5(9,(: '5$)7 9HUVLRQ {&,6&2 &21),'(17,$// $'0,1,675$7,21 *8,'( &LVFR 6PDOO %XVLQHVV :$3 Wireless-N Access Point with Power over Ethernet :$3 Wireless-N Selectable -Band Access Point with Power over Ethernet
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL &KDSWHU *HWWLQJ 6WDUWHG Starting the Web-based AP Configuration Utility &RQWHQWV 7 Launching the Utility 8 Logging In 8 Logging Out 8 Using the Access Point Setup Wizard 9 Getting Started 10 Window Navigation 11 Application Header 11 Navigation Window 11 Management Buttons 12 &KDSWHU 9LHZLQJ 6WDWLVWLFV System Summary 14 Netw ork Interfaces 15 Traffic Statistics 16 WorkGroup Bridge Transmit/ Receive 17 Associated Clients 18
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL &KDSWHU :LUHOHVV 6HWWLQJV &RQWHQWV Radio 36 Netw orks 43 SSID Naming Conventions 43 VLAN IDs 44 Configuring VAPs 44 Configuring Security Settings 47 None (Plain-text) 47 Static WEP 47 Dynamic WEP 50 WPA Personal 51 WPA Enterprise 53 Scheduler 55 Adding Scheduler Profiles 56 Configuring Scheduler Rules 57 Scheduler Association 58 Bandw idth Utilization 58 MAC Filtering 59 Configuring a MAC Filter List Locally on the AP 59
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL &RQWHQWV Exclusive Operation of WPS Transactions 72 Backw ard Compatibility w ith WPS Version 1.
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL Email Alert &RQWHQWV 99 Discovery—Bonjour 101 HTTP/ HTTPS Service 102 Configuring HTTP and HTTPS Services 102 Managing SSL Certificates 103 Telnet/ SSH Service 104 Management Access Control 104 Dow nload/ Backup Configuration File 105 Backing Up a Configuration File 106 Dow nloading a Configuration File 107 Configuration Files Properties 107 Copying and Saving the Configuration 108 Rebooting 109 &KDSWHU 6\VWHP 6HFXULW\ RADIUS Ser
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL &RQWHQWV Authenticated Clients 127 Failed Authentication Clients 128 &KDSWHU &OLHQW 4XDOLW\ RI 6HUYLFH ACLs 130 IPv4 and IPv6 ACLs 130 MAC ACLs 131 Configuring ACLs 131 Class Map 137 Adding a Class Map 138 Defining a Class Map 138 Policy Map 142 Client QoS Association 144 Client QoS Status 145 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point w ith PoE 6
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 2 *HWWLQJ 6WDUWHG This chapter provides an introduction to the w eb-based access point (AP) configuration utility, and includes the follow ing topics: • 6WDUWLQJ WKH :HE EDVHG $3 &RQILJXUDWLRQ 8WLOLW\ • 8VLQJ WKH $FFHVV 3RLQW 6HWXS :L]DUG • *HWWLQJ 6WDUWHG • :LQGRZ 1DYLJDWLRQ 6WDUWLQJ WKH :HE EDVHG $3 &RQILJXUDWLRQ 8WLOLW\ This section describes how to navigate the AP configuration utility.
*HWWLQJ 6WDUWHG Starting the Web-based AP Configuration Utility REVIEW DRAFT Version 2—CISCO CONFIDENTIAL /DXQFKLQJ WKH 8WLOLW\ To open the w eb-based AP configuration utility: 67(3 Open a Web brow ser. 67(3 Enter the IP address of the AP you are configuring in the address bar on the brow ser, and then press Enter. The Login page opens. /RJJLQJ ,Q To log in to the w eb-based AP configuration utility: 67(3 Enter the user name and passw ord.
*HWWLQJ 6WDUWHG Using the Access Point Setup Wizard REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 8VLQJ WKH $FFHVV 3RLQW 6HWXS :L]DUG The first time you log into the AP (or after it has been reset to the factory default settings), the Access Point Star tup Wizard displays to help you perform initial configuration. Follow these steps to complete the w izard: 127( If you click Cancel to bypass the Wizard, the Change Passw ord page displays. You can then change the default passw ord for logging in.
*HWWLQJ 6WDUWHG Getting Started REVIEW DRAFT Version 2—CISCO CONFIDENTIAL If you click 1H[W, the Wizard displays the Access Point Setup Wizard— Finish w indow. 67(3 Click )LQLVK. The Getting Star ted w indow displays. *HWWLQJ 6WDUWHG To simplify device configuration through quick navigation, the Getting Star ted page provides links for performing common tasks. /LQNV RQ WKH *HWWLQJ 6WDUWHG 3DJH &DWHJRU\ /LQN 1DPH RQ WKH 3DJH /LQNHG 3DJH Initial Setup Run Setup Wizard Access Point Star tup Wiz
*HWWLQJ 6WDUWHG Window Navigation REVIEW DRAFT Version 2—CISCO CONFIDENTIAL :LQGRZ 1DYLJDWLRQ This section describes the features of the w eb-based AP configuration utility. $SSOLFDWLRQ +HDGHU $SSOLFDWLRQ +HDGHU The Application Header is displayed on every page. It provides the follow ing buttons: %XWWRQV %XWWRQ 1DPH 'HVFULSWLRQ (User) The name of the user logged on to the AP. The factory default user name is FLVFR. /RJ 2XW Click to log out of the w eb-based AP configuration utility.
*HWWLQJ 6WDUWHG Window Navigation REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 0DQDJHPHQW %XWWRQV 0DQDJHPHQW %XWWRQV The follow ing table describes the commonly used buttons that appear on various pages in the system. 0DQDJHPHQW %XWWRQV %XWWRQ 1DPH 'HVFULSWLRQ $GG Click to display the related Add page and add an entry to a table. Enter the information and click 6DYH to save it to the Running Configuration and to the Startup Configuration. &DQFHO Click to reset changes made on the page.
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 3 9LHZLQJ 6WDWLVWLFV This chapter describes how to display WAP121/ WAP321 statistics. It contains the follow ing topics. • 6\VWHP 6XPPDU\ • 1HWZRUN ,QWHUIDFHV • 7UDIILF 6WDWLVWLFV • :RUN*URXS %ULGJH 7UDQVPLW 5HFHLYH • $VVRFLDWHG &OLHQWV • 763(& &OLHQW $VVRFLDWLRQV • 5RJXH $3 'HWHFWLRQ • 763(& 6WDWXV DQG 6WDWLVWLFV • 763(& $3 6WDWLVWLFV • 5$',2 6WDWLVWLFV • (PDLO $OHUW 6WDWXV • /RJ Cisco Small Business WAP121 and WAP321 Wireless-N Access Poi
9LHZLQJ 6WDWLVWLFV System Summary REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 6\VWHP 6XPPDU\ The System Summary page displays basic information such as the hardw are model description, softw are version, and system up time. To view system information, click 6WDWXV DQG 6WDWLVWLFV > 6\VWHP 6XPPDU\ in the navigation w indow. Or, click 6\VWHP 6XPPDU\ under 'HYLFH 6WDWXV on the Getting Star ted page. The System Summary page displays the follow ing information: • 3,' 9,'—The AP hardw are model and version.
9LHZLQJ 6WDWLVWLFV Network Interfaces REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • &RQQHFWLRQ 6WDWH—The state of the service. For UDP, only connections in the Active state display in the table. In the Active state, a connection is established betw een the sw itch and a client or server. The TCP states are: - /LVWHQ—The service is listening for connection requests. - $FWLYH—A connection session is established and packets are being transmitted and received.
9LHZLQJ 6WDWLVWLFV Traffic Statistics REVIEW DRAFT Version 2—CISCO CONFIDENTIAL You can click 5HIUHVK to refresh the screen and display the most current information. 7UDIILF 6WDWLVWLFV Use the Traffic Statistics page to view basic information about the AP and a realtime display of transmit and receive statistics for the Ethernet interface and the VAPs on both radio interfaces. All transmit and receive statistics reflect the totals since the AP w as last started.
9LHZLQJ 6WDWLVWLFV WorkGroup Bridge Transmit/ Receive REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • (UURUV—The total number of errors related to sending and receiving data on this AP. You can click 5HIUHVK to refresh the screen and display the most current information. :RUN*URXS %ULGJH 7UDQVPLW 5HFHLYH The WorkGroup Bridge Transmit/ Receive page displays packet and byte counts for traffic betw een stations on a w orkgroup bridge.
9LHZLQJ 6WDWLVWLFV Associated Clients REVIEW DRAFT Version 2—CISCO CONFIDENTIAL $VVRFLDWHG &OLHQWV You can use the Associated Clients page to view the client stations associated w ith a particular access point. To display this page, click 6WDWXV DQG 6WDWLVWLFV > $VVRFLDWHG &OLHQWV in the navigation w indow. The associated stations are displayed along w ith information about packet traffic transmitted and received for each station.
9LHZLQJ 6WDWLVWLFV TSPEC Client Associations REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • - 'URS 3DFNHWV—Number of packets dropped after being received (transmitted). - 'URS %\WHV—Number of bytes that dropped after being received (transmitted). - 76 9LRODWH 3DFNHWV )URP 6WDWLRQ —Number of packets sent from a client STA to the AP in excess of its active TS uplink bandw idth, or for an access category requiring admission control to w hich the client STA has not been admitted.
9LHZLQJ 6WDWLVWLFV TSPEC Client Associations REVIEW DRAFT Version 2—CISCO CONFIDENTIAL The follow ing information is provided on the TSPEC Client Associations page. Status: • 1HWZRUN ,QWHUIDFH—Radio interface used by the client. • 66,'—Service set identifier associated w ith this TS client. • 6WDWLRQ—Client station MAC address. • 76 ,GHQWLILHU—TSPEC Traffic Session Identifier (range 0-7). • $FFHVV &DWHJRU\—TS Access Category (voice or video). • 'LUHFWLRQ—Traffic direction for this TS.
9LHZLQJ 6WDWLVWLFV Rogue AP Detection REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • • • 'LUHFWLRQ—The traffic direction for this TS. Direction can be one of the follow ing: - uplink - dow nlink - bidirectional )URP 6WDWLRQ—Show s the number of packets and bytes received from the w ireless client and the number of packets and bytes that w ere dropped after being received. The follow ing also display : - 3DFNHWV—Number of packets in excess of an admitted TSPEC. - %\WHV—Number of packets for w h
9LHZLQJ 6WDWLVWLFV Rogue AP Detection REVIEW DRAFT Version 2—CISCO CONFIDENTIAL To view information about other access points on the w ireless netw ork, click 6WDWXV DQG 6WDWLVWLFV ! 5RJXH $3 'HWHFWLRQ in the navigation w indow. When AP detection is enabled, the radio w ill periodically sw itch from its operating channel to scan other channels w ithin the same band. You can click 5HIUHVK to refresh the screen and display the most current information. Neighbor AP detection can be enabled and disabled.
9LHZLQJ 6WDWLVWLFV Rogue AP Detection REVIEW DRAFT Version 2—CISCO CONFIDENTIAL The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a w ireless local area netw ork. It is also referred to as the Netw ork Name. 127( You can set the SSID on the Wireless > Wireless Netw ork Setup (VAPs) page. • 3ULYDF\—Indicates w hether there is any security on the neighboring device: - Off indicates that the Security mode on the neighboring device is set to None (no security).
9LHZLQJ 6WDWLVWLFV Rogue AP Detection REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • /DVW %HDFRQ—The date and time of the last beacon received from this AP. • 5DWHV—Supported and basic (advertised) rate sets for the neighboring AP. Rates are show n in megabits per second (Mbps). All Supported Rates are listed, w ith Basic Rates show n in bold. Rate sets are configured on the Wireless > Radio page. To save the Trusted AP List to a file, click 6DYH.
9LHZLQJ 6WDWLVWLFV TSPEC Status and Statistics REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 763(& 6WDWXV DQG 6WDWLVWLFV The TSPEC Status and Statistics page provides the follow ing: • Summary information about TSPEC sessions by radio. • Summary information about TSPEC sessions by VAP. • Real-time transmit and receive statistics for the radio interface and the netw ork interface(s). All of the transmit and receive statistics show n are totals since the AP w as last started.
9LHZLQJ 6WDWLVWLFV TSPEC AP Statistics REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • $FFHVV &DWHJRU\—The Access Category associated w ith this Traffic Stream (voice or video). • 7RWDO 3DFNHWV—Total number of TS packets sent (in Transmit table) or received (in Received table) by this Radio for the specified Access Category. • 7RWDO %\WHV—Total number of bytes received in the specified access category.
9LHZLQJ 6WDWLVWLFV RADIO Statistics REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 5$',2 6WDWLVWLFV You can use the Radio Statistic s page to display packet-level and byte-level statistics for each w ireless radio interface. To view this page, click 6WDWXV DQG 6WDWLVWLFV ! 5DGLR 6WDWLVWLFV in the navigation w indow. The follow ing information displays: • 3DFNHWV 5HFHLYHG—Total packets received by the AP. • %\WHV 5HFHLYHG—Total bytes received by the AP.
9LHZLQJ 6WDWLVWLFV Email Alert Status REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 0XOWLSOH 5HWU\ &RXQW—Number of times an MSDU is successfully transmitted after more than one retry. • 576 6XFFHVV &RXQW—Count of CTS frames received in response to an RTS frame. • 576 )DLOXUH &RXQW—Count of CTS frames not received in response to an RTS frame. • $&. )DLOXUH &RXQW—Count of ACK frames not received w hen expected. • )&6 (UURU &RXQW—Count of FCS errors detected in a received MPDU frame.
9LHZLQJ 6WDWLVWLFV Log REVIEW DRAFT Version 2—CISCO CONFIDENTIAL /RJ The Log page displays a list of system events that generated a log entry, such as login attempts and configuration changes. The log is cleared upon a reboot and can be cleared by an administrator. Up to 512 events can be displayed. Older entries are removed from the list as needed to make room for new events. To view this page, click 6WDWXV DQG 6WDWLVWLFV ! /RJ 6WDWXV in the navigation w indow.
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 4 /$1 6HWWLQJV This chapter describes how to configure the AP’s port, netw ork, and clock settings. It includes the follow ing topics: • 3RUW 6HWWLQJV • /$1 • 7LPH 6HWWLQJV 3RUW 6HWWLQJV The Por t Settings page enables you to view and configure settings for the port that physically connects the AP to a local area netw ork. To view and configure LAN settings: 67(3 Click /$1 > 3RUW 6HWWLQJV in the navigation area.
/$1 6HWWLQJV LAN REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • When enabled, the port w ill negotiate w ith its link partner to set the fastest link speed and duplex mode available. • When disabled, you can manually configure the port speed and duplex mode. 67(3 Click 6DYH. The settings are saved to the Running Configuration and the Startup Configuration.
/$1 6HWWLQJV LAN REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • $GPLW 2QO\ 9/$1 7DJJHG )UDPHV—Select to enable the forw arding of traffic that is received w ith no VLAN tag. Clear the checkbox if you w ant untagged traffic to be forw arded on the VLAN identified by the Port VLAN ID value. 67(3 Configure the follow ing IPv4 settings: • &RQQHFWLRQ 7\SH—By default, the DHCP client on the WAP121/ WAP321 automatically broadcasts requests for netw ork information.
/$1 6HWWLQJV Time Settings REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 6WDWLF ,3Y $GGUHVV 3UHIL[ /HQJWK—The prefix length of the static address, w hich is an integer in the range of 0–128. • ,3Y $XWRFRQILJXUHG *OREDO $GGUHVVHV—If the AP has been assigned one or more IPv6 addresses automatically, the addresses are listed. • ,3Y /LQN /RFDO $GGUHVV—The IPv6 address used by the local physical link.
/$1 6HWWLQJV Time Settings REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 173 6HUYHU—Specify the IP address or domain name of an NTP server. A default NTP server is listed. • 7LPH =RQH{Select the time zone for your location. 67(3 Select $GMXVW 7LPH IRU 'D\OLJKW 6DYLQJV if daylight savings time is applicable to your time zone. When selected, configure the follow ing fields: • 'D\OLJKW 6DYLQJV 6WDUW—Select w hich w eek, day, month, and time w hen daylight savings time starts. • 'D\OLJKW 6DYLQJV (
/$1 6HWWLQJV Time Settings REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 67(3 Click 6DYH. The changes are saved to the Running Configuration and to the Startup Configuration.
REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 5 :LUHOHVV 6HWWLQJV This chapter describes how to configure properties of the w ireless radio operation.
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 67(3 Click :LUHOHVV > 5DGLR in the navigation w indow. 67(3 In the Global Settings area, configure the 763(& 9LRODWLRQ ,QWHUYDO—The time interval in seconds for the AP to report (through the system log and SNMP traps) associated clients that do not adhere to mandatory admission control procedures. 67(3 In the Basic Settings area, configure the follow ing settings: • 5DGLR—Turns on or off the radio interface.
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL referred to as the Primary and Secondary channels. The Primary Channel is used for 802.1 1n clients that support only a 20 MHz channel bandw idth and for legacy clients. Select one of the follow ing options: • - Upper—Set the Primary Channel as the upper 20 MHz channel in the 40 MHz band. - Low er—Set the Primary Channel as the low er 20 MHz channel in the 40 MHz band.
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 3URWHFWLRQ —The protection feature contains rules to guarantee that 802.1 1 transmissions do not cause interference w ith legacy stations or applications. By default, these protection mechanisms are enabled (Auto). With protection enabled, protection mechanisms w ill be invoked if legacy devices are w ithin range of the AP.
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL Setting the threshold to the largest value (2,346 bytes) effectively disables fragmentation. Fragmentation plays no role w hen Aggregation is enabled. Fragmentation involves more overhead both because of the extra w ork of dividing up and reassembling of frames it requires, and because it increases message traffic on the netw ork. How ever, fragmentation can help improve netw ork performance and reliability if properly configured.
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • )L[HG 0XOWLFDVW 5DWH—The multicast traffic transmission rate the AP supports. • /HJDF\ 5DWH 6HWV—The transmission rate sets the AP supports and the basic rate sets the AP advertises: Rates are expressed in megabits per second. Supported Rate Sets indicate rates that the AP supports. You can check multiple rates (click a check box to select or de-select a rate).
:LUHOHVV 6HWWLQJV Radio REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 5DWH /LPLW %XUVW—Setting a rate limit burst determines how much traffic bursts can be before all traffic exceeds the rate limit. This burst limit allow s intermittent bursts of traffic on a netw ork above the set rate limit. The default and maximum rate limit burst setting is 75 packets per second. • • 763(& 0RGH—Regulates the overall TSPEC mode on the AP.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 763(& $3 ,QDFWLYLW\ 7LPHRXW —The amount of time for an AP to detect an dow nlink TS as idle before deleting it. • 763(& 6WDWLRQ ,QDFWLYLW\ 7LPHRXW —The amount of time for an AP to detect an uplink TS as idle before deleting it. • 763(& /HJDF\ :00 4XHXH 0DS 0RGH —Enables or disables the intermixing of legacy traffic on queues operating as ACM. 67(3 Click 6DYH.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL The SSID can be any alphanumeric, case-sensitive entry from 2 to 32 characters. The printable characters plus the space (ASCII 0x20) are allow ed, but the follow ing six characters are not: ?, ", $, [, \ , ], and +. The allow able characters are: ASCII 0x20, 0x21, 0x23, 0x25 through 0x2A, 0x2C through 0x3E, 0x40 through 0x5A, 0x5E through 0x7E.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL —Or— If VAP0 is the only VAP configured on the system, and you w ant to add a VAP, click $GG. Then, select the VAP and click (GLW. 127( VAP0 is not editable. 67(3 Configure the parameters: • 9/$1 ,'—The VID of the VLAN to associate w ith the VAP.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL - Static WEP - Dynamic WEP - WPA Personal - WPA Enterprise If you select a security mode other than None, additional fields appear. These fields are explained in &RQILJXULQJ 6HFXULW\ 6HWWLQJV SDJH . • • • 0$& )LOWHULQJ—Whether the stations that can access this VAP are restricted to a configured global list of MAC addresses. You can select on of the follow ing types of MAC filtering: - 'LVDEOHG: Do not use MAC filtering.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 67(3 Click 6DYH. The changes are saved to the Running Configuration and to the Startup Configuration. 127( Changing some settings might cause the AP to stop and restart system processes. If this happens, w ireless clients w ill temporarily lose connectivity. We recommend that you change AP settings w hen WLAN traffic is low. 127( To delete a VAP, select the VAP and click 'HOHWH. &RQILJXULQJ 6HFXULW\ 6HWWLQJV The follow ing secti
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • • • .H\ /HQJWK—The length of the key. Select one: - 64 bits - 128 bits .H\ 7\SH—The key type. Select one: - ASCII - Hex :(3 .H\V—You can specify up to four WEP keys. In each text box, enter a string of characters for each key. The keys you enter depend on the key type selected: - ASCII— Includes upper and low er case alphabetic letters, the numeric digits, and special symbols such as @ and #.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 127( Just because a client station is allow ed to associate does not ensure it can exchange traffic w ith an AP. A station must have the correct WEP key to be able to successfully access and decrypt data from an AP, and to transmit readable data to the AP. - 6KDUHG .H\ authentication requires the client station to have the correct WEP key in order to associate w ith the AP.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL '\QDPLF :(3 Dynamic WEP refers to the combination of 802.1x technology and the Extensible Authentication Protocol (EAP). With Dynamic WEP security, WEP keys are changed dynamically. EAP messages sent over an IEEE 802.1 1 w ireless netw ork using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamicallygenerated keys that are periodically refreshed.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 6HUYHU ,3 $GGUHVV or 6HUYHU ,3Y z —Up to three IPv4 or IPv6 backup RADIUS server addresses. If authentication fails w ith the primary server, each configured backup server is tried in sequence. • .H\—The shared secret key that the AP uses to authenticate to the primary RADIUS server. You can use up to 63 standard alphanumeric and special characters.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL This security mode is backw ards-compatible for w ireless clients that support the original WPA. The follow ing parameters display for WPA Personal configuration: • :3$ 9HUVLRQV—The types of client stations you w ant to support: - :3$—The netw ork has client stations that support the original WPA and none that support the new er WPA2. - :3$ —All client stations on the netw ork support WPA2.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • %URDGFDVW .H\ 5HIUHVK 5DWH—The interval at w hich the broadcast (group) key is refreshed for clients associated to this VAP (the default is 300). The valid range is 0 – 86400 seconds. A value of 0 indicates that the broadcast key is not refreshed. :3$ (QWHUSULVH WPA Enterprise w ith RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.1 1i standard, w hich includes CCMP (AES), and TKIP mechanisms.
:LUHOHVV 6HWWLQJV Networks REVIEW DRAFT Version 2—CISCO CONFIDENTIAL - CCMP (AES) - TKIP and CCMP (AES) By default both TKIP and CCMP are selected.
:LUHOHVV 6HWWLQJV Scheduler REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • .H\—The RADIUS key is the shared secret key for the global RADIUS server. You can use up to 63 standard alphanumeric and special characters. The key is case sensitive, and you must configure the same key on the AP and on your RADIUS server. The text you enter w ill be displayed as "*" characters to prevent others from seeing the RADIUS key as you type. • .H\ z —The RADIUS key associated w ith the configured backup RADIUS server
:LUHOHVV 6HWWLQJV Scheduler REVIEW DRAFT Version 2—CISCO CONFIDENTIAL The AP supports up to 16 profiles. Only valid rules are added to the profile. Up to 16 rules are grouped together to form a scheduling profile. Periodic time entries belonging to the same profile cannot overlap. $GGLQJ 6FKHGXOHU 3URILOHV You can create up to 16 scheduler profile names. By default, no profiles are created.
:LUHOHVV 6HWWLQJV Scheduler REVIEW DRAFT Version 2—CISCO CONFIDENTIAL &RQILJXULQJ 6FKHGXOHU 5XOHV You can configure up to 16 rules for a profile. Each rule specifies the start time, end time and day (or days) of the w eek the radio or VAP can be operational. The rules are periodic in nature and are repeated every w eek. A valid rule must contain all of the parameters (days of the w eek, hour, and minute) for the start time and the end time.
:LUHOHVV 6HWWLQJV Scheduler Association REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 6FKHGXOHU $VVRFLDWLRQ The Scheduler profiles need to be associated w ith the WLAN interface or a VAP interface to be effective. By default, there are no Scheduler profiles created, hence no profile is associated to any radio or VAP. Only one Scheduler profile can be associated w ith the WLAN interface or each VAP. A single profile can be associated to multiple VAPs.
:LUHOHVV 6HWWLQJV MAC Filtering REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 127( Changing some settings might cause the AP to stop and restart system processes. If this happens, w ireless clients w ill temporarily lose connectivity. We recommend that you change AP settings w hen WLAN traffic is low. 0$& )LOWHULQJ Media Access Control (MAC) filtering can be used to exclude or allow only listed client stations to authenticate w ith the access point.
:LUHOHVV 6HWWLQJV WDS Bridge REVIEW DRAFT Version 2—CISCO CONFIDENTIAL The MAC Address appears in the 6WDWLRQV /LVW. 67(3 Continue entering MAC addresses until the list is complete, and then click 6DYH. The changes are saved to the Running Configuration and to the Startup Configuration. 127(: To remove a MAC Address from the Stations List, select it, then click 5HPRYH. 127(: Changing some settings might cause the AP to stop and restart system processes.
:LUHOHVV 6HWWLQJV WDS Bridge REVIEW DRAFT Version 2—CISCO CONFIDENTIAL In the point-to-point mode, the AP accepts client associations and communicates w ith w ireless clients and other repeaters. The AP forw ards all traffic meant for the other netw ork over the tunnel that is established betw een the APs. The bridge does not add to the hop count. It functions as a simple OSI layer 2 netw ork device. In the point-to-multipoint bridge mode, one AP acts as the common link betw een multiple APs.
:LUHOHVV 6HWWLQJV Work Group Bridge REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • 5HPRWH 0$& $GGUHVV—Specify the MAC address of the destination AP; that is, the AP on the other end of the WDS link to w hich data w ill be sent or handed-off and from w hich data w ill be received. • (QFU\SWLRQ—The type of encryption to use on the WDS link. The options are none, WEP, and WPA Personal. If you are unconcerned about security issues on the WDS link, you may decide not to set any type of encryption.
:LUHOHVV 6HWWLQJV Work Group Bridge REVIEW DRAFT Version 2—CISCO CONFIDENTIAL It is recommended that Work Group Bridge mode be used only w hen the WDS bridge feature cannot be operational w ith a peer AP. WDS is a better solution and is preferred over the Work Group Bridge solution. The Work Group Bridge feature should be used only w hen WDS links cannot be established due to hardw are mismatches w ithin an extended service set (ESS).
:LUHOHVV 6HWWLQJV Work Group Bridge REVIEW DRAFT Version 2—CISCO CONFIDENTIAL - 6WDWLF :(3 - :3$ 3HUVRQDO See &RQILJXULQJ 6HFXULW\ 6HWWLQJV SDJH for information about WEP and WPA Personal security settings. Configure the upstream BSS w ith the same SSID and security as advertised by upstream AP. The upstream BSS w ill be associated to the upstream AP w ith the configured credentials. The AP may obtains its IP address from a DHCP server on the upstream link.
:LUHOHVV 6HWWLQJV QoS REVIEW DRAFT Version 2—CISCO CONFIDENTIAL 4R6 The Quality of Service (QoS) settings provide you w ith the ability to configure transmission queues for optimized throughput and better performance w hen handling differentiated w ireless traffic, such as voice-over-IP (VoIP), other types of audio, video, streaming media, and traditional IP data.
:LUHOHVV 6HWWLQJV QoS REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • Data 3 (Background)—Low est priority queue, high throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). To configure QoS on the AP: 67(3 Configure the follow ing parameters: 127( that the AP EDCA and Station EDCA parameters are configurable only if you selected Custom in the previous step. • $UELWUDWLRQ ,QWHU )UDPH 6SDFH—A w ait time for data frames.
:LUHOHVV 6HWWLQJV WPS Setup REVIEW DRAFT Version 2—CISCO CONFIDENTIAL Valid values are 0.0 through 999. • :L )L 0XOWL0HGLD :00 —Select (QDEOHG to enable Wi-Fi MultiMedia (WMM) extensions. This is enabled by default. With WMM enabled, QoS prioritization and coordination of w ireless medium access is on.
:LUHOHVV 6HWWLQJV WPS Setup REVIEW DRAFT Version 2—CISCO CONFIDENTIAL :36 2YHUYLHZ WPS is a standard that enables simple establishment of w ireless netw orks w ithout compromising netw ork security. It relieves both the w ireless client users and the AP administrators from having to know netw ork names, keys, and various other cryptographic configuration options.
:LUHOHVV 6HWWLQJV WPS Setup REVIEW DRAFT Version 2—CISCO CONFIDENTIAL "external registrar," and triggers the WPS registration process at this UI. (On a w ired LAN, the WPS protocol messages are transported via the Universal Plug and Play, or UPnP, protocol.) The host registers the AP as a new netw ork device and configures the AP w ith new security settings.
:LUHOHVV 6HWWLQJV WPS Setup REVIEW DRAFT Version 2—CISCO CONFIDENTIAL • The VAP is configured to use either WPA-Personal security or none. If WPA2-PSK encryption mode is enabled, then an valid pre-shared key (PSK) must be configured and CCMP (AES) encryption must be enabled. • The VAP is operationally enabled. WPS is operationally disabled on the VAP if any of these conditions are not met.
