wlc configuration
DESCRIPTION
Wireless Lan ControllerTRANSCRIPT
-
Cisco Wireless LAN Controller Configuration Guide, Release 7.3First Published: August 28, 2012
Last Modified: July 08, 2013
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-27510-01
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)
2012 Cisco Systems, Inc. All rights reserved.
-
C O N T E N T S
P r e f a c e Preface xlvii
Audience xlvii
Conventions xlvii
Related Documentation xlviii
Obtaining Documentation and Submitting a Service Request xlix
C H A P T E R 1 Overview 1
Cisco Wireless Overview 1
Single-Controller Deployments 2
Multiple-Controller Deployments 3
Operating System Software 4
Operating System Security 4
Layer 2 and Layer 3 Operation 5
Operational Requirements 5
Configuration Requirements 5
Cisco Wireless LAN Controllers 6
Client Location 6
Controller Platforms 6
Cisco 2500 Series Controllers 7
Cisco 5500 Series Controller 7
Cisco Flex 7500 Series Controllers 7
Cisco 8500 Series Controllers 8
Cisco Virtual Wireless LAN Controllers 8
Cisco Wireless Services Module 2 9
Cisco Wireless Controller on Cisco Services-Ready Engine (SRE) 9
Cisco UWN Solution WLANs 9
File Transfers 9
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 iii
-
Power over Ethernet 10
Cisco Wireless LAN Controller Memory 10
Cisco Wireless LAN Controller Failover Protection 10
C H A P T E R 2 Using the Web-Browser and CLI Interfaces 13
Configuring the Controller Using the Configuration Wizard 13
Connecting the Console Port of the Controller 14
Configuring the Controller (GUI) 14
Configuring the ControllerUsing the CLI Configuration Wizard 25
Using the Controller Web GUI 27
Guidelines and Limitations 28
Logging On to the Web GUI 28
Logging out of the GUI 29
Enabling Web and Secure Web Modes 29
Enabling Web and Secure Web Modes (GUI) 29
Enabling Web and Secure Web Modes (CLI) 30
Loading an Externally Generated SSL Certificate 31
Information About Externally Generated SSL Certificates 31
Loading an SSL Certificate (GUI) 32
Loading an SSL Certificate (CLI) 33
Using the Controller CLI 34
Logging on to the Controller CLI 34
Guidelines and Limitations 34
Using a Local Serial Connection 35
Using a Remote Ethernet Connection 35
Logging Out of the CLI 36
Navigating the CLI 36
Using the AutoInstall Feature for Controllers Without a Configuration 37
Information About the AutoInstall Feature 37
Guidelines and Limitations 38
Obtaining an IP Address Through DHCP and Downloading a Configuration File from a
TFTP Server 38
Selecting a Configuration File 39
Example: AutoInstall Operation 40
Managing the Controller System Date and Time 41
Cisco Wireless LAN Controller Configuration Guide, Release 7.3iv OL-27510-01
Contents
-
Information About Controller System Date and Time 41
Guidelines and Limitations 41
Configuring an NTP Server to Obtain the Date and Time 41
Configuring NTP Authentication (GUI) 42
Configuring NTP Authentication (CLI) 42
Configuring the Date and Time (GUI) 43
Configuring the Date and Time (CLI) 44
Configuring Telnet and Secure Shell Sessions 46
Information About Telnet and SSH 46
Restrictions for Telnet and SSH 46
Configuring Telnet and SSH Sessions (GUI) 46
Configuring Telnet and SSH Sessions (CLI) 47
Troubleshooting Access Points Using Telnet or SSH_old 49
Troubleshooting Access Points Using Telnet or SSH (GUI) 49
Troubleshooting Access Points Using Telnet or SSH (CLI) 49
Managing the Controller Wirelessly 50
Enabling Wireless Connections (GUI) 50
Enabling Wireless Connections (CLI) 51
C H A P T E R 3 Configuring Ports and Interfaces 53
Overview of Ports and Interfaces 54
Information About Ports 54
Information About Distribution System Ports 54
Restrictions for Configuring Distribution System Ports 55
Information About Service Port 55
Information About Interfaces 56
Restrictions for Configuring Interfaces 57
Configuring the Management Interface 57
Information About the Management Interface 57
Configuring the Management Interface (GUI) 57
Configuring the Management Interface (CLI) 59
Configuring the AP-Manager Interface 60
Information the About AP-Manager Interface 60
Guidelines and Limitations 60
Configuring the AP-Manager Interface (GUI) 61
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 v
Contents
-
Configuring the AP Manager Interface (CLI) 61
Configuring Virtual Interfaces 62
Information About the Virtual Interface 62
Configuring Virtual Interfaces (GUI) 63
Configuring Virtual Interfaces (CLI) 63
Configuring Service-Port Interfaces 64
Information About Service-Port Interfaces 64
Restrictions for Configuring Service-Port Interfaces 64
Configuring Service-Port Interfaces (GUI) 64
Configuring Service-Port Interfaces (CLI) 64
Configuring Dynamic Interfaces 65
Information About Dynamic Interface 65
Guidelines and Limitations 66
Configuring Dynamic Interfaces (GUI) 66
Configuring Dynamic Interfaces (CLI) 67
Information About Dynamic AP Management 69
Information About WLANs 70
Configuring Ports (GUI) 71
Configuring Port Mirroring 72
Information About Port Mirroring 72
Guidelines and Limitations 72
Enabling Port Mirroring (GUI) 73
Using the Cisco 5500 Series Controller USB Console Port 73
USB Console OS Compatibility 73
Changing the Cisco USB Systems Management Console COM Port to an Unused Port 74
Choosing Between Link Aggregation and Multiple AP-Manager Interfaces 74
Configuring Link Aggregation 75
Information About Link Aggregation 75
Restrictions for Link Aggregation 75
Enabling Link Aggregation (GUI) 77
Enabling Link Aggregation (CLI) 77
Verifying Link Aggregation Settings (CLI) 77
Configuring Neighbor Devices to Support Link Aggregation 78
Configuring Multiple AP-Manager Interfaces 78
Information About Multiple AP-Manager Interfaces 78
Cisco Wireless LAN Controller Configuration Guide, Release 7.3vi OL-27510-01
Contents
-
Guidelines and Limitations 78
Creating Multiple AP-Manager Interfaces (GUI) 79
Creating Multiple AP-Manager Interfaces (CLI) 79
Configuration Example: Configuring AP-Manager on a Cisco 5500 Series Controller 80
Configuring VLAN Select 82
Information About VLAN Select 82
Restrictions for Configuring VLAN Select 83
Configuring Interface Groups 83
Information About Interface Groups 83
Creating Interface Groups (GUI) 83
Creating Interface Groups (CLI) 84
Adding Interfaces to Interface Groups (GUI) 84
Adding Interfaces to Interface Groups (CLI) 84
Viewing VLANs in Interface Groups (CLI) 84
Adding an Interface Group to a WLAN (GUI) 85
Adding an Interface Group to a WLAN (CLI) 85
Configuring Multicast Optimization 85
Information About Multicast Optimization 85
Configuring a Multicast VLAN (GUI) 86
Configuring a Multicast VLAN (CLI) 86
C H A P T E R 4 Configuring Controller Settings 87
Installing and Configuring Licenses 88
Information About Installing and Configuring Licenses 88
Restrictions for Using Licenses 89
Obtaining an Upgrade or Capacity Adder License 89
Information About Obtaining an Upgrade or Capacity Adder License 89
Obtaining and Registering a PAK Certificate 90
Installing a License 91
Installing a License (GUI) 91
Installing a License (CLI) 92
Viewing Licenses 92
Viewing Licenses (GUI) 92
Viewing Licenses (CLI) 93
Troubleshooting Licensing Issues 95
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 vii
Contents
-
Activating an AP-Count Evaluation License 96
Information About Activating an AP-Count Evaluation License 96
Activating an AP-Count Evaluation License (GUI) 96
Activating an AP-Count Evaluation License (CLI) 97
Configuring Right to Use Licensing 98
Information About Right to Use Licensing 98
Configuring Right to Use Licensing (GUI) 99
Configuring Right to Use Licensing (CLI) 99
Rehosting Licenses 100
Information About Rehosting Licenses 100
Rehosting a License 101
Rehosting a License (GUI) 101
Rehosting a License (CLI) 102
Transferring Licenses to a Replacement Controller after an RMA 103
Information About Transferring Licenses to a Replacement Controller after an
RMA 103
Transferring a License to a Replacement Controller after an RMA 104
Configuring the License Agent 104
Information About Configuring the License Agent 104
Configuring the License Agent (GUI) 105
Configuring the License Agent (CLI) 105
Configuring 802.11 Bands 106
Information About Configuring 802.11 Bands 106
Configuring the 802.11 Bands (GUI) 107
Configuring the 802.11 Bands (CLI) 108
Configuring 802.11n Parameters 110
Information About Configuring the 802.11n Parameters 110
Configuring the 802.11n Parameters (GUI) 110
Configuring the 802.11n Parameters (CLI) 111
Additional References 113
Configuring 802.11h Parameters 113
Information About Configuring 802.11h Parameters 113
Configuring the 802.11h Parameters (GUI) 113
Configuring the 802.11h Parameters (CLI) 114
Configuring DHCP Proxy 114
Cisco Wireless LAN Controller Configuration Guide, Release 7.3viii OL-27510-01
Contents
-
Information About Configuring DHCP Proxy 114
Restrictions on Using DHCP Proxy 115
Configuring DHCP Proxy 115
Configuring DHCP Proxy (GUI) 115
Configuring DHCP Proxy (CLI) 115
Configuring a DHCP Timeout (GUI) 116
Configuring a DHCP Timeout (CLI) 116
Configuring Administrator Usernames and Passwords 116
Information About Configuring Administrator Usernames and Passwords 116
Configuring Usernames and Passwords 116
Configuring Usernames and Passwords (GUI) 116
Configuring Usernames and Passwords (CLI) 117
Restoring Passwords 117
Configuring SNMP 118
Configuring SNMP (CLI) 118
SNMP Community Strings 119
Changing the SNMP Community String Default Values (GUI) 120
Changing the SNMP Community String Default Values (CLI) 120
Changing the Default Values for SNMP v3 Users 121
Information About Changing the Default Values for SNMP v3 Users 121
Changing the SNMP v3 User Default Values (GUI) 121
Changing the SNMP v3 User Default Values (CLI) 122
Configuring Aggressive Load Balancing 122
Information About Configuring Aggressive Load Balancing 122
Configuring Aggressive Load Balancing 123
Configuring Aggressive Load Balancing (GUI) 123
Configuring Aggressive Load Balancing (CLI) 124
Configuring Band Selection 124
Information About Configuring Band Selection 124
Restrictions on Band Selection 125
Configuring Band Selection 126
Configuring Band Selection (GUI) 126
Configuring Band Selection (CLI) 126
Configuring Fast SSID Changing 127
Information About Configuring Fast SSID Changing 127
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 ix
Contents
-
Configuring Fast SSID 128
Configuring Fast SSID Changing (GUI) 128
Configuring Fast SSID Changing (CLI) 128
Enabling 802.3X Flow Control 128
Configuring 802.3 Bridging 128
Information About Configuring 802.3 Bridging 128
Restrictions on 802.3 Bridging 129
Configuring 802.3 Bridging 129
Configuring 802.3 Bridging (GUI) 129
Configuring 802.3 Bridging (CLI) 129
Configuring Multicast Mode 130
Information About Multicast Mode 130
Restrictions for Configuring Multicast Mode 131
Configuring Multicast Mode 132
Enabling Multicast Mode (GUI) 132
Enabling Multicast Mode (CLI) 133
Viewing Multicast Groups (GUI) 134
Viewing Multicast Groups (CLI) 134
Viewing an Access Points Multicast Client Table (CLI) 135
Configuring Client Roaming 135
Information About Client Roaming 135
Inter-Controller Roaming 136
Intra-Controller Roaming 136
Inter-Subnet Roaming 136
Voice-over-IP Telephone Roaming 136
CCX Layer 2 Client Roaming 136
Guidelines and Limitations 137
Configuring CCX Client Roaming Parameters 138
Configuring CCX Client Roaming Parameters (GUI) 138
Configuring CCX Client Roaming Parameters (CLI) 139
Obtaining CCX Client Roaming Information (CLI) 139
Debugging CCX Client Roaming Issues (CLI) 139
Configuring IP-MAC Address Binding 140
Information About Configuring IP-MAC Address Binding 140
Configuring IP-MAC Address Binding 140
Cisco Wireless LAN Controller Configuration Guide, Release 7.3x OL-27510-01
Contents
-
Configuring IP-MAC Address Binding (CLI) 140
Configuring Quality of Service 141
Information About Quality of Service 141
Configuring Quality of Service Profiles 141
Configuring QoS Profiles (GUI) 142
Configuring QoS Profiles (CLI) 143
Configuring Quality of Service Roles 144
Information About Quality of Service Roles 144
Configuring QoS Roles 145
Configuring QoS (GUI) 145
Configuring QoS Roles (CLI) 146
Configuring Voice and Video Parameters 147
Information About Configuring Voice and Video Parameters 147
Call Admission Control 147
Bandwidth-Based CAC 147
Load-Based CAC 148
Expedited Bandwidth Requests 148
U-APSD 149
Traffic Stream Metrics 149
Configuring Voice Parameters (GUI) 150
Configuring Voice Parameters (CLI) 152
Configuring Video Parameters 153
Configuring Video Parameters (GUI) 153
Configuring Video Parameters (CLI) 154
Viewing Voice and Video Settings 155
Viewing Voice and Video Settings (GUI) 155
Viewing Voice and Video Settings (CLI) 156
Configuring SIP Based CAC 159
Restrictions for SIP-Based CAC 159
Configuring SIP-Based CAC (GUI) 159
Configuring SIP-Based CAC (CLI) 160
Configuring Media Parameters 161
Configuring Media Parameters (GUI) 161
Configuring Voice Prioritization Using Preferred Call Numbers 161
Information About Configuring Voice Prioritization Using Preferred Call Numbers 161
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xi
Contents
-
Prerequisites for Configuring Voice Prioritization Using Preferred Call Numbers 162
Configuring a Preferred Call Number 162
Configuring a Preferred Call Number (GUI) 162
Configuring a Preferred Call Number (CLI) 162
Configuring EDCA Parameters 163
Information About EDCA Parameters 163
Configuring EDCA Parameters 163
Configuring EDCA Parameters (GUI) 163
Configuring EDCA Parameters (CLI) 164
Configuring the Cisco Discovery Protocol 165
Information About Configuring the Cisco Discovery Protocol 165
Restrictions for Configuring the Cisco Discovery Protocol 165
Configuring the Cisco Discovery Protocol 167
Configuring the Cisco Discovery Protocol (GUI) 167
Configuring the Cisco Discovery Protocol (CLI) 168
Viewing Cisco Discovery Protocol Information 169
Viewing Cisco Discovery Protocol Information (GUI) 169
Viewing Cisco Discovery Protocol Information (CLI) 171
Getting CDP Debug Information 171
Configuring Authentication for the Controller and NTP Server 172
Information About Configuring Authentication for the Controller and NTP Server 172
Configuring Authentication for the Controller and NTP Server 172
Configuring the NTP Server for Authentication (GUI) 172
Configuring the NTP Server for Authentication (CLI) 172
Configuring RFID Tag Tracking 173
Information About Configuring RFID Tag Tracking 173
Configuring RFID Tag Tracking 174
Configuring RFID Tag Tracking (CLI) 174
Viewing RFID Tag Tracking Information (CLI) 175
Debugging RFID Tag Tracking Issues (CLI) 175
Configuring and Viewing Location Settings 176
Information About Configuring and Viewing Location Settings 176
Synchronizing the Controller and Mobility Services Engine 176
Configuring Location Settings 176
Configuring Location Settings (CLI) 176
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xii OL-27510-01
Contents
-
Viewing Location Settings (CLI) 178
Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues (CLI) 179
Viewing NMSP Settings (CLI) 180
Debugging NMSP Issues 180
Resetting the Controller to Default Settings 181
Information About Resetting the Controller to Default Settings 181
Resetting the Controller to Default Settings 181
Resetting the Controller to Default Settings (GUI) 181
Resetting the Controller to Default Settings (CLI) 182
C H A P T E R 5 Configuring VideoStream 183
Prerequisites for VideoStream 183
Restrictions for Configuring VideoStream 183
Information about VideoStream 183
Configuring VideoStream 184
Configuring VideoStream (GUI) 184
Configuring VideoStream (CLI) 187
Viewing and Debugging Media Streams 188
C H A P T E R 6 Configuring Security Solutions 191
Cisco Unified Wireless Network Solution Security 192
Security Overview 192
Layer 1 Solutions 192
Layer 2 Solutions 192
Restrictions for Layer 2 Solutions 192
Layer 3 Solutions 193
Integrated Security Solutions 193
Configuring RADIUS 193
Information About RADIUS 193
Configuring RADIUS on the ACS 195
Configuring RADIUS (GUI) 196
Configuring RADIUS (CLI) 200
RADIUS Authentication Attributes Sent by the Controller 203
RADIUS Accounting Attributes 206
Configuring TACACS+ 207
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xiii
Contents
-
Information About TACACS+ 207
TACACS+ VSA 209
Configuring TACACS+ on the ACS 210
Configuring TACACS+ (GUI) 212
Configuring TACACS+ (CLI) 213
Viewing the TACACS+ Administration Server Logs 214
Configuring Maximum Local Database Entries 216
Information About Configuring Maximum Local Database Entries 216
Configuring Maximum Local Database Entries (GUI) 217
Configuring Maximum Local Database Entries (CLI) 217
Configuring Local Network Users on the Controller 217
Information About Local Network Users on Controller 217
Configuring Local Network Users for the Controller (GUI) 218
Configuring Local Network Users for the Controller (CLI) 219
Additional References 219
Configuring Password Policies 219
Information About Password Policies 219
Configuring Password Policies (GUI) 220
Configuring Password Policies (CLI) 220
Configuring LDAP 221
Information About LDAP 221
Configuring LDAP (GUI) 221
Configuring LDAP (CLI) 224
Additional References 225
Configuring Local EAP 225
Information About Local EAP 225
Restrictions for Local EAP 227
Configuring Local EAP (GUI) 228
Configuring Local EAP (CLI) 231
Additional References 235
Configuring the System for SpectraLink NetLink Telephones 235
Information About SpectraLink NetLink Telephones 235
Configuring SpectraLink NetLink Phones 236
Enabling Long Preambles (GUI) 236
Enabling Long Preambles (CLI) 236
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xiv OL-27510-01
Contents
-
Configuring Enhanced Distributed Channel Access (CLI) 237
Configuring RADIUS NAC Support 237
Information About RADIUS NAC Support 237
Device Registration 238
Central Web Authentication 238
Local Web Authentication 238
Restrictions for RADIUS NAC Support 239
Configuring RADIUS NAC Support (GUI) 240
Configuring RADIUS NAC Support (CLI) 240
Using Management Over Wireless 240
Information About Management over Wireless 240
Enabling Management over Wireless (GUI) 241
Enabling Management over Wireless (CLI) 241
Using Dynamic Interfaces for Management 241
Information About Using Dynamic Interfaces for Management 241
Configuring Management using Dynamic Interfaces (CLI) 242
Configuring DHCP Option 82 242
Information About DHCP Option 82 242
Restrictions for DHCP Option 82 243
Configuring DHCP Option 82 (GUI) 243
Configuring DHCP Option 82 (CLI) 243
Additional References 244
Configuring and Applying Access Control Lists 244
Information About Access Control Lists 244
Restrictions for Access Control Lists 244
Configuring and Applying Access Control Lists (GUI) 245
Configuring Access Control Lists 245
Applying an Access Control List to an Interface 247
Applying an Access Control List to the Controller CPU 248
Applying an Access Control List to a WLAN 248
Applying a Preauthentication Access Control List to a WLAN 249
Configuring and Applying Access Control Lists (CLI) 249
Configuring Access Control Lists 249
Applying Access Control Lists 250
Configuring Management Frame Protection 250
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xv
Contents
-
Information About Management Frame Protection 250
Restrictions for Management Frame Protection 252
Configuring Management Frame Protection (GUI) 252
Viewing the Management Frame Protection Settings (GUI) 253
Configuring Management Frame Protection (CLI) 253
Viewing the Management Frame Protection Settings (CLI) 253
Debugging Management Frame Protection Issues (CLI) 254
Configuring Client Exclusion Policies 254
Configuring Client Exclusion Policies (GUI) 254
Configuring Client Exclusion Policies (CLI) 255
Configuring Identity Networking 256
Information About Identity Networking 256
RADIUS Attributes Used in Identity Networking 257
Configuring AAA Override 260
Information About AAA Override 260
Restrictions for AAA Override 260
Updating the RADIUS Server Dictionary File for Proper QoS Values 261
Configuring AAA Override (GUI) 262
Configuring AAA Override (CLI) 262
Managing Rogue Devices 262
Information About Rogue Devices 262
Configuring Rogue Detection (GUI) 265
Configuring Rogue Detection (CLI) 266
Classifying Rogue Access Points 269
Information About Classifying Rogue Access Points 269
Restrictions for Classifying Rogue Access Points 271
Configuring Rogue Classification Rules (GUI) 272
Viewing and Classifying Rogue Devices (GUI) 274
Configuring Rogue Classification Rules (CLI) 277
Viewing and Classifying Rogue Devices (CLI) 278
Configuring Cisco TrustSec SXP 280
Information About Cisco TrustSec SXP 280
Restrictions for Cisco TrustSec SXP 281
Configuring Cisco TrustSec SXP (GUI) 282
Creating a New SXP Connection (GUI) 283
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xvi OL-27510-01
Contents
-
Configuring Cisco TrustSec SXP (CLI) 283
Configuring Cisco Intrusion Detection System 284
Information About Cisco Intrusion Detection System 284
Shunned Clients 284
Additional Information 284
Configuring IDS Sensors (GUI) 284
Viewing Shunned Clients (GUI) 285
Configuring IDS Sensors (CLI) 286
Viewing Shunned Clients (CLI) 287
Configuring IDS Signatures 287
Information About IDS Signatures 287
Configuring IDS Signatures (GUI) 289
Uploading or Downloading IDS Signatures 289
Enabling or Disabling IDS Signatures 291
Viewing IDS Signature Events (GUI) 292
Configuring IDS Signatures (CLI) 293
Viewing IDS Signature Events (CLI) 294
Configuring wIPS 295
Information About wIPS 295
Restrictions for wIPS 301
Configuring wIPS on an Access Point (GUI) 301
Configuring wIPS on an Access Point (CLI) 302
Viewing wIPS Information (CLI) 303
Configuring Wi-Fi Direct Client Policy 303
Information About the Wi-Fi Direct Client Policy 303
Restrictions for the Wi-Fi Direct Client Policy 303
Configuring the Wi-Fi Direct Client Policy (GUI) 304
Configuring the Wi-Fi Direct Client Policy (CLI) 304
Monitoring and Troubleshooting the Wi-Fi Direct Client Policy (CLI) 304
Configuring Web Auth Proxy 305
Information About the Web Authentication Proxy 305
Configuring the Web Authentication Proxy (GUI) 306
Configuring the Web Authentication Proxy (CLI) 306
Detecting Active Exploits 307
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xvii
Contents
-
C H A P T E R 7 Working with WLANs 309
Information About WLANs 310
Guidelines and Limitations 310
Creating WLANs 310
Creating and Removing WLANs (GUI) 310
Enabling and Disabling WLANs (GUI) 311
Creating and Deleting WLANs (CLI) 312
Enabling and Disabling WLANs (CLI) 312
Viewing WLANs (CLI) 313
Searching WLANs (GUI) 313
Setting the Client Count per WLAN 314
Information About Setting the Client Count per WLAN 314
Guidelines and Limitations 314
Configuring the Client Count per WLAN (GUI) 314
Configuring the Maximum Number of Clients per WLAN (CLI) 315
Configuring the Maximum Number of Clients for each AP Radio per WLAN (GUI) 315
Configuring the Maximum Number of Clients for each AP Radio per WLAN (CLI) 315
Configuring DHCP 316
Information About the Dynamic Host Configuration Protocol 316
Internal DHCP Servers 316
External DHCP Servers 316
DHCP Assignments 317
Restrictions for Internal DHCP Servers 317
Configuring DHCP (GUI) 317
Configuring DHCP (CLI) 318
Debugging DHCP (CLI) 319
Configuring DHCP Scopes 319
Information About DHCP Scopes 319
Guidelines and Limitations 319
Configuring DHCP Scopes (GUI) 320
Configuring DHCP Scopes (CLI) 320
Configuring MAC Filtering for WLANs 322
Information About MAC Filtering of WLANs 322
Enabling MAC Filtering 322
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xviii OL-27510-01
Contents
-
Configuring Local MAC Filters 322
Information About Local MAC Filters 322
Configuring Local MAC Filters (CLI) 322
Prerequisites for Configuring Local MAC Filters 323
Information About Configuring a Timeout for Disabled Clients 323
Configuring Timeout for Disabled Clients (CLI) 323
Assigning WLANs to Interfaces 323
Configuring the DTIM Period 324
Information About DTIM Period 324
Guidelines and Limitations 324
Configuring the DTIM Period (GUI) 325
Configuring the DTIM Period (CLI) 325
Configuring Peer-to-Peer Blocking 326
Information About Peer-to-Peer Blocking 326
Restrictions for Peer-to-Peer Blocking 326
Configuring Peer-to-Peer Blocking (GUI) 326
Configuring Peer-to-Peer Blocking (CLI) 327
Configuring Layer 2 Security 328
Configuring Static WEP Keys (CLI) 328
Configuring Dynamic 802.1X Keys and Authorization (CLI) 328
Configuring 802.11r BSS Fast Transition 329
Information About 802.11r Fast Transition 329
Restrictions for 802.11r Fast Transition 331
Configuring 802.11r Fast Transition (GUI) 332
Configuring 802.11r Fast Transition (CLI) 333
Troubleshooting 802.11r BSS Fast Transition 333
Configuring MAC Authentication Failover to 802.1X Authentication 334
Configuring MAC Authentication Failover to 802.1x Authentication (GUI) 334
Configuring MAC Authentication Failover to 802.1X Authentication (CLI) 334
Configuring a WLAN for Both Static and Dynamic WEP 334
Information About WLAN for Both Static and Dynamic WEP 334
WPA1 and WPA2 335
Restrictions for Configuring Static and Dynamic WEP 336
Configuring WPA1 +WPA2 336
Configuring WPA1+WPA2 (GUI) 336
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xix
Contents
-
Configuring WPA1+WPA2 (CLI) 337
Configuring Sticky PMKID Caching 338
Information About Sticky Key Caching 338
Restrictions for Sticky Key Caching 338
Configuring Sticky Key Caching (CLI) 338
Configuring CKIP 340
Information About CKIP 340
Configuring CKIP (GUI) 341
Configuring CKIP (CLI) 341
Configuring a Session Timeout 342
Information About Session Timeouts 342
Configuring Session Timeouts 342
Configuring a Session Timeout (GUI) 342
Configuring a Session Timeout (CLI) 343
Configuring Layer 3 Security Using VPN Passthrough 343
Information About VPN Passthrough 343
Restrictions for Layer 3 Security Using VPN Passthrough 343
Configuring VPN Passthrough 344
Configuring VPN Passthrough (GUI) 344
Configuring VPN Passthrough (CLI) 344
Configuring Layer 3 Security Using Web Authentication 344
Information About Web Authentication 344
Prerequisites for Configuring Web Authentication on a WLAN 344
Additional Information 345
Configuring Web Authentication 345
Configuring Web Authentication (GUI) 345
Configuring Web Authentication (CLI) 346
Configuring Captive Bypassing 346
Information About Captive Bypassing 346
Configuring Captive Bypassing (CLI) 347
Configuring a Fallback Policy with MAC Filtering and Web Authentication 347
Information About Fallback Policy with MAC Filtering and Web Authentication 347
Configuring a Fallback Policy with MAC Filtering and Web Authentication (GUI) 347
Configuring a Fallback Policy with MAC Filtering and Web Authentication (CLI) 348
Assigning a QoS Profile to a WLAN 349
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xx OL-27510-01
Contents
-
Information About QoS Profiles 349
Assigning a QoS Profile to a WLAN (GUI) 350
Assigning a QoS Profile to a WLAN (CLI) 351
Configuring QoS Enhanced BSS 352
Information About QoS Enhanced BSS 352
Restrictions for QoS Enhanced BSS 352
Additional Information 353
Configuring QBSS (GUI) 353
Configuring QBSS (CLI) 353
Configuring Media Session Snooping and Reporting 354
Information About Media Session Snooping and Reporting 354
Restrictions for Media Session Snooping and Reporting 355
Configuring Media Session Snooping (GUI) 355
Configuring Media Session Snooping (CLI) 355
Configuring Key Telephone System-Based CAC 359
Information About Key Telephone System-Based CAC 359
Restrictions for Key Telephone System-Based CAC 359
Configuring KTS-based CAC (GUI) 360
Configuring KTS-based CAC (CLI) 360
Related Commands 361
Configuring Reanchoring of Roaming Voice Clients 361
Information About Reanchoring of Roaming Voice Clients 361
Restrictions for Configuring Reanchoring of Roaming Voice Clients 362
Configuring Reanchoring of Roaming Voice Clients (GUI) 362
Configuring Reanchoring of Roaming Voice Clients (CLI) 362
Configuring Seamless IPv6 Mobility 363
Information About IPv6 Mobility 363
Prerequisites for Configuring IPv6 Mobility 363
Configuring RA Gaurd for IPv6 Clients 364
Information About RA Guard 364
Configuring RA Guard (GUI) 364
Configuring RA Guard (CLI) 364
Configuring RA Throttling for IPv6 Clients 364
Information about RA Throttling 364
Configuring RA Throttling (GUI) 365
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxi
Contents
-
Configuring the RA Throttle Policy (CLI) 365
Configuring IPv6 Neighbor Discovery Caching 366
Information About IPv6 Neighbor Discovery 366
Configuring Neighbor Binding (GUI) 366
Configuring Neighbor Binding (CLI) 366
Configuring Cisco Client Extensions 367
Information About Cisco Client Extensions 367
Prerequisites for Configuring Cisco Client Extensions 367
Configuring CCX Aironet IEs (GUI) 367
Viewing a Clients CCX Version (GUI) 368
Configuring CCX Aironet IEs (CLI) 368
Viewing a Clients CCX Version (CLI) 368
Configuring Remote LANs 368
Information About Remote LANs 368
Restrictions for Configuring Remote LANs 368
Configuring Remote LANs 369
Configuring a Remote LAN (GUI) 369
Configuring a Remote LAN (CLI) 369
Configuring AP Groups 370
Information About Access Point Groups 370
AP Groups Supported on Controller Platforms 371
Configuring Access Point Groups 372
Creating Access Point Groups (GUI) 372
Creating Access Point Groups (CLI) 373
Viewing Access Point Groups (CLI) 374
Configuring RF Profiles 375
Information About RF Profiles 375
Prerequisites for Configuring RF Profiles 377
Configuring an RF Profile (GUI) 377
Configuring an RF Profile (CLI) 378
Applying an RF Profile to AP Groups (GUI) 379
Applying RF Profiles to AP Groups (CLI) 380
Configuring Web Redirect with 802.1X Authentication 380
Information About Web Redirect with 802.1X Authentication 380
Conditional Web Redirect 380
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxii OL-27510-01
Contents
-
Splash Page Web Redirect 381
Configuring the RADIUS Server (GUI) 381
Configuring Web Redirect 382
Configuring Web Redirect (GUI) 382
Configuring Web Redirect (CLI) 382
Disabling Accounting Servers per WLAN (GUI) 383
Disabling Coverage Hole Detection per WLAN 383
Disabling Coverage Hole Detection on a WLAN (GUI) 384
Disabling Coverage Hole Detection on a WLAN (CLI) 384
Configuring NAC Out-of-Band Integration 385
Information About NAC Out-of-Band Integration 385
Guidelines and Limitations 386
Configuring NAC Out-of-Band Integration 386
Configuring NAC Out-of-Band Integration (GUI) 386
Configuring NAC Out-of-Band Integration (CLI) 387
Configuring Passive Clients 388
Information About Passive Clients 388
Restrictions for Passive Clients 388
Configuring Passive Clients (GUI) 389
Enabling the Multicast-Multicast Mode (GUI) 389
Enabling the Global Multicast Mode on Controllers (GUI) 390
Enabling the Passive Client Feature on the Controller (GUI) 390
Configuring Passive Clients (CLI) 390
Configuring Client Profiling 391
Information About Client Profiling 391
Restrictions for Configuring Client Profiling 391
Configuring Client Profiling 392
Configuring Client Profiling (GUI) 392
Configuring Client Profiling (CLI) 392
Configuring Per-WLAN RADIUS Source Support 392
Information About Per-WLAN RADIUS Source Support 392
Restrictions for Per-WLAN RADIUS Source Support 393
Configuring Per-WLAN RADIUS Source Support (CLI) 393
Monitoring the Status of Per-WLAN RADIUS Source Support (CLI) 393
Configuring Remote LANs 394
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxiii
Contents
-
Information About Remote LANs 394
Restrictions for Configuring Remote LANs 394
Configuring Remote LANs 394
Configuring a Remote LAN (GUI) 394
Configuring a Remote LAN (CLI) 395
C H A P T E R 8 Controlling Lightweight Access Points 397
Access Point Communication Protocols 398
Information About Access Point Communication Protocols 398
Restrictions for Access Point Communication Protocols 399
Configuring Data Encryption 399
Guidelines for Data Encryption 399
Upgrading or Downgrading DTLS Images for Cisco 5500 Series Controllers 400
Guidelines When Upgrading to or from a DTLS Image 400
Configuring Data Encryption (GUI) 401
Configuring Data Encryption (CLI) 401
Viewing CAPWAP Maximum Transmission Unit Information 402
Debugging CAPWAP 402
Controller Discovery Process 402
Restrictions for Controller Discovery Process 403
Verifying that Access Points Join the Controller 404
Verifying that Access Points Join the Controller (GUI) 404
Verifying that Access Points Join the Controller (CLI) 404
Searching for Access Points 404
Information About Searching for Access Points 404
Searching the AP Filter (GUI) 405
Monitoring the Interface Details 407
Searching for Access Point Radios 409
Information About Searching for Access Point Radios 409
Searching for Access Point Radios (GUI) 409
Configuring Global Credentials for Access Points 410
Information About Configuring Global Credentials for Access Points 410
Restrictions for Global Credentials for Access Points 411
Configuring Global Credentials for Access Points (GUI) 411
Configuring Global Credentials for Access Points (CLI) 412
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxiv OL-27510-01
Contents
-
Configuring Authentication for Access Points 413
Information About Configuring Authentication for Access Points 413
Restrictions for Authenticating Access Points 413
Prerequisites for Configuring Authentication for Access Points 413
Configuring Authentication for Access Points 414
Configuring Authentication for Access Points (GUI) 414
Configuring Authentication for Access Points (CLI) 415
Configuring the Switch for Authentication 416
Configuring Embedded Access Points 416
Information About Embedded Access Points 416
Converting Autonomous Access Points to Lightweight Mode 418
Information About Converting Autonomous Access Points to Lightweight Mode 418
Restrictions for Converting Autonomous Access Points to Lightweight Mode 418
Reverting from Lightweight Mode to Autonomous Mode 418
Reverting to a Previous Release (CLI) 419
Reverting to a Previous Release Using the MODE Button and a TFTP Server 419
Authorizing Access Points 419
Authorizing Access Points Using SSCs 420
Authorizing Access Points for Virtual Controllers Using SSC 420
Configuring SSC (GUI) 420
Configuring SSC (CLI) 420
Authorizing Access Points Using MICs 421
Authorizing Access Points Using LSCs 421
Configuring Locally Significant Certificates (GUI) 422
Configuring Locally Significant Certificates (CLI) 422
Authorizing Access Points (GUI) 424
Authorizing Access Points (CLI) 425
Configuring VLAN Tagging for CAPWAP Frames from Access Points 425
Information About VLAN Tagging for CAPWAP Frames from Access Points 425
Configuring VLAN Tagging for CAPWAP Frames from Access Points (GUI) 425
Configuring VLAN Tagging for CAPWAP Frames from Access Points (CLI) 426
Using DHCP Option 43 and DHCP Option 60 426
Troubleshooting the Access Point Join Process 427
Configuring the Syslog Server for Access Points (CLI) 429
Viewing Access Point Join Information 429
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxv
Contents
-
Viewing Access Point Join Information (GUI) 429
Viewing Access Point Join Information (CLI) 430
Sending Debug Commands to Access Points Converted to Lightweight Mode 432
Understanding How Converted Access Points Send Crash Information to the Controller 432
Understanding How Converted Access Points Send Radio Core Dumps to the
Controller 432
Retrieving Radio Core Dumps (CLI) 432
Uploading Radio Core Dumps (GUI) 433
Uploading Radio Core Dumps (CLI) 433
Uploading Memory Core Dumps from Converted Access Points 434
Uploading Access Point Core Dumps (GUI) 434
Uploading Access Point Core Dumps (CLI) 434
Viewing the AP Crash Log Information 435
Viewing the AP Crash Log information (GUI) 435
Viewing the AP Crash Log information (CLI) 435
Displaying MAC Addresses for Converted Access Points 436
Disabling the Reset Button on Access Points Converted to Lightweight Mode 436
Configuring a Static IP Address on a Lightweight Access Point 436
Configuring a Static IP Address (GUI) 437
Configuring a Static IP Address (CLI) 437
Supporting Oversized Access Point Images 438
Recovering the Access PointUsing the TFTP Recovery Procedure 438
Configuring Packet Capture 439
Information About Packet Capture 439
Restrictions for Packet Capture 440
Configuring Packet Capture (CLI) 440
Configuring OfficeExtend Access Points 441
Information About OfficeExtend Access Points 441
OEAP 600 Series Access Points 441
OEAP in Local Mode 442
Supported WLAN Settings for 600 Series OfficeExtend Access Point 442
WLAN Security Settings for the 600 Series OfficeExtend Access Point 443
Authentication Settings 447
Supported User Count on 600 Series OfficeExtend Access Point 448
Remote LAN Settings 448
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxvi OL-27510-01
Contents
-
Channel Management and Settings 449
Additional Caveats 450
Implementing Security 450
Licensing for an OfficeExtend Access Point 451
Configuring OfficeExtend Access Points 451
Configuring OfficeExtend Access Points (GUI) 451
Configuring OfficeExtend Access Points (CLI) 453
Configuring a Personal SSID on an OfficeExtend Access Point 455
Viewing OfficeExtend Access Point Statistics 457
Using Cisco Workgroup Bridges 458
Information About Cisco Workgroup Bridges 458
Restrictions for Cisco Workgroup Bridges 459
WGB Configuration Example 461
Viewing the Status of Workgroup Bridges (GUI) 461
Viewing the Status of Workgroup Bridges (CLI) 462
Debugging WGB Issues (CLI) 462
Using Non-Cisco Workgroup Bridges 463
Information About Non-Cisco Workgroup Bridges 463
Restrictions for Non-Cisco Workgroup Bridges 464
Configuring Backup Controllers 464
Information About Configuring Backup Controllers 464
Restrictions for Configuring Backup Controllers 465
Configuring Backup Controllers (GUI) 465
Configuring Backup Controllers (CLI) 466
Configuring High Availability 468
Information About High Availability 468
Restrictions for High Availability 471
Configuring High Availability (GUI) 472
Configuring High Availability (CLI) 473
Configuring Failover Priority for Access Points 475
Information About Configuring Failover Priority for Access Points 475
Configuring Failover Priority for Access Points (GUI) 475
Configuring Failover Priority for Access Points (CLI) 476
Viewing Failover Priority Settings (CLI) 476
Configuring Access Point Retransmission Interval and Retry Count 477
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxvii
Contents
-
Information About Configuring the AP Retransmission Interval and Retry Count 477
Restrictions for Access Point Retransmission Interval and Retry Count 477
Configuring the AP Retransmission Interval and Retry Count (GUI) 477
Configuring the Access Point Retransmission Interval and Retry Count (CLI) 478
Configuring Country Codes 479
Information About Configuring Country Codes 479
Restrictions for Configuring Country Codes 480
Configuring Country Codes (GUI) 480
Configuring Country Codes (CLI) 481
Migrating Access Points from the -J Regulatory Domain to the -U Regulatory Domain 482
Information About Migrating Access Points from the -J Regulatory Domain to the -U
Regulatory Domain 482
Restrictions forMigratingAccess Points from the -J RegulatoryDomain to the -URegulatory
Domain 484
Migrating Access Points to the -U Regulatory Domain (CLI) 484
Using the W56 Band in Japan 485
Dynamic Frequency Selection 486
Optimizing RFID Tracking on Access Points 487
Information About Optimizing RFID Tracking on Access Points 487
Optimizing RFID Tracking on Access Points (GUI) 488
Optimizing RFID Tracking on Access Points (CLI) 488
Configuring Probe Request Forwarding 489
Information About Configuring Probe Request Forwarding 489
Configuring Probe Request Forwarding (CLI) 489
Retrieving the Unique Device Identifier on Controllers and Access Points 490
Information About Retrieving the Unique Device Identifier on Controllers and Access
Points 490
Retrieving the Unique Device Identifier on Controllers and Access Points (GUI) 491
Retrieving the Unique Device Identifier on Controllers and Access Points (CLI) 491
Performing a Link Test 491
Information About Performing a Link Test 491
Performing a Link Test (GUI) 492
Performing a Link Test (CLI) 492
Configuring Link Latency 493
Information About Configuring Link Latency 493
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxviii OL-27510-01
Contents
-
Restrictions for Link Latency 494
Configuring Link Latency (GUI) 494
Configuring Link Latency (CLI) 495
Configuring the TCP MSS 496
Information About Configuring the TCP MSS 496
Configuring TCP MSS (GUI) 496
Configuring TCP MSS (CLI) 496
Configuring Power Over Ethernet 497
Information About Configuring Power over Ethernet 497
Configuring Power over Ethernet (GUI) 499
Configuring Power over Ethernet (CLI) 500
Configuring Flashing LEDs 502
Information About Configuring Flashing LEDs 502
Configuring Flashing LEDs (CLI) 502
Viewing Clients 502
Viewing Clients (GUI) 503
Viewing Clients (CLI) 504
Configuring LED States for Access Points 504
Configuring the LED State for Access Points in a Network Globally (GUI) 504
Configuring the LED State for Access Point in a Network Globally (CLI) 505
Configuring LED State on a Specific Access Point (GUI) 505
Configuring LED State on a Specific Access Point (CLI) 505
C H A P T E R 9 Controlling Mesh Access Points 507
Information About Cisco Aironet Mesh Access Points 507
Guidelines and Limitations 508
Additional References 508
Access Point Roles 509
Network Access 509
Network Segmentation 510
Cisco Indoor Mesh Access Points 510
Cisco Outdoor Mesh Access Points 510
Mesh Deployment Modes 511
Wireless Mesh Network 512
Wireless Backhaul 512
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxix
Contents
-
Universal Access 512
Point-to-Multipoint Wireless Bridging 512
Point-to-Point Wireless Bridging 513
Configuring Mesh Range (CLI) 514
Assumptions for the AP1522 Range Calculator 515
Assumptions for the AP1552 Range Calculator 515
Architecture Overview 516
Control And Provisioning of Wireless Access Points (CAPWAP) 516
Cisco Adaptive Wireless Path Protocol Wireless Mesh Routing 516
Mesh Neighbors, Parents, and Children 516
Design Considerations 517
Wireless Mesh Constraints 517
Wireless Backhaul Data Rate 517
ClientLink Technology 521
Configuring ClientLink (CLI) 522
Commands Related to ClientLink 523
Controller Planning 524
Adding Mesh Access Points to the Mesh Network 525
Adding MAC Addresses of Mesh Access Points to the MAC Filter 525
Adding the MAC Address of the Mesh Access Point to the Controller Filter List
(GUI) 526
Adding the MAC Address of the Mesh Access Point to the Controller Filter List
(CLI) 527
Defining Mesh Access Point Role 527
Information About MAP and RAP Association With the Controller 527
Configuring the AP Role (GUI) 528
Configuring the AP Role (CLI) 528
Configuring Multiple Controllers Using DHCP 43 and DHCP 60 529
Configuring Backup Controllers 530
Information About Configuring Backup Controllers 530
Guidelines and Limitations 530
Configuring Backup Controllers (GUI) 531
Configuring Backup Controllers (CLI) 532
Configuring External Authentication and Authorization Using a RADIUS Server 535
Configuring RADIUS Servers 535
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxx OL-27510-01
Contents
-
Adding a Username to a RADIUS Server 536
Enabling External Authentication of Mesh Access Points 537
Enabling External Authentication of Mesh Access Points (GUI) 537
Enabling External Authentication of Mesh Access Points (CLI) 537
Viewing Security Statistics 538
Configuring Global Mesh Parameters 538
Information About Configuring Global Mesh Parameters 538
Configuring Global Mesh Parameters (GUI) 538
Configuring Global Mesh Parameters (CLI) 541
Viewing Global Mesh Parameter Settings (CLI) 542
Configuring Local Mesh Parameters 543
Configuring Wireless Backhaul Data Rate 543
Configuring Ethernet Bridging 545
Enabling Ethernet Bridging (GUI) 546
Configuring Bridge Group Names 546
Configuring Bridge Group Names (CLI) 547
Verifying Bridge Group Names (GUI) 547
Verifying Bridge Group Names (CLI) 547
Configuring Public Safety Band Settings 547
Enabling the 4.9-GHz Band 549
Configuring Interoperability with Cisco 3200 549
Configuration Guidelines for Public Safety 4.9-GHz Band 550
Enabling AP1522 to Associate with Cisco 3200 (GUI) 551
Enabling 1522 and 1524PS Association with Cisco 3200 (CLI) 551
Configuring Power and Channel Settings 552
Configuring Power and Channel Settings (GUI) 552
Configuring the Channels on the Serial Backhaul (CLI) 553
Configuring Antenna Gain 554
Configuring Antenna Gain (GUI) 554
Configuring Antenna Gain (CLI) 554
Backhaul Channel Deselection on Serial Backhaul Access Point 555
Configuring Backhaul Channel Deselection (GUI) 555
Configuring Backhaul Channel Deselection (CLI) 556
Backhaul Channel Deselection Guidelines 559
Configuring Dynamic Channel Assignment (GUI) 560
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxxi
Contents
-
Configuring Advanced Features 563
Using the 2.4-GHz Radio for Backhaul 563
Changing the Backhaul from 5 GHz to 2.4 GHz 564
Changing the Backhaul from 2.4 GHz to 5 GHz 564
Verifying the Current Backhaul in Use 564
Universal Client Access 565
Configuring Universal Client Access (GUI) 565
Configuring Universal Client Access (CLI) 565
Universal Client Access on Serial Backhaul Access Points 566
Configuring Extended Universal Access (GUI) 566
Configuring Extended Universal Access (CLI) 568
Configuring Extended Universal Access from the Cisco Prime Infrastructure 569
Configuring Ethernet VLAN Tagging 569
Ethernet Port Notes 570
Ethernet VLAN Tagging Guidelines 570
VLAN Registration 573
Enabling Ethernet VLAN Tagging (GUI) 574
Configuring Ethernet VLAN Tagging (CLI) 576
Viewing Ethernet VLAN Tagging Configuration Details (CLI) 576
Workgroup Bridge Interoperability with Mesh Infrastructure 578
Configuring Workgroup Bridges 578
Supported Workgroup Bridge Modes and Capacities 579
Viewing Status of WGB Client 581
Guidelines and Limitations 581
ExampleConfiguration of a Workgroup Bridge 582
WGB Association Check 583
Link Test Result 585
WGBWired/Wireless Client 586
Client Roaming 587
WGB Roaming Guidelines 587
Configuration Example 588
Troubleshooting Tips 589
Configuring Voice Parameters in Indoor Mesh Networks 589
CAC 590
QoS and DSCP Marking 590
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxxii OL-27510-01
Contents
-
Encapsulations 591
Queuing on the Mesh Access Point 592
Bridging Backhaul Packets 595
Bridging Packets from and to a LAN 595
Guidelines For Using Voice on the Mesh Network 596
Voice Call Support in a Mesh Network 597
Viewing the Voice Details for Mesh Networks (CLI) 598
Enabling Mesh Multicast Containment for Video 601
Enabling Multicast on a Mesh Network (CLI) 602
IGMP Snooping 602
Locally Significant Certificates for Mesh APs 603
Guidelines and Limitations 603
Differences Between LSCs for Mesh APs and Normal APs 604
Certificate Verification Process in LSC AP 604
Configuring an LSC (CLI) 604
LSC-Related Commands 606
Controller CLI show Commands 607
Controller GUI Security Settings 607
Deployment Guidelines 609
Slot Bias Options 609
Information About Slot Bias Options 609
Disabling Slot Bias 610
Guidelines and Limitations 610
Commands Related to Slot Bias 610
Preferred Parent Selection 611
Guidelines and Limitations 611
Configuring a Preferred Parent 612
Co-Channel Interference 613
Viewing Mesh Statistics for a Mesh Access Point 613
Viewing Mesh Statistics for a Mesh Access Point (GUI) 614
Viewing Mesh Statistics for an Mesh Access Point (CLI) 618
Viewing Neighbor Statistics for a Mesh Access Point 619
Viewing Neighbor Statistics for a Mesh Access Point (GUI) 620
Viewing the Neighbor Statistics for a Mesh Access Point (CLI) 622
Converting Indoor Access Points to Mesh Access Points 623
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxxiii
Contents
-
Changing MAP and RAP Roles for Indoor Mesh Access Points 624
Changing MAP and RAP Roles for Indoor Mesh Access Points (GUI) 624
Changing MAP and RAP Roles for Indoor Mesh Access Points (CLI) 625
Converting Indoor Mesh Access Points to Nonmesh Lightweight Access Points (1130AG,
1240AG) 625
Configuring Mesh Access Points to Operate with Cisco 3200 Series Mobile Access
Routers 626
Guidelines and Limitations 626
Enabling Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
(GUI) 628
Enabling Mesh Access Points to Operate with Cisco 3200 Series Mobile Access Routers
(CLI) 629
C H A P T E R 1 0 Managing Controller Software and Configurations 631
Upgrading the Controller Software 631
Restrictions for Upgrading Controller Software 632
Upgrading Controller Software (GUI) 635
Upgrading Controller Software (CLI) 636
Predownloading an Image to an Access Point 638
Access Point Predownload Process 638
Restrictions for Predownloading an Image to an Access Point 639
Predownloading an Image to Access PointsGlobal Configuration (GUI) 640
Configuring Predownload Image to an Access Point (GUI) 642
Predownloading an Image to Access Points (CLI) 643
Transferring Files to and from a Controller 645
Downloading a Login Banner File 646
Downloading a Login Banner File (GUI) 647
Downloading a Login Banner File (CLI) 647
Clearing the Login Banner (GUI) 648
Downloading Device Certificates 648
Downloading Device Certificates (GUI) 649
Downloading Device Certificates (CLI) 650
Downloading CA Certificates 651
Download CA Certificates (GUI) 652
Downloading CA Certificates (CLI) 652
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxxiv OL-27510-01
Contents
-
Uploading PACs 653
Uploading PACs (GUI) 654
Uploading PACs (CLI) 654
Uploading and Downloading Configuration Files 655
Uploading Configuration Files 656
Uploading the Configuration Files (GUI) 656
Uploading the Configuration Files (CLI) 656
Downloading Configuration Files 657
Downloading the Configuration Files (GUI) 658
Downloading the Configuration Files (CLI) 659
Saving Configurations 660
Editing Configuration Files 660
Clearing the Controller Configuration 662
Erasing the Controller Configuration 662
Resetting the Controller 662
C H A P T E R 1 1 Managing User Accounts 665
Information About Creating Guest Accounts 665
Restrictions for Managing User Accounts 666
Creating a Lobby Ambassador Account 666
Creating a Lobby Ambassador Account (GUI) 666
Creating a Lobby Ambassador Account (CLI) 667
Creating Guest User Accounts as a Lobby Ambassador (GUI) 667
Viewing Guest User Accounts 668
Viewing the Guest Accounts (GUI) 668
Viewing the Guest Accounts (CLI) 668
Obtaining a Web Authentication Certificate 668
Information About Web Authentication Certificates 668
Obtaining Web Authentication Certificates 669
Obtaining a Web Authentication Certificate (GUI) 669
Obtaining a Web Authentication Certificate (CLI) 669
Web Authentication Process 670
Guidelines and Limitations 671
Choosing the Default Web Authentication Login Page 673
Information About Default Web Authentication Login Page 673
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxxv
Contents
-
Guidelines and Limitations 674
Choosing the Default Web Authentication Login Page (GUI) 674
Choosing the Default Web Authentication Login Page (CLI) 674
Example: Creating a Customized Web Authentication Login Page 676
Example: Modified Default Web Authentication Login Page Example 679
Using a Customized Web Authentication Login Page from an External Web Server 679
Information About Customized Web Authentication Login Page 679
Guidelines and Limitations 680
Choosing a Customized Web Authentication Login Page from an External Web Server 680
Choosing a Customized Web Authentication Login Page from an External Web Server
(GUI) 680
Choosing a Customized Web Authentication Login Page from an External Web Server
(CLI) 680
Additional References 681
Downloading a Customized Web Authentication Login Page 681
Prerequisites for Downloading a Customized Web Authentication Login Page 682
Additional References 682
Downloading a Customized Web Authentication Login Page (GUI) 682
Downloading a Customized Web Authentication Login Page (CLI) 683
Additional References 684
Example: Customized Web Authentication Login Page 684
Verifying the Web Authentication Login Page Settings (CLI) 684
Assigning Login, Login Failure, and Logout Pages per WLAN 684
Information About Assigning Login, Login Failure, and Logout Pages per WLAN 684
Assigning Login, Login Failure, and Logout Pages per WLAN (GUI) 685
Assigning Login, Login Failure, and Logout Pages per WLAN (CLI) 686
Configuring Wired Guest Access 687
Information About Wired Guest Access 687
Prerequisites for Configuring Wired Guest Access 689
Restrictions for Configuring Wired Guest Access 689
Configuring Wired Guest Access 690
Configuring Wired Guest Access (GUI) 690
Configuring Wired Guest Access (CLI) 692
Supporting IPv6 Client Guest Access 694
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxxvi OL-27510-01
Contents
-
C H A P T E R 1 2 Configuring Radio Resource Management 695
Information About Radio Resource Management 695
Radio Resource Monitoring 696
Transmit Power Control 696
Overriding the TPC Algorithm with Minimum and Maximum Transmit Power
Settings 697
Dynamic Channel Assignment 697
Coverage Hole Detection and Correction 699
Benefits of RRM 699
Restrictions for Configuring RRM 699
Configuring RRM 700
Configuring the RF Group Mode (GUI) 700
Configuring the RF Group Mode (CLI) 701
Configuring Transmit Power Control (GUI) 701
Configuring Off-Channel Scanning Defer 703
Information About Off-Channel Scanning Defer 703
Configuring Off-Channel Scanning Defer for WLANs 704
Configuring Off-Channel Scanning Defer for a WLAN (GUI) 704
Configuring Off Channel Scanning Defer for a WLAN (CLI) 704
Configuring Dynamic Channel Assignment (GUI) 704
Configuring Coverage Hole Detection (GUI) 707
Configuring RRM Profile Thresholds, Monitoring Channels, and Monitor Intervals
(GUI) 709
Configuring RRM (CLI) 710
Viewing RRM Settings (CLI) 714
Debug RRM Issues (CLI) 714
Configuring RRM Neighbor Discovery Packets 715
Information About RRM NDP and RF Grouping 715
Configuring RRM NDP (CLI) 715
Configuring RF Groups 716
Information About RF Groups 716
RF Group Leader 716
RF Group Name 718
Guidelines and Limitations 718
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxxvii
Contents
-
Configuring RF Groups 718
Configuring an RF Group Name (GUI) 719
Configuring an RF Group Name (CLI) 719
Viewing the RF Group Status 719
Viewing the RF Group Status (GUI) 720
Viewing the RF Group Status (CLI) 720
Overriding RRM 721
Information About Overriding RRM 721
Prerequisites for Overriding RRM 721
Restrictions for Overriding RRM 721
Statically Assigning Channel and Transmit Power Settings to Access Point Radios 721
Statically Assigning Channel and Transmit Power Settings (GUI) 721
Statically Assigning Channel and Transmit Power Settings (CLI) 723
Disabling Dynamic Channel and Power Assignment Globally for a Controller 726
Disabling Dynamic Channel and Power Assignment (GUI) 726
Disabling Dynamic Channel and Power Assignment (CLI) 726
Configuring Rogue Access Point Detection in RF Groups 727
Information About Rogue Access Point Detection in RF Groups 727
Configuring Rogue Access Point Detection in RF Groups 727
Enabling Rogue Access Point Detection in RF Groups (GUI) 727
Configuring Rogue Access Point Detection in RF Groups (CLI) 728
Configuring CCX Radio Management Features 728
Information About CCX Radio Management Features 728
Radio Measurement Requests 729
Location Calibration 729
Configuring CCX Radio Management 730
Configuring CCX Radio Management (GUI) 730
Configuring CCX Radio Management (CLI) 730
Viewing CCX Radio Management Information (CLI) 731
Debugging CCX Radio Management Issues (CLI) 732
C H A P T E R 1 3 Configuring Cisco CleanAir 733
Information About CleanAir 733
Role of the Cisco Wireless LAN Controller in a Cisco CleanAir System 734
Interference Types that Cisco CleanAir Can Detect 734
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xxxviii OL-27510-01
Contents
-
Persistent Devices 735
Persistent Devices Detection 735
Persistent Devices Propagation 736
Guidelines and Limitations 736
Configuring Cisco CleanAir 737
Configuring Cisco CleanAir on the Controller 737
Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI) 737
Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (CLI) 739
Configuring Cisco CleanAir on an Access Point 743
Configuring Cisco CleanAir on an Access Point (GUI) 743
Configuring Cisco CleanAir on an Access Point (CLI) 744
Monitoring the Interference Devices 744
Prerequisites for Monitoring the Interference Devices 745
Monitoring the Interference Device (GUI) 745
Monitoring the Interference Device (CLI) 746
Detecting Interferers by an Access Point 746
Detecting Interferers by Device Type 747
Detecting Persistent Sources of Interference 747
Monitoring Persistent Devices (GUI) 747
Monitoring Persistent Devices (CLI) 747
Monitoring the Air Quality of Radio Bands 748
Monitoring the Air Quality of Radio Bands (GUI) 748
Monitoring the Air Quality of Radio Bands (CLI) 749
Viewing a Summary of the Air Quality 749
Viewing Air Quality for all Access Points on a Radio Band 749
Viewing Air Quality for an Access Point on a Radio Band 749
Monitoring the Worst Air Quality of Radio Bands (GUI) 749
Monitoring the Worst Air Quality of Radio Bands (CLI) 750
Viewing a Summary of the Air Quality (CLI) 750
Viewing the Worst Air Quality Information for all Access Points on a Radio Band
(CLI) 750
Viewing the Air Quality for an Access Point on a Radio Band (CLI) 750
Viewing the Air Quality for an Access Point by Device Type (CLI) 750
Detecting Persistent Sources of Interference (CLI) 751
Information About Spectrum Expert Connection 751
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xxxix
Contents
-
Configuring Spectrum Expert (GUI) 751
Related Documents 753
Feature History of CleanAir 753
C H A P T E R 1 4 Configuring FlexConnect 755
Information About FlexConnect 755
FlexConnect Authentication Process 757
Restrictions for FlexConnect 760
Configuring FlexConnect 762
Configuring the Switch at a Remote Site 762
Configuring the Controller for FlexConnect 763
Configuring the Controller for FlexConnect for a Centrally Switched WLAN Used for
Guest Access 764
Configuring the Controller for FlexConnect (GUI) 764
Configuring the Controller for FlexConnect (CLI) 766
Configuring an Access Point for FlexConnect 768
Configuring an Access Point for FlexConnect (GUI) 768
Configuring an Access Point for FlexConnect (CLI) 770
Configuring an Access Point for Local Authentication on a WLAN (GUI) 771
Configuring an Access Point for Local Authentication on a WLAN (CLI) 772
Connecting Client Devices to WLANs 772
Configuring FlexConnect ACLs 773
Information About Access Control Lists 773
Restrictions for FlexConnect ACLs 773
Configuring FlexConnect ACLs 774
Configuring FlexConnect ACLs (GUI) 774
Configuring FlexConnect ACLs (CLI) 776
Viewing and Debugging FlexConnect ACLs (CLI) 776
Configuring FlexConnect Groups 777
Information About FlexConnect Groups 777
FlexConnect Groups and Backup RADIUS Servers 777
FlexConnect Groups and CCKM 777
FlexConnect Groups and Opportunistic Key Caching 778
FlexConnect Groups and Local Authentication 778
Configuring FlexConnect Groups (GUI) 779
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xl OL-27510-01
Contents
-
Configuring FlexConnect Groups (CLI) 781
Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) 783
Configuring VLAN-ACL Mapping on FlexConnect Groups (CLI) 783
Viewing VLAN-ACL Mappings (CLI) 784
Configuring AAA Overrides for FlexConnect 784
Information About Authentication, Authorization, Accounting Overrides 784
Restrictions for AAA Overrides for FlexConnect 784
Configuring AAA Overrides for FlexConnect on an Access Point (GUI) 785
Configuring VLAN Overrides for FlexConnect on an Access Point (CLI) 786
Configuring FlexConnect AP Upgrades for FlexConnect Access Points 786
Information About FlexConnect AP Upgrades 786
Restrictions for FlexConnect AP Upgrades for FlexConnect Access Points 786
Configuring FlexConnect AP Upgrades (GUI) 786
Configuring FlexConnect AP Upgrades (CLI) 787
C H A P T E R 1 5 Configuring Mobility Groups 789
Information About Mobility 789
Information About Mobility Groups 793
Messaging Among Mobility Groups 795
Using Mobility Groups with NAT Devices 795
Configuring Mobility Groups 797
Prerequisites for Configuring Mobility Groups 797
Configuring Mobility Groups (GUI) 798
Configuring Mobility Groups (CLI) 800
Viewing Mobility Group Statistics 801
Viewing Mobility Group Statistics (GUI) 802
Viewing Mobility Group Statistics (CLI) 803
Configuring Auto-Anchor Mobility 803
Information About Auto-Anchor Mobility 803
Guidelines and Limitations 804
Configuring Auto-Anchor Mobility (GUI) 805
Configuring Auto-Anchor Mobility (CLI) 805
Validating WLAN Mobility Security Values 807
Information About WLAN Mobility Security Values 807
Using Symmetric Mobility Tunneling 809
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xli
Contents
-
Information About Symmetric Mobility Tunneling 809
Guidelines and Limitations 809
Verifying Symmetric Mobility Tunneling 810
Verifying Symmetric Mobility Tunneling (GUI) 810
Verifying if Symmetric Mobility Tunneling is Enabled (CLI) 810
Running Mobility Ping Tests 810
Information About Mobility Ping Tests 810
Guidelines and Limitations 810
Running Mobility Ping Tests (CLI) 811
Configuring Dynamic Anchoring for Clients with Static IP Addresses 811
Information About Dynamic Anchoring for Clients with Static IP 811
How Dynamic Anchoring of Static IP Clients Works 812
Guidelines and Limitations 812
Configuring Dynamic Anchoring of Static IP Clients (GUI) 813
Configuring Dynamic Anchoring of Static IP Clients (CLI) 813
Configuring Foreign Mappings 813
Information About Foreign Mappings 813
Configuring Foreign Controller MAC Mapping (GUI) 814
Configuring Foreign Controller MAC Mapping (CLI) 814
Configuring Proxy Mobile IPv6 814
Information About Proxy Mobile IPv6 814
Guidelines and Limitations 814
Configuring Proxy Mobile IPv6 (GUI) 815
Configuring Proxy Mobile IPv6 (CLI) 816
C H A P T E R 1 6 Configuring Mobile Concierge 819
Information About Mobile Concierge 819
Configuring Mobile Concierge (802.11u) 819
Configuring Mobile Concierge (802.11u) (GUI) 819
Configuring Mobile Concierge (802.11u) (CLI) 820
Configuring 802.11u Mobility Services Advertisement Protocol 821
Information About 802.11u MSAP 821
Configuring 802.11u MSAP (GUI) 822
Configuring MSAP (CLI) 822
822
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xlii OL-27510-01
Contents
-
Configuring 802.11u HotSpot 822
Information About 802.11u HotSpot 822
Configuring 802.11u HotSpot (GUI) 823
Configuring HotSpot 2.0 (CLI) 823
823
Configuring Access Points for HotSpot2 (GUI) 825
Configuring Access Points for HotSpot2 (CLI) 825
A P P E N D I X A Troubleshooting 831
Interpreting LEDs 831
Information About Interpreting LEDs 831
Interpreting Controller LEDs 832
Interpreting Lightweight Access Point LEDs 832
System Messages 832
Information About System Messages 832
Viewing System Resources 835
Information About Viewing System Resources 835
Guidelines and Limitations - not used 836
Viewing System Resources (GUI) 836
Viewing System Resources (CLI) 836
Using the CLI to Troubleshoot Problems 836
Configuring System and Message Logging 838
Information About System and Message Logging 838
Configuring System and Message Logging (GUI) 838
Viewing Message Logs (GUI) 841
Configuring System and Message Logging (CLI) 841
Viewing System and Message Logs (CLI) 844
Viewing Access Point Event Logs 845
Information About Access Point Event Logs 845
Viewing Access Point Event Logs (CLI) 845
Uploading Logs and Crash Files 846
Prerequisites to Upload Logs and Crash Files 846
Uploading Logs and Crash Files (GUI) 846
Uploading Logs and Crash Files (CLI) 847
Uploading Core Dumps from the Controller 848
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xliii
Contents
-
Information About Uploading Core Dumps from the Controller 848
Configuring the Controller to Automatically Upload Core Dumps to an FTP Server
(GUI) 848
Configuring the Controller to Automatically Upload Core Dumps to an FTP Server
(CLI) 849
Uploading Core Dumps from Controller to a Server (CLI) 850
Uploading Packet Capture Files 851
Information About Uploading Packet Capture Files 851
Restrictions for Uploading Packet Capture Files 852
Uploading Packet Capture Files (GUI) 853
Uploading Packet Capture Files (CLI) 853
Monitoring Memory Leaks 854
Monitoring Memory Leaks (CLI) 854
Troubleshooting CCXv5 Client Devices 855
Information About Troubleshooting CCXv5 Client Devices 855
Restrictions for CCXv5 Client Devices 855
Configuring Diagnostic Channel 856
Configuring the Diagnostic Channel (GUI) 856
Configuring the Diagnostic Channel (CLI) 857
Configuring Client Reporting 861
Configuring Client Reporting (GUI) 861
Configuring Client Reporting (CLI) 861
Configuring Roaming and Real-Time Diagnostics 862
Configuring Roaming and Real-Time Diagnostics (CLI) 862
Using the Debug Facility 865
Information About Using the Debug Facility 865
Configuring the Debug Facility (CLI) 867
Configuring Wireless Sniffing 870
Information About Wireless Sniffing 870
Restrictions for Wireless Sniffing 871
Configuring Sniffing on an Access Point (GUI) 871
Configuring Sniffing on an Access Point (CLI) 872
Troubleshooting Access Points Using Telnet or SSH_old 872
Guidelines and Limitations 873
Troubleshooting Access Points Using Telnet or SSH (GUI) 873
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xliv OL-27510-01
Contents
-
Troubleshooting Access Points Using Telnet or SSH (CLI) 873
Debugging the Access Point Monitor Service 874
Information About Debugging the Access Point Monitor Service 874
Debugging Access Point Monitor Service Issues (CLI) 874
Troubleshooting OfficeExtend Access Points 875
Information About Troubleshooting OfficeExtend Access Points 875
Interpreting OfficeExtend LEDs 875
Positioning OfficeExtend Access Points for Optimal RF Coverage 875
Troubleshooting Common Problems 875
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xlv
Contents
-
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xlvi OL-27510-01
Contents
-
Preface
This preface describes the audience, organization, and conventions of this document. It also providesinformation on how to obtain other documentation. This chapter includes the following sections:
Audience, page xlvii
Conventions, page xlvii
Related Documentation, page xlviii
Obtaining Documentation and Submitting a Service Request, page xlix
AudienceThis publication is for experienced network administrators who configure and maintain Cisco wireless LANcontrollers and Cisco lightweight access points.
ConventionsThis document uses the following conventions:
Table 1: Conventions
IndicationConvention
Commands and keywords and user-entered text appear in bold font.bold font
Document titles, new or emphasized terms, and arguments for which you supplyvalues are in italic font.
italic font
Elements in square brackets are optional.[ ]
Required alternative keywords are grouped in braces and separated by verticalbars.
{x | y | z }
Optional alternative keywords are grouped in brackets and separated by verticalbars.
[ x | y | z ]
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xlvii
-
IndicationConvention
A nonquoted set of characters. Do not use quotation marks around the string orthe string will include the quotation marks.
string
Terminal sessions and information the system displays appear in courier font.courier font
Nonprinting characters such as passwords are in angle brackets.
Default responses to system prompts are in square brackets.[]
An exclamation point (!) or a pound sign (#) at the beginning of a line of codeindicates a comment line.
!, #
Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.
Note
Means the following information will help you solve a problem.Tip
Means reader be careful. In this situation, you might perform an action that could result in equipmentdamage or loss of data.
Caution
Related DocumentationThese documents provide complete information about Cisco Wireless:
Cisco Wireless LAN Controller configuration guides:
http://www.cisco.com/en/US/products/ps10315/products_installation_and_configuration_guides_list.html
Cisco Wireless LAN Controller command references:
http://www.cisco.com/en/US/products/ps10315/prod_command_reference_list.html
Cisco Wireless LAN Controller System Message Guide:
http://www.cisco.com/en/US/products/ps10315/products_system_message_guides_list.html
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points:
http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html
Cisco Wireless Mesh Access Points, Design and Deployment Guide:
http://www.cisco.com/en/US/products/ps11451/products_implementation_design_guides_list.html
Cisco Prime Infrastructure documentation:
http://www.cisco.com/en/US/products/ps12239/products_documentation_roadmaps_list.html
Cisco Wireless LAN Controller Configuration Guide, Release 7.3xlviii OL-27510-01
PrefaceRelated Documentation
-
Cisco Mobility Services Engine documentation:
http://www.cisco.com/en/US/products/ps9806/tsd_products_support_series_home.html
Click this link to access user documentation pertaining to Cisco Wireless solution:
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, seeWhat's New in Cisco Product Documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe toWhat's New in Cisco Product Documentation, which lists all new and revised Cisco technicaldocumentation, as an RSS feed and deliver content directly to your desktop using a reader application. TheRSS feeds are a free service.
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 xlix
PrefaceObtaining Documentation and Submitting a Service Request
-
Cisco Wireless LAN Controller Configuration Guide, Release 7.3l OL-27510-01
PrefaceObtaining Documentation and Submitting a Service Request
-
C H A P T E R 1Overview
This chapter describes the controller components and features. It contains these sections:
Cisco Wireless Overview, page 1
Operating System Software, page 4
Operating System Security, page 4
Layer 2 and Layer 3 Operation, page 5
Cisco Wireless LAN Controllers, page 6
Controller Platforms, page 6
Cisco UWN Solution WLANs, page 9
File Transfers, page 9
Power over Ethernet, page 10
Cisco Wireless LAN Controller Memory, page 10
Cisco Wireless LAN Controller Failover Protection, page 10
Cisco Wireless OverviewCisco Wireless is designed to provide 802.11 wireless networking solutions for enterprises and serviceproviders. CiscoWireless simplifies deploying and managing large-scale wireless LANs and enables a uniquebest-in-class security infrastructure. The operating systemmanages all data client, communications, and systemadministration functions, performs radio resource management (RRM) functions, manages system-widemobility policies using the operating system security solution, and coordinates all security functions usingthe operating system security framework.
Cisco Wireless solution consists of Cisco wireless LAN controllers and their associated lightweight accesspoints controlled by the operating system, all concurrently managed by any or all of the operating system userinterfaces:
An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco wireless LAN controllerscan be used to configure and monitor individual controllers.
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 1
-
A full-featured command-line interface (CLI) can be used to configure and monitor individual Ciscowireless LAN controllers.
The Cisco Prime Infrastructure, which you use to configure and monitor one or more Cisco wirelessLAN controllers and associated access points. The Prime Infrastructure has tools to facilitate large-systemmonitoring and control. For more information about Cisco Prime Infrastructure, see http://www.cisco.com/en/US/products/ps12239/tsd_products_support_series_home.html.
An industry-standard SNMPV1, V2c, andV3 interface can be usedwith any SNMP-compliant third-partynetwork management system.
The Cisco Wireless solution supports client data services, client monitoring and control, and all rogue accesspoint detection, monitoring, and containment functions. It uses lightweight access points, Cisco wireless LANcontrollers, and the optional Cisco Prime Infrastructure to provide wireless services to enterprises and serviceproviders.
Unless otherwise noted in this publication, all of the Cisco wireless LAN controllers are referred to ascontrollers, and all of the Cisco lightweight access points are referred to as access points.
Note
Single-Controller DeploymentsA standalone controller can support lightweight access points across multiple floors and buildingssimultaneously and support the following features:
Autodetecting and autoconfiguring lightweight access points as they are added to the network.
Full control of lightweight access points.
Lightweight access points connect to controllers through the network. The network equipment may ormay not provide Power over Ethernet (PoE) to the access points.
Some controllers use redundant Gigabit Ethernet connections to bypass single network failures.
Some controllers can connect through multiple physical ports to multiple subnets in the network. Thisfeature can be helpful when you want to confine multiple VLANs to separate subnets.
Note
Cisco Wireless LAN Controller Configuration Guide, Release 7.32 OL-27510-01
OverviewSingle-Controller Deployments
-
This figure shows a typical single-controller deployment.
Figure 1: Single-Controller Deployment
Multiple-Controller DeploymentsEach controller can support lightweight access points across multiple floors and buildings simultaneously.However, full functionality of the Cisco wireless LAN solution occurs when it includes multiple controllers.A multiple-controller system has the following additional features:
Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.
Same-subnet (Layer 2) roaming and inter-subnet (Layer 3) roaming.
Automatic access point failover to any redundant controller with a reduced access point load.
The following figure shows a typical multiple-controller deployment. The figure also shows an optionaldedicatedmanagement network and the three physical connection types between the network and the controllers.
Cisco Wireless LAN Controller Configuration Guide, Release 7.3 OL-27510-01 3
OverviewMultiple-Controller Deployments
-
Figure 2: Typical Multiple-Controller Deployment
Operating System SoftwareThe operating system software controls controllers and lightweight access points. It includes full operatingsystem security and radio resource management (RRM) features.
Operating System SecurityOperating system security bundles Layer 1, Layer 2, and Layer 3 security components into a simple, CiscoWLAN solution-wide policy manager that creates independent security policies for each of up to 16 wirelessLANs.
The 802.11 Static WEP weaknesses can be overcome using the following robust industry-standard securitysolutions:
802.1X dynamic keys with extensible authentication protocol (EAP).
Wi-Fi protected access (WPA) dynamic keys. The CiscoWLAN solutionWPA implementation includes:
Temporal key integrity protocol (TKIP) and message integrity code checksum dynamic keys
WEP keys, with or without a preshared key passphrase
Cisco Wireless LAN Controller Configuration Guide, Release 7.34 OL-27510-01
OverviewOperating System Software
-
RSN with or without a preshared key
Optional MAC filtering
The WEP problem can be fu