Cisco Wireless LAN Controller Configuration Guide, Release 7.6First Published: December 19, 2013

Last Modified: May 11, 2014

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-30339-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

2002-2014 Cisco Systems, Inc. All rights reserved.

C O N T E N T S

P r e f a c e Preface xlix

Audience xlix

Conventions xlix

Related Documentation l

Obtaining Documentation and Submitting a Service Request li

P A R T I System Management 1

C H A P T E R 1 Overview 3

Cisco Wireless Overview 3

Single-Controller Deployments 4

Multiple-Controller Deployments 5

Operating System Software 6

Operating System Security 6

Layer 2 and Layer 3 Operation 7

Operational Requirements 7

Configuration Requirements 7

Cisco Wireless LAN Controllers 8

Client Location 8

Controller Platforms 8

Cisco 2500 Series Controllers 8

Cisco 5500 Series Controller 9

Cisco Flex 7500 Series Controllers 9

Cisco 8500 Series Controllers 9

Cisco Virtual Wireless LAN Controllers 10

Cisco Wireless Services Module 2 10

Cisco Wireless Controller on Cisco Services-Ready Engine (SRE) 10

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 iii

Cisco UWN Solution WLANs 11

File Transfers 11

Power over Ethernet 11

Cisco Wireless LAN Controller Memory 12

Cisco Wireless LAN Controller Failover Protection 12

C H A P T E R 2 Getting Started 15

Configuring the Controller Using the Configuration Wizard 15

Connecting the Console Port of the Controller 16

Configuring the Controller (GUI) 16

Configuring the ControllerUsing the CLI Configuration Wizard 27

Using the Controller Web GUI 30

Guidelines and Limitations 30

Logging On to the Web GUI 31

Logging out of the GUI 31

Enabling Web and Secure Web Modes 31

Enabling Web and Secure Web Modes (GUI) 31

Enabling Web and Secure Web Modes (CLI) 32

Loading an Externally Generated SSL Certificate 33

Information About Externally Generated SSL Certificates 33

Loading an SSL Certificate (GUI) 34

Loading an SSL Certificate (CLI) 35

Using the Controller CLI 36

Logging on to the Controller CLI 36

Guidelines and Limitations 36

Using a Local Serial Connection 37

Using a Remote Ethernet Connection 37

Logging Out of the CLI 38

Navigating the CLI 38

Using the AutoInstall Feature for Controllers Without a Configuration 39

Information About the AutoInstall Feature 39

Guidelines and Limitations 40

Obtaining an IP Address Through DHCP and Downloading a Configuration File from

a TFTP Server 40

Selecting a Configuration File 41

Cisco Wireless LAN Controller Configuration Guide, Release 7.6iv OL-30339-01

Contents

Example: AutoInstall Operation 42

Managing the Controller System Date and Time 43

Information About Controller System Date and Time 43

Guidelines and Limitations 43

Configuring an NTP Server to Obtain the Date and Time 43

Configuring NTP Authentication (GUI) 44

Configuring NTP Authentication (CLI) 44

Configuring the Date and Time (GUI) 45

Configuring the Date and Time (CLI) 46

Configuring Telnet and Secure Shell Sessions 48

Information About Telnet and SSH 48

Restrictions for Telnet and SSH 48

Configuring Telnet and SSH Sessions (GUI) 48

Configuring Telnet and SSH Sessions (CLI) 49

Configuring Telnet Privileges for Selected Management Users (GUI) 51

Configuring Telnet Privileges for Selected Management Users (CLI) 51

Troubleshooting Access Points Using Telnet or SSH_old 51

Troubleshooting Access Points Using Telnet or SSH (GUI) 52

Troubleshooting Access Points Using Telnet or SSH (CLI) 52

Managing the Controller Wirelessly 53

Enabling Wireless Connections (GUI) 53

Enabling Wireless Connections (CLI) 53

C H A P T E R 3 Managing Licenses 55

Installing and Configuring Licenses 55

Information About Installing and Configuring Licenses 55

Restrictions for Using Licenses 56

Obtaining an Upgrade or Capacity Adder License 56

Information About Obtaining an Upgrade or Capacity Adder License 56

Obtaining and Registering a PAK Certificate 57

Installing a License 58

Installing a License (GUI) 58

Installing a License (CLI) 59

Viewing Licenses 59

Viewing Licenses (GUI) 59

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 v

Contents

Viewing Licenses (CLI) 60

Configuring the Maximum Number of Access Points Supported 62

Configuring Maximum Number of Access Points to be Supported (GUI) 62

Configuring Maximum Number of Access Points to be Supported (CLI) 63

Troubleshooting Licensing Issues 63

Activating an AP-Count Evaluation License 63

Information About Activating an AP-Count Evaluation License 63

Activating an AP-Count Evaluation License (GUI) 64

Activating an AP-Count Evaluation License (CLI) 65

Configuring Right to Use Licensing 66

Information About Right to Use Licensing 66

Configuring Right to Use Licensing (GUI) 67

Configuring Right to Use Licensing (CLI) 67

Rehosting Licenses 67

Information About Rehosting Licenses 68

Rehosting a License 68

Rehosting a License (GUI) 68

Rehosting a License (CLI) 69

Transferring Licenses to a Replacement Controller after an RMA 71

Information About Transferring Licenses to a Replacement Controller after an

RMA 71

Transferring a License to a Replacement Controller after an RMA 71

C H A P T E R 4 Configuring 802.11 Bands 73

Configuring 802.11 Bands 73

Information About Configuring 802.11 Bands 73

Configuring the 802.11 Bands (GUI) 73

Configuring the 802.11 Bands (CLI) 75

Configuring Band Selection 77

Information About Configuring Band Selection 77

Restrictions on Band Selection 77

Configuring Band Selection 78

Configuring Band Selection (GUI) 78

Configuring Band Selection (CLI) 78

Cisco Wireless LAN Controller Configuration Guide, Release 7.6vi OL-30339-01

Contents

C H A P T E R 5 Configuring 802.11 Parameters 81

Configuring the 802.11n Parameters 81

Information About Configuring the 802.11n Parameters 81

Configuring the 802.11n Parameters (GUI) 82

Configuring the 802.11n Parameters (CLI) 83

Configuring 802.11h Parameters 84

Information About Configuring 802.11h Parameters 84

Configuring the 802.11h Parameters (GUI) 85

Configuring the 802.11h Parameters (CLI) 85

Configuring the 802.11ac Parameters 86

Information About Configuring the 802.11ac Parameters 86

Restrictions for 802.11ac Support 87

Configuring the 802.11ac High-Throughput Parameters (GUI) 88

Configuring the 802.11ac High-Throughput Parameters (CLI) 88

C H A P T E R 6 Configuring DHCP Proxy 89

Information About Configuring DHCP Proxy 89

Restrictions on Using DHCP Proxy 89

Configuring DHCP Proxy (GUI) 90

Configuring DHCP Proxy (GUI) 90

Configuring DHCP Proxy (CLI) 90

Configuring DHCP Proxy (CLI) 91

Configuring a DHCP Timeout (GUI) 91

Configuring a DHCP Timeout (CLI) 91

C H A P T E R 7 Configuring SNMP 93

Configuring SNMP (CLI) 93

SNMP Community Strings 95

Changing the SNMP Community String Default Values (GUI) 95

Changing the SNMP Community String Default Values (CLI) 96

Configuring Real Time Statistics (CLI) 97

SNMP Trap Enhancements 97

C H A P T E R 8 Configuring Aggressive Load Balancing 99

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 vii

Contents

Information About Configuring Aggressive Load Balancing 99

Configuring Aggressive Load Balancing (GUI) 100

Configuring Aggressive Load Balancing (CLI) 101

C H A P T E R 9 Configuring Fast SSID Changing 103

Information About Configuring Fast SSID Changing 103

Configuring Fast SSID Changing (GUI) 103

Configuring Fast SSID Changing (CLI) 103

C H A P T E R 1 0 Configuring 802.3 Bridging 105

Configuring 802.3 Bridging 105

Information About Configuring 802.3 Bridging 105

Restrictions on 802.3 Bridging 105

Configuring 802.3 Bridging 106

Configuring 802.3 Bridging (GUI) 106

Configuring 802.3 Bridging (CLI) 106

Enabling 802.3X Flow Control 106

C H A P T E R 1 1 Configuring Multicast 107

Configuring Multicast Mode 107

Information About Multicast Mode 107

Restrictions for Configuring Multicast Mode 109

Enabling Multicast Mode (GUI) 110

Enabling Multicast Mode (CLI) 110

Viewing Multicast Groups (GUI) 111

Viewing Multicast Groups (CLI) 112

Viewing an Access Points Multicast Client Table (CLI) 112

Configuring Multicast Domain Name System 113

Information About Multicast Domain Name System 113

Restrictions for Configuring Multicast DNS 115

Configuring Multicast DNS (GUI) 115

Configuring Multicast DNS (CLI) 117

Information about Bonjour gateway based on access policy 120

Restrictions to the Bonjour gateway based on access policy 121

Creating Bonjour Access Policy through Prime Infrastructure 121

Cisco Wireless LAN Controller Configuration Guide, Release 7.6viii OL-30339-01

Contents

Configuring mDNS Service Groups (GUI) 121

Configuring mDNS Service Groups (CLI) 122

C H A P T E R 1 2 Configuring Client Roaming 123

Information About Client Roaming 123

Inter-Controller Roaming 123

Intra-Controller Roaming 123

Inter-Subnet Roaming 124

Voice-over-IP Telephone Roaming 124

CCX Layer 2 Client Roaming 124

Restrictions on Client Roaming 125

Configuring CCX Client Roaming Parameters (GUI) 125

Configuring CCX Client Roaming Parameters (CLI) 126

Obtaining CCX Client Roaming Information (CLI) 126

Debugging CCX Client Roaming Issues (CLI) 127

C H A P T E R 1 3 Configuring IP-MAC Address Binding 129

Information About Configuring IP-MAC Address Binding 129

Configuring IP-MAC Address Binding (CLI) 129

C H A P T E R 1 4 Configuring Quality of Service 131

Configuring Quality of Service 131

Information About Quality of Service 131

Configuring Quality of Service Profiles 132

Configuring QoS Profiles (GUI) 132

Configuring QoS Profiles (CLI) 133

Configuring Quality of Service Roles 135

Information About Quality of Service Roles 135

Configuring QoS Roles 135

Configuring QoS (GUI) 135

Configuring QoS Roles (CLI) 136

C H A P T E R 1 5 Configuring Application Visibility and Control 139

Information About Application Visibility and Control 139

Restrictions for Application Visibility and Control 140

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 ix

Contents

Configuring Application Visibility and Control (GUI) 141

Configuring Application Visibility and Control (CLI) 142

Configuring NetFlow 143

Information About NetFlow 143

Configuring NetFlow (GUI) 144

Configuring NetFlow (CLI) 144

C H A P T E R 1 6 Configuring Media and EDCA Parameters 147

Configuring Voice and Video Parameters 147

Information About Configuring Voice and Video Parameters 147

Call Admission Control 147

Bandwidth-Based CAC 148

Load-Based CAC 148

Expedited Bandwidth Requests 148

U-APSD 149

Traffic Stream Metrics 149

Configuring Voice Parameters 150

Configuring Voice Parameters (GUI) 150

Configuring Voice Parameters (CLI) 152

Configuring Video Parameters 153

Configuring Video Parameters (GUI) 153

Configuring Video Parameters (CLI) 154

Viewing Voice and Video Settings 155

Viewing Voice and Video Settings (GUI) 155

Viewing Voice and Video Settings (CLI) 156

Configuring SIP-Based CAC 159

Restrictions for SIP-Based CAC 159

Configuring SIP-Based CAC (GUI) 159

Configuring SIP-Based CAC (CLI) 160

Configuring Media Parameters 161

Configuring Media Parameters (GUI) 161

Configuring Voice Prioritization Using Preferred Call Numbers 161

Information About Configuring Voice Prioritization Using Preferred Call Numbers 161

Prerequisites for Configuring Voice Prioritization Using Preferred Call Numbers 162

Configuring a Preferred Call Number (GUI) 162

Cisco Wireless LAN Controller Configuration Guide, Release 7.6x OL-30339-01

Contents

Configuring a Preferred Call Number (CLI) 162

Configuring EDCA Parameters 163

Information About EDCA Parameters 163

Configuring EDCA Parameters (GUI) 163

Configuring EDCA Parameters (CLI) 164

C H A P T E R 1 7 Configuring the Cisco Discovery Protocol 167

Information About Configuring the Cisco Discovery Protocol 167

Restrictions for Configuring the Cisco Discovery Protocol 167

Configuring the Cisco Discovery Protocol 169

Configuring the Cisco Discovery Protocol (GUI) 169

Configuring the Cisco Discovery Protocol (CLI) 170

Viewing Cisco Discovery Protocol Information 171

Viewing Cisco Discovery Protocol Information (GUI) 171

Viewing Cisco Discovery Protocol Information (CLI) 173

Getting CDP Debug Information 173

C H A P T E R 1 8 Configuring Authentication for the Controller and NTP Server 175

Information About Configuring Authentication for the Controller and NTP Server 175

Configuring the NTP Server for Authentication (GUI) 175

Configuring the NTP Server for Authentication (CLI) 176

C H A P T E R 1 9 Configuring RFID Tag Tracking 177

Information About Configuring RFID Tag Tracking 177

Configuring RFID Tag Tracking (CLI) 178

Viewing RFID Tag Tracking Information (CLI) 179

Debugging RFID Tag Tracking Issues (CLI) 179

C H A P T E R 2 0 Resetting the Controller to Default Settings 181

Information About Resetting the Controller to Default Settings 181

Resetting the Controller to Default Settings (GUI) 181

Resetting the Controller to Default Settings (CLI) 182

C H A P T E R 2 1 Managing Controller Software and Configurations 183

Upgrading the Controller Software 183

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xi

Contents

Restrictions for Upgrading Controller Software 183

Upgrading Controller Software (GUI) 186

Upgrading Controller Software (CLI) 188

Predownloading an Image to an Access Point 190

Access Point Predownload Process 190

Restrictions for Predownloading an Image to an Access Point 191

Predownloading an Image to Access PointsGlobal Configuration (GUI) 192

Configuring Predownload Image to an Access Point (GUI) 194

Predownloading an Image to Access Points (CLI) 195

Transferring Files to and from a Controller 197

Downloading a Login Banner File 198

Downloading a Login Banner File (GUI) 199

Downloading a Login Banner File (CLI) 199

Clearing the Login Banner (GUI) 200

Downloading Device Certificates 200

Downloading Device Certificates (GUI) 201

Downloading Device Certificates (CLI) 202

Downloading CA Certificates 203

Download CA Certificates (GUI) 204

Downloading CA Certificates (CLI) 204

Uploading PACs 205

Uploading PACs (GUI) 206

Uploading PACs (CLI) 206

Uploading and Downloading Configuration Files 207

Uploading Configuration Files 208

Uploading the Configuration Files (GUI) 208

Uploading the Configuration Files (CLI) 208

Downloading Configuration Files 209

Downloading the Configuration Files (GUI) 210

Downloading the Configuration Files (CLI) 210

Saving Configurations 212

Editing Configuration Files 212

Clearing the Controller Configuration 213

Erasing the Controller Configuration 214

Resetting the Controller 214

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xii OL-30339-01

Contents

C H A P T E R 2 2 Managing User Accounts 215

Configuring Guest User Accounts 215

Information About Creating Guest Accounts 215

Restrictions for Managing User Accounts 215

Creating a Lobby Ambassador Account 215

Creating a Lobby Ambassador Account (GUI) 215

Creating a Lobby Ambassador Account (CLI) 216

Creating Guest User Accounts as a Lobby Ambassador (GUI) 217

Viewing Guest User Accounts 218

Viewing the Guest Accounts (GUI) 218

Viewing the Guest Accounts (CLI) 218

Configuring Administrator Usernames and Passwords 218

Information About Configuring Administrator Usernames and Passwords 218

Configuring Usernames and Passwords (GUI) 218

Configuring Usernames and Passwords (CLI) 219

Restoring Passwords 219

Changing the Default Values for SNMP v3 Users 220

Information About Changing the Default Values for SNMP v3 Users 220

Changing the SNMP v3 User Default Values (GUI) 220

Changing the SNMP v3 User Default Values (CLI) 221

Generating a Certificate Signing Request 221

Downloading Third-Party Certificate (GUI) 223

Downloading Third-Party Certificate (CLI) 224

C H A P T E R 2 3 Managing Web Authentication 225

Obtaining a Web Authentication Certificate 225

Information About Web Authentication Certificates 225

Support for Chained Certificate 225

Obtaining a Web Authentication Certificate (GUI) 226

Obtaining a Web Authentication Certificate (CLI) 226

Web Authentication Process 227

Disabling Security Alert for Web Authentication Process 228

Choosing the Default Web Authentication Login Page 230

Information About Default Web Authentication Login Page 230

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xiii

Contents

Choosing the Default Web Authentication Login Page (GUI) 231

Choosing the Default Web Authentication Login Page (CLI) 231

Example: Creating a Customized Web Authentication Login Page 233

Example: Modified Default Web Authentication Login Page Example 236

Using a Customized Web Authentication Login Page from an External Web Server 236

Information About Customized Web Authentication Login Page 236

Choosing a CustomizedWeb Authentication Login Page from an External Web Server

(GUI) 237

Choosing a CustomizedWeb Authentication Login Page from an External Web Server

(CLI) 237

Downloading a Customized Web Authentication Login Page 237

Prerequisites for Downloading a Customized Web Authentication Login Page 238

Downloading a Customized Web Authentication Login Page (GUI) 238

Downloading a Customized Web Authentication Login Page (CLI) 239

Example: Customized Web Authentication Login Page 240

Verifying the Web Authentication Login Page Settings (CLI) 240

Assigning Login, Login Failure, and Logout Pages per WLAN 241

Information About Assigning Login, Login Failure, and Logout Pages per WLAN 241

Assigning Login, Login Failure, and Logout Pages per WLAN (GUI) 241

Assigning Login, Login Failure, and Logout Pages per WLAN (CLI) 242

Configuring Authentication for Sleeping Clients 243

Information About Authenticating Sleeping Clients 243

Restrictions for Authenticating Sleeping Clients 244

Configuring Authentication for Sleeping Clients (GUI) 245

Configuring Authentication for Sleeping Clients (CLI) 245

C H A P T E R 2 4 Configuring Wired Guest Access 247

Information About Wired Guest Access 247

Prerequisites for Configuring Wired Guest Access 248

Restrictions for Configuring Wired Guest Access 248

Configuring Wired Guest Access (GUI) 249

Configuring Wired Guest Access (CLI) 250

Supporting IPv6 Client Guest Access 253

C H A P T E R 2 5 Troubleshooting 255

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xiv OL-30339-01

Contents

Interpreting LEDs 255

Information About Interpreting LEDs 255

Interpreting Controller LEDs 256

Interpreting Lightweight Access Point LEDs 256

System Messages 256

Information About System Messages 256

Viewing System Resources 259

Information About Viewing System Resources 259

Viewing System Resources (GUI) 260

Viewing System Resources (CLI) 260

Using the CLI to Troubleshoot Problems 260

Configuring System and Message Logging 262

Information About System and Message Logging 262

Configuring System and Message Logging (GUI) 262

Viewing Message Logs (GUI) 264

Configuring System and Message Logging (CLI) 264

Viewing System and Message Logs (CLI) 268

Viewing Access Point Event Logs 268

Information About Access Point Event Logs 268

Viewing Access Point Event Logs (CLI) 268

Uploading Logs and Crash Files 269

Prerequisites to Upload Logs and Crash Files 269

Uploading Logs and Crash Files (GUI) 269

Uploading Logs and Crash Files (CLI) 270

Uploading Core Dumps from the Controller 271

Information About Uploading Core Dumps from the Controller 271

Configuring the Controller to Automatically Upload Core Dumps to an FTP Server

(GUI) 272

Configuring the Controller to Automatically Upload Core Dumps to an FTP Server

(CLI) 272

Uploading Core Dumps from Controller to a Server (CLI) 273

Uploading Packet Capture Files 274

Information About Uploading Packet Capture Files 274

Restrictions for Uploading Packet Capture Files 275

Uploading Packet Capture Files (GUI) 276

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xv

Contents

Uploading Packet Capture Files (CLI) 276

Monitoring Memory Leaks 277

Monitoring Memory Leaks (CLI) 277

Troubleshooting CCXv5 Client Devices 278

Information About Troubleshooting CCXv5 Client Devices 278

Restrictions for CCXv5 Client Devices 278

Configuring Diagnostic Channel 279

Configuring the Diagnostic Channel (GUI) 279

Configuring the Diagnostic Channel (CLI) 280

Configuring Client Reporting 284

Configuring Client Reporting (GUI) 284

Configuring Client Reporting (CLI) 284

Configuring Roaming and Real-Time Diagnostics 285

Configuring Roaming and Real-Time Diagnostics (CLI) 285

Using the Debug Facility 288

Information About Using the Debug Facility 288

Configuring the Debug Facility (CLI) 289

Configuring Wireless Sniffing 293

Information About Wireless Sniffing 293

Prerequisites for Wireless Sniffing 293

Restrictions for Wireless Sniffing 293

Configuring Sniffing on an Access Point (GUI) 294

Configuring Sniffing on an Access Point (CLI) 294

Troubleshooting Access Points Using Telnet or SSH_old 295

Information About Troubleshooting Access Points Using Telnet or SSH 295

Troubleshooting Access Points Using Telnet or SSH (GUI) 296

Troubleshooting Access Points Using Telnet or SSH (CLI) 296

Debugging the Access Point Monitor Service 297

Information About Debugging the Access Point Monitor Service 297

Debugging Access Point Monitor Service Issues (CLI) 297

Troubleshooting OfficeExtend Access Points 298

Information About Troubleshooting OfficeExtend Access Points 298

Interpreting OfficeExtend LEDs 298

Positioning OfficeExtend Access Points for Optimal RF Coverage 298

Troubleshooting Common Problems 298

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xvi OL-30339-01

Contents

P A R T I I Ports and Interfaces 301

C H A P T E R 2 6 Overview of Ports and Interfaces 303

Information About Ports 303

Information About Distribution System Ports 304

Restrictions for Configuring Distribution System Ports 304

Information About Service Port 305

Information About Interfaces 306

Restrictions for Configuring Interfaces 306

Information About Dynamic AP Management 307

Information About WLANs 308

C H A P T E R 2 7 Configuring the Management Interface 311

Information About the Management Interface 311

Configuring the Management Interface (GUI) 313

Configuring the Management Interface (CLI) 314

C H A P T E R 2 8 Configuring the AP-Manager Interface 317

Information About AP-Manager Interface 317

Restrictions for Configuring AP Manager Interfaces 318

Configuring the AP-Manager Interface (GUI) 318

Configuring the AP Manager Interface (CLI) 319

Configuration Example: Configuring AP-Manager on a Cisco 5500 Series Controller 319

C H A P T E R 2 9 Configuring Virtual Interfaces 323

Information About the Virtual Interface 323

Configuring Virtual Interfaces (GUI) 324

Configuring Virtual Interfaces (CLI) 324

C H A P T E R 3 0 Configuring Service-Port Interfaces 325

Information About Service-Port Interfaces 325

Restrictions for Configuring Service-Port Interfaces 326

Configuring Service-Port Interfaces Using IPv4 (GUI) 326

Configuring Service-Port Interfaces Using IPv4 (CLI) 326

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xvii

Contents

Configuring Service-Port Interface Using IPv6 (GUI) 327

Configuring Service-Port Interfaces Using IPv6 (CLI) 327

C H A P T E R 3 1 Configuring Dynamic Interfaces 329

Information About Dynamic Interface 329

Pre - requisites for Configuring Dynamic Interfaces 330

Restrictions for Configuring Dynamic Interfaces 330

Configuring Dynamic Interfaces (GUI) 331

Configuring Dynamic Interfaces (CLI) 332

C H A P T E R 3 2 Configuring Ports 335

Configuring Ports (GUI) 335

C H A P T E R 3 3 Information About Using Cisco 5500 Series Controller USB Console Port 337

USB Console OS Compatibility 337

Changing the Cisco USB Systems Management Console COM Port to an Unused Port 338

C H A P T E R 3 4 Configuring Link Aggregation 339

Information About Link Aggregation 339

Restrictions for Link Aggregation 339

Enabling Link Aggregation (GUI) 341

Enabling Link Aggregation (CLI) 342

Verifying Link Aggregation Settings (CLI) 342

Configuring Neighbor Devices to Support Link Aggregation 342

Choosing Between Link Aggregation and Multiple AP-Manager Interfaces 342

C H A P T E R 3 5 Configuring Multiple AP-Manager Interfaces 345

Information About Multiple AP-Manager Interfaces 345

Restrictions for Configuring Multiple AP Manager Interfaces 345

Creating Multiple AP-Manager Interfaces (GUI) 346

Creating Multiple AP-Manager Interfaces (CLI) 346

C H A P T E R 3 6 Configuring VLAN Select 349

Information About VLAN Select 349

Restrictions for Configuring VLAN Select 350

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xviii OL-30339-01

Contents

Configuring Interface Groups 350

Information About Interface Groups 350

Restrictions for Configuring Interface Groups 350

Creating Interface Groups (GUI) 351

Creating Interface Groups (CLI) 351

Adding Interfaces to Interface Groups (GUI) 351

Adding Interfaces to Interface Groups (CLI) 352

Viewing VLANs in Interface Groups (CLI) 352

Adding an Interface Group to a WLAN (GUI) 352

Adding an Interface Group to a WLAN (CLI) 352

C H A P T E R 3 7 Configuring Interface Groups 353

Information About Interface Groups 353

Restrictions for Configuring Interface Groups 354

Creating Interface Groups (GUI) 354

Creating Interface Groups (CLI) 355

Adding Interfaces to Interface Groups (GUI) 355

Adding Interfaces to Interface Groups (CLI) 355

Viewing VLANs in Interface Groups (CLI) 355

Adding an Interface Group to a WLAN (GUI) 355

Adding an Interface Group to a WLAN (CLI) 356

C H A P T E R 3 8 Configuring Multicast Optimization 357

Information About Multicast Optimization 357

Configuring a Multicast VLAN (GUI) 357

Configuring a Multicast VLAN (CLI) 358

P A R T I I I VideoStream 359

C H A P T E R 3 9 VideoStream 361

Information about VideoStream 361

Prerequisites for VideoStream 361

Restrictions for Configuring VideoStream 361

Configuring VideoStream (GUI) 362

Configuring VideoStream (CLI) 365

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xix

Contents

Viewing and Debugging Media Streams 366

P A R T I V Security Solutions 369

C H A P T E R 4 0 Cisco Unified Wireless Network Solution Security 371

Security Overview 371

Layer 1 Solutions 371

Layer 2 Solutions 371

Restrictions for Layer 2 Solutions 372

Layer 3 Solutions 372

Integrated Security Solutions 372

C H A P T E R 4 1 Configuring RADIUS 373

Information About RADIUS 373

Configuring RADIUS on the ACS 375

Configuring RADIUS (GUI) 376

Configuring RADIUS (CLI) 381

RADIUS Authentication Attributes Sent by the Controller 385

Authentication Attributes Honored in Access-Accept Packets (Airespace) 388

RADIUS Accounting Attributes 394

C H A P T E R 4 2 Configuring TACACS+ 397

Information About TACACS+ 397

TACACS+ VSA 399

Configuring TACACS+ on the ACS 400

Configuring TACACS+ (GUI) 402

Configuring TACACS+ (CLI) 404

Viewing the TACACS+ Administration Server Logs 405

C H A P T E R 4 3 Configuring Maximum Local Database Entries 409

Information About Configuring Maximum Local Database Entries 409

Configuring Maximum Local Database Entries (GUI) 409

Configuring Maximum Local Database Entries (CLI) 410

C H A P T E R 4 4 Configuring Local Network Users on the Controller 411

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xx OL-30339-01

Contents

Information About Local Network Users on Controller 411

Configuring Local Network Users for the Controller (GUI) 411

Configuring Local Network Users for the Controller (CLI) 412

C H A P T E R 4 5 Configuring Password Policies 415

Information About Password Policies 415

Configuring Password Policies (GUI) 416

Configuring Password Policies (CLI) 416

C H A P T E R 4 6 Configuring LDAP 419

Information About LDAP 419

Configuring LDAP (GUI) 420

Configuring LDAP (CLI) 422

C H A P T E R 4 7 Configuring Local EAP 425

Information About Local EAP 425

Restrictions for Local EAP 426

Configuring Local EAP (GUI) 427

Configuring Local EAP (CLI) 431

C H A P T E R 4 8 Configuring the System for SpectraLink NetLink Telephones 437

Information About SpectraLink NetLink Telephones 437

Configuring SpectraLink NetLink Phones 437

Enabling Long Preambles (GUI) 437

Enabling Long Preambles (CLI) 438

Configuring Enhanced Distributed Channel Access (CLI) 438

C H A P T E R 4 9 Configuring RADIUS NAC Support 441

Information About RADIUS NAC Support 441

Device Registration 442

Central Web Authentication 442

Local Web Authentication 442

Restrictions for RADIUS NAC Support 442

Configuring RADIUS NAC Support (GUI) 443

Configuring RADIUS NAC Support (CLI) 444

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxi

Contents

C H A P T E R 5 0 Using Management Over Wireless 445

Information About Management over Wireless 445

Enabling Management over Wireless (GUI) 445

Enabling Management over Wireless (CLI) 446

C H A P T E R 5 1 Using Dynamic Interfaces for Management 447

Information About Using Dynamic Interfaces for Management 447

Configuring Management using Dynamic Interfaces (CLI) 448

C H A P T E R 5 2 Configuring DHCP Option 82 449

Information About DHCP Option 82 449

Restrictions on DHCP Option 82 450

Configuring DHCP Option 82 (GUI) 450

Configuring DHCP Option 82 (CLI) 450

C H A P T E R 5 3 Configuring and Applying Access Control Lists 453

Information About Access Control Lists 453

Restrictions for Access Control Lists 453

Configuring and Applying Access Control Lists (GUI) 454

Configuring Access Control Lists 454

Applying an Access Control List to an Interface 457

Applying an Access Control List to the Controller CPU 457

Applying an Access Control List to a WLAN 458

Applying a Preauthentication Access Control List to a WLAN 458

Configuring and Applying Access Control Lists (CLI) 458

Configuring Access Control Lists 458

Applying Access Control Lists 459

Configuring Layer 2 Access Control Lists 460

Information About Configuring Layer 2 Access Control Lists 460

Restrictions for Layer 2 Access Control Lists 461

Configuring Layer 2 Access Control Lists (CLI) 461

Mapping of Layer 2 ACLs with WLANs (CLI) 462

Mapping of Layer 2 ACLs with Locally Switched WLANs Using FlexConnect

Access Points (CLI) 462

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxii OL-30339-01

Contents

Configuring Layer 2 Access Control Lists (GUI) 462

Applying a Layer2 Access Control List to a WLAN (GUI) 463

Applying a Layer2 Access Control List to an AP on a WLAN (GUI) 464

Configuring DNS-based Access Control Lists 464

Information About DNS-based Access Control Lists 464

Restrictions on DNS-based Access Control Lists 464

Configuring DNS-based Access Control Lists (CLI) 465

Configuring DNS-based Access Control Lists (GUI) 466

C H A P T E R 5 4 Configuring Management Frame Protection 469

Information About Management Frame Protection 469

Restrictions for Management Frame Protection 471

Configuring Management Frame Protection (GUI) 471

Viewing the Management Frame Protection Settings (GUI) 471

Configuring Management Frame Protection (CLI) 472

Viewing the Management Frame Protection Settings (CLI) 472

Debugging Management Frame Protection Issues (CLI) 472

C H A P T E R 5 5 Configuring Client Exclusion Policies 475

Configuring Client Exclusion Policies (GUI) 475

Configuring Client Exclusion Policies (CLI) 476

C H A P T E R 5 6 Configuring Identity Networking 479

Information About Identity Networking 479

RADIUS Attributes Used in Identity Networking 480

C H A P T E R 5 7 Configuring AAA Override 485

Information About AAA Override 485

Restrictions for AAA Override 485

Updating the RADIUS Server Dictionary File for Proper QoS Values 486

Configuring AAA Override (GUI) 487

Configuring AAA Override (CLI) 488

C H A P T E R 5 8 Managing Rogue Devices 489

Information About Rogue Devices 489

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxiii

Contents

Configuring Rogue Detection (GUI) 494

Configuring Rogue Detection (CLI) 496

C H A P T E R 5 9 Classifying Rogue Access Points 501

Information About Classifying Rogue Access Points 501

Restrictions for Classifying Rogue Access Points 503

Configuring Rogue Classification Rules (GUI) 504

Viewing and Classifying Rogue Devices (GUI) 507

Configuring Rogue Classification Rules (CLI) 510

Viewing and Classifying Rogue Devices (CLI) 512

C H A P T E R 6 0 Configuring Cisco TrustSec SXP 517

Information About Cisco TrustSec SXP 517

Restrictions for Cisco TrustSec SXP 518

Configuring Cisco TrustSec SXP (GUI) 519

Creating a New SXP Connection (GUI) 519

Configuring Cisco TrustSec SXP (CLI) 520

C H A P T E R 6 1 Configuring Local Policies 523

Information About Local Policies 523

Restrictions for Local Policy Classification 524

Configuring Local Policies (GUI) 525

Configuring Local Policies (CLI) 526

C H A P T E R 6 2 Configuring Cisco Intrusion Detection System 529

Information About Cisco Intrusion Detection System 529

Shunned Clients 529

Additional Information 530

Configuring IDS Sensors (GUI) 530

Viewing Shunned Clients (GUI) 531

Configuring IDS Sensors (CLI) 531

Viewing Shunned Clients (CLI) 532

C H A P T E R 6 3 Configuring IDS Signatures 535

Information About IDS Signatures 535

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxiv OL-30339-01

Contents

Configuring IDS Signatures (GUI) 537

Uploading or Downloading IDS Signatures 537

Enabling or Disabling IDS Signatures 538

Viewing IDS Signature Events (GUI) 540

Configuring IDS Signatures (CLI) 541

Viewing IDS Signature Events (CLI) 542

C H A P T E R 6 4 Configuring wIPS 545

Information About wIPS 545

Restrictions for wIPS 551

Configuring wIPS on an Access Point (GUI) 551

Configuring wIPS on an Access Point (CLI) 552

Viewing wIPS Information (CLI) 553

C H A P T E R 6 5 Configuring the Wi-Fi Direct Client Policy 555

Information About the Wi-Fi Direct Client Policy 555

Restrictions for the Wi-Fi Direct Client Policy 555

Configuring the Wi-Fi Direct Client Policy (GUI) 555

Configuring the Wi-Fi Direct Client Policy (CLI) 556

Monitoring and Troubleshooting the Wi-Fi Direct Client Policy (CLI) 556

C H A P T E R 6 6 Configuring Web Auth Proxy 557

Information About the Web Authentication Proxy 557

Configuring the Web Authentication Proxy (GUI) 558

Configuring the Web Authentication Proxy (CLI) 558

C H A P T E R 6 7 Detecting Active Exploits 561

Detecting Active Exploits 561

P A R T V WLANs 563

C H A P T E R 6 8 Configuring WLANs 565

Prerequisites for WLANs 565

Restrictions for WLANs 566

Information About WLANs 567

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxv

Contents

Creating and Removing WLANs (GUI) 567

Enabling and Disabling WLANs (GUI) 568

Creating and Deleting WLANs (CLI) 568

Enabling and Disabling WLANs (CLI) 569

Viewing WLANs (CLI) 570

Searching WLANs (GUI) 570

Assigning WLANs to Interfaces 570

Configuring Network Access Identifier (CLI) 571

C H A P T E R 6 9 Setting the Client Count per WLAN 573

Restrictions for Setting Client Count for WLANs 573

Information About Setting the Client Count per WLAN 574

Configuring the Client Count per WLAN (GUI) 574

Configuring the Maximum Number of Clients per WLAN (CLI) 574

Configuring the Maximum Number of Clients for each AP Radio per WLAN (GUI) 575

Configuring the Maximum Number of Clients for each AP Radio per WLAN (CLI) 575

Deauthenticating Clients (CLI) 575

C H A P T E R 7 0 Configuring DHCP 577

Restrictions for Configuring DHCP for WLANs 577

Information About the Dynamic Host Configuration Protocol 577

Internal DHCP Servers 577

External DHCP Servers 578

DHCP Assignments 578

Configuring DHCP (GUI) 579

Configuring DHCP (CLI) 580

Debugging DHCP (CLI) 580

DHCP Client Handling 581

C H A P T E R 7 1 Configuring DHCP Scopes 583

Restrictions for Configuring DHCP Scopes 583

Information About DHCP Scopes 583

Configuring DHCP Scopes (GUI) 583

Configuring DHCP Scopes (CLI) 584

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxvi OL-30339-01

Contents

C H A P T E R 7 2 Configuring MAC Filtering for WLANs 587

Restrictions for MAC Filtering 587

Information About MAC Filtering of WLANs 587

Enabling MAC Filtering 587

C H A P T E R 7 3 Configuring Local MAC Filters 589

Prerequisites for Configuring Local MAC Filters 589

Information About Local MAC Filters 589

Configuring Local MAC Filters (CLI) 589

C H A P T E R 7 4 Configuring Timeouts 591

Configuring a Timeout for Disabled Clients 591

Information About Configuring a Timeout for Disabled Clients 591

Configuring Timeout for Disabled Clients (CLI) 591

Configuring Session Timeout 591

Information About Session Timeouts 591

Configuring a Session Timeout (GUI) 592

Configuring a Session Timeout (CLI) 592

Configuring the User Idle Timeout 593

Information About the User Idle Timeout Per WLAN 593

Configuring Per-WLAN User Idle Timeout (CLI) 593

C H A P T E R 7 5 Configuring the DTIM Period 595

Information About DTIM Period 595

Configuring the DTIM Period (GUI) 596

Configuring the DTIM Period (CLI) 596

C H A P T E R 7 6 Configuring Peer-to-Peer Blocking 597

Restrictions for Peer-to-Peer Blocking 597

Information About Peer-to-Peer Blocking 597

Configuring Peer-to-Peer Blocking (GUI) 598

Configuring Peer-to-Peer Blocking (CLI) 598

C H A P T E R 7 7 Configuring Layer2 Security 601

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxvii

Contents

Prerequisites for Layer 2 Security 601

Configuring Static WEP Keys (CLI) 602

Configuring Dynamic 802.1X Keys and Authorization (CLI) 602

Configuring 802.11r BSS Fast Transition 603

Restrictions for 802.11r Fast Transition 603

Information About 802.11r Fast Transition 604

Configuring 802.11r Fast Transition (GUI) 606

Configuring 802.11r Fast Transition (CLI) 607

Troubleshooting 802.11r BSS Fast Transition 608

Configuring MAC Authentication Failover to 802.1X Authentication 608

Configuring MAC Authentication Failover to 802.1x Authentication (GUI) 608

Configuring MAC Authentication Failover to 802.1X Authentication (CLI) 608

Configuring 802.11w 609

Restrictions for 802.11w 609

Information About 802.11w 609

Configuring 802.11w (GUI) 610

Configuring 802.11w (CLI) 611

C H A P T E R 7 8 Configuring a WLAN for Both Static and Dynamic WEP 613

Restrictions for Configuring Static and Dynamic WEP 613

Information About WLAN for Both Static and Dynamic WEP 613

WPA1 and WPA2 614

Configuring WPA1 +WPA2 615

Configuring WPA1+WPA2 (GUI) 615

Configuring WPA1+WPA2 (CLI) 615

C H A P T E R 7 9 Configuring Sticky Key Caching 617

Information About Sticky Key Caching 617

Restrictions for Sticky Key Caching 617

Configuring Sticky Key Caching (CLI) 618

C H A P T E R 8 0 Configuring CKIP 621

Information About CKIP 621

Configuring CKIP (GUI) 622

Configuring CKIP (CLI) 622

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxviii OL-30339-01

Contents

C H A P T E R 8 1 Configuring Layer 3 Security 625

Configuring Layer 3 Security Using VPN Passthrough 625

Restrictions for Layer 3 Security Using VPN Passthrough 625

Information About VPN Passthrough 625

Configuring VPN Passthrough 626

Configuring VPN Passthrough (GUI) 626

Configuring VPN Passthrough (CLI) 626

Configuring Layer 3 Security Using Web Authentication 626

Prerequisites for Configuring Web Authentication on a WLAN 626

Restrictions for Configuring Web Authentication on a WLAN 627

Information About Web Authentication 627

Configuring Web Authentication 628

Configuring Web Authentication (GUI) 628

Configuring Web Authentication (CLI) 628

C H A P T E R 8 2 Configuring Captive Bypassing 629

Information About Captive Bypassing 629

Configuring Captive Bypassing (CLI) 630

C H A P T E R 8 3 Configuring a Fallback Policy with MAC Filtering and Web Authentication 631

Information About Fallback Policy with MAC Filtering and Web Authentication 631

Configuring a Fallback Policy with MAC Filtering and Web Authentication (GUI) 631

Configuring a Fallback Policy with MAC Filtering and Web Authentication (CLI) 632

C H A P T E R 8 4 Assigning QoS Profiles 633

Information About QoS Profiles 633

Assigning a QoS Profile to a WLAN (GUI) 634

Assigning a QoS Profile to a WLAN (CLI) 635

C H A P T E R 8 5 Configuring QoS Enhanced BSS 637

Prerequisites for Using QoS Enhanced BSS on Cisco 7921 and 7920 Wireless IP Phones 637

Restrictions for QoS Enhanced BSS 638

Information About QoS Enhanced BSS 638

Configuring QBSS (GUI) 639

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxix

Contents

Configuring QBSS (CLI) 639

C H A P T E R 8 6 Configuring Media Session Snooping and Reporting 641

Restrictions for Media Session Snooping and Reporting 641

Information About Media Session Snooping and Reporting 641

Configuring Media Session Snooping (GUI) 642

Configuring Media Session Snooping (CLI) 642

C H A P T E R 8 7 Configuring Key Telephone System-Based CAC 647

Restrictions for Key Telephone System-Based CAC 647

Information About Key Telephone System-Based CAC 647

Configuring KTS-based CAC (GUI) 648

Configuring KTS-based CAC (CLI) 648

Related Commands 649

C H A P T E R 8 8 Configuring Reanchoring of Roaming Voice Clients 651

Restrictions for Configuring Reanchoring of Roaming Voice Clients 651

Information About Reanchoring of Roaming Voice Clients 651

Configuring Reanchoring of Roaming Voice Clients (GUI) 652

Configuring Reanchoring of Roaming Voice Clients (CLI) 652

C H A P T E R 8 9 Configuring Seamless IPv6 Mobility 653

Prerequisites for Configuring IPv6 Mobility 653

Restrictions for Configuring IPv6 Mobility 653

Information About IPv6 Mobility 654

Configuring IPv6 Globally 655

Configuring IPv6 Globally (GUI) 655

Configuring IPv6 Globally (CLI) 655

Configuring RA Gaurd for IPv6 Clients 655

Information About RA Guard 655

Configuring RA Guard (GUI) 656

Configuring RA Guard (CLI) 656

Configuring RA Throttling for IPv6 Clients 656

Information about RA Throttling 656

Configuring RA Throttling (GUI) 656

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxx OL-30339-01

Contents

Configuring the RA Throttle Policy (CLI) 657

Configuring IPv6 Neighbor Discovery Caching 657

Information About IPv6 Neighbor Discovery 657

Configuring Neighbor Binding (GUI) 658

Configuring Neighbor Binding (CLI) 658

C H A P T E R 9 0 Configuring Cisco Client Extensions 659

Prerequisites for Configuring Cisco Client Extensions 659

Restrictions for Configuring Cisco Client Extensions 659

Information About Cisco Client Extensions 660

Configuring CCX Aironet IEs (GUI) 660

Viewing a Clients CCX Version (GUI) 660

Configuring CCX Aironet IEs (CLI) 660

Viewing a Clients CCX Version (CLI) 661

C H A P T E R 9 1 Configuring Remote LANs 663

Prerequisites for Configuring Remote LANs 663

Restrictions for Configuring Remote LANs 663

Information About Remote LANs 663

Configuring a Remote LAN (GUI) 664

Configuring a Remote LAN (CLI) 664

C H A P T E R 9 2 Configuring AP Groups 667

Prerequisites for Configuring AP Groups 667

AP Groups Supported on Controller Platforms 667

Restrictions for Configuring Access Point Groups 668

Information About Access Point Groups 668

Configuring Access Point Groups 669

Creating Access Point Groups (GUI) 669

Creating Access Point Groups (CLI) 671

Viewing Access Point Groups (CLI) 671

C H A P T E R 9 3 Configuring RF Profiles 673

Prerequisites for Configuring RF Profiles 673

Restrictions for Configuring RF Profiles 673

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxi

Contents

Information About RF Profiles 674

Configuring an RF Profile (GUI) 676

Configuring an RF Profile (CLI) 677

Applying an RF Profile to AP Groups (GUI) 679

Applying RF Profiles to AP Groups (CLI) 679

C H A P T E R 9 4 Configuring Web Redirect with 8021.X Authentication 681

Information About Web Redirect with 802.1X Authentication 681

Conditional Web Redirect 681

Splash Page Web Redirect 682

Configuring the RADIUS Server (GUI) 682

Configuring Web Redirect 683

Configuring Web Redirect (GUI) 683

Configuring Web Redirect (CLI) 683

Disabling Accounting Servers per WLAN (GUI) 684

Disabling Coverage Hole Detection per WLAN 684

Disabling Coverage Hole Detection on a WLAN (GUI) 685

Disabling Coverage Hole Detection on a WLAN (CLI) 685

C H A P T E R 9 5 Configuring NAC Out-of-Band Integration 687

Prerequisites for NAC Out Of Band 687

Restrictions for NAC Out of Band 688

Information About NAC Out-of-Band Integration 688

Configuring NAC Out-of-Band Integration (GUI) 689

Configuring NAC Out-of-Band Integration (CLI) 690

C H A P T E R 9 6 Configuring Passive Clients 693

Restrictions for Passive Clients 693

Information About Passive Clients 693

Configuring Passive Clients (GUI) 694

Enabling the Multicast-Multicast Mode (GUI) 695

Enabling the Global Multicast Mode on Controllers (GUI) 695

Enabling the Passive Client Feature on the Controller (GUI) 696

Configuring Passive Clients (CLI) 696

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxii OL-30339-01

Contents

C H A P T E R 9 7 Configuring Client Profiling 697

Prerequisites for Configuring Client Profiling 697

Restrictions for Configuring Client Profiling 697

Information About Client Profiling 698

Configuring Client Profiling (GUI) 698

Configuring Client Profiling (CLI) 698

C H A P T E R 9 8 Configuring Per-WLAN RADIUS Source Support 701

Prerequisites for Per-WLAN RADIUS Source Support 701

Restrictions for Per-WLAN RADIUS Source Support 701

Information About Per-WLAN RADIUS Source Support 701

Configuring Per-WLAN RADIUS Source Support (CLI) 702

Monitoring the Status of Per-WLAN RADIUS Source Support (CLI) 702

C H A P T E R 9 9 Configuring Mobile Concierge 705

Information About Mobile Concierge 705

Configuring Mobile Concierge (802.11u) 705

Configuring Mobile Concierge (802.11u) (GUI) 705

Configuring Mobile Concierge (802.11u) (CLI) 706

Configuring 802.11u Mobility Services Advertisement Protocol 707

Information About 802.11u MSAP 707

Configuring 802.11u MSAP (GUI) 708

Configuring MSAP (CLI) 708

Configuring 802.11u HotSpot 708

Information About 802.11u HotSpot 708

Configuring 802.11u HotSpot (GUI) 708

Configuring HotSpot 2.0 (CLI) 709

Configuring Access Points for HotSpot2 (GUI) 710

Configuring Access Points for HotSpot2 (CLI) 711

Downloading the Icon File (CLI) 715

C H A P T E R 1 0 0 Configuring Assisted Roaming 717

Restrictions for Assisted Roaming 717

Information About Assisted Roaming 717

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxiii

Contents

Configuring Assisted Roaming (CLI) 718

P A R T V I Lightweight Access Points 721

C H A P T E R 1 0 1 Using Access Point Communication Protocols 723

Information About Access Point Communication Protocols 723

Restrictions for Access Point Communication Protocols 724

Configuring Data Encryption 724

Guidelines for Data Encryption 724

Upgrading or Downgrading DTLS Images for Cisco 5500 Series Controllers 725

Guidelines When Upgrading to or from a DTLS Image 726

Configuring Data Encryption (GUI) 726

Configuring Data Encryption (CLI) 726

Viewing CAPWAP Maximum Transmission Unit Information 727

Debugging CAPWAP 727

Controller Discovery Process 728

Restrictions for Controller Discovery Process 729

Verifying that Access Points Join the Controller 729

Verifying that Access Points Join the Controller (GUI) 729

Verifying that Access Points Join the Controller (CLI) 729

C H A P T E R 1 0 2 Searching for Access Points 731

Information About Searching for Access Points 731

Searching the AP Filter (GUI) 731

Monitoring the Interface Details 734

Searching for Access Point Radios 736

Information About Searching for Access Point Radios 736

Searching for Access Point Radios (GUI) 736

C H A P T E R 1 0 3 Configuring Global Credentials for Access Points 739

Information About Configuring Global Credentials for Access Points 739

Restrictions for Global Credentials for Access Points 740

Configuring Global Credenitals for Access Points 740

Configuring Global Credentials for Access Points (GUI) 740

Configuring Global Credentials for Access Points (CLI) 741

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxiv OL-30339-01

Contents

C H A P T E R 1 0 4 Configuring Authentication for Access Points 743

Information About Configuring Authentication for Access Points 743

Prerequisites for Configuring Authentication for Access Points 743

Restrictions for Authenticating Access Points 744

Configuring Authentication for Access Points (GUI) 744

Configuring Authentication for Access Points (CLI) 745

Configuring the Switch for Authentication 746

C H A P T E R 1 0 5 Configuring Embedded Access Points 747

Information About Embedded Access Points 747

C H A P T E R 1 0 6 Converting Autonomous Access Points to Lightweight Mode 749

Information About Converting Autonomous Access Points to Lightweight Mode 749

Restrictions for Converting Autonomous Access Points to Lightweight Mode 750

Converting Autonomous Access Points to Lightweight Mode 750

Reverting from Lightweight Mode to Autonomous Mode 751

Reverting to a Previous Release (CLI) 751

Reverting to a Previous Release Using the MODE Button and a TFTP Server 751

Authorizing Access Points 752

Authorizing Access Points Using SSCs 752

Authorizing Access Points for Virtual Controllers Using SSC 752

Configuring SSC (GUI) 752

Configuring SSC (CLI) 753

Authorizing Access Points Using MICs 753

Authorizing Access Points Using LSCs 753

Configuring Locally Significant Certificates (GUI) 754

Configuring Locally Significant Certificates (CLI) 755

Authorizing Access Points (GUI) 757

Authorizing Access Points (CLI) 757

Configuring VLAN Tagging for CAPWAP Frames from Access Points 758

Information About VLAN Tagging for CAPWAP Frames from Access Points 758

Configuring VLAN Tagging for CAPWAP Frames from Access Points (GUI) 758

Configuring VLAN Tagging for CAPWAP Frames from Access Points (CLI) 759

Using DHCP Option 43 and DHCP Option 60 759

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxv

Contents

Troubleshooting the Access Point Join Process 760

Configuring the Syslog Server for Access Points (CLI) 761

Viewing Access Point Join Information 762

Viewing Access Point Join Information (GUI) 762

Viewing Access Point Join Information (CLI) 763

Sending Debug Commands to Access Points Converted to Lightweight Mode 764

Understanding How Converted Access Points Send Crash Information to the Controller 764

Understanding How Converted Access Points Send Radio Core Dumps to the

Controller 765

Retrieving Radio Core Dumps (CLI) 765

Uploading Radio Core Dumps (GUI) 765

Uploading Radio Core Dumps (CLI) 766

Uploading Memory Core Dumps from Converted Access Points 766

Uploading Access Point Core Dumps (GUI) 767

Uploading Access Point Core Dumps (CLI) 767

Viewing the AP Crash Log Information 767

Viewing the AP Crash Log information (GUI) 768

Viewing the AP Crash Log information (CLI) 768

Displaying MAC Addresses for Converted Access Points 768

Disabling the Reset Button on Access Points Converted to Lightweight Mode 768

Configuring a Static IP Address on a Lightweight Access Point 769

Configuring a Static IP Address (GUI) 769

Configuring a Static IP Address (CLI) 770

Supporting Oversized Access Point Images 771

Recovering the Access PointUsing the TFTP Recovery Procedure 771

C H A P T E R 1 0 7 Configuring Packet Capture 773

Information About Packet Capture 773

Restrictions for Packet Capture 774

Configuring Packet Capture (CLI) 774

C H A P T E R 1 0 8 Configuring OfficeExtend Access Points 777

Information About OfficeExtend Access Points 777

OEAP 600 Series Access Points 778

OEAP in Local Mode 778

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxvi OL-30339-01

Contents

Supported WLAN Settings for 600 Series OfficeExtend Access Point 779

WLAN Security Settings for the 600 Series OfficeExtend Access Point 779

Authentication Settings 783

Supported User Count on 600 Series OfficeExtend Access Point 784

Remote LAN Settings 784

Channel Management and Settings 785

Additional Caveats 786

Implementing Security 786

Licensing for an OfficeExtend Access Point 787

Configuring OfficeExtend Access Points 787

Configuring OfficeExtend Access Points (GUI) 787

Configuring OfficeExtend Access Points (CLI) 789

Configuring Split Tunneling for a WLAN or a Remote LAN 791

Configuring Split Tunneling for a WLAN or a Remote LAN (GUI) 791

Configuring Split Tunneling for a WLAN or a Remote LAN (CLI) 792

Configuring a Personal SSID on an OfficeExtend Access Point Other than 600 Series

OEAP 792

Viewing OfficeExtend Access Point Statistics 793

C H A P T E R 1 0 9 Using Cisco Workgroup Bridges 795

Information About Cisco Workgroup Bridges 795

Restrictions for Cisco Workgroup Bridges 797

WGB Configuration Example 798

Viewing the Status of Workgroup Bridges (GUI) 799

Viewing the Status of Workgroup Bridges (CLI) 799

Debugging WGB Issues (CLI) 800

C H A P T E R 1 1 0 Using Non-Cisco Workgroup Bridges 801

Information About Non-Cisco Workgroup Bridges 801

Restrictions for Non-Cisco Workgroup Bridges 802

C H A P T E R 1 1 1 Configuring Backup Controllers 803

Information About Configuring Backup Controllers 803

Restrictions for Configuring Backup Controllers 804

Configuring Backup Controllers (GUI) 804

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxvii

Contents

Configuring Backup Controllers (CLI) 805

C H A P T E R 1 1 2 Configuring High Availability 809

Information About High Availability 809

Restrictions on High Availability 812

Configuring High Availability (GUI) 816

Configuring High Availability (CLI) 817

C H A P T E R 1 1 3 Configuring Failover Priority for Access Points 821

Information About Configuring Failover Priority for Access Points 821

Configuring Failover Priority for Access Points (GUI) 822

Configuring Failover Priority for Access Points (CLI) 822

Viewing Failover Priority Settings (CLI) 822

C H A P T E R 1 1 4 Configuring AP Retransmission Interval and Retry Count 825

Information About Configuring the AP Retransmission Interval and Retry Count 825

Restrictions for Access Point Retransmission Interval and Retry Count 825

Configuring the AP Retransmission Interval and Retry Count (GUI) 826

Configuring the Access Point Retransmission Interval and Retry Count (CLI) 826

C H A P T E R 1 1 5 Configuring Country Codes 829

Information About Configuring Country Codes 829

Restrictions for Configuring Country Codes 830

Configuring Country Codes (GUI) 830

Configuring Country Codes (CLI) 831

C H A P T E R 1 1 6 Optimizing RFID Tracking on Access Points 833

Information About Optimizing RFID Tracking on Access Points 833

Optimizing RFID Tracking on Access Points (GUI) 833

Optimizing RFID Tracking on Access Points (CLI) 834

C H A P T E R 1 1 7 Configuring Probe Request Forwarding 835

Information About Configuring Probe Request Forwarding 835

Configuring Probe Request Forwarding (CLI) 835

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxviii OL-30339-01

Contents

C H A P T E R 1 1 8 Retrieving the Unique Device Identifier on Controllers and Access Points 837

Information About Retrieving the Unique Device Identifier on Controllers and Access

Points 837

Retrieving the Unique Device Identifier on Controllers and Access Points (GUI) 837

Retrieving the Unique Device Identifier on Controllers and Access Points (CLI) 838

C H A P T E R 1 1 9 Performing a Link Test 839

Information About Performing a Link Test 839

Performing a Link Test (GUI) 840

Performing a Link Test (CLI) 840

C H A P T E R 1 2 0 Configuring Link Latency 843

Information About Configuring Link Latency 843

Restrictions for Link Latency 844

Configuring Link Latency (GUI) 844

Configuring Link Latency (CLI) 844

C H A P T E R 1 2 1 Configuring the TCP MSS 847

Information About Configuring the TCP MSS 847

Configuring TCP MSS (GUI) 847

Configuring TCP MSS (CLI) 848

C H A P T E R 1 2 2 Configuring Power Over Ethernet 849

Information About Configuring Power over Ethernet 849

Configuring Power over Ethernet (GUI) 851

Configuring Power over Ethernet (CLI) 852

C H A P T E R 1 2 3 Viewing Clients 855

Viewing Clients (GUI) 855

Viewing Clients (CLI) 856

C H A P T E R 1 2 4 Configuring LED States for Access Points 857

Configuring LED States 857

Information About Configuring LED States for Access Points 857

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxix

Contents

Configuring the LED State for Access Points in a Network Globally (GUI) 857

Configuring the LED State for Access Point in a Network Globally (CLI) 857

Configuring LED State on a Specific Access Point (GUI) 858

Configuring LED State on a Specific Access Point (CLI) 858

Configuring Flashing LEDs 858

Information About Configuring Flashing LEDs 858

Configuring Flashing LEDs (CLI) 858

C H A P T E R 1 2 5 Configuring Access Points with Dual-Band Radios 861

Configuring Access Points with Dual-Band Radios (GUI) 861

Configuring Access Points with Dual-Band Radios (CLI) 862

P A R T V I I Radio Resource Management 863

C H A P T E R 1 2 6 Configuring RRM 865

Information About Radio Resource Management 865

Radio Resource Monitoring 866

Transmit Power Control 866

Overriding the TPC Algorithm with Minimum and Maximum Transmit Power

Settings 867

Dynamic Channel Assignment 867

Coverage Hole Detection and Correction 869

Benefits of RRM 869

Information About Configuring RRM 869

Restrictions for Configuring RRM 869

Configuring the RF Group Mode (GUI) 870

Configuring the RF Group Mode (CLI) 871

Configuring Transmit Power Control (GUI) 871

Configuring Off-Channel Scanning Defer 873

Information About Off-Channel Scanning Defer 873

Configuring Off-Channel Scanning Defer for WLANs 873

Configuring Off-Channel Scanning Defer for a WLAN (GUI) 873

Configuring Off Channel Scanning Defer for a WLAN (CLI) 874

Configuring Dynamic Channel Assignment (GUI) 874

Configuring Coverage Hole Detection (GUI) 877

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xl OL-30339-01

Contents

Configuring RRM Profile Thresholds, Monitoring Channels, and Monitor Intervals

(GUI) 878

Configuring RRM (CLI) 879

Viewing RRM Settings (CLI) 883

Debug RRM Issues (CLI) 884

C H A P T E R 1 2 7 Configuring RRM Neighbor Discovery Packets 885

Information About RRM NDP and RF Grouping 885

Configuring RRM NDP (CLI) 885

C H A P T E R 1 2 8 Configuring RF Groups 887

Information About RF Groups 887

RF Group Leader 888

RF Group Name 889

Controllers and APs in RF Groups 889

Configuring RF Groups 890

Configuring an RF Group Name (GUI) 890

Configuring an RF Group Name (CLI) 890

Viewing the RF Group Status 891

Viewing the RF Group Status (GUI) 891

Viewing the RF Group Status (CLI) 891

Configuring Rogue Access Point Detection in RF Groups 892

Information About Rogue Access Point Detection in RF Groups 892

Configuring Rogue Access Point Detection in RF Groups 892

Enabling Rogue Access Point Detection in RF Groups (GUI) 892

Configuring Rogue Access Point Detection in RF Groups (CLI) 893

C H A P T E R 1 2 9 Overriding RRM 895

Information About Overriding RRM 895

Prerequisites for Overriding RRM 895

Statically Assigning Channel and Transmit Power Settings to Access Point Radios 896

Statically Assigning Channel and Transmit Power Settings (GUI) 896

Statically Assigning Channel and Transmit Power Settings (CLI) 897

Disabling Dynamic Channel and Power Assignment Globally for a Cisco Wireless LAN

Controller 900

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xli

Contents

Disabling Dynamic Channel and Power Assignment (GUI) 900

Disabling Dynamic Channel and Power Assignment (CLI) 901

C H A P T E R 1 3 0 Configuring CCX Radio Management Features 903

Information About CCX Radio Management Features 903

Radio Measurement Requests 903

Location Calibration 904

Configuring CCX Radio Management 904

Configuring CCX Radio Management (GUI) 904

Configuring CCX Radio Management (CLI) 905

Viewing CCX Radio Management Information (CLI) 905

Debugging CCX Radio Management Issues (CLI) 906

P A R T V I I I Cisco CleanAir 907

C H A P T E R 1 3 1 Information About CleanAir 909

Information About CleanAir 909

Role of the Cisco Wireless LAN Controller in a Cisco CleanAir System 910

Interference Types that Cisco CleanAir Can Detect 910

Persistent Devices 911

Persistent Devices Detection 911

Persistent Devices Propagation 911

Detecting Interferers by an Access Point 912

C H A P T E R 1 3 2 Prerequisites and Restrictions for CleanAir 913

Prerequisites for CleanAir 913

Restrictions for CleanAir 914

C H A P T E R 1 3 3 Cisco CleanAir 915

Configuring Cisco CleanAir on the Controller 915

Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI) 915

Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (CLI) 917

Configuring Cisco CleanAir on an Access Point 921

Configuring Cisco CleanAir on an Access Point (GUI) 921

Configuring Cisco CleanAir on an Access Point (CLI) 922

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlii OL-30339-01

Contents

C H A P T E R 1 3 4 Monitoring the Interference Devices 923

Prerequisites for Monitoring the Interference Devices 923

Monitoring the Interference Device (GUI) 923

Monitoring the Interference Device (CLI) 925

Detecting Interferers by an Access Point 925

Detecting Interferers by Device Type 925

Detecting Persistent Sources of Interference 925

Monitoring Persistent Devices (GUI) 926

Monitoring Persistent Devices (CLI) 926

Monitoring the Air Quality of Radio Bands 927

Monitoring the Air Quality of Radio Bands (GUI) 927

Monitoring the Air Quality of Radio Bands (CLI) 927

Viewing a Summary of the Air Quality 927

Viewing Air Quality for all Access Points on a Radio Band 927

Viewing Air Quality for an Access Point on a Radio Band 927

Monitoring the Worst Air Quality of Radio Bands (GUI) 928

Monitoring the Worst Air Quality of Radio Bands (CLI) 928

Viewing a Summary of the Air Quality (CLI) 928

Viewing the Worst Air Quality Information for all Access Points on a Radio Band

(CLI) 928

Viewing the Air Quality for an Access Point on a Radio Band (CLI) 928

Viewing the Air Quality for an Access Point by Device Type (CLI) 929

Detecting Persistent Sources of Interference (CLI) 929

C H A P T E R 1 3 5 Configuring a Spectrum Expert Connection 931

Information About Spectrum Expert Connection 931

Configuring Spectrum Expert (GUI) 931

P A R T I X FlexConnect 935

C H A P T E R 1 3 6 FlexConnect 937

Information About FlexConnect 937

FlexConnect Authentication Process 938

Restrictions on FlexConnect 942

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xliii

Contents

Configuring FlexConnect 944

Configuring the Switch at a Remote Site 944

Configuring the Controller for FlexConnect 945

Configuring the Controller for FlexConnect for a Centrally SwitchedWLANUsed

for Guest Access 946

Configuring the Controller for FlexConnect (GUI) 946

Configuring the Controller for FlexConnect (CLI) 948

Configuring an Access Point for FlexConnect 950

Configuring an Access Point for FlexConnect (GUI) 950

Configuring an Access Point for FlexConnect (CLI) 952

Configuring an Access Point for Local Authentication on a WLAN (GUI) 954

Configuring an Access Point for Local Authentication on a WLAN (CLI) 954

Connecting Client Devices to WLANs 955

C H A P T E R 1 3 7 Configuring FlexConnect ACLs 957

Information About Access Control Lists 957

Restrictions for FlexConnect ACLs 957

Configuring FlexConnect ACLs (GUI) 958

Configuring FlexConnect ACLs (CLI) 960

Viewing and Debugging FlexConnect ACLs (CLI) 961

C H A P T E R 1 3 8 Configuring FlexConnect Groups 963

Information About FlexConnect Groups 963

FlexConnect Groups and Backup RADIUS Servers 964

FlexConnect Groups and CCKM 964

FlexConnect Groups and Opportunistic Key Caching 965

FlexConnect Groups and Local Authentication 965

Configuring FlexConnect Groups 966

Configuring FlexConnect Groups (GUI) 966

Configuring FlexConnect Groups (CLI) 969

Configuring VLAN-ACL Mapping on FlexConnect Groups 971

Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) 971

Configuring VLAN-ACL Mapping on FlexConnect Groups (CLI) 971

Viewing VLAN-ACL Mappings (CLI) 971

Configuring WLAN-VLAN Mappings on FlexConnect Groups 972

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xliv OL-30339-01

Contents

Configuring WLAN-VLAN Mapping on FlexConnect Groups (GUI) 972

Configuring WLAN-VLAN Mapping on FlexConnect Groups (CLI) 973

C H A P T E R 1 3 9 Configuring AAA Overrides for FlexConnect 975

Information About Authentication, Authorization, Accounting Overrides 975

Restrictions for AAA Overrides for FlexConnect 976

Configuring AAA Overrides for FlexConnect on an Access Point (GUI) 977

Configuring VLAN Overrides for FlexConnect on an Access Point (CLI) 978

C H A P T E R 1 4 0 Configuring FlexConnect AP Upgrades for FlexConnect APs 979

Information About FlexConnect AP Upgrades 979

Restrictions for FlexConnect AP Upgrades for FlexConnect Access Points 979

Configuring FlexConnect AP Upgrades (GUI) 980

Configuring FlexConnect AP Upgrades (CLI) 980

P A R T X Mobility Groups 981

C H A P T E R 1 4 1 Mobility Groups 983

Information About Mobility 983

Information About Mobility Groups 987

Messaging Among Mobility Groups 989

Using Mobility Groups with NAT Devices 990

Prerequisites for Configuring Mobility Groups 990

Configuring Mobility Groups (GUI) 992

Configuring Mobility Groups (CLI) 994

C H A P T E R 1 4 2 Viewing Mobility Group Statistics 997

Viewing Mobility Group Statistics (GUI) 997

Viewing Mobility Group Statistics (CLI) 998

C H A P T E R 1 4 3 Configuring Auto-Anchor Mobility 999

Information About Auto-Anchor Mobility 999

Restrictions on Auto-Anchor Mobility 1000

Configuring Auto-Anchor Mobility (GUI) 1001

Configuring Auto-Anchor Mobility (CLI) 1001

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlv

Contents

C H A P T E R 1 4 4 Validating WLANMobility Security Values 1005

Information About WLAN Mobility Security Values 1005

C H A P T E R 1 4 5 Using Symmetric Mobility Tunneling 1007

Information About Symmetric Mobility Tunneling 1007

Guidelines and Limitations 1008

Verifying Symmetric Mobility Tunneling (GUI) 1008

Verifying if Symmetric Mobility Tunneling is Enabled (CLI) 1008

C H A P T E R 1 4 6 Running Mobility Ping Tests 1009

Information About Mobility Ping Tests 1009

Guidelines and Limitations 1009

Running Mobility Ping Tests (CLI) 1010

C H A P T E R 1 4 7 Configuring Dynamic Anchoring for Clients with Static IP Addresses 1011

Information About Dynamic Anchoring for Clients with Static IP 1011

How Dynamic Anchoring of Static IP Clients Works 1011

Restrictions on Dynamic Anchoring for Clients With Static IP Addresses 1012

Configuring Dynamic Anchoring of Static IP Clients (GUI) 1013

Configuring Dynamic Anchoring of Static IP Clients (CLI) 1013

C H A P T E R 1 4 8 Configuring Foreign Mappings 1015

Information About Foreign Mappings 1015

Configuring Foreign Controller MAC Mapping (GUI) 1015

Configuring Foreign Controller MAC Mapping (CLI) 1015

C H A P T E R 1 4 9 Configuring Proxy Mobile IPv6 1017

Information About Proxy Mobile IPv6 1017

Restrictions on Proxy Mobile IPv6 1018

Configuring Proxy Mobile IPv6 (GUI) 1018

Configuring Proxy Mobile IPv6 (CLI) 1020

C H A P T E R 1 5 0 Configuring New Mobility 1023

Information About New Mobility 1023

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlvi OL-30339-01

Contents

Restrictions for New Mobility 1023

Configuring New Mobility (GUI) 1024

Configuring New Mobility (CLI) 1025

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlvii

Contents

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlviii OL-30339-01

Contents

Preface

This preface describes the audience, organization, and conventions of this document. It also providesinformation on how to obtain other documentation. This chapter includes the following sections:

Audience, page xlix

Conventions, page xlix

Related Documentation, page l

Obtaining Documentation and Submitting a Service Request, page li

AudienceThis publication is for experienced network administrators who configure and maintain Cisco wireless LANcontrollers and Cisco lightweight access points.

ConventionsThis document uses the following conventions:

Table 1: Conventions

IndicationConvention

Commands and keywords and user-entered text appear in bold font.bold font

Document titles, new or emphasized terms, and arguments for which you supplyvalues are in italic font.

italic font

Elements in square brackets are optional.[ ]

Required alternative keywords are grouped in braces and separated by verticalbars.

{x | y | z }

Optional alternative keywords are grouped in brackets and separated by verticalbars.

[ x | y | z ]

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlix

IndicationConvention

A nonquoted set of characters. Do not use quotation marks around the string orthe string will include the quotation marks.

string

Terminal sessions and information the system displays appear in courier font.courier font

Nonprinting characters such as passwords are in angle brackets.

Default responses to system prompts are in square brackets.[]

An exclamation point (!) or a pound sign (#) at the beginning of a line of codeindicates a comment line.

!, #

Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.

Note

Means the following information will help you solve a problem.Tip

Means reader be careful. In this situation, you might perform an action that could result in equipmentdamage or loss of data.

Caution

Related DocumentationThese documents provide complete information about Cisco Wireless:

Cisco Wireless Controller configuration guides:

http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-installation-and-configuration-guides-list.html

Cisco Wireless Controller command references:

http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-command-reference-list.html

Cisco Wireless Controller System Message Guide:

http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-system-message-guides-list.html

Release Notes for Cisco Wireless Controllers and Lightweight Access Points:

http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-release-notes-list.html

Cisco Wireless Mesh Access Points, Design and Deployment Guide:

Cisco Wireless LAN Controller Configuration Guide, Release 7.6l OL-30339-01

PrefaceRelated Documentation

http://www.cisco.com/c/en/us/support/wireless/aironet-1550-series/products-implementation-design-guides-list.html

Cisco Prime Infrastructure documentation:

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/tsd-products-support-series-home.html

Cisco Mobility Services Engine documentation:

http://www.cisco.com/c/en/us/support/wireless/mobility-services-engine/tsd-products-support-series-home.html

Click this link to access user documentation pertaining to Cisco Wireless solution:

http://www.cisco.com/cisco/web/psa/default.html?mode=prod

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, seeWhat's New in Cisco Product Documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.

Subscribe toWhat's New in Cisco Product Documentation, which lists all new and revised Cisco technicaldocumentation as an RSS feed and delivers content directly to your desktop using a reader application. TheRSS feeds are a free service.

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 li

PrefaceObtaining Documentation and Submitting a Service Request

Cisco Wireless LAN Controller Configuration Guide, Release 7.6lii OL-30339-01

PrefaceObtaining Documentation and Submitting a Service Request

P A R T ISystem Management Overview, page 3

Getting Started, page 15

Managing Licenses, page 55

Configuring 802.11 Bands, page 73

Configuring 802.11 Parameters, page 81

Configuring DHCP Proxy, page 89

Configuring SNMP, page 93

Configuring Aggressive Load Balancing, page 99

Configuring Fast SSID Changing, page 103

Configuring 802.3 Bridging, page 105

Configuring Multicast, page 107

Configuring Client Roaming, page 123

Configuring IP-MAC Address Binding, page 129

Configuring Quality of Service, page 131

Configuring Application Visibility and Control, page 139

Configuring Media and EDCA Parameters, page 147

Configuring the Cisco Discovery Protocol, page 167

Configuring Authentication for the Controller and NTP Server, page 175

Configuring RFID Tag Tracking, page 177

Resetting the Controller to Default Settings, page 181

Managing Controller Software and Configurations, page 183

Managing User Accounts, page 215

Managing Web Authentication, page 225

Configuring Wired Guest Access, page 247

Troubleshooting, page 255

C H A P T E R 1Overview

Cisco Wireless Overview, page 3

Operating System Software, page 6

Operating System Security, page 6

Layer 2 and Layer 3 Operation, page 7

Cisco Wireless LAN Controllers, page 8

Controller Platforms, page 8

Cisco UWN Solution WLANs, page 11

File Transfers, page 11

Power over Ethernet, page 11

Cisco Wireless LAN Controller Memory, page 12

Cisco Wireless LAN Controller Failover Protection, page 12

Cisco Wireless OverviewCisco Wireless is designed to provide 802.11 wireless networking solutions for enterprises and serviceproviders. CiscoWireless simplifies deploying and managing large-scale wireless LANs and enables a uniquebest-in-class security infrastructure. The operating systemmanages all data client, communications, and systemadministration functions, performs radio resource management (RRM) functions, manages system-widemobility policies using the operating system security solution, and coordinates all security functions usingthe operating system security framework.

Cisco Wireless solution consists of Cisco wireless LAN controllers and their associated lightweight accesspoints controlled by the operating system, all concurrently managed by any or all of the operating system userinterfaces:

An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco wireless LAN controllerscan be used to configure and monitor individual controllers.

A full-featured command-line interface (CLI) can be used to configure and monitor individual Ciscowireless LAN controllers.

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 3

The Cisco Prime Infrastructure, which you use to configure and monitor one or more Cisco wirelessLAN controllers and associated access points. The Prime Infrastructure has tools to facilitate large-systemmonitoring and control. For more information about Cisco Prime Infrastructure, see http://www.cisco.com/en/US/products/ps12239/tsd_products_support_series_home.html.

An industry-standard SNMPV1, V2c, andV3 interface can be usedwith any SNMP-compliant third-partynetwork management system.

The Cisco Wireless solution supports client data services, client monitoring and control, and all rogue accesspoint detection, monitoring, and containment functions. It uses lightweight access points, Cisco wireless LANcontrollers, and the optional Cisco Prime Infrastructure to provide wireless services to enterprises and serviceproviders.

Unless otherwise noted in this publication, all of the Cisco wireless LAN controllers are referred to ascontrollers, and all of the Cisco lightweight access points are referred to as access points.

Note

Single-Controller DeploymentsA standalone controller can support lightweight access points across multiple floors and buildingssimultaneously and support the following features:

Autodetecting and autoconfiguring lightweight access points as they are added to the network.

Full control of lightweight access points.

Lightweight access points connect to controllers through the network. The network equipment may ormay not provide Power over Ethernet (PoE) to the access points.

Some controllers use redundant Gigabit Ethernet connections to bypass single network failures.

Some controllers can connect through multiple physical ports to multiple subnets in the network. Thisfeature can be helpful when you want to confine multiple VLANs to separate subnets.

Note

Cisco Wireless LAN Controller Configuration Guide, Release 7.64 OL-30339-01

Cisco Wireless Overview

This figure shows a typical single-controller deployment.

Figure 1: Single-Controller Deployment

Multiple-Controller DeploymentsEach controller can support lightweight access points across multiple floors and buildings simultaneously.However, full functionality of the Cisco wireless LAN solution occurs when it includes multiple controllers.A multiple-controller system has the following additional features:

Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.

Same-subnet (Layer 2) roaming and inter-subnet (Layer 3) roaming.