Cyberoam cg15-3-3

Cisco Systems, Inc.www.cisco.com

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access PointsCisco IOS Release 15.3(3)JAB

Text Part Number: OL-31535-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points 1992-2014 Cisco Systems, Inc. All rights reserved.

OL-29225-01

Workgroup BridgeCentral Unit in an A

C H A P T E R 2 Using the Web-Browser In

Using the Web-Browser 1-7

ll-Wireless Network 1-8C O N T E N T S

1

Preface xix

Audience i-xix

Purpose i-xix

Configuration Procedures and Examples i-xx

Organization i-xx

Conventions i-xxii

Related Publications i-xxii

Obtaining Documentation, Obtaining Support, and Security Guidelines i-xxiii

C H A P T E R 1 Overview of Access Point Features 1-1

Radios in Access Points 1-1

New Features and Platforms in this Release 1-2New Access Point Platforms Supported 1-2

Support for Cisco Aironet 3700 Series access point 1-2Support for Cisco Aironet 2700 Series access point 1-2Support for Cisco Aironet 1700 Series access point 1-3

New Features 1-3Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points 1-3Automatic Configuring of the Access Point 1-4Support for L2TPv3 1-4

Configuration and CLI Changes in this Release 1-4

Management Options 1-4

Roaming Client Devices 1-5

Network Configuration Examples 1-5Root Access Point 1-5Repeater Access Point 1-6Bridges 1-71Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

terface 2-1

Interface for the First Time 2-2

Contents

Using the Management Pages in the Web-Browser Interface 2-2Using Action Buttons 2-3Character Restrictions in Entry Fields 2-4

Enabling HTTPS for Secure Browsing 2-5Deleting an HTTPS Certificate 2-7

Using Online User Guides 2-7

Disabling the Web-Browser Interface 2-7

C H A P T E R 3 Using the Command-Line Interface 3-1

Cisco IOS Command Modes 3-2

Getting Help 3-3

Abbreviating Commands 3-3

Using the no and Default Forms of Commands 3-4

Understanding CLI Messages 3-4

Using Command History 3-4Changing the Command History Buffer Size 3-5Recalling Commands 3-5Disabling the Command History Feature 3-5

Using Editing Features 3-6Enabling and Disabling Editing Features 3-6Editing Commands Through Keystrokes 3-6Editing Command Lines that Wrap 3-7

Searching and Filtering Output of show and more Commands 3-8

Accessing the CLI 3-9Opening the CLI with Telnet 3-9Opening the CLI with Secure Shell 3-9

C H A P T E R 4 Configuring the Access Point for the First Time 4-1

Before You Start 4-1Resetting the Device to Default Settings 4-2

Resetting to Default Settings Using the MODE Button 4-2Resetting to Default Settings Using the GUI 4-2Resetting to Default Settings Using the CLI 4-3

Logging into the Access Point 4-3

Obtaining and Assigning an IP Address 4-4Default IP Address Behavior 4-5

Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points Locally 4-52Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Contents

Connecting to the 1550 Series Access Point Locally 4-5

Default Radio Settings 4-6

Assigning Basic Settings 4-6Default Settings on the Easy Setup Page 4-10Understanding the Security Settings 4-11

Using VLANs 4-12Security Types for an SSID 4-12Limitations of Security Settings 4-14

CLI Configuration Examples 4-15

Configuring System Power Settings Access Points 4-21Using the AC Power Adapter 4-21Using a Switch Capable of IEEE 802.3af Power Negotiation 4-21Using a Switch That Does Not Support IEEE 802.3af Power Negotiation 4-22Using a Power Injector 4-22dot11 extension power native Command 4-22

Support for 802.11n Performance on 1250 Series Access Points with Standard 802.3af PoE 4-221250 Series Power Modes 4-22

Support for 802.11ac 4-23Channel Widths for 802.11ac 4-23Power Management for 802.11ac 4-24

Assigning an IP Address Using the CLI 4-25

Using a Telnet Session to Access the CLI 4-25

Configuring the 802.1X Supplicant 4-26Creating a Credentials Profile 4-26Applying the Credentials to an Interface or SSID 4-27

Applying the Credentials Profile to the Wired Port 4-27Applying the Credentials Profile to an SSID Used For the Uplink 4-27Creating and Applying EAP Method Profiles 4-28

Configuring IPv6 4-28Configuring DHCPv6 address 4-30IPv6 Neighbor Discovery 4-30Configuring IPv6 Access Lists 4-32RADIUS Configuration 4-32IPv6 WDS Support 4-32CDPv6 Support: 4-33RA filtering 4-34

Automatic Configuring of the Access Point 4-343Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Enabling Autoconfig 4-34

Contents

Prepare a Configuration Information File 4-34Enable environmental variables 4-35Schedule the Configuration Information File Download 4-35

Enabling Autoconfig via a Boot File 4-36Checking the Autoconfig Status 4-36Debugging Autoconfig 4-37

C H A P T E R 5 Administrating the Access Point 5-1

Disabling the Mode Button 5-2

Preventing Unauthorized Access to Your Access Point 5-3

Protecting Access to Privileged EXEC Commands 5-3Default Password and Privilege Level Configuration 5-4Setting or Changing a Static Enable Password 5-4Protecting Enable and Enable Secret Passwords with Encryption 5-6Configuring Username and Password Pairs 5-7Configuring Multiple Privilege Levels 5-8

Setting the Privilege Level for a Command 5-9Logging Into and Exiting a Privilege Level 5-9

Configuring Easy Setup 5-10

Configuring Spectrum Expert Mode 5-11

Controlling Access Point Access with RADIUS 5-12Default RADIUS Configuration 5-12Configuring RADIUS Login Authentication 5-12Defining AAA Server Groups 5-14Configuring RADIUS Authorization for User Privileged Access and Network Services 5-16Displaying the RADIUS Configuration 5-17

Controlling Access Point Access with TACACS+ 5-17Default TACACS+ Configuration 5-17Configuring TACACS+ Login Authentication 5-17Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-19Displaying the TACACS+ Configuration 5-19

Configuring Ethernet Speed and Duplex Settings 5-20

Configuring the Access Point for Wireless Network Management 5-20

Configuring the Access Point for Local Authentication and Authorization 5-21

Configuring the Authentication Cache and Profile 5-22

Configuring the Access Point to Provide DHCP Service 5-244Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Setting up the DHCP Server 5-24

Contents

Monitoring and Maintaining the DHCP Server Access Point 5-26Show Commands 5-26Clear Commands 5-26Debug Command 5-27

Configuring the Access Point for Secure Shell 5-27Understanding SSH 5-27Configuring SSH 5-27Support for Secure Copy Protocol 5-28

Configuring Client ARP Caching 5-28Understanding Client ARP Caching 5-28

Optional ARP Caching 5-29Configuring ARP Caching 5-29

Managing the System Time and Date 5-29Understanding Simple Network Time Protocol 5-30Configuring SNTP 5-30Configuring Time and Date Manually 5-30

Setting the System Clock 5-31Displaying the Time and Date Configuration 5-32Configuring the Time Zone 5-32Configuring Summer Time (Daylight Saving Time) 5-33

Defining HTTP Access 5-35

Configuring a System Name and Prompt 5-35Default System Name and Prompt Configuration 5-35Configuring a System Name 5-36Understanding DNS 5-36

Default DNS Configuration 5-37Setting Up DNS 5-37Displaying the DNS Configuration 5-38

Creating a Banner 5-38Default Banner Configuration 5-38Configuring a Message-of-the-Day Login Banner 5-38Configuring a Login Banner 5-40

Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode 5-41

C H A P T E R 6 Configuring Radio Settings 6-1

Enabling the Radio Interface 6-2

Configuring the Role in Radio Network 6-3Universal Workgroup Bridge Mode 6-65Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Point-to-point and Multi Point bridging support for 802.11n platforms 6-6

Contents

Configuring Dual-Radio Fallback 6-7Radio Tracking 6-8Fast Ethernet Tracking 6-8MAC-Address Tracking 6-8

Configuring Radio Data Rates 6-9Access Points Send Multicast and Management Frames at Highest Basic Rate 6-9

Configuring MCS Rates 6-12

Configuring Radio Transmit Power 6-13Limiting the Power Level for Associated Client Devices 6-15

Configuring Radio Channel Settings 6-15Channel Widths for 802.11n 6-16Dynamic Frequency Selection 6-17

Radar Detection on a DFS Channel 6-19CLI Commands 6-19

Confirming that DFS is Enabled 6-19Configuring a Channel 6-20Blocking Channels from DFS Selection 6-20

Setting the 802.11n Guard Interval 6-21

Enabling and Disabling World Mode 6-22

Disabling and Enabling Short Radio Preambles 6-22

Configuring Transmit and Receive Antennas 6-23

Enabling and Disabling Gratuitous Probe Response 6-25

Disabling and Enabling Aironet Extensions 6-25

Configuring the Ethernet Encapsulation Transformation Method 6-26

Enabling and Disabling Reliable Multicast to Workgroup Bridges 6-27

Enabling and Disabling Public Secure Packet Forwarding 6-29Configuring Protected Ports 6-30

Configuring the Beacon Period and the DTIM 6-31

Configure RTS Threshold and Retries 6-31

Configuring the Maximum Data Packet Retries 6-32

Configuring the Fragmentation Threshold 6-33

Enabling Short Slot Time for 802.11g Radios 6-33

Performing a Carrier Busy Test 6-34

Configuring VoIP Packet Handling 6-34

Configuring ClientLink 6-37Using the CLI to Configure ClientLink 6-386Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Debugging Radio Functions 6-38

Contents

802.11r Configuration 6-39

C H A P T E R 7 Configuring Multiple SSIDs 7-1

Understanding Multiple SSIDs 7-2

Configuring Multiple SSIDs 7-3Creating an SSID Globally 7-3

Viewing SSIDs Configured Globally 7-5Using a RADIUS Server to Restrict SSIDs 7-5

Configuring Multiple Basic SSIDs 7-6Requirements for Configuring Multiple BSSIDs 7-6Guidelines for Using Multiple BSSIDs 7-6Configuring Multiple BSSIDs 7-7

CLI Configuration Example 7-8Displaying Configured BSSIDs 7-8

Assigning IP Redirection for an SSID 7-8Guidelines for Using IP Redirection 7-9Configuring IP Redirection 7-10

Including SSIDL IE in an SSID Beacon 7-10

NAC Support for MBSSID 7-11Configuring NAC for MBSSID 7-13

C H A P T E R 8 Configuring Spanning Tree Protocol 8-1

Understanding Spanning Tree Protocol 8-2STP Overview 8-2Access Point/Bridge Protocol Data Units 8-3Election of the Spanning-Tree Root 8-4Spanning-Tree Timers 8-4Creating the Spanning-Tree Topology 8-5Spanning-Tree Interface States 8-5

Blocking State 8-6Listening State 8-7Learning State 8-7Forwarding State 8-7Disabled State 8-7

Configuring STP Features 8-8Default STP Configuration 8-8Configuring STP Settings 8-9STP Configuration Examples 8-107Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Root Bridge Without VLANs 8-10

Contents

Non-Root Bridge Without VLANs 8-11Root Bridge with VLANs 8-12Non-Root Bridge with VLANs 8-14

Displaying Spanning-Tree Status 8-16

C H A P T E R 9 Configuring an Access Point as a Local Authenticator 9-1

Understanding Local Authentication 9-2

Configuring a Local Authenticator 9-2Guidelines for Local Authenticators 9-3Configuration Overview 9-3Configuring the Local Authenticator Access Point 9-3Configuring Other Access Points to Use the Local Authenticator 9-6Configuring EAP-FAST Settings 9-7

Configuring PAC Settings 9-7Configuring an Authority ID 9-8Configuring Server Keys 9-8Possible PAC Failures Caused by Access Point Clock 9-8

Limiting the Local Authenticator to One Authentication Type 9-9Unblocking Locked Usernames 9-9Viewing Local Authenticator Statistics 9-9Using Debug Messages 9-10

C H A P T E R 10 Configuring WLAN Authentication and Encryption 10-1

Understanding Authentication and Encryption Mechanisms 10-2

Understanding Encryption Modes 10-6

Configuring Encryption Modes 10-7Creating Static WEP Keys 10-8

WEP Key Restrictions 10-9Example WEP Key Setup 10-9

Enabling Cipher Suites 10-10Matching Cipher Suites with WPA or CCKM 10-11

Enabling and Disabling Broadcast Key Rotation 10-13

C H A P T E R 11 Configuring Authentication Types 11-1

Understanding Authentication Types 11-2Open Authentication to the Access Point 11-2WEP Shared Key Authentication to the Access Point 11-3EAP Authentication to the Network 11-48Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

MAC Address Authentication to the Network 11-5

Contents

Combining MAC-Based, EAP, and Open Authentication 11-6Using CCKM for Authenticated Clients 11-6Using WPA Key Management 11-7

Configuring Authentication Types 11-9Assigning Authentication Types to an SSID 11-9

Configuring WPA Migration Mode for Legacy WEP SSIDs 11-13Configuring Additional WPA Settings 11-14Configuring MAC Authentication Caching 11-15

Configuring Authentication Holdoffs, Timeouts, and Intervals 11-16Creating and Applying EAP Method Profiles for the 802.1X Supplicant 11-17

Creating an EAP Method Profile 11-18Applying an EAP Profile to the Fast Ethernet Interface 11-18Applying an EAP Profile to an Uplink SSID 11-20

Matching Access Point and Client Device Authentication Types 11-20

Guest Access Management 11-23Guest Account Creation 11-24Customized Guest Access Pages 11-25

C H A P T E R 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services 12-1

Understanding WDS 12-2Role of the WDS Device 12-2Role of Access Points Using the WDS Device 12-3

Understanding Fast Secure Roaming 12-3

Understanding Wireless Intrusion Detection Services 12-4

Configuring WDS 12-5Guidelines for WDS 12-6Requirements for WDS 12-6Configuration Overview 12-6Configuring Access Points as Potential WDS Devices 12-7

CLI Configuration Example 12-9Configuring Access Points to use the WDS Device 12-10

CLI Configuration Example 12-11Configuring the Authentication Server to Support WDS 12-12Configuring WDS Only Mode 12-14Viewing WDS Information 12-15Using Debug Messages 12-16

Configuring Fast Secure Roaming 12-179Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Requirements for Fast Secure Roaming 12-17

Contents

Configuring Access Points to Support Fast Secure Roaming 12-18CLI Configuration Example 12-20Support for 802.11r 12-20

Configuring Management Frame Protection 12-21Management Frame Protection 12-21Client MFP Overview 12-21Client MFP For Access Points in Root mode 12-22Configuring Client MFP 12-23Protection of Management Frames with 802.11w 12-24

Configuring Radio Management 12-25CLI Configuration Example 12-25

Configuring Access Points to Participate in WIDS 12-26Configuring the Access Point for Scanner Mode 12-26Configuring the Access Point for Monitor Mode 12-26Displaying Monitor Mode Statistics 12-27Configuring Monitor Mode Limits 12-28

Configuring an Authentication Failure Limit 12-28

C H A P T E R 13 Configuring RADIUS and TACACS+ Servers 13-1

Configuring and Enabling RADIUS 13-1Understanding RADIUS 13-2RADIUS Operation 13-2Configuring RADIUS 13-4

Default RADIUS Configuration 13-4Identifying the RADIUS Server Host 13-5Configuring RADIUS Login Authentication 13-7Defining AAA Server Groups 13-9Configuring RADIUS Authorization for User Privileged Access and Network Services 13-11Configuring Packet of Disconnect 13-12Selecting the CSID Format 13-13Starting RADIUS Accounting 13-14Configuring Settings for All RADIUS Servers 13-15Configuring the Access Point to Use Vendor-Specific RADIUS Attributes 13-16Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication 13-17Configuring WISPr RADIUS Attributes 13-18

Displaying the RADIUS Configuration 13-19RADIUS Attributes Sent by the Access Point 13-20

Configuring and Enabling TACACS+ 13-2310Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Understanding TACACS+ 13-23

Contents

TACACS+ Operation 13-24Configuring TACACS+ 13-24

Default TACACS+ Configuration 13-25Identifying the TACACS+ Server Host and Setting the Authentication Key 13-25Configuring TACACS+ Login Authentication 13-26Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 13-27Starting TACACS+ Accounting 13-28

Displaying the TACACS+ Configuration 13-29

C H A P T E R 14 Configuring VLANs 14-1

Understanding VLANs 14-2Incorporating Wireless Devices into VLANs 14-3

Configuring VLANs 14-4Configuring a VLAN 14-5Assigning Names to VLANs 14-7

Guidelines for Using VLAN Names 14-7Creating a VLAN Name 14-7

Using a RADIUS Server to Assign Users to VLANs 14-8Viewing VLANs Configured on the Access Point 14-8

VLAN Configuration Example 14-10

C H A P T E R 15 Configuring QoS 15-1

Understanding QoS for Wireless LANs 15-2QoS for Wireless LANs Versus QoS on Wired LANs 15-2Impact of QoS on a Wireless LAN 15-2Precedence of QoS Settings 15-3Using Wi-Fi Multimedia Mode 15-4Using Band Select 15-5

Configuring QoS 15-6Configuration Guidelines 15-6Configuring QoS Using the Web-Browser Interface 15-7The QoS Policies Advanced Page 15-10

QoS Element for Wireless Phones 15-10IGMP Snooping 15-11AVVID Priority Mapping 15-11WiFi Multimedia (WMM) 15-11Rate Limiting 15-12

Adjusting Radio Access Categories 15-1211Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Configuring Nominal Rates 15-13

Contents

Optimized Voice Settings 15-14

C H A P T E R 16 Configuring Filters 16-1

Understanding Filters 16-2

Configuring Filters Using the CLI 16-2

Configuring Filters Using the Web-Browser Interface 16-3Configuring and Enabling MAC Address Filters 16-3

Creating a MAC Address Filter 16-4Using MAC Address ACLs to Block or Allow Client Association to the Access Point 16-6

Configuring MAC Address Authentication 16-8Determining the source of MAC Authentication 16-9Configuring the SSID for MAC Authentication 16-11

Creating a Time-Based ACL 16-12ACL Logging 16-13

Configuring and Enabling IP Filters 16-13Creating an IP Filter 16-14

Configuring and Enabling EtherType Filters 16-15Creating an EtherType Filter 16-16

C H A P T E R 17 Configuring CDP 17-1

Understanding CDP 17-2

Configuring CDP 17-2Default CDP Configuration 17-2Configuring the CDP Characteristics 17-2Disabling and Enabling CDP 17-3Disabling and Enabling CDP on an Interface 17-4

Monitoring and Maintaining CDP 17-5

Enabling CDP Logging 17-7

C H A P T E R 18 Configuring SNMP 18-1

Understanding SNMP 18-2SNMP Versions 18-2SNMP Manager Functions 18-3SNMP Agent Functions 18-4SNMP Community Strings 18-4Using SNMP to Access MIB Variables 18-4

Configuring SNMP 18-512Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Default SNMP Configuration 18-5

Contents

Enabling the SNMP Agent 18-6Configuring Community Strings 18-6Specifying SNMP-Server Group Names 18-8Configuring SNMP-Server Hosts 18-8Configuring SNMP-Server Users 18-8Configuring Trap Managers and Enabling Traps 18-8Setting the Agent Contact and Location Information 18-10Using the snmp-server view Command 18-11SNMP Examples 18-11

Displaying SNMP Status 18-12

C H A P T E R 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode 19-1

Understanding Repeater Access Points 19-2

Configuring a Repeater Access Point 19-3Default Configuration 19-4Guidelines for Repeaters 19-4Setting Up a Repeater 19-5

Aligning Antennas 19-6Verifying Repeater Operation 19-7Setting Up a Repeater As a WPA2 Client 19-7Setting Up a Repeater As a EAP-FAST Client 19-8

Understanding Hot Standby 19-9

Configuring a Hot Standby Access Point 19-10Verifying Standby Operation 19-12

Understanding Workgroup Bridge Mode 19-13Treating Workgroup Bridges as Infrastructure Devices or as Client Devices 19-14Configuring a Workgroup Bridge for Roaming 19-15Configuring a Workgroup Bridge for Limited Channel Scanning 19-16

Configuring the Limited Channel Set 19-16Ignoring the CCX Neighbor List 19-16

Configuring a Client VLAN 19-17

Workgroup Bridge VLAN Tagging 19-17

Configuring Workgroup Bridge Mode 19-17

Using Workgroup Bridges in a Lightweight Environment 19-21Guidelines for Using Workgroup Bridges in a Lightweight Environment 19-22

Sample Workgroup Bridge Association Verification 19-23Enabling VideoStream Support on Workgroup Bridges 19-2313Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Contents

C H A P T E R 20 Managing Firmware and Configurations 20-1

Working with the Flash File System 20-1Displaying Available File Systems 20-2Setting the Default File System 20-3Displaying Information About Files on a File System 20-4Changing Directories and Displaying the Working Directory 20-4Creating and Removing Directories 20-4Copying Files 20-5Deleting Files 20-6Creating, Displaying, and Extracting tar Files 20-6

Creating a tar File 20-6Displaying the Contents of a tar File 20-7Extracting a tar File 20-8

Displaying the Contents of a File 20-8

Working with Configuration Files 20-8Guidelines for Creating and Using Configuration Files 20-9Configuration File Types and Location 20-10Creating a Configuration File by Using a Text Editor 20-10Copying Configuration Files by Using TFTP 20-10

Preparing to Download or Upload a Configuration File by Using TFTP 20-11Downloading the Configuration File by Using TFTP 20-11Uploading the Configuration File by Using TFTP 20-11

Copying Configuration Files by Using FTP 20-12Preparing to Download or Upload a Configuration File by Using FTP 20-13Downloading a Configuration File by Using FTP 20-13Uploading a Configuration File by Using FTP 20-14

Copying Configuration Files by Using RCP 20-15Preparing to Download or Upload a Configuration File by Using RCP 20-16Downloading a Configuration File by Using RCP 20-16Uploading a Configuration File by Using RCP 20-17

Clearing Configuration Information 20-18Deleting a Stored Configuration File 20-18

Working with Software Images 20-18Image Location on the Access Point 20-19tar File Format of Images on a Server or Cisco.com 20-19Copying Image Files by Using TFTP 20-20

Preparing to Download or Upload an Image File by Using TFTP 20-20Downloading an Image File by Using TFTP 20-2014Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Uploading an Image File by Using TFTP 20-22

Contents

Copying Image Files by Using FTP 20-22Preparing to Download or Upload an Image File by Using FTP 20-23Downloading an Image File by Using FTP 20-24Uploading an Image File by Using FTP 20-26

Copying Image Files by Using RCP 20-27Preparing to Download or Upload an Image File by Using RCP 20-27Downloading an Image File by Using RCP 20-29Uploading an Image File by Using RCP 20-31

Reloading the Image Using the Web Browser Interface 20-32Browser HTTP Interface 20-32Browser TFTP Interface 20-33

C H A P T E R 21 Configuring L2TPv3 Over UDP/IP 21-1

Prerequisites 21-1

Configuring L2TP Class 21-2

Configuring Pseudowire Class 21-3

Relationship between L2TP Class and Pseudowire Class 21-4

Configuring the Tunnel interface 21-4

Configure Tunnel management Interface 21-4

Mapping SSID to the Tunnel/Xconnect 21-5

Configuring TCP mss adjust 21-6

Configuring UDP checksum 21-6

C H A P T E R 22 Configuring System Message Logging 22-1

Understanding System Message Logging 22-2

Configuring System Message Logging 22-2System Log Message Format 22-2Default System Message Logging Configuration 22-3Disabling and Enabling Message Logging 22-4Setting the Message Display Destination Device 22-5Enabling and Disabling Timestamps on Log Messages 22-6Enabling and Disabling Sequence Numbers in Log Messages 22-6Defining the Message Severity Level 22-7Limiting Syslog Messages Sent to the History Table and to SNMP 22-8Setting a Logging Rate Limit 22-9Configuring the System Logging Facility 22-10

Displaying the Logging Configuration 22-1115Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Contents

C H A P T E R 23 Troubleshooting 23-1

Checking the LED Indicators 23-2

Checking Power 23-2

Low Power Condition 23-2

Checking Basic Settings 23-3SSID 23-3WEP Keys 23-3Security Settings 23-3

Resetting to the Default Configuration 23-4Using the MODE Button 23-4Using the Web Browser Interface 23-5Using the CLI 23-5

Reloading the Access Point Image 23-6Using the MODE button 23-7Using the Web Browser Interface 23-7

Browser HTTP Interface 23-8Browser TFTP Interface 23-8

Using the CLI 23-9Obtaining the Access Point Image File 23-11Obtaining TFTP Server Software 23-11

Image Recovery on the 1520 Access Point 23-11

A P P E N D I X A Protocol Filters A-1

A P P E N D I X B Supported MIBs B-1

MIB List B-1

Using FTP to Access the MIB Files B-2

A P P E N D I X C Error and Event Messages C-1

Conventions C-2

Software Auto Upgrade Messages C-3

Association Management Messages C-5

Unzip Messages C-6

System Log Messages C-7

802.11 Subsystem Messages C-8

Inter-Access Point Protocol Messages C-2116Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Local Authenticator Messages C-21

Contents

WDS Messages C-24

Mini IOS Messages C-25

Access Point/Bridge Messages C-26

Cisco Discovery Protocol Messages C-26

External Radius Server Error Messages C-26

LWAPP Error Messages C-27

Sensor Messages C-28

SNMP Error Messages C-29

SSH Error Messages C-30

G L O S S A R Y17Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Contents 18Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Preface

AudienceThis guide is for the networking professional who installs and manages Cisco Aironet Access Points in Autonomous mode. To use this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of wireless local area networks.The guide covers Cisco IOS Releases 15.3(3)JAB. The following access point platforms are supported:

AP 802 AP 1040 AP 1140 AP 1260 AP 1530 AP 1550 AP 1600 AP 1700 AP 2600 AP 2700 AP 3500 AP 3600 AP 3700

Note This guide does not cover lightweight access points. Configuration for these devices can be found in the appropriate installation and configuration guides on Cisco.com.-xixCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

PurposeThis guide provides the information you need to install and configure your access point. This guide provides procedures for using the Cisco IOS software commands that have been created or changed for use with the access point. It does not provide detailed information about these commands. For detailed information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access

Configuration Procedures and ExamplesPoints and Bridges for this release. For information about the standard Cisco IOS software commands, refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support > Documentation. This guide also includes an overview of the access point web-based interface (APWI), which contains all the functionality of the command-line interface (CLI). This guide does not provide field-level descriptions of the APWI windows nor does it provide the procedures for configuring the access point from the APWI. For all APWI window descriptions and procedures, refer to the access point online help, which is available from the Help buttons on the APWI pages.

Configuration Procedures and ExamplesThe procedures and examples given in this guide have been documented as seen on the Cisco Aironet 3600 Series Access Points.To view the latest configuration examples, visit Cisco Tech Zone(https://techzone.cisco.com). In the Tech Zone Navigator, browse to Wireless LAN > Autonomous APs (IOS) - Knowledge base for Autonomous (IOS) Wireless Deployments.

Note You need to have an account on Cisco.com to access Cisco Tech Zone. If you do not have an account, you can create one by clicking Register Now on the Log In page.

OrganizationThis guide is organized into these chapters:Chapter 1, Overview of Access Point Features, lists the software and hardware features of the access point and describes the access point role in your network.Chapter 2, Using the Web-Browser Interface, describes how to use the web-browser interface to configure the access point.Chapter 3, Using the Command-Line Interface, describes how to use the command-line interface (CLI) to configure the access point.

Chapter 4, Configuring the Access Point for the First Time,describes how to configure basic settings on a new access point.Chapter 5, Administrating the Access Point, describes how to perform one-time operations to administer your access point, such as preventing unauthorized access to the access point, setting the system date and time, and setting the system name and prompt.Chapter 6, Configuring Radio Settings, describes how to configure settings for the access point radio such as the role in the radio network, transmit power, channel settings, and others.Chapter 7, Configuring Multiple SSIDs, describes how to configure and manage multiple Service Set Identifiers (SSIDs) and multiple basic SSIDs (BSSIDs) on your access point. You can configure up to 16 SSIDs and up to eight BSSIDs on your access point.Chapter 8, Configuring Spanning Tree Protocol,describes how to configure Spanning Tree Protocol (STP) on your access point, bridge, or access point operating in a bridge mode. STP prevents bridge loops from occurring in your network.-xxCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

OrganizationChapter 9, Configuring an Access Point as a Local Authenticator, describes how to configure the access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices.Chapter 10, Configuring WLAN Authentication and Encryption, describes how to configure the cipher suites required to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation.Chapter 11, Configuring Authentication Types, describes how to configure authentication types on the access point. Client devices use these authentication methods to join your network.Chapter 12, Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services, describes how to configure the access point to participate in WDS, to allow fast reassociation of roaming client services, and to participate in radio management.Chapter 13, Configuring RADIUS and TACACS+ Servers, describes how to enable and configure the RADIUS and Terminal Access Controller Access Control System Plus (TACACS+), which provide detailed accounting information and flexible administrative control over authentication and authorization processes.

Chapter 14, Configuring VLANs, describes how to configure your access point to interoperate with the VLANs set up on your wired LAN. Chapter 15, Configuring QoS, describes how to configure and manage MAC address, IP, and EtherType filters on the access point using the web-browser interface.Chapter 16, Configuring Filters, describes how to configure and manage MAC address, IP, and EtherType filters on the access point using the web-browser interface.Chapter 17, Configuring CDP, describes how to configure Cisco Discovery Protocol (CDP) on your access point. CDP is a device-discovery protocol that runs on all Cisco network equipment.Chapter 18, Configuring SNMP, describes how to configure the Simple Network Management Protocol (SNMP) on your access point. Chapter 19, Configuring Repeater and Standby Access Points and Workgroup Bridge Mode, describes how to configure your access point as a hot standby unit or as a repeater unit. Chapter 20, Managing Firmware and Configurations, describes how to manipulate the Flash file system, how to copy configuration files, and how to archive (upload and download) software images.Chapter 21, Configuring L2TPv3 Over UDP/IP, describes how to configure the Layer 2 Tunneling Protocol (L2TPv3), which is a tunneling protocol that enables tunneling of Layer 2 packets over IP core networks.

Chapter 22, Configuring System Message Logging, describes how to configure system message logging on your access point.Chapter 23, Troubleshooting,provides troubleshooting procedures for basic problems with the access point.Appendix A, Protocol Filters, lists some of the protocols that you can filter on the access point. Appendix B, Supported MIBs, lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the access point supports for this software release.Appendix C, Error and Event Messages, lists the CLI error and event messages and provides an explanation and recommended action for each message.-xxiCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

ConventionsConventionsThis publication uses these conventions to convey instructions and information:Command descriptions use these conventions:

Commands and keywords are in boldface text. Arguments for which you supply values are in italic. Square brackets ([ ]) mean optional elements. Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.Interactive examples use these conventions:

Terminal sessions and system displays are in screen font. Information you enter is in boldface screen font. Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Caution Means reader be careful. In this situation, you might do something that could result equipment damage or loss of data.

Tip Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.

Related Publications Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.3(3)JAB. For each of the supported access points, the following types of guides have been provided as

required on its respective support page on Cisco.com: Access Point Getting Started Guide Access Point Hardware Installation Guide (Only in cases where hardware installation is not

covered in the Getting Started Guide) Installation Instructions for Cisco Aironet Power Injectors Access Point Deployment Guide Cisco Aironet 802.11 a/b/g/n/ac Radio Installion and Upgrade Instructions-xxiiCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Obtaining Documentation, Obtaining Support, and Security GuidelinesObtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html-xxiiiCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Obtaining Documentation, Obtaining Support, and Security Guidelines-xxivCisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Cisco IOS Software COL-30644-01

an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the network.Each access point platform contains one, two, or tsupported by each access point model, see the corhree radios. For more information on the radios responding Access Point Data Sheet.C H A P T E R 1Overview of Access Point Features

Cisco Aironet Access Points (hereafter called access points, or abbreviated as APs) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco Aironet access points are Wi-Fi certified, and depending on the specific model are 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, 802.11n-compliant, and 802.11ac-compliant wireless LAN transceivers.

Note When booting up a 1530, 1700, or a 2700 series AP for the first time, it will boot up with a unified mode software image. To deploy the AP in an autonomous network, use following command from the AP console or telnet to force AP to reboot using autonomous mode software image.capwap ap autonomousFor more information on software images on the AP, see Working with Software Images, page 20-18.

You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). This chapter contains the following sections:

Radios in Access Points, page 1-1 New Features and Platforms in this Release, page 1-2 Management Options, page 1-4 Roaming Client Devices, page 1-5 Network Configuration Examples, page 1-5

Radios in Access PointsAn access point serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within the radio range of 1-1onfiguration Guide for Cisco Aironet Access Points

Chapter 1 Overview of Access Point FeaturesNew Features and Platforms in this ReleaseNew Features and Platforms in this ReleaseFor full information on the new features and updates to existing features in this release, see the Release Notes for Autonomous Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.3(3)JA.For the full list of CLI commands supported in this release, see the Cisco IOS Command Reference for Autonomous Cisco Aironet Access Points and Bridges, Cisco IOS Release 15.3(3)JA.

Note The proxy Mobile-IP feature is not supported in Cisco IOS Release 12.3(2)JA and later.

New Access Point Platforms SupportedThis release supports the following new access point platforms:

Support for Cisco Aironet 3700 Series access point

This access point is built on 4x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, with integrated and external antenna options, and supports 802.11a,b,g,n,ac.

Supported models are 3700E and 3700I Supported operating modes are:

Root

Root Bridge Non Root Bridge Workgroup Bridge Scanner Spectrum Repeater


This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, with integrated and external antenna options, and supports 802.11a,b,g,n,ac. This access point has both primary and secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port. The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access port. You can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id

Supported models are 2700E and 2700I Supported operating modes are:

Root

Root Bridge1-2Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 1 Overview of Access Point FeaturesNew Features and Platforms in this Release Non Root Bridge Workgroup Bridge Scanner Spectrum Repeater


This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, and comes with integrated antennas, and supports 802.11a,b,g,n,ac. This access point has both primary and secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port. The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access port. You can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id

Supported model is 1700I Supported operating modes are:

Root

Root Bridge Non Root Bridge Workgroup Bridge Scanner Spectrum Repeater

New Features

Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points

The 1550 series has four Ethernet ports PoE-In port, PoE-Out port, Auxiliary port, and SFP Port. All four ports are supported in the current release. This series also has an internal cable modem in the 1552C and 1552CU models. The cable modem connects to the Auxiliary port. You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You can set the primary Ethernet port using the configuration command: dot11 primary-ethernet-port port-number-0to3You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary ports can be set as access ports only. To configure the vlan-id in secondary ports, use the interface configuration command bridge multiple-port client-vlan vlan-id1-3Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 1 Overview of Access Point FeaturesManagement OptionsAutomatic Configuring of the Access Point

The Autoconfig feature of autonomous access points allows the AP to download its configuration, periodically, from a Secure Copy Protocol (SCP) server. For more information, see Automatic Configuring of the Access Point, page 4-34

Support for L2TPv3

Layer 2 Tunneling Protocol (L2TPv3), is a tunneling protocol that enables tunneling of Layer 2 packets over IP core networks.For detailed information, see Chapter 21, Configuring L2TPv3 Over UDP/IP.

Configuration and CLI Changes in this ReleaseThe following updates and new additions have been made:

For Cisco Aironet 2700 series access points, you can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id

For Cisco Aironet 1550 series outdoor access points: You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You

can set the primary Ethernet port using the configuration command: dot11 primary-ethernet-port port-number-0to3

You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary ports can be set as access ports only. To configure the vlan-id in secondary ports, use the interface configuration command bridge multiple-port client-vlan vlan-id

Removal of WPA/TKIP ConfigurationWi-Fi certified access points no longer support a WPA/TKIP configuration. TKIP is only allowed in combination with WPA2/AES for backward compatibility to allow older TKIP-only devices to associate. Authentication key-management WPA version 1 will be changed to authentication

key-management WPA. The following message will be displayed:Warning: WPA Version 1 no longer permitted by itself - WPA2 has been enabled

WPA version 1 option has been removed from the authentication key-management WPA CLI and configuring TKIP only under this interface is not supported. It will be changed to aes-ccm tkip to work on mixed mode with the following message on the ap console:

Warning: TKIP encryption no longer permitted by itself - AES-CCM has been enabled

Management OptionsYou can use the wireless device management system through the following interfaces:

The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode. Most of the examples in this manual are taken from the CLI. 1-4Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 1 Overview of Access Point FeaturesRoaming Client DevicesChapter 3, Using the Command-Line Interface, provides a detailed description of the CLI. A web-browser interface, which you use through a Web browser. Chapter 2, Using the

Web-Browser Interface, provides a detailed description of the web-browser interface. Simple Network Management Protocol (SNMP). Chapter 18, Configuring SNMP, explains how to

configure the wireless device for SNMP management.

Roaming Client DevicesIf you have more than one wireless device in your wireless LAN, wireless client devices can roam seamlessly from one wireless device to another. The roaming functionality is based on signal quality, not proximity. When signal quality drops from a client, it roams to another access point. Wireless LAN users are sometimes concerned when a client device stays associated to a distant access point instead of roaming to a closer access point. However, if a client signal to a distant access point remains strong and the signal quality is high, the client will not roam to a closer access point. Checking constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput on the wireless LAN.

Using Cisco Centralized Key Management (CCKM) or 802.11r, with a device providing wireless distribution system (WDS), client devices can roam from one access point to another so quickly that there is no perceptible delay in voice or other time-sensitive applications.

Network Configuration ExamplesThis section describes the role of an access point in common wireless network configurations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as repeater access points, bridges, and workgroup bridges. These roles require specific configurations.

Root Access PointAn access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.1-5Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 1 Overview of Access Point FeaturesNetwork Configuration ExamplesFigure 1-1 Access Points as Root Units on a Wired LAN

Repeater Access PointAn access point can be configured as a stand-alone repeater to extend the range of your infrastructure or to overcome an obstacle that blocks radio communication. The repeater forwards traffic between wireless users and the wired LAN by sending packets to either another repeater or to an access point connected to the wired LAN. The data is sent through the route that provides the best performance for the client. Figure 1-2 shows an access point acting as a repeater. Consult the Configuring a Repeater Access Point section on page 19-3 for instructions on setting up an access point as a repeater.

Note Non-Cisco client devices might have difficulty communicating with repeater access points.

Figure 1-2 Access Point as Repeater

Access point

Access point

1354

45

Access point Repeater

1354

441-6Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 1 Overview of Access Point FeaturesNetwork Configuration ExamplesBridgesAccess points can be configured as root or non-root bridges. In this role, an access point establishes a wireless link with a non-root bridge. Traffic is passed over the link to the wired LAN. Access points in root and non-root bridge roles can be configured to accept associations from clients. Figure 1-3 shows an access point configured as a root bridge with clients. Figure 1-4 shows two access points configured as a root and non-root bridge, both accepting client associations. Consult the Configuring the Role in Radio Network section on page 6-3 for instructions on setting up an access point as a bridge. When wireless bridges are used in a point-to-multipoint configuration the throughput is reduced depending on the number of non-root bridges that associate with the root bridge. With a link data rate at 54 Mbps, the maximum throughput is about 25 Mbps in a point-to-point link. The addition of three bridges to form a point-to-multipoint network reduces the throughput to about 12.5 Mbps.

Figure 1-3 Access Point as a Root Bridge with Clients

Figure 1-4 Access Points as Root and Non-root Bridges with Clients

Workgroup BridgeYou can configure access points as workgroup bridges. In workgroup bridge mode, the unit associates to another access point as a client and provides a network connection for the devices connected to its Ethernet port. For example, if you need to provide wireless connectivity for a group of network printers,

Root bridge Non-root bridge

1354

47

Root bridge Non-root bridge

1354


OL-30644-01

Chapter 1 Overview of Access Point FeaturesNetwork Configuration Examplesyou can connect the printers to a hub or to a switch, connect the hub or switch to the access point Ethernet port, and configure the access point as a workgroup bridge. The workgroup bridge associates to an access point on your network. If your access point has multiple radios, either radio can function in workgroup bridge mode..Figure 1-5 shows an access point configured as a workgroup bridge. Consult the Understanding Workgroup Bridge Mode section on page 19-13 and the Configuring Workgroup Bridge Mode section on page 19-17 for information on configuring your access point as a workgroup bridge.

Figure 1-5 Access Point as a Workgroup Bridge

Central Unit in an All-Wireless NetworkIn an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users. Figure 1-6 shows an access point in an all-wireless network.

Figure 1-6 Access Point as Central Unit in All-Wireless Network

Access pointWorkgroup bridge

1354

48

Access point

1354


OL-30644-01

Cisco IOS Software COL-30644-01C H A P T E R 2Using the Web-Browser Interface

This chapter describes the web-browser interface that you can use to configure the wireless device. This chapter contains the following sections:

Using the Web-Browser Interface for the First Time, page 2-2 Using the Management Pages in the Web-Browser Interface, page 2-2 Enabling HTTPS for Secure Browsing, page 2-5 Using Online User Guides, page 2-7 Disabling the Web-Browser Interface, page 2-7

The web-browser interface contains management pages that you use to change the wireless device settings, upgrade firmware, and monitor and configure other wireless devices on the network.

Note The wireless device web-browser interface is fully compatible with Microsoft Internet Explorer version 9.0 and Mozilla Firefox version 17.

Note Avoid using both the CLI and the web-browser interfaces to configure the wireless device. If you configure the wireless device using the CLI, the web-browser interface might display an inaccurate interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless device is misconfigured. 2-1onfiguration Guide for Cisco Aironet Access Points

Chapter 2 Using the Web-Browser InterfaceUsing the Web-Browser Interface for the First TimeUsing the Web-Browser Interface for the First TimeUse the wireless device IP address to browse to the management system. See the Logging into the Access Point section on page 4-3 for instructions on assigning an IP address to the wireless device. Follow these steps to begin using the web-browser interface:

Step 1 Start the browser.Step 2 Enter the wireless device IP address in the address bar of the and press Enter.

The Summary Status page appears.

Using the Management Pages in the Web-Browser InterfaceThe system management pages use consistent techniques to present and save configuration information. You can use the navigation bar present at the top of a page to select the main menu options. Another navigation bar is present on the left side of the page, to use for navigating through the sub menus. You can use the navigation bar to browse to other management pages, and use the configuration action buttons to save or cancel changes to the configuration.

Note It is important to remember that clicking your web-browser Back button returns you to the previous page without saving any changes you have made. Clicking Cancel cancels any changes you made in the page and keeps you on that page. Changes are only applied when you click Apply.

Figure 2-1 shows the web-browser interface home page.2-2Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceUsing the Management Pages in the Web-Browser InterfaceFigure 2-1 Web-Browser Interface Home Page

Using Action ButtonsTable 2-1 lists the page links and buttons that appear on the management page.

Table 2-1 Buttons and Links on the Management Page

Button/Link Description

Navigation Links

Home Displays wireless device status page with information on the number of radio devices associated to the wireless device, the status of the Ethernet and radio interfaces, and a list of recent wireless device activity.

Easy Setup Displays the Easy Setup page that includes basic settings such as system name, IP address, and role in radio network.

Network Displays a list of infrastructure devices on your wireless LAN. Provides configuration submenus for the access point interfaces (radio and Ethernet).

Association Displays a list of all devices on your wireless LAN, listing their system names, network roles, and parent-client relationships.

Wireless Displays a summary of wireless Domain services configuration and devices, and provides links to WDS configuration pages.

Security Displays a summary of security settings and provides links to security configuration pages.2-3Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceUsing the Management Pages in the Web-Browser InterfaceCharacter Restrictions in Entry FieldsYou cannot use the following characters in the entry fields on the web-browser interface. This is true for all access points using Cisco IOS software.

]+/TabTrailing space

Services Displays status for several wireless device features and links to configuration pages for Telnet/SSH, CDP, domain name server, filters, QoS, SNMP, SNTP, and VLANs.

Management Displays a list of current guest users and provides links to configuration pages for guest users and web authentication pages.

Software Displays the Version number of the firmware that the wireless device is running and provides links to configuration pages for upgrading and managing firmware.

Event Log Displays the wireless device event log and provides links to configuration pages where you can select events to be included in traps, set event severity levels, and set notification methods.

Configuration Action Buttons

Apply Saves changes made on the page and remains on the page.Refresh Updates status information or statistics displayed on a page.Cancel Discards changes to the page and remains on the page.Back Discards any changes made to the page and returns to the previous page.Logout Exits the AP configuration web interface without saving.Ping Pings an IPv4 or IPv6 addressSave Configuration Saves the APs current configuration to NVRAM.

Table 2-1 Buttons and Links on the Management Page (continued)

Button/Link Description2-4Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceEnabling HTTPS for Secure BrowsingEnabling HTTPS for Secure BrowsingYou can protect the communication with the access point web-browser interface by enabling HTTPS. HTTPS protects HTTP browser sessions by using the Secure Socket Layer (SSL) protocol.

Note When you enable HTTPS, your browser might lose its connection to the access point. If you lose the connection, change the URL in your browser address line from http://ip_address to https://ip_address and log into the access point again.

Note When you enable HTTPS, most browsers prompt you for approval each time you browse to a device that does not have a fully qualified domain name (FQDN). To avoid the approval prompts, create an FQDN for the access point as detailed in the following procedure.

Follow these steps to create an FQDN and enable HTTPS:

Step 1 If your browser uses popup-blocking software, disable the popup-blocking feature.Step 2 Choose Easy Setup > Network Configuration.

The Network Configuration page appears.Step 3 Enter a name for the access point in the Host Name field, and then click Apply. Step 4 Choose Services > DNS page.

The Services: DNS - Domain Name Service page appears.Step 5 In the Domain Name System (DNS) field, click the Enable radio button. Step 6 In the Domain Name field, enter your companys domain name. Step 7 Enter at least one IP address for your DNS server in the Name Server IPv4/IPv6 Addresses fields.Step 8 Click Apply.

The access point FQDN is a combination of the system name and the domain name. For example, if your system name is ap3600 and your domain name is company.com, the FQDN is ap3600.company.com.

Step 9 Enter the FQDN on your DNS server.

Tip If you do not have a DNS server, you can register the access point FQDN with a dynamic DNS service. Search the Internet for dynamic DNS to find a fee-based DNS service.

Step 10 Choose Services > HTTP.The Services: HTTP - Web Server page is displayed.

Step 11 In the Web-based Configuration Management field, select the Enable Secure (HTTPS) Browsing check box. 2-5Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceEnabling HTTPS for Secure BrowsingStep 12 In the Domain Name field, enter a domain name, and then click Apply.

Note Enabling HTTPS automatically disables HTTP. To maintain HTTP access with HTTPS enabled, check the Enable Secure (HTTPS) Browsing check box, and then check the Enable Standard (HTTP) Browsing check box. Although you can enable both standard HTTP and HTTPS, we recommend that you enable only one.

A warning appears stating that you will now use secure HTTP to browse to the access point. The warning also displays the new URL containing https, which you will need to use to browse to the access point.

Step 13 In the warning box, click OK.The address in your browser address line changes from http:// to https://.

Step 14 Another warning appears stating that the access point security certificate was not issued by a trusted certificate authority. However, you can ignore this warning. Click Continue to this Website (not recommended).

Note The following steps assume that you are using Microsoft Internet Explorer. If you are not, please refer to your browser documentation for more information on how to access web sites using self signed certificates.

Step 15 The access point login window appears and you must log in to the access point again. The default username is Cisco (case-sensitive) and the default password is Cisco (case-sensitive).

Step 16 To display the access points security certificate, click the Certificate error icon in the address bar. Step 17 Click View Certificates.Step 18 In the Certificate window, click Install Certificate.

The Microsoft Windows Certificate Import Wizard appears. Step 19 Click Next.

The next screen asks where you want to store the certificate. We recommend that you use the default storage area on your system.

Step 20 Click Next to accept the default storage area.You have now successfully imported the certificate.

Step 21 Click Finish. A security warning is displayed.

Step 22 Click Yes. A message box stating that the installation is successful is displayed.

Step 23 Click OK.

CLI Configuration Example

This example shows the CLI commands that are equivalent to the steps listed in the Enabling HTTPS for Secure Browsing section on page 2-5:AP# configure terminalAP(config)# hostname ap3600AP(config)# ip domain name company.comAP(config)# ip name-server 10.91.107.18AP(config)# ip http secure-server2-6Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceUsing Online User GuidesAP(config)# end

In this example, the access point system name is ap3600, the domain name is company.com, and the IP address of the DNS server is 10.91.107.18. For complete descriptions of the commands used in this example, consult the Cisco IOS Commands Master List, Release 12.4. Click this link to browse to the master list of commands:http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124mindx/124htnml.htm

Deleting an HTTPS CertificateThe access point generates a certificate automatically when you enable HTTPS. However, if you need to change the fully qualified domain name (FQDN) for an access point, or you need to add an FQDN after enabling HTTPS, you might need to delete the certificate. Follow these steps:

Step 1 Browse to the Services: HTTP Web Server page.Step 2 Uncheck the Enable Secure (HTTPS) Browsing check box to disable HTTPS.Step 3 Click Delete Partial SSL certificate to delete the certificate.Step 4 Click Apply. The access point generates a new certificate using the new FQDN.

CLI Commands for Deleting an HTTPS Certificate

In the global configuration mode, use the following commands for deleting an HTTPS certificate.

Using Online User GuidesIn the web-browser interface, click the help icon at the top of the Home page to the online version of this guide (Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points). You can choose view the guide online or you can also download a PDF version of the guide for offline reference. The online guide is periodically updated and hence will give you more up to date information.

Disabling the Web-Browser InterfaceTo prevent all use of the web-browser interface, select the Disable Web-Based Management check box on the Services: HTTP-Web Server page and click Apply. To re-enable the web-browser interface, enter this global configuration command on the access point CLI:

Command Purpose

Step 1 no ip http secure-server Disables HTTPSStep 2 crypto key zeroize rsa name-of-rsa-key Deletes the RSA key for the http server. Along with

this all the router certificates (HTTPS certificates) issued using these keys will also be removed.2-7Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 2 Using the Web-Browser InterfaceDisabling the Web-Browser Interfaceap(config)# ip http server2-8Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Cisco IOS Software COL-30644-01C H A P T E R 3Using the Command-Line Interface

This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless device. It contains the following sections:

Cisco IOS Command Modes, page 3-2 Getting Help, page 3-3 Abbreviating Commands, page 3-3 Using the no and Default Forms of Commands, page 3-4 Understanding CLI Messages, page 3-4 Using Command History, page 3-4 Using Editing Features, page 3-6 Searching and Filtering Output of show and more Commands, page 3-8 Accessing the CLI, page 3-93-1onfiguration Guide for Cisco Aironet Access Points

Chapter 3 Using the Command-Line InterfaceCisco IOS Command ModesCisco IOS Command ModesThe Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.When you start a session on the wireless device, you begin in user mode, often called user EXEC mode. A subset of the Cisco IOS commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the wireless device reboots.To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. From this mode, you must enter privileged EXEC mode before you can enter the global configuration mode. Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the wireless device reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode.Table 3-1 describes the main command modes, how to access each one, the prompt you see in that mode, and how to exit the mode. The examples in the table use the host name ap.

Table 3-1 Command Mode Summary

Mode Access Method Prompt Exit Method About This Mode

User EXEC Begin a session with the wireless device.

ap> Enter logout or quit. Use this mode to: Change terminal settings Perform basic tests Display system

informationPrivileged EXEC While in user EXEC

mode, enter the enable command.

ap# Enter disable to exit. Use this mode to verify commands. Use a password to protect access to this mode.

Global configuration While in privileged EXEC mode, enter the configure command.

ap(config)# To exit to privileged EXEC mode, enter exit or end, or press Ctrl-Z.

Use this mode to configure parameters that apply to the entire wireless device.

Interface configuration

While in global configuration mode, enter the interface command (with a specific interface).

ap(config-if)#

To exit to global configuration mode, enter exit. To return to privileged EXEC mode, press Ctrl-Z or enter end.

Use this mode to configure parameters for the Ethernet and radio interfaces. The 2.4-GHz radio and the 802.11n 2.4-GHz radio is radio 0, The 5-GHz radio and the 802.11n 5-GHz radio is radio 1.3-2Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceGetting HelpGetting HelpYou can enter a question mark (?) at the system prompt to display a list of commands available for each command mode. You can also obtain a list of associated keywords and arguments for any command, as shown in Table 3-2.

Abbreviating CommandsYou have to enter only enough characters for the wireless device to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command:ap# show conf

Table 3-2 Help Summary

Command Purpose

help Obtains a brief description of the help system in any command mode.abbreviated-command-entry? Obtains a list of commands that begin with a particular character string.

For example:ap# di?dir disable disconnect

abbreviated-command-entry Completes a partial command name. For example:ap# sh confap# show configuration

? Lists all commands available for a particular command mode. For example: ap> ?

command ? Lists the associated keywords for a command. For example:ap> show ?

command keyword ? Lists the associated arguments for a keyword.For example:ap(config)# cdp holdtime ? Length of time (in sec) that receiver must keep this packet 3-3Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceUsing the no and Default Forms of CommandsUsing the no and Default Forms of CommandsMost configuration commands also have a no form. In general, use the no form to disable a feature or function or reverse the action of a command. For example, the no shutdown interface configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Configuration commands can also have a default form. The default form of a command returns the command setting to its default. Most commands are disabled by default, so the default form is the same as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values.

Understanding CLI MessagesTable 3-3 lists some error messages that you might encounter while using the CLI to configure the wireless device.

Using Command HistoryThe CLI provides a history or record of commands that you have entered. This feature is particularly useful for recalling long or complex commands or entries, including access lists. You can customize the command history feature to suit your needs as described in these sections:

Changing the Command History Buffer Size, page 3-5 Recalling Commands, page 3-5 Disabling the Command History Feature, page 3-5

Table 3-3 Common CLI Error Messages

Error Message Meaning How to Get Help

% Ambiguous command: "show con"

You did not enter enough characters for the wireless device to recognize the command.

Re-enter the command followed by a question mark (?) with a space between the command and the question mark.The possible keywords that you can enter with the command are displayed.

% Incomplete command. You did not enter all the keywords or values required by this command.

Re-enter the command followed by a question mark (?) with a space between the command and the question mark.The possible keywords that you can enter with the command are displayed.

% Invalid input detected at ^ marker.

You entered the command incorrectly. The caret (^) marks the point of the error.

Enter a question mark (?) to display all the commands that are available in this command mode.The possible keywords that you can enter with the command are displayed.3-4Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceUsing Command HistoryChanging the Command History Buffer SizeBy default, the wireless device records ten command lines in its history buffer. Beginning in privileged EXEC mode, enter this command to change the number of command lines that the wireless device records during the current terminal session: ap# terminal history [size number-of-lines]

The range is from 0 to 256.Beginning in line configuration mode, enter this command to configure the number of command lines the wireless device records for all sessions on a particular line:ap(config-line)# history [size number-of-lines]

The range is from 0 to 256.

Recalling CommandsTo recall commands from the history buffer, perform one of the actions listed in Table 3-4.

Disabling the Command History FeatureThe command history feature is automatically enabled. To disable the feature during the current terminal session, enter the terminal no history privileged EXEC command. To disable command history for the line, enter the no history line configuration command.

Table 3-4 Recalling Commands

Action1

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Result

Press Ctrl-P or the up arrow key. Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.

Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands.

show history While in privileged EXEC mode, list the last several commands that you just entered. The number of commands that are displayed is determined by the setting of the terminal history global configuration command and history line configuration command.3-5Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceUsing Editing FeaturesUsing Editing FeaturesThis section describes the editing features that can help you manipulate the command line. It contains these sections:

Enabling and Disabling Editing Features, page 3-6 Editing Commands Through Keystrokes, page 3-6 Editing Command Lines that Wrap, page 3-7

Enabling and Disabling Editing FeaturesAlthough enhanced editing mode is automatically enabled, you can disable it.To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode: ap# terminal editing

To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode: ap(config-line)# editing

To globally disable enhanced editing mode, enter this command in line configuration mode: ap(config-line)# no editing

Editing Commands Through KeystrokesTable 3-5 shows the keystrokes that you need to edit command lines.

Table 3-5 Editing Commands Through Keystrokes

Capability Keystroke1 Purpose

Move around the command line to make changes or corrections.

Ctrl-B or the left arrow key

Move the cursor back one character.

Ctrl-F or the right arrow key

Move the cursor forward one character.

Ctrl-A Move the cursor to the beginning of the command line.Ctrl-E Move the cursor to the end of the command line.Esc B Move the cursor back one word.Esc F Move the cursor forward one word.Ctrl-T Transpose the character to the left of the cursor with the

character located at the cursor.Recall commands from the buffer and paste them in the command line. The wireless device provides a buffer with the last ten items that you deleted.

Ctrl-Y Recall the most recent entry in the buffer.Esc Y Recall the next buffer entry.

The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.3-6Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceUsing Editing FeaturesEditing Command Lines that WrapYou can use a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line.

Note The arrow keys function only on ANSI-compatible terminals such as VT100s.

Delete entries if you make a mistake or change your mind.

Delete or Backspace Erase the character to the left of the cursor.Ctrl-D Delete the character at the cursor.Ctrl-K Delete all characters from the cursor to the end of the

command line.Ctrl-U or Ctrl-X Delete all characters from the cursor to the beginning of

the command line.Ctrl-W Delete the word to the left of the cursor.Esc D Delete from the cursor to the end of the word.

Capitalize or lowercase words or capitalize a set of letters.

Esc C Capitalize at the cursor.Esc L Change the word at the cursor to lowercase.Esc U Capitalize letters from the cursor to the end of the word.

Designate a particular keystroke as an executable command, perhaps as a shortcut.

Ctrl-V or Esc Q

Scroll down a line or screen on displays that are longer than the terminal screen can display.Note The More prompt appears for

output that has more lines than can be displayed on the terminal screen, including show command output. You can use the Return and Space bar keystrokes whenever you see the More prompt.

Return Scroll down one line.Space Scroll down one screen.

Redisplay the current command line if the wireless device suddenly sends a message to your screen.

Ctrl-L or Ctrl-R Redisplay the current command line.

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Table 3-5 Editing Commands Through Keystrokes (continued)

Capability Keystroke1 Purpose3-7Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceSearching and Filtering Output of show and more CommandsIn this example, the access-list global configuration command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left. ap(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1ap(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25ap(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eqap(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been scrolled to the right:ap(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width privileged EXEC command to set the width of your terminal.Use line wrapping with the command history feature to recall and modify previous complex command entries. For information about recalling previous command entries, see the Editing Commands Through Keystrokes section on page 3-6.

Searching and Filtering Output of show and more CommandsYou can search and filter the output for show and more commands. This is useful when you need to sort through large amounts of output or if you want to exclude output that you do not need to see.To use this functionality, enter a show or more command followed by the pipe character (|), one of the keywords begin, include, or exclude, and an expression that you want to search for or filter out:command | {begin | include | exclude} regular-expressionExpressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.This example shows how to include in the output display only lines where the expression protocol appears:ap# show interfaces | include protocolVlan1 is up, line protocol is upVlan10 is up, line protocol is downGigabitEthernet0/1 is up, line protocol is downGigabitEthernet0/2 is up, line protocol is up 3-8Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceAccessing the CLIAccessing the CLIYou can open the wireless device CLI using Telnet or Secure Shell (SSH).

Opening the CLI with TelnetFollow these steps to open the CLI with Telnet. These steps are for a PC running Microsoft Windows with a Telnet terminal application. Check your PC operating instructions for detailed instructions for your operating system.

Step 1 Select Start > Programs > Accessories > Telnet. If Telnet is not listed in your Accessories menu, select Start > Run, type Telnet in the entry field, and press Enter.

Step 2 In the Telnet window, type open followed by the wireless device IP address, and press Enter.Step 3 At the username and password prompts, enter your administrator username and password. The default

username is Cisco, and the default password is Cisco. The default enable password is also Cisco. Usernames and passwords are case-sensitive.

Opening the CLI with Secure ShellSecure Shell Protocol is a protocol that provides a secure, remote connection to networking devices set up to use it. Secure Shell (SSH) is a software package that provides secure login sessions by encrypting the entire session. SSH features strong cryptographic authentication, strong encryption, and integrity protection. For detailed information on SSH, visit the homepage of SSH Communications Security, Ltd. at this URL: http://www.ssh.com/SSH provides more security for remote connections than Telnet by providing strong encryption when a device is authenticated. SSH versions 1 and 2 are supported in this release. See the Configuring the Access Point for Secure Shell section on page 5-27 for detailed instructions on setting up the wireless device for SSH access.3-9Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 3 Using the Command-Line InterfaceAccessing the CLI3-10Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Cisco IOS Software COL-30644-01

Before You StartBefore you install the wireless device, make sure network as the wireless device, and obtain the fol

A system name for the wireless deviceyou are using a computer connected to the same C H A P T E R 4Configuring the Access Point for the First Time

This chapter describes how to configure basic settings on the wireless device for the first time. The contents of this chapter are similar to the instructions in the quick start guide that shipped with the wireless device. You can configure all the settings described in this chapter using the CLI, but it might be simplest to browse to the wireless device web-browser interface to complete the initial configuration and then use the CLI to enter additional settings for a more detailed configuration. This chapter contains the following sections:

Before You Start, page 4-1 Logging into the Access Point, page 4-3 Obtaining and Assigning an IP Address, page 4-4 Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points Locally, page 4-5 Connecting to the 1550 Series Access Point Locally, page 4-5 Default Radio Settings, page 4-6 Assigning Basic Settings, page 4-6 CLI Configuration Examples, page 4-15 Configuring System Power Settings Access Points, page 4-21 Assigning an IP Address Using the CLI, page 4-25 Assigning an IP Address Using the CLI, page 4-25 Using a Telnet Session to Access the CLI, page 4-25 Configuring the 802.1X Supplicant, page 4-26 Configuring IPv6, page 4-28 Automatic Configuring of the Access Point, page 4-34

Note In this release, the access point radio interfaces are disabled by default.4-1onfiguration Guide for Cisco Aironet Access Points

lowing information from your network administrator:

Chapter 4 Configuring the Access Point for the First TimeBefore You Start The case-sensitive wireless service set identifier (SSID) for your radio network If not connected to a DHCP server, a unique IP address for the wireless device (such as

172.17.255.115) If the wireless device is not on the same subnet as your PC, a default gateway address and subnet

mask A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if

SNMP is in use) If you use IPSU to find the wireless device IP address, the access point MA

Cyberoam cg15-3-3

Documents

Transcript of Cyberoam cg15-3-3