue clients. Table 2-15 Rogue Clients Parameters Description MAC Address MAC address of the rogue client. AP MAC Address MAC address of the Cisco access point. SSID Service Set Identifier being broadcast by the rogue client.
Chapter 2 Monitor Menu Bar Selection Rogue Clients Rogue Client Detail Use MONITOR > Summary > Active Client Detail and then click Edit to navigate to this page. This page displays details about unauthorized clients. The following information is provided when a rogue client is detected: Table 2-16 Rogue Client Details Parameter Description MAC Address MAC address of the rogue access point. APs MAC Address MAC address of the Cisco access point that identified the rogue access point radio.
Chapter 2 Monitor Menu Bar Selection Rogue Clients Command Buttons • Back: Return to the previous window. • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Ping: Send a Ping to a network element. Adhoc Rogues Use MONITOR > Wireless > Adhoc Rogues or MONITOR > Summary > Adhoc Rogues to navigate to this page. This page lists Ad Hoc rogue information on the following table.
Chapter 2 Monitor Menu Bar Selection 802.11a Radios 802.11a Radios Use MONITOR > Wireless > 802.11a Radios or MONITOR > Summary > 802.11a Radios to navigate to this page. This page displays the Cisco radio profile for your 802.11a RF network. It shows the status of each 802.11a Cisco radio configured on this controller and its profile. Table 2-18 802.11a Radio Profile Parameters Description AP Name This is the name assigned to the access point.
Chapter 2 Monitor Menu Bar Selection Radio > Statistics Radio > Statistics Use MONITOR > Wireless > 802.11a Radios or MONITOR > Wireless > 802.11b Radios and then click Detail to navigate to this page. This page displays the RF (Radio Frequency) statistics for the selected Cisco radio. You can alternate between the Graphics View and the Text View clicking the Graphics View/Text View button.
Chapter 2 Monitor Menu Bar Selection Radio > Statistics Figure 2-1 Profile Information in Graphics View The following sections describe each of the Graphical and Text results. Noise vs. Channel Each channel of the access point appears along with the corresponding non-802.11 noise interfering with the currently-assigned channel. Interference by Channel Each channel of the access point appears with the corresponding traffic interference from other 802.11 sources.
Chapter 2 Monitor Menu Bar Selection Radio > Statistics • 00:0b:85:00:83:00 • Interface x • 172.16.16.10 is the MAC address of the neighboring access point. is the interface number of the neighboring access point. is the IP address of the access point’s controller. 802.11 MAC Counters The following table describes the 802.11 MAC counters. Table 2-19 802.
Chapter 2 Monitor Menu Bar Selection Radio > Statistics Command Buttons • Back: Return to the previous window. • Graphics View/Text View: Move back and forth between the graphics and text views of the Radio > Statistics page. • Help: Request that the help page be displayed in a new browser window.
Chapter 2 Monitor Menu Bar Selection 802.11b/g Radios 802.11b/g Radios Use MONITOR > Wireless 802.11b/g Radios or MONITOR > Summary > 802.11b/g Radios to navigate to this page. This page displays the Cisco radio profile for your 802.11b/802.11g RF network. It shows the status of each 802.11b/g Cisco radio configured on this and its profile. Table 2-20 802.11b/g Radio Profile Parameters Description AP Name This is the name assigned to the access point.
Chapter 2 Monitor Menu Bar Selection Clients Clients Use MONITOR > Wireless > Clients or MONITOR > Summary > Current Clients Detail or WIRELESS > Clients to navigate to this page. This page displays information about the clients associated with the access points. Search by MAC Address You can search the client list by MAC address. Enter the MAC address as 6 two-digit hexadecimal numbers separated by colons--for example, 01:23:45:67:89:AB. Then click the Search button.
Chapter 2 Monitor Menu Bar Selection Clients Table 2-21 Client Properties (continued) Parameter Description Interface User-defined name for this interface; for example, management, service-port, virtual. VLAN ID The VLAN tag identifier, or 0 for no VLAN tag. Mobility Role Local when the client has not roamed from its original controller, or when the client has roamed to another controller on the same subnet.
Chapter 2 Monitor Menu Bar Selection Clients Table 2-23 Quality of Service Properties Parameter Description WME State Enable or disable WME. Wireless Media Extensions (WME) is a QoS protocol and a subset of 802.11e standard. WME technology identifies packets of voice, video, audio or other types of data and prioritizes their delivery based on traffic conditions. Videos transmitted over wireless networks suffer greatly if packets are delayed or dropped.
Chapter 2 Monitor Menu Bar Selection Clients The AP Properties table identifies the properties of the client’s access point and of the client’s negotiated session. Table 2-25 AP Properties Parameter Description AP Address MAC address of the access point. AP Name Name of the access point. AP Type Access point’s RF type. WLAN SSID Name of the WLAN. Status Status of client from status code (see Status Code below). Association ID Client’s access point association identification number. 802.
Chapter 2 Monitor Menu Bar Selection Clients Table 2-25 AP Properties (continued) Parameter Description Status Code Client status may be one of the following: • idle (0) -- normal operation: no rejections of client association requests. • aaaPending (1) -- completing an aaa transaction. • authenticated (2) -- 802.11 authentication completed. • associated (3) -- 802.11 association completed. • powersave (4) -- client in powersave mode. • disassociated (5) -- 802.
Chapter 2 Monitor Menu Bar Selection RADIUS Servers RADIUS Servers Use MONITOR > Wireless > RADIUS Servers to navigate to this page. This page displays addressing and status information for your Remote Authentication Dial-In User Servers. Configure the authentication and accounting servers by selecting the Security option from the Menu Bar. Table 2-26 Authentication Servers and Accounting Servers Status Parameter Description Index Access priority number for RADIUS servers.
Chapter 2 Monitor Menu Bar Selection RADIUS Servers Table 2-28 Authentication S erver Statistics Parameter Description Msg Round Trip Time The time interval (in hundredths of a second) between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server. First Requests The number of RADIUS Access-Request packets sent to this server. This does not include retransmissions.
Chapter 2 Monitor Menu Bar Selection RADIUS Servers RADIUS Servers > Accounting Stats Use MONITOR > Wireless > RADIUS Servers then clcik Stats in a RADIUS Accounting entry to navigate to this page. This page displays addressing and status information for your Remote Authentication Dial-In User Servers as follows: Table 2-29 Accounting Server Addressing Parameter Description Server Index Access priority number for RADIUS servers.
Chapter 2 Monitor Menu Bar Selection RADIUS Servers Table 2-30 Accounting Server Statistics (continued) Parameter Description Unknown Type Msgs The number of RADIUS packets of unknown type which were received from this server on the accounting port. Other Drops The number of RADIUS packets which were received from this server on the accounting port and dropped for some other reason. Command Buttons • Back: Return to the previous window.
Chapter 2 Monitor Menu Bar Selection RADIUS Servers Cisco WLAN Controller Web Interface User Guide OL-7416-04 2-37
Chapter 2 Monitor Menu Bar Selection RADIUS Servers Cisco WLAN Controller Web Interface User Guide 2-38 OL-7416-04
C H A P T E R 3 WLANs Menu Bar Selection The WLANs tab allows you to create, configure, and delete WLANs on your controller.
Chapter 3 WLANs Menu Bar Selection WLANs WLANs Click WLANs to navigate to this page. This page shows a summary of the wireless local access networks (WLANs) that you have configured on your network. From this page, you may add, remove or edit WLANs. Table 3-1 Timer Descriptions Parameter Description WLAN ID Identification number of the WLAN. WLAN SSID Definable name of the WLAN (text string). Admin Status Status of the WLAN is either enabled or disabled.
Chapter 3 WLANs Menu Bar Selection WLANs Command Buttons • Back: Return to the previous window. • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. WLANs > Edit For existing WLANs, use WLANs > Edit to navigate to this page. For new WLANs, create a new WLAN as described in WLANs > New page, then click Apply to navigate to this page.
Chapter 3 WLANs Menu Bar Selection WLANs Table 3-2 General Policies (continued) Parameter Description 7920 Phone Support Select one of the following: • Disabled—Use this setting to disable support for your Cisco 7920 phones on the WLAN. • Client CAC Limit—Use this setting if you want the WLAN to support the older version of the software on your Cisco 7920 phones. In older versions, the CAC limit is set on the client.
Chapter 3 WLANs Menu Bar Selection WLANs Table 3-2 General Policies (continued) Parameter Description DHCP Server (Override) When selected, you can enter the IP address of your DHCP server. This is a required field for some WLAN configurations. There are three valid configurations: DHCP Server Override ON, a valid DHCP Server IP address, and DHCP Address Assignment Required: Requires all WLAN clients to obtain an IP address from the DHCP Server.
Chapter 3 WLANs Menu Bar Selection WLANs Table 3-3 Layer 2 Security Policies (continued) Parameter Description Cranite Configure the WLAN to use the FIPS140-2 compliant Cranite WirelessWall Software Suite, which uses AES encryption and VPN tunnels to encrypt and verify all data frames carried by the Cisco WLAN Solution (Note 3). Fortress FIPS 40-2 compliant Layer 2 security feature. MAC Filtering Select to filter clients by MAC address.
Chapter 3 WLANs Menu Bar Selection WLANs Table 3-4 Note Layer 3 IPSec and L2TP Parameters (continued) Parameter (Note 1) Range Web Policy Select this check box to enable the Web Policy. The following parameters are displayed. • Authentication - If you select this option, you will be prompted for user name and password while connecting the client to the wireless network. • Passthrough - If you select this option, you can access the network directly without entering the user name and password.
Chapter 3 WLANs Menu Bar Selection WLANs Table 3-5 RADIUS Servers Parameters Server Authentication Servers Accounting Servers Server 1 Select a RADIUS server from the drop-down list. Select a RADIUS server from the drop-down list. If this server is selected, it will be the default RADIUS authentication server for the specified WLAN and will override the RADIUS server that is configured for the network.
Chapter 3 WLANs Menu Bar Selection WLANs > Mobility Anchors WLANs > Mobility Anchors Use WLANs > Mobility Anchors to navigate to this page. Mobility anchors are used to restrict a WLAN to a single subnet, irrespective of the client’s entry point into the network. It can also be used to provide geographic load balancing, since WLANs can be used to represent a particular section of the building like engineering, marketing and so on.
Chapter 3 WLANs Menu Bar Selection AP Groups VLAN AP Groups VLAN Use WLAN > AP Groups VLAN to navigate to this page. This page displays a summary of the AP Group VLANs configured on your network. Here you can add, remove or view details of an AP Group. The traditional method of assigning an interface to a device is based on the SSID or AAA policy override.
C H A P T E R 4 Controller Menu Bar Selection This menu bar selection provides access to the controller configuration details. Use the selector area to access specific controller parameters.
Chapter 4 Controller Menu Bar Selection General General Use CONTROLLER > General to navigate to this page. The following tables explain the controller configuration general parameters. Table 4-1 Controller Configuration Parameters Parameter Description 802.3x Flow Control Mode May be Enabled or Disabled by selecting the corresponding line on the pull-down entry field. The factory default is Disabled. LWAPP Transport Mode Layer 2 or Layer 3 Lightweight Access Point Protocol transport mode.
Chapter 4 Controller Menu Bar Selection General Table 4-1 Controller Configuration Parameters (continued) Parameter Description Over the Air Provisioning of AP Enable or disable over-the-air Cisco Aironet 1000 Series lightweight access point and Cisco Aironet 1030 IEEE 802.11a/b/g remote edge lightweight access point (Cisco 1030 remote edge lightweight access point) configuration. AP Fallback Enabled or disabled checkbox.
Chapter 4 Controller Menu Bar Selection General Link Aggregation Link aggregation enables you to reduce the number of IP addresses needed to configure the ports on your controller. This is achieved by grouping all the physical ports and creating a link aggregation group (LAG). In a 4402 model, two ports are combined to form a LAG where as in a 4404 model, all four ports are combined to form a LAG. Note You cannot create more than one LAG on a controller.
Chapter 4 Controller Menu Bar Selection Inventory Inventory Use CONTROLLER > Inventory to navigate to this page. This page identifies Cisco WLAN Solution product information assigned by the manufacturer. The read-only fields are described in the following table. Table 4-2 Inventory Parameters Parameter Description System Description Product name of this controller. Model No. Specifies the model as defined by the factory. Serial Number Unique Serial Number for this controller.
Chapter 4 Controller Menu Bar Selection Interfaces Interfaces Use CONTROLLER > Interfaces to navigate to this page. The following table shows controller interface general parameters. Table 4-3 Controller Interface Parameters Parameter Description Interface Name Name of the interface: • Management -- 802.11 Distribution System wired network. • Service-port -- System Service interface. • Virtual -- Unused IP address used as the Virtual Gateway Address.
Chapter 4 Controller Menu Bar Selection Interfaces Interfaces > Edit Use CONTROLLER > Interfaces then click Edit to navigate to this page. The top of this page displays the Operator-Defined Interface Name, and may include the interface MAC Address. Edit controller management, VLAN, Service Port, Virtual, Operator-Defined and LWAPP Layer 3 AP-Manager interfaces as described in the following tables.
Chapter 4 Controller Menu Bar Selection Interfaces Table 4-5 Controller Service Port Interface Parameters Parameter Description DHCP Protocol Check the check box to have the Service Port interface use a DHCP server to obtain its IP address. IP Address The IP address of the Service Port interface. Netmask Interface subnet mask. Note The service port cannot be configured with the same IP address nor on the same subnet as the network distribution system.
Chapter 4 Controller Menu Bar Selection Interfaces • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Applying Interface changes may cause WLANs to temporarily drop client connections. You will be prompted to confirm the changes if this is the case. • Help: Request that the help page be displayed in a new browser window.
Chapter 4 Controller Menu Bar Selection Network Routes Network Routes Use CONTROLLER > Network Routes to navigate to this page. This page provides a summary of existing Service port Network Routes to Network or Element Management systems on a different subnet by IP Address, IP Netmask, and Gateway IP Address. • Remove a Network Route by selecting the appropriate Remove link. You are prompted for confirmation of the Network Route removal. • New: Select to add a new Network Route.
Chapter 4 Controller Menu Bar Selection DHCP Scopes DHCP Scopes Use CONTROLLER > Internal DHCP Server to navigate to this page. The controllers have built-in DHCP relay agents. However, when network administrators desire network segments that do not have a separate DHCP server, the controllers can have built-in DHCP Scopes (Dynamic Host Configuration Protocol servers) that assign IP addresses and subnet masks to Cisco WLAN Solution clients.
Chapter 4 Controller Menu Bar Selection DHCP Scopes DHCP Scope > Edit Use CONTROLLER > Internal DHCP Server then click Edit to navigate to this page. The controllers have built-in DHCP relay agents. However, when network administrators desire network segments that do not have a separate DHCP server, the controllers also have built-in DHCP Scopes (servers) that assign IP addresses and subnet masks to Cisco WLAN Solution clients.
Chapter 4 Controller Menu Bar Selection Static Mobility Group Members Static Mobility Group Members Use CONTROLLER > Mobility Management > Mobility Groups to navigate to this page. This page lists existing Mobility Group members by MAC Address and IP Address, and also indicates whether the Mobility Group member is Local (this controller) or remote (any other Mobility Group member). The first entry is the local controller, which cannot be deleted.
Chapter 4 Controller Menu Bar Selection Static Mobility Group Members 2. In the text box, add the MAC addresses and IP addresses for the rest of the controllers in the same geographical location (such as a campus or building) you want to add to the static mobility group. 3.
Chapter 4 Controller Menu Bar Selection Mobility Statistics Mobility Statistics Use CONTROLLER > Mobility Management > Mobility Statistics to navigate to this page. This page displays the statistics for mobility group events, and is divided into three sections: Global Mobility Statistics, Mobility Initiator Statistics, and Mobility Responder Statistics. • Global Statistics are those that affect all mobility transactions.
Chapter 4 Controller Menu Bar Selection Mobility Statistics Table 4-9 Mobility Initiator Statistics (continued) Parameter Description Anchor Request Sent Number of anchor requests that were sent for a three party (foreign to foreign) handoff. Handoff was received from another foreign and the new controller is requesting the anchor to move the client. Anchor Deny Received Number of anchor requests that were denied by the current anchor.
Chapter 4 Controller Menu Bar Selection Controller Spanning Tree Configuration Controller Spanning Tree Configuration Use CONTROLLER > Spanning Tree to navigate to this page. The Spanning Tree Protocol (STP) is a link management protocol. Cisco WLAN Solution implements the IEEE 802.1D standard for media access control bridges. Using the spanning tree algorithm provides redundancy while preventing undesirable loops in a network that are created by multiple active paths between stations.
Chapter 4 Controller Menu Bar Selection Controller Spanning Tree Configuration Table 4-12 STP Statistics Parameter Description Base MAC Address The MAC address used by this bridge when it must be referred to in a unique fashion. When concatenated with dot1dStpPriority, a unique BridgeIdentifier is formed that is used in the Spanning Tree Protocol. Topology Change Count The total number of topology changes detected by this bridge since the management entity was last reset or initialized.
Chapter 4 Controller Menu Bar Selection Ports Ports Use CONTROLLER > Ports to navigate to this page. This page displays the status of each physical port on the controller, and also indicates whether Port Mirroring is enabled or disabled. The following table provides a description and the range for each parameter. Table 4-13 Summary Parameters Parameter Description Range Port No Port number on the controller.
Chapter 4 Controller Menu Bar Selection Ports Table 4-13 Summary Parameters (continued) Parameter Description Range POE Displays status of Power over Ethernet functionality. Enable Sets support for multicast appliance mode. Enable Mcast Appliance Note Disable Disable The physical mode and status may reflect different values depending on the link status. For example, the physical mode may be set to “Auto” while the actual link is running at “10 Mbps Half Duplex”.
Chapter 4 Controller Menu Bar Selection Ports Table 4-14 Port Configuration Details (continued) Parameter Description Range Link Trap Sets all ports to send or not to send a trap when link status changes. The factory default is Don’t Apply. STP Mode The Spanning Tree Protocol Don’t Apply Administrative Mode 802.1D - all ports participate in the spanning tree and associated with the port.
Chapter 4 Controller Menu Bar Selection Ports Table 4-15 General Port Configuration (continued) Parameter Description Range Physical Mode Sets the physical mode of the port. Auto 100 Mbps Full Duplex 100 Mbps Half Duplex 10 Mbps Full Duplex 10 Mbps Half Duplex Physical Status Displays the current physical port interface status. 100 Mbps Full Duplex 100 Mbps Half Duplex 10 Mbps Full Duplex 10 Mbps Half Duplex Link Status Displays the status of the link.
Chapter 4 Controller Menu Bar Selection Ports Table 4-16 Spanning Tree Protocol Configuration (continued) Parameter Description STP State The port's current state as defined by application of the Spanning Tree Protocol. This state controls what action a port takes on reception of a frame. If the bridge has detected a port that is malfunctioning it places that port into the broken state. For ports disabled by Spanning Tree mode, this object has a value of disabled.
Chapter 4 Controller Menu Bar Selection Master Controller Configuration Master Controller Configuration Use CONTROLLER > Master Controller Mode to navigate to this page. This page enables the controller to be configured as the master controller for your access points connected in appliance mode. When there is a master controller enabled, all newly-added access points with no Primary, Secondary, or Tertiary controllers assigned associate with the master controller on the same subnet.
Chapter 4 Controller Menu Bar Selection NTP Servers NTP Servers Use CONTROLLER > Network Time Protocol to navigate to this page. Use this page to set the following Network Time Protocol parameters: • NTP Polling Interval Seconds - Network Polling Time Interval in seconds. • Server Index - The NTP server Index. The controller tries Index 1 first, then Index 2 through 3, in descending order. Should be 1 if your network is using only one NTP server. • Server Address - IP address of the NTP server.
Chapter 4 Controller Menu Bar Selection NTP Servers NTP Servers > Edit Use CONTROLLER > Network Time Protocol then click Edit to navigate to this page. This page allows you to change the NTP server. The following table describes the parameter you can change. Table 4-18 Edit Network Time Protocol Server Configuration Parameter Description Server Address IP address of the NTP server. Command Buttons • Back: Return to the previous window.
Chapter 4 Controller Menu Bar Selection QoS Profiles QoS Profiles Use CONTROLLER > QoS Profiles to navigate to this page. Use this page to view the following OS Quality of Service settings: Table 4-19 QoS Profiles Parameter Description Profile Name Name of the OS QoS Profile. Description Platinum (Voice)—This setting assures a high Quality of Service for Voice over Wireless. Gold (Video)—This setting supports high-quality video applications.
Chapter 4 Controller Menu Bar Selection QoS Profiles Edit QoS Profile Use CONTROLLER > QoS Profiles then click Edit to navigate to this page. The top of the main page lists the selected Quality of Service profile name. Use this page to edit the following OS QoS parameters. Table 4-20 QoS Profile Parameters Parameter Description Description Operator-Defined description for this QoS Profile. Average Per-User Contract Data Rate 0 to 60,000 bits per second.
C H A P T E R 5 Wireless Menu Bar Selection The WIRELESS tab provides access to the Cisco WLAN Solution wireless network configuration. Use the selector area to access specific wireless network parameters. Making this selection from the menu bar opens the Cisco APs page. You can access the following pages from the Wireless Menu Bar Selection: • Cisco APs • Cisco APs > Details. • 802.11a Cisco radio • 802.11a Cisco APs > Configure • 802.11 AP Interfaces > Performance Profile • 802.
Chapter 5 • 802.
Chapter 5 Wireless Menu Bar Selection Cisco APs Cisco APs Use WIRELESS > Access Points > Cisco APs or MONITOR > Summary > Cisco APs Detail to navigate to this page. This page displays the access points associated with this controller. Table 5-1 Cisco AP Summary Parameter Description AP Name Operator-defined name of the access point. AP ID Identification number automatically assigned by the controller when the access point is configured. Ethernet MAC The ethernet MAC address of the access point.
Chapter 5 Wireless Menu Bar Selection Cisco APs Cisco APs > Details Use WIRELESS > Access Points > Cisco APs and then click Detail to navigate to this page. This page shows the details of the selected access point including the hardware, Operating System software and boot version details. Note Bridging information parameters are displayed only when the AP mode is set to “Bridge”. Table 5-2 General Details Parameter Description AP Name Set the customer definable name of the access point.
Chapter 5 Wireless Menu Bar Selection Cisco APs Table 5-2 General Details (continued) Parameter Description AP Mode Set the access point mode of operation. Options are: • Local - the default option. • Monitor - monitor-only mode. • Bridge (displayed only if the AP is bridge capable)- set the AP mode to “Bridge” if you are connecting a WRAP. Note If the AP mode is set to “Bridge” and the AP is not REAP capable, an error is displayed.
Chapter 5 Wireless Menu Bar Selection Cisco APs Table 5-2 General Details (continued) Parameter Description Secondary Controller Name This is the access point’s secondary controller SNMP name. The access point attempts to associate with this controller second for all network operations and in the event of a hardware reset (See Note). Tertiary Controller Name This is the access point’s tertiary controller SNMP name.
Chapter 5 Wireless Menu Bar Selection Cisco APs Table 5-6 Bridging Information Parameters Parameter Description AP Role Not an editable field. Specifies if the WRAP is a RAP or PAP. RAP: RAPs have a wired LWAPP (Light Weight AP Protocol) connection back to a Cisco controller. It uses the backhaul wireless interface to communicate to neighboring PAPs.
Chapter 5 Wireless Menu Bar Selection Cisco APs Set to Factory Defaults Button • Click the Clear Config button to reset the access point parameters to the factory defaults. • Back: Return to the previous window. • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Help: Request that the help page be displayed in a new browser window.
Chapter 5 Wireless Menu Bar Selection Cisco APs 8. Expand it to locate the new remote adapter option. Double click on it to open a new window, enter a name in the field provided and enter the controller management interface IP in the IP address column. 9. Click OK. The new adapter will be added to the remote Cisco adapter. 10. Select the new adapter for remote airopeek capture using the access point. 11. Click start socket capture option in capture window to start the remote capture process. 12.
Chapter 5 Wireless Menu Bar Selection Cisco APs Table 5-7 Link Test Parameters (continued) Parameter Description Bridged Neighbor AP Select the receiving WRAP whose link needs to be tested. This is the Link Test ID. Make sure to clear the existing link test results using the Clear option at the bottom of that WRAP’s Link Test Results section. For example, if you are conducting the link test on Bridged Neighbor AP 8, go to the Link Test Results section; scroll to the Link Test ID 8 and click Clear.
Chapter 5 Wireless Menu Bar Selection 802.11a Cisco radio Table 5-8 Link Test Parameters Parameter Description Tx Dropped Packets Number of transmitting packets dropped during the link test duration. The transmitting WRAP can only send data at a certain rate. If more data is received than can be sent, then it is stored in the buffer. If the buffer is full, some packets are dropped. Rx Good Packets Number of good packets received during the link test duration.
Chapter 5 Wireless Menu Bar Selection 802.11a Cisco radio • The Configure link opens a list of configurable parameters for the identified Cisco radio (802.11a Cisco APs > Configure). • The Details link opens a list of primarily read-only Cisco radio attributes (802.11a AP Interfaces > Details). • Help: Request that the help page be displayed in a new browser window.
Chapter 5 Wireless Menu Bar Selection 802.11a Cisco radio 802.11a Cisco APs > Configure Use WIRELESS > Access Points > 802.11a Radios and then click Configure to navigate to this page. This page allows you to configure parameters specifically for this Cisco radio including antenna type, RF channel and Tx power level assignments. The performance profile for this Cisco radio is also accessed through this page. Reference the following tables for these parameters. Table 5-10 802.
Chapter 5 Wireless Menu Bar Selection 802.11a Cisco radio Table 5-12 Default AP Settings (continued) AP Type Radio Type Antenna Pattern Antenna Gain (dBi) AP 1130 802.11b AJAX-5GHz 5 AP 1000 802.11a;802.11b/g AIR-ANT1000 0 Table 5-13 WLAN Override Parameter Description WLAN Override Enable or disable WLAN Override for this 802.11a Cisco radio. ID (only when WLAN Override is enabled) WLAN ID number. WLAN SSID (only when WLAN Override enabled) Name of the WLAN.
Chapter 5 Wireless Menu Bar Selection 802.11a Cisco radio Table 5-15 Tx Power Level Assignment Parameter Description Current Tx Power Level The transmit power level of the access point. Tx Power Level indicates the maximum power. Note Assignment Method The power levels and available channels are defined by the Country Code setting, and are regulated on a country by country basis.
Chapter 5 Wireless Menu Bar Selection 802.11 AP Interfaces > Performance Profile 802.11 AP Interfaces > Performance Profile Use WIRELESS > Access Points > 802.11a Radios or WIRELESS > Access Points > 802.11b/g Radios > Configure and then click Performance Profile to navigate to this page. This page shows the details of the performance profile of the selected Cisco radio. The profile parameters are detailed in the following table and should be enabled for global control. Table 5-16 802.
Chapter 5 Wireless Menu Bar Selection 802.11a AP Interfaces > Details 802.11a AP Interfaces > Details Use WIRELESS > Access Points > 802.11a Radios and then click Detail to navigate to this page. This page lists primarily read-only attributes of the selected Cisco radio. Table 5-17 AP Details Parameters Description Interface Type Displays the Cisco radio type as 802.11a. AP Name This is the name assigned to the access point.
Chapter 5 Wireless Menu Bar Selection 802.11a AP Interfaces > Details Table 5-19 Operation Rate Set for 802.11a Cisco Radios Parameter Range (Note) 6000 Kilo Bits Mandatory, Supported or Disabled. 9000 Kilo Bits Mandatory, Supported or Disabled. 12000 Kilo Bits Mandatory, Supported or Disabled. 18000 Kilo Bits Mandatory, Supported or Disabled. 24000 Kilo Bits Mandatory, Supported or Disabled. 36000 Kilo Bits Mandatory, Supported or Disabled.
Chapter 5 Wireless Menu Bar Selection 802.11a AP Interfaces > Details Table 5-20 MAC Operation Parameters (continued) Parameter Description Fragmentation Threshold The current maximum size, in octets, of the MPDU that may be delivered to the PHY. An MSDU shall be broken into fragments if its size exceeds the value of this attribute after adding MAC headers and trailers.
Chapter 5 Wireless Menu Bar Selection 802.11a AP Interfaces > Details Table 5-22 Physical Channel Parameters (continued) Parameter Description Current CCA Mode CCA method in operation. Valid values are: Energy detect only (edonly) = 01, Carrier sense only (csonly) = 02, Carrier sense and energy detect (edandcs)= 04 Carrier sense with timer (cswithtimer)= 08 High rate carrier sense and energy detect (hrcsanded)=16.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Cisco Radios 802.11b/g Cisco Radios Use WIRELESS > Access Points > 802.11b/g Radios to navigate to this page. This page displays an overview of your 802.11b/802.11g Cisco radio network. The status of each 802.11b/g Cisco radio configured on this controller and its profile as detailed in the following table. Table 5-24 Cisco WLAN Solution 802.11b/g Cisco Radio Summary Parameter Description AP Name Set the customer definable name of the access point.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Cisco Radios 802.11b/g Cisco Radios > Configure Use WIRELESS > Access Points > 802.11b/g Radios and then click Configure to navigate to this page. This page allows you to configure parameters specifically for this Cisco radio including antenna type, RF channel and Tx power level assignments. The performance profile for this Cisco radio is also accessed through this page. Reference the following tables for these parameters.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Cisco Radios Table 5-28 RF Channel Assignment Parameter Description Current Channel Channel number of the access point. Note Assignment Method Note The channels 1, 6, and 11 are non-overlapping. Select one of the following: • Global—Use this setting if your access point’s channel is set globally by the controller. • Custom—Use this setting if you set the channel locally. The assignment method should normally be left at the global setting.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Cisco Radios Based on the configured antenna gain, the configured channel, and the configured power level, the actual transmit power at the access point can be reduced so that the specific country regulations are not exceeded. Note Irrespective of whether you choose Global or Custom assignment method, the actual conducted transmit power at the access point is verified such that country specific regulations are not exceeded.
Chapter 5 Wireless Menu Bar Selection 802.11b/g AP Interfaces > Details 802.11b/g AP Interfaces > Details Use WIRELESS > Access Points > 802.11b/g Radios and then click Detail to navigate to this page. This page lists primarily read-only attributes of the selected Cisco radio. Table 5-30 AP Details Parameters Description Interface Type Displays the Cisco radio type as 802.11b/g. AP Name This is the name assigned to the access point.
Chapter 5 Wireless Menu Bar Selection 802.11b/g AP Interfaces > Details Table 5-32 Operation Rate Set for 802.11b/g Cisco Radios Parameter Band Range (Note) 1000 Kilo Bits 802.11b or 802.11g. Mandatory, Supported or Disabled. 2000 Kilo Bits 802.11b or 802.11g. Mandatory, Supported or Disabled. 5500 Kilo Bits 802.11b or 802.11g. Mandatory, Supported or Disabled. 11000 Kilo Bits 802.11b or 802.11g. Mandatory, Supported or Disabled. 6000 Kilo Bits 802.11b or 802.11g.
Chapter 5 Wireless Menu Bar Selection 802.11b/g AP Interfaces > Details Table 5-33 MAC Operation Parameters (continued) Parameter Description Long Retry Limit The maximum number of transmission attempts of a frame, the length of which is greater than dot11RTSThreshold, that shall be made before a failure condition is indicated. The default value of this attribute shall be 4. Fragmentation Threshold The current maximum size, in octets, of the MPDU that may be delivered to the PHY.
Chapter 5 Wireless Menu Bar Selection 802.11b/g AP Interfaces > Details Table 5-35 Physical Channel Parameters (continued) Parameter Description Current CCA Mode CCA method in operation. Valid values are: Energy detect only (edonly) = 01. Carrier sense only (csonly) = 02. Carrier sense and energy detect (edandcs)= 04. Carrier sense with timer (cswithtimer)= 08. High rate carrier sense and energy detect (hrcsanded)=16.
Chapter 5 Wireless Menu Bar Selection Bridging Bridging Use WIRELESS > Bridging to navigate to this page. This page displays the Zero Touch Configuration field parameters. Zero Touch Configuration if enabled, allows you to take WRAPs out of the box, install them and make them work without any manual configuration of the WRAPs. For more information, refer to Zero Touch Configuration.
Chapter 5 Wireless Menu Bar Selection Bridging Table 5-37 Bridging Parameters (continued) Parameter Description Zero Touch Configuration By default, this check box is not checked. If you enable this option, the WRAP will be allowed to get the shared secret key from the controller with the default shared key. If you disable this option, the controller will not provide the shared secret key.
Chapter 5 Wireless Menu Bar Selection Bridging Zero Touch Configuration When Zero Touch Configuration is enabled on the controller, Cisco WRAP performs the following actions to accomplish a secure zero touch. Step 1 When a WRAP is first installed, it tries to find its role automatically. If it has a wired connection to a Cisco WLAN controller, then it assumes the role of RAP, otherwise it becomes a PAP. Step 2 Next it determines the backhaul interface and channel.
Chapter 5 Wireless Menu Bar Selection 802.11a Global Parameters 802.11a Global Parameters Use WIRELESS > Global RF > 802.11a Network to navigate to this page. This page allows you to change the global parameters of your 802.11a network. • Note 802.11a Network Status - Enable or Disable the 802.11a network. You must use this command to enable the 802.11a network after configuring other 802.11a parameters. Note that this command only enables the global Cisco WLAN Solution 802.11a network.
Chapter 5 Wireless Menu Bar Selection 802.11a Global Parameters 802.11a Global Parameters > Auto RF Use WIRELESS > Global RF > 802.11a Network and then click Auto RF button to navigate to this page. Use this page to edit the Auto RF characteristics. Table 5-38 RF Group Parameter Description Group Mode Dynamic grouping has two modes: Enabled and Disabled. When the grouping is Disabled, no dynamic grouping occurs. Each controller optimizes only its own access point parameters.
Chapter 5 Wireless Menu Bar Selection 802.11a Global Parameters Table 5-39 RF Channel Assignment Parameter Description Channel Assignment Method Dynamic channel assignment has three modes. • Automatic - The channel assignment is periodically updated for all access point that permit this operation. • On Demand - Channel assignments are updated when the Invoke Channel Update Now button is clicked. • OFF - No dynamic channel assignments occur and value are set to their global default.
Chapter 5 Wireless Menu Bar Selection 802.11a Global Parameters Table 5-39 RF Channel Assignment (continued) Parameter Description Signal Strength Contribution Always Enabled. Radio Resource Management (RRM) constantly monitors the relative location of all access points within the RF/mobility domain to ensure near-optimal channel re-use. The net effect is an increase in Cisco WLAN Solution capacity and a reduction in co-channel and adjacent channel interference.
Chapter 5 Wireless Menu Bar Selection 802.11a Global Parameters Table 5-41 Profile Thresholds Parameter Description Interference (0 to 100%) Foreign 802.11a interference threshold between 0 and 100 percent. Clients (1 to 75) Client threshold between 1 and 75 clients. Noise (-127 to 0 dBm) Foreign noise threshold between -127 and 0 dBm. Coverage (3 to 50 dBm) 802.11a coverage threshold between 3 and 50 dB. Utilization (0 to 100%) 802.11a RF utilization threshold between 0 and 100 percent.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Global Parameters 802.11b/g Global Parameters Use WIRELESS > Global RF > 802.11b/g Network to navigate to this page. Use this page to edit the global parameters of your 802.11b/g network. Note • 802.11b/g Network Status - Enable or Disable the 802.11b/g network. • 802.11g Support - Enable or Disable 802.11g network support. (Only available if the 802.11b/g Network is Enabled.) You must use these commands to enable the 802.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Global Parameters 802.11b/g Global Parameters > Auto RF Use WIRELESS > Global RF 802.11b/g Network and then click Auto RF button to navigate to this page. The Auto RF characteristics may be modified on this page. Table 5-43 RF Group Parameter Description Group Mode Dynamic grouping has two modes: Enabled and Disabled. When the grouping is Disabled, no dynamic grouping occurs.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Global Parameters Table 5-44 RF Channel Assignment Parameter Description Channel Assignment Method Dynamic channel assignment has three modes. Automatic - The channel assignment is periodically updated for all access points that permit this operation. On Demand - Channel assignments are updated when the Invoke Channel Update Now button is selected. OFF - No dynamic channel assignments occur and value are set to their global default.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Global Parameters Table 5-44 RF Channel Assignment (continued) Parameter Description Signal Strength Contribution Always Enabled. Radio Resource Management (RRM) constantly monitors the relative location of all access points within the RF/mobility domain to ensure near-optimal channel re-use. The net effect is an increase in Cisco WLAN Solution capacity and a reduction in co-channel and adjacent channel interference.
Chapter 5 Wireless Menu Bar Selection 802.11b/g Global Parameters Table 5-46 Profile Thresholds Parameter Description Interference (0 to 100%) Foreign 802.11b/g interference threshold between 0 and 100 percent. Clients (1 to 75) Client threshold between 1 and 75 clients. Noise (-127 to 0 dBm) Foreign noise threshold between -127 and 0 dBm. Coverage (3 to 50 dBm) 802.11b/g coverage threshold between 3 and 50 dB. Utilization (0 to 100%) 802.
Chapter 5 Wireless Menu Bar Selection 802.11h 802.11h Use WIRELESS > Global RF > 802.11h to navigate to this page. This page describes the 802.11h parameters. Caution The 802.11a network should be disabled before you configure 802.11h network. The 802.11h standard defines two sets of mechanisms - Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) that ensure wireless networks operate according to regulatory requirements for the 5-GHz spectrum.
Chapter 5 Wireless Menu Bar Selection Country Country Use WIRELESS > Country to navigate to this page. On this page, enter the country code where the controller and associated Access Points are installed and operational. This selection ensures that the listed broadcast frequency bands, interfaces, channels and transmit power levels are compliant with country-specific regulations. The currently-supported countries are: • AT (Austria), which allows 802.11a and 802.11b/g.
Chapter 5 Wireless Menu Bar Selection Country • NO (Norway), which allows 802.11a and 802.11b/g. • NZ (New Zealand) which allows 802.11a and 802.11b/g. • PH (Philippines) which allows 802.11a and 802.11b. • PL (Poland) which allows 802.11a and 802.11b/g. • PT (Portugal), which allows 802.11a and 802.11b/g. • SE (Sweden), which allows 802.11a and 802.11b/g. • SG (Singapore), which allows 802.11a and 802.11b/g. • SI (Slovenia), which allows 802.11a and 802.11b/g.
Chapter 5 Wireless Menu Bar Selection Timers Timers Use WIRELESS > Timers to navigate to this page. The timers listed on this page are described in the following table. Table 5-50 Timer Descriptions Timer Description 802.11 Authentication Response Timeout Configures 802.11 authentication response timeout between 5 and 60 seconds. Default 10 seconds.
Chapter 5 Wireless Menu Bar Selection Timers Cisco WLAN Controller Web Interface User Guide 5-46 OL-7416-04
C H A P T E R 6 Security Menu Bar Selection This tab allows you to configure and set security policies on your controller. Use the selector area to access specific security parameters. Making this selection from the menu bar opens the RADIUS Authentication Servers page.
Chapter 6 • NAC Statistics • CA Certification • ID Certificate • ID Certificate > New • Web Authentication Certificate • Trusted AP Policies • Rogue Policy • Standard Signatures • Signature > Detail • Custom Signatures • Client Exclusion Policies Security Menu Bar Selection Cisco WLAN Controller Web Interface User Guide 6-2 OL-7416-04
Chapter 6 Security Menu Bar Selection RADIUS Authentication Servers RADIUS Authentication Servers Use SECURITY > AAA > RADIUS Authentication to navigate to this page. This page displays RADIUS Server information for your configured Remote Authentication Dial-In User Server(s) and allows you to edit the Call Station ID Type. • Call Station ID Type - Choices are IP Address, System MAC Address, AP MAC Address. • Cache credentials locally for use with one time password only - Checkbox to enable or disable.
Chapter 6 Security Menu Bar Selection RADIUS Authentication Servers RADIUS Authentication Servers > New Use SECURITY > AAA > RADIUS Authentication then click New to navigate to this page. This page allows you to add a new Remote Authentication Dial-In User Server. The following information is required: • Note Note Server Index (Priority) - Index of the RADIUS server. The controller tries Index 1 first, then Index 2 through 17, in an ascending order.
Chapter 6 Security Menu Bar Selection RADIUS Authentication Servers Message Authentication Codes (MAC) are used between two parties that share a secret key to validate information transmitted between them. HMAC (Hash MAC) is a mechanism based on cryptographic hash functions. HMAC can be used in combination with any iterated cryptographic hash function. HMAC-MD5 and HMAC-SHA-1 are two constructs of the HMAC using the MD5 hash function and the SHA-1hash function.
Chapter 6 Security Menu Bar Selection RADIUS Authentication Servers RADIUS Authentication Servers > Edit Use SECURITY > AAA > RADIUS Authentication then click Edit to navigate to this page. This page allows you to change the following parameters on an existing Remote Authentication Dial-In User Server: • Server Index (Priority) - Index of the RADIUS server. • Shared Secret Format - Set the format of the shared secret to either ASCII or Hexadecimal.
Chapter 6 Security Menu Bar Selection RADIUS Authentication Servers • AES 128 CBC - Advanced Encryption Standard uses keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128, 192, or 256 bits. AES 128 CBC uses 128 bit data path in Cipher Clock Chaining (CBC) mode. – IKE Authentication: Not an editable field.
Chapter 6 Security Menu Bar Selection RADIUS Accounting Servers RADIUS Accounting Servers Use SECURITY > AAA > RADIUS Accounting to navigate to this page. This page displays RADIUS information for your existing Remote Accounting Dial-In User Server(s). Note • Network User - Enable or disable network user authentication. If this option is enabled, this entry is considered as the RADIUS authenticating server for the network user. • Server Index - The RADIUS server Index.
Chapter 6 Security Menu Bar Selection RADIUS Accounting Servers RADIUS Accounting Servers > New Use SECURITY > AAA > RADIUS Accounting then click New to navigate to this page. This page allows you to add a new Remote Accounting Dial-In User Server. The following information is required: Note • Server Index (Priority) - Index of the RADIUS server. The controller tries Index 1 first, then Index 2 through 17, in an ascending order. Set to 1 if your network is using only one Accounting server.
Chapter 6 Security Menu Bar Selection RADIUS Accounting Servers – IKE (Internet Key Exchange protocol) is used as a method of distributing the session keys (encryption and authentication), as well as providing a way for the VPN endpoints to agree on how the data should be protected. IKE keeps track of connections by assigning a bundle of Security Associations (SAs), to each connection. – IKE Phase 1:Set the Internet Key Exchange protocol (IKE).
Chapter 6 Security Menu Bar Selection RADIUS Accounting Servers • IP sec - Check this check box to enable or disable the IP Security mechanism. If you enable this option, the IP Security Parameters fields will be displayed. – IP Sec Authentication: Set the IP security authentication protocol to be used. Options are: • HMAC-SHA1 • HMAC-MD5 • None Message Authentication Codes (MAC) are used between two parties that share a secret key to validate information transmitted between them.
Chapter 6 Security Menu Bar Selection RADIUS Accounting Servers • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Help: Request that the help page be displayed in a new browser window.
Chapter 6 Security Menu Bar Selection Local Net Users Local Net Users Use SECURITY > AAA > Local Net Users to navigate to this page. This page displays a summary of the existing local network clients who are allowed to access a specific Cisco WLAN Solution WLAN sorted by User Name. This is an administrative bypass of the RADIUS authentication process. Layer 3 Web Authentication located on the WLANs > Edit page must be enabled.
Chapter 6 Security Menu Bar Selection Local Net Users Local Net Users > Edit Use SECURITY > AAA > Local Net Users then click Edit to navigate to this page. This page allows you to edit a local network user definition. Layer 3 Web Authentication located on WLANs > Edit page must be enabled. • Confirm or change the Password and Password Confirmation. • Enter the Cisco WLAN Solution WLAN ID that the user is allowed to access. • If desired, enter a user description.
Chapter 6 Security Menu Bar Selection MAC Filtering MAC Filtering Use SECURITY > AAA > MAC Filtering to navigate to this page. This page displays the RADIUS Compatibility Mode and MAC Delimiters for MAC Filtering, and also presents a summary of the client machines allowed to access network services via a specific Cisco WLAN Solution WLAN and through a specific interface. The client machine access is determined by its MAC address. This is an administrative bypass of the RADIUS authentication process.
Chapter 6 Security Menu Bar Selection MAC Filtering MAC Filters > Edit Use SECURITY > AAA > MAC Filtering then click Edit to navigate to this page. This page allows you to change a MAC Filter definition for an existing client MAC Address. • Change the WLAN ID to which the client has access. • If desired, add a filter Description. • Select the associated Interface Name, as defined in the Interfaces page. • Back: Return to the previous window.
Chapter 6 Security Menu Bar Selection Disabled Clients Disabled Clients Use SECURITY > AAA > Disabled Clients to navigate to this page. This page presents a summary of existing Exclusion Listed (blacklisted) clients manually barred by MAC address from access to network services. • The Edit link opens the Disabled Client > Edit page. • The Remove link allows you to enable a client that was formerly disabled. • New: Select to manually disable a client (Disabled Client > New).
Chapter 6 Security Menu Bar Selection User Policies User Policies Use SECURITY > AAA > User Login Policies to navigate to this page. This page allows you to specify the maximum number of concurrent logins for a single client name, between one and eight, or 0 = unlimited. Command Buttons • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
Chapter 6 Security Menu Bar Selection AP Policies AP Policies Use SECURITY > AAA > AP Policies to navigate to this page. This page allows you to set policies that help in the authorization of access points. Access points are authorized against AAA and/or a certificate. The following tables describe the access point authorization parameters. Table 6-1 Policy Configuration Parameter Description Authorize APs against AAA Check this check box if you want the access points to be authorized against AAA.
Chapter 6 Security Menu Bar Selection AP Policies Step 4 Click Add AP to AuthList. Command Buttons • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Help: Request that the help page be displayed in a new browser window.
Chapter 6 Security Menu Bar Selection Access Control Lists Access Control Lists Use SECURITY > Access Control Lists to navigate to this page. This page allows you to view current access control lists (ACLs) that are similar to standard firewall access control Lists. Note The Operating System allows you to define up to 64 ACLs, with up to 64 Rules (filters) per ACL. • Use the Edit link to open the Access Control Lists > Edit page. • Use the Remove link to remove an existing local MAC filter.
Chapter 6 Security Menu Bar Selection Access Control Lists Table 6-2 Current Rules Parameter Description Access List Name The name of the ACL. Sequence The operator can define up to 64 Rules for each ACL. The Rules for each ACL are listed in contiguous sequence from 1 to 64. That is, if Rules 1 through 4 are already defined and you add Rule 29, it is added as Rule 5.
Chapter 6 Security Menu Bar Selection Access Control Lists Command Buttons • Back: Return to the previous window. • Help: Request that the help page be displayed in a new browser window. • Add New Rule: Add a new rule to an existing ACL. Access Control Lists > Rules > Edit Use SECURITY > Access Control Lists, click Edit and then in the sequence number which you want to change the rule click Edit again to navigate to this page. This page allows you to change an ACL rule definition.
Chapter 6 Security Menu Bar Selection Access Control Lists Table 6-3 Rule Edit Parameters (continued) Parameter Description DSCP Any or Specific (from 0 - 63). Differentiated Services Code Point (DSCP). A packet header code that can be used to define quality of service across the Internet. Direction Any, Inbound (from client) or Outbound (to client). Action (Note 2) Deny or Permit. Note When you select some of these protocols, one or more additional data entry fields open up.
Chapter 6 Security Menu Bar Selection Access Control Lists Table 6-4 New Rule parameters Parameter Description Protocol (Note 1) Protocol to use for this ACL: Any - All protocols TCP - Transmission Control Protocol UDP - User Datagram Protocol ICMP - Internet Control Message Protocol ESP - IP Encapsulating Security Payload AH - Authentication Header GRE - Generic Routing Encapsulation IP - Internet Protocol Eth Over IP - Ethernet over Internet Protocol OSPF - Open Shortest Path First Other - Any othe
Chapter 6 Security Menu Bar Selection Network Access Control Network Access Control Use SECURITY > Network Access Control to navigate to this page. This page displays information about Network Access Control ACLs. It displays the following parameters: • NAC ACL Name • Server Index • Server Address • Port • Admin Status • Server Status – The Edit link takes you to the Network Access Control > Edit page. – The Remove link allows you to remove the Network Access Control definition.
Chapter 6 Security Menu Bar Selection Network Access Control • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Help: Request that the help page be displayed in a new browser window. Network Access Control > Edit Use SECURITY > Network Access Control, then click Edit to navigate to this page. This page allows you to edit the shared secret and admin status of a network access control.
Chapter 6 Security Menu Bar Selection NAC Statistics NAC Statistics Use SECURITY > Network Access Control, then click Stats to navigate to this page. This page allows you to view the Network Access Control statistics. This page contains the following: • Admin Status. • Number of Requests Sent. • Number of Retransmissions. • Number of Requests Received. • Number of Malformed Requests Received. • Number of Invalid Auth Received. • Number of Pending Requests. • Number of Timeouts.
Chapter 6 Security Menu Bar Selection CA Certification CA Certification Use SECURITY > IPSec Certificates > CA Certificate to navigate to this page. This page contains the current CA certificate information. If you choose to add an operator-generated or purchased CA Certificate, paste the new CA certificate ASCII text into the certificate box and click Apply. Caution Each certificate has a variable-length embedded RSA Key.
Chapter 6 Security Menu Bar Selection ID Certificate ID Certificate Use SECURITY > IPSec Certificates > ID Certificate to navigate to this page. This page summarizes existing network ID certificates by ID certificate name and valid period. An ID certificate can used by web server operators to ensure secure server operation. Caution Each certificate has a variable-length embedded RSA Key. The RSA key length varies from512 bits, which is relatively insecure, to thousands of bits, which is very secure.
Chapter 6 Security Menu Bar Selection Web Authentication Certificate Web Authentication Certificate Use SECURITY > Web Auth Certificate to navigate to this page. Use this page to view the current web authentication certificate type, download an SSL certificate, or regenerate a new locally- generated web auth certificate. Note The Operating System automatically generates a fully-functional web authentication certificate as it is loaded onto your controller.
Chapter 6 Security Menu Bar Selection Trusted AP Policies Trusted AP Policies Use SECURITY > Wireless Protection Policies > Trusted AP Policies to navigate to this page. This page allows you to select and view trusted access point policy information as shown in the following table. Table 6-5 Trusted AP Policies Parameters Parameter Description Enforced Encryption policy Choices are: None, open, WEP, or WPA/802.11i Enforced preample policy Choices are: None, short, or long.
Chapter 6 Security Menu Bar Selection Rogue Policy Rogue Policy Use SECURITY > Wireless Protection Policies > Rogue Policies to navigate to this page. This page allows you to select global parameters for rogue access point detection. • Enable Rogue Location Discovery Protocol to have the Cisco WLAN Solution automatically detect rogue access points on your wired network. • Expiration Timeout for Rogue AP Entries: The number of seconds after which the rogue AP will be taken off the list.
Chapter 6 Security Menu Bar Selection Standard Signatures Standard Signatures Use SECURITY > Wireless Protection Policies then click Standard Signatures to access this page. This page allows you to view standard signature information. • Precedence: Precedence order number. • Name: Name of the signature. • Frame Type: Type of frame, such as Management, or Data • Action: Type of action to take, such as report. • State: Enabled or disabled.
Chapter 6 Security Menu Bar Selection Standard Signatures Custom Signatures Use SECURITY > Wireless Protection Policies then click Custom Signatures to access this page. • Precedence: Precedence order number. • Name: Name of the custom signature. • Frame Type: Frame type, such as Management, or data. • Action: Type of action to take, such as report. • State: Enabled or disabled. • Description: Text description of the signature.
Chapter 6 Security Menu Bar Selection Client Exclusion Policies Client Exclusion Policies Use SECURITY > Wireless Protection Policies then click Client Exclusion Policies to access this page. This page allows you to set client exclusion policies. • Excessive 802.11a Association Failures: Enabled checkbox. • Excessive 802.11a Authentication Failures: Enabled checkbox. • Excessive 802.11x Authentication Failures: Enabled checkbox. • Network Access Control Failures: Enabled checkbox.
Chapter 6 Security Menu Bar Selection AP Authentication AP Authentication Use SECURITY > Wireless Protection Policies then click AP Authentication to access this page. This page allows you to set access point authentication policies. Table 6-6 AP Authentication Parameters Parameter Description RF Network Name Not an editable field. The RF Network name entered in the general parameters window (Refer to General) is displayed here.
Chapter 6 Security Menu Bar Selection AP Authentication Cisco WLAN Controller Web Interface User Guide 6-38 OL-7416-04
C H A P T E R 7 Management Menu Bar Selection This menu bar selection provides access to the controller management details. Use the selector area to access specific management parameters. Making this selection from the menu bar opens the Summary page.
Chapter 7 Management Menu Bar Selection Summary Summary Use MANAGEMENT > Summary to navigate to this page. This page displays the network summary of this controller. Table 7-1 Summary Parameters Parameter Description SNMP Protocols SNMP protocols supported. Syslog Log of system events. HTTP Mode Access mode for web and secure web.
Chapter 7 Management Menu Bar Selection SNMP System Summary SNMP System Summary Use MANAGEMENT > SNMP > General to navigate to this page. This page allows you to change some of the SNMP system parameters. Table 7-2 SNMP System Parameters Parameter Description Name Customer definable name of the controller. Location Customer definable controller location. Contact Customer definable contact details. System Description Read-only controller description. System Object ID Read-only object ID.
Chapter 7 Management Menu Bar Selection SNMP V3 Users SNMP V3 Users Use MANAGEMENT > SNMP > SNMP V3 Users to navigate to this page. This page provides a summary of the SNMP users as described in the following table. Table 7-3 SNMP User Summary Parameter Range User Name Name of the user profile. Access Level Read Only; Read Write. Auth Protocol None; HMAC-MD5; HMAC-SHA. Privacy Protocol None; CBC-DES. Remove a user profile by selecting the appropriate Remove link.
Chapter 7 Management Menu Bar Selection SNMP v1/v2c Community SNMP v1/v2c Community Use MANAGEMENT > SNMP > Communities to navigate to this page. This page provides a summary of the SNMP community as described in the following table. Table 7-5 SNMP Community Summary Parameter Range Community Name The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique community name.
Chapter 7 Management Menu Bar Selection SNMP v1/v2c Community SNMP v1/v2c Community > New Use MANAGEMENT > SNMP Communities then click New to navigate to this page. Use this page to add a new SNMP community profile as described in the following table. Table 7-6 SNMP Community Summary Parameter Range Community Name The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters.
Chapter 7 Management Menu Bar Selection SNMP v1/v2c Community SNMP v1/v2c Community > Edit Use MANAGEMENT > SNMP Communities then click Edit to navigate to this page. Use this page to Enable or Disable an SNMP community profile. All fields are read-only except the Status field. Table 7-7 SNMP Community Summary Parameter Range Community Name The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters.
Chapter 7 Management Menu Bar Selection SNMP Trap Receiver SNMP Trap Receiver Use MANAGEMENT > SNMP > Trap Receivers to navigate to this page. This page provides a summary of existing SNMP trap receivers as described in the following table. Table 7-8 SNMP Trap Receiver Summary Parameter Range Trap Receiver Name The name of the server where the traps are sent. IP Address The IP address of the server. Status Status must be enabled for the SNMP traps to be sent to the server.
Chapter 7 Management Menu Bar Selection SNMP Trap Receiver SNMP Trap Receiver > Edit Use MANAGEMENT > SNMP/Trap Receivers then click Edit to navigate to this page. You can use this page to Enable or Disable sending traps to a particular server. Only the Status field can be modified. Command Buttons • Back: Return to the previous window. • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM.
Chapter 7 Management Menu Bar Selection SNMP Trap Controls SNMP Trap Controls Use MANAGEMENT > SNMP > Trap Controls to navigate to this page. This page allows you to select which traps logs should be captured. Select the applicable logs and select Apply. Table 7-10 Miscellaneous Traps Trap Name Description SNMP Authentication The SNMPv2 entity has received a protocol message that is not properly authenticated. Link (Port) Up/Down Port changes status from up or down.
Chapter 7 Management Menu Bar Selection SNMP Trap Controls Table 7-13 Auto RF Profile Traps Trap Name Description Load Profile Notification sent when Load Profile state changes between PASS and FAIL. Noise Profile Notification sent when Noise Profile state changes between PASS and FAIL. Interference Profile Notification sent when Interference Profile state changes between PASS and FAIL. Coverage Profile Notification sent when Coverage Profile state changes between PASS and FAIL.
Chapter 7 Management Menu Bar Selection SNMP Trap Controls Table 7-16 IP Security Traps (continued) Trap Name Description IKE Suite Failure An attempt to negotiate a phase 2 SA suite for the specified selector failed. The current total failure counts are passed as well as the notification type counts for the notify involved in the failure. Invalid Cookie ISAKMP packets with invalid cookies were detected from the specified source, intended for the specified destination.
Chapter 7 Management Menu Bar Selection SNMP Trap Controls Table 7-19 Client Reason Code Descriptions and Meanings Client Reason Code Description Meaning 0 noReasonCode normal operation 1 unspecifiedReason client associated but no longer authorized 2 previousAuthNotValid client associated but not authorized 3 deauthenticationLeaving the access point went offline, de-authenticating the client 4 disassociationDueToInactivity client session timeout exceeded 5 disassociationAPBusy the ac
Chapter 7 Management Menu Bar Selection SNMP Trap Controls • Help: Request that the help page be displayed in a new browser window.
Chapter 7 Management Menu Bar Selection HTTP Configuration HTTP Configuration Use MANAGEMENT > HTTP to navigate to this page. This page allows you to enable or disable Web Mode or Secure Web Mode. • HTTP Access: This is the HTTP Web User Interface which is accessible using a login and password. If you disable HTTP Web Mode, you need Secure Web Mode enabled, or must use the CLI or Cisco Wireless Control System interface to configure the controller.
Chapter 7 Management Menu Bar Selection HTTP Configuration Command Buttons • Apply: Data or a Download SSL Certificate request is sent to the controller and made to take effect, but the result is not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Delete Certificate: Instruct the Operating System to delete the current SSL Certificate.
Chapter 7 Management Menu Bar Selection Telnet-SSH Configuration Telnet-SSH Configuration Use MANAGEMENT > Telnet-SSH to navigate to this page. Use this page to modify Telnet accessibility to the controller. Note • Telnet Login Timeout (minutes): This object indicates the number of minutes a telnet session is allowed to remain inactive before being logged off. A zero means there is no timeout. May be specified as a number from 0 to 160. The factory default is 5.
Chapter 7 Management Menu Bar Selection Serial Port Configuration Serial Port Configuration Use MANAGEMENT > Serial Port to navigate to this page. Use this page to modify configurable serial session properties. Table 7-21 Serial Session Properties Parameter Description Range Serial Port Login Timeout Specifies the time, in minutes, of inactivity on a Serial port connection, after which the controller closes the connection. Any numeric value between 0 and 160 is allowed. The default is 5.
Chapter 7 Management Menu Bar Selection Local Management Users Local Management Users Use MANAGEMENT > Local Management Users to navigate to this page. This page lists current management user logins on the controller and the users’ access privileges. You may remove a user account by selecting Remove. Removing the default admin user prohibits both Web and CLI access to the controller, so you must create a user provide with administrative (read/write) privileges BEFORE you remove the default user.
Chapter 7 Management Menu Bar Selection CLI Sessions CLI Sessions Use MANAGEMENT > User Sessions to navigate to this page. This page provides a list of open CLI sessions. It provides the following information. Table 7-23 CLI Session Details Parameter Description ID Session identification. User Name Login user name. Login Type Telnet or serial session. Connection From Name of the client computer system or the physical port. Idle time Elapsed inactive session time.
Chapter 7 Management Menu Bar Selection Syslog Configuration Syslog Configuration Use MANAGEMENT > Syslog to navigate to this page. • Use this page to Enable or Disable system logs. • If you enable syslogs, enter the Syslog Server IP address. • Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle; these parameters are stored temporarily in volatile RAM. • Help: Request that the help page be displayed in a new browser window.
Chapter 7 Management Menu Bar Selection Management Via Wireless Management Via Wireless Use MANAGEMENT > Mgmt Via Wireless to navigate to this page. Use this page to enable or disable access to the controller management interface from wireless clients. The default setting is disabled. Note Because of IPSec operation, Management via Wireless is only available to operators logging in across WPA, Static WEP, or VPN Pass Through WLANs.
Chapter 7 Management Menu Bar Selection Message Logs Message Logs Use MANAGEMENT > Message logs to navigate to this page. This page allows you to set the Message Log filter to include the following or more critical messages: • Critical Failure • Software Error • Authentication or Security Errors • Unexpected Software Events • Significant System Events Click Apply to implement the desired Message Log filter level.
Chapter 7 Management Menu Bar Selection System Resource Information System Resource Information Use MANAGEMENT > Tech Support > System Resource Information to navigate to this page. You can view the current controller CPU usage, system buffer, and Web server buffers parameters on this page. Command Buttons • Help: Request that the help page be displayed in a new browser window. Controller Crash Information Use MANAGEMENT > Tech Support > Controller Crash to navigate to this page.
Chapter 7 Management Menu Bar Selection Web Login Page Web Login Page Use Management > Web Login Page to navigate to this page. Here you can customize the content and appearance of the web login page that appears the first time a user accesses the client. Note The Web Policy option under WLAN security policies should be enabled for the login page to be displayed.
Chapter 7 Management Menu Bar Selection Web Login Page External Web Authentication The following steps describe how external web authentication works. How External Web Authentication Works Step 1 When you open a web browser with a URL say www.yahoo.com, it is verified for authentication. If it is not authenticated, the controller forwards the request to the controller web server to collect authentication details.
Chapter 7 Management Menu Bar Selection Web Login Page Template for customer login page You can use the login page template provided by Cisco to develop your own login screen. The template contains the following: • Hidden attribute names that will enable the controller to authenticate the user. • A javascript function that will extract the AP MAC address and the redirect back URL from the query string. • A function that sets your web auth page’s action URL.
Chapter 7 Management Menu Bar Selection Web Login Page The html code for the customer login page template is given below:
Web Authentication
