-
Cisco Wireless LAN Controller Configuration Guide, Release
7.4First Published: January 08, 2013
Last Modified: March 26, 2013
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan
Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800
553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-28744-01
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE
BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY
KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING
PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF
YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an
adaptation of a program developed by the University of California,
Berkeley (UCB) as part of UCB's public domain versionof the UNIX
operating system. All rights reserved. Copyright 1981, Regents of
the University of California.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND
SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS"WITH ALL
FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE
OFMERCHANTABILITY, FITNESS FORA PARTICULAR
PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR
TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING
OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in
this document are not intended to be actual addresses and phone
numbers. Any examples, command display output, networktopology
diagrams, and other figures included in the document are shown for
illustrative purposes only. Any use of actual IP addresses or phone
numbers in illustrative content is unintentionaland
coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks
of Cisco and/or its affiliates in the U.S. and other countries. To
view a list of Cisco trademarks, go to this URL:
http://www.cisco.com/go/trademarks. Third-party trademarks
mentioned are the property of their respective owners. The use of
the word partner does not imply a partnershiprelationship between
Cisco and any other company. (1110R)
2013 Cisco Systems, Inc. All rights reserved.
-
C O N T E N T S
P r e f a c e Preface xlvii
Audience xlvii
Conventions xlvii
Related Documentation xlviii
Obtaining Documentation and Submitting a Service Request
xlix
P A R T I System Management 1
C H A P T E R 1 Overview 3
Cisco Wireless Overview 3
Single-Controller Deployments 4
Multiple-Controller Deployments 5
Operating System Software 6
Operating System Security 6
Layer 2 and Layer 3 Operation 7
Operational Requirements 7
Configuration Requirements 7
Cisco Wireless LAN Controllers 8
Client Location 8
Controller Platforms 8
Cisco 2500 Series Controllers 8
Cisco 5500 Series Controller 9
Cisco Flex 7500 Series Controllers 9
Cisco 8500 Series Controllers 9
Cisco Virtual Wireless LAN Controllers 10
Cisco Wireless Services Module 2 10
Cisco Wireless Controller on Cisco Services-Ready Engine (SRE)
10
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 iii
-
Cisco UWN Solution WLANs 11
File Transfers 11
Power over Ethernet 11
Cisco Wireless LAN Controller Memory 12
Cisco Wireless LAN Controller Failover Protection 12
C H A P T E R 2 Getting Started 15
Configuring the Controller Using the Configuration Wizard 15
Connecting the Console Port of the Controller 16
Configuring the Controller (GUI) 16
Configuring the ControllerUsing the CLI Configuration Wizard
27
Using the Controller GUI 29
Guidelines and Limitations 30
Logging On to the GUI 30
Logging out of the GUI 31
Enabling Web and Secure Web Modes 31
Enabling Web and Secure Web Modes (GUI) 31
Enabling Web and Secure Web Modes (CLI) 32
Loading an Externally Generated SSL Certificate 33
Information About Externally Generated SSL Certificates 33
Loading an SSL Certificate (GUI) 34
Loading an SSL Certificate (CLI) 35
Using the Controller CLI 36
Logging on to the Controller CLI 36
Guidelines and Limitations 36
Using a Local Serial Connection 37
Using a Remote Ethernet Connection 37
Logging Out of the CLI 38
Navigating the CLI 38
Using the AutoInstall Feature for Controllers Without a
Configuration 39
Information About the AutoInstall Feature 39
Guidelines and Limitations 40
Obtaining an IP Address Through DHCP and Downloading a
Configuration File from
a TFTP Server 40
Selecting a Configuration File 41
Cisco Wireless LAN Controller Configuration Guide, Release 7.4iv
OL-28744-01
Contents
-
Example: AutoInstall Operation 42
Managing the Controller System Date and Time 43
Information About Controller System Date and Time 43
Guidelines and Limitations 43
Configuring an NTP Server to Obtain the Date and Time 43
Configuring NTP Authentication (GUI) 44
Configuring NTP Authentication (CLI) 44
Configuring the Date and Time (GUI) 45
Configuring the Date and Time (CLI) 46
Configuring Telnet and Secure Shell Sessions 48
Information About Telnet and SSH 48
Restrictions for Telnet and SSH 48
Configuring Telnet and SSH Sessions (GUI) 48
Configuring Telnet and SSH Sessions (CLI) 49
Troubleshooting Access Points Using Telnet or SSH_old 51
Troubleshooting Access Points Using Telnet or SSH (GUI) 51
Troubleshooting Access Points Using Telnet or SSH (CLI) 51
Managing the Controller Wirelessly 52
Enabling Wireless Connections (GUI) 52
Enabling Wireless Connections (CLI) 53
C H A P T E R 3 Managing Licenses 55
Installing and Configuring Licenses 55
Information About Installing and Configuring Licenses 55
Restrictions for Using Licenses 56
Obtaining an Upgrade or Capacity Adder License 56
Information About Obtaining an Upgrade or Capacity Adder License
56
Obtaining and Registering a PAK Certificate 57
Installing a License 58
Installing a License (GUI) 58
Installing a License (CLI) 59
Viewing Licenses 59
Viewing Licenses (GUI) 59
Viewing Licenses (CLI) 60
Troubleshooting Licensing Issues 63
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 v
Contents
-
Activating an AP-Count Evaluation License 63
Information About Activating an AP-Count Evaluation License
63
Activating an AP-Count Evaluation License (GUI) 63
Activating an AP-Count Evaluation License (CLI) 64
Rehosting Licenses 65
Information About Rehosting Licenses 65
Rehosting a License 66
Rehosting a License (GUI) 66
Rehosting a License (CLI) 67
Transferring Licenses to a Replacement Controller after an RMA
69
Information About Transferring Licenses to a Replacement
Controller after an
RMA 69
Transferring a License to a Replacement Controller after an RMA
69
Configuring the License Agent 70
Information About Configuring the License Agent 70
Configuring the License Agent (GUI) 70
Configuring the License Agent (CLI) 71
C H A P T E R 4 Configuring 802.11 Bands 73
Configuring 802.11 Bands 73
Information About Configuring 802.11 Bands 73
Configuring the 802.11 Bands (GUI) 73
Configuring the 802.11 Bands (CLI) 74
Configuring Band Selection 76
Information About Configuring Band Selection 76
Restrictions on Band Selection 77
Configuring Band Selection 77
Configuring Band Selection (GUI) 77
Configuring Band Selection (CLI) 78
C H A P T E R 5 Configuring 802.11 Parameters 81
Configuring the 802.11n Parameters 81
Information About Configuring the 802.11n Parameters 81
Configuring the 802.11n Parameters (GUI) 81
Configuring the 802.11n Parameters (CLI) 82
Cisco Wireless LAN Controller Configuration Guide, Release 7.4vi
OL-28744-01
Contents
-
Configuring 802.11h Parameters 84
Information About Configuring 802.11h Parameters 84
Configuring the 802.11h Parameters (GUI) 84
Configuring the 802.11h Parameters (CLI) 85
C H A P T E R 6 Configuring DHCP Proxy 87
Information About Configuring DHCP Proxy 87
Restrictions on Using DHCP Proxy 87
Configuring DHCP Proxy (GUI) 88
Configuring DHCP Proxy (GUI) 88
Configuring DHCP Proxy (CLI) 88
Configuring DHCP Proxy (CLI) 89
Configuring a DHCP Timeout (GUI) 89
Configuring a DHCP Timeout (CLI) 89
C H A P T E R 7 Configuring SNMP 91
Configuring SNMP (CLI) 91
SNMP Community Strings 93
Changing the SNMP Community String Default Values (GUI) 93
Changing the SNMP Community String Default Values (CLI) 94
Configuring Real Time Statistics (CLI) 95
SNMP Trap Enhancements 95
C H A P T E R 8 Configuring Aggressive Load Balancing 97
Information About Configuring Aggressive Load Balancing 97
Configuring Aggressive Load Balancing (GUI) 98
Configuring Aggressive Load Balancing (CLI) 99
C H A P T E R 9 Configuring Fast SSID Changing 101
Information About Configuring Fast SSID Changing 101
Configuring Fast SSID Changing (GUI) 101
Configuring Fast SSID Changing (CLI) 101
C H A P T E R 1 0 Configuring 802.3 Bridging 103
Configuring 802.3 Bridging 103
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 vii
Contents
-
Information About Configuring 802.3 Bridging 103
Restrictions on 802.3 Bridging 103
Configuring 802.3 Bridging 104
Configuring 802.3 Bridging (GUI) 104
Configuring 802.3 Bridging (CLI) 104
Enabling 802.3X Flow Control 104
C H A P T E R 1 1 Configuring Multicast 105
Configuring Multicast Mode 105
Information About Multicast Mode 105
Restrictions for Configuring Multicast Mode 107
Enabling Multicast Mode (GUI) 109
Enabling Multicast Mode (CLI) 109
Viewing Multicast Groups (GUI) 110
Viewing Multicast Groups (CLI) 110
Viewing an Access Points Multicast Client Table (CLI) 111
Configuring Multicast Domain Name System 112
Information About Multicast Domain Name System 112
Restrictions for Configuring Multicast DNS 112
Configuring Multicast DNS (GUI) 112
Configuring Multicast DNS (CLI) 114
Information about Bonjour gateway based on access policy 115
Restrictions to the Bonjour gateway based on access policy
116
Creating Bonjour Access Policy through Prime Infrastructure
116
Configuring mDNS Service Groups (GUI) 117
Configuring mDNS Service Groups (CLI) 117
C H A P T E R 1 2 Configuring Client Roaming 119
Information About Client Roaming 119
Inter-Controller Roaming 119
Intra-Controller Roaming 119
Inter-Subnet Roaming 120
Voice-over-IP Telephone Roaming 120
CCX Layer 2 Client Roaming 120
Restrictions on Client Roaming 121
Cisco Wireless LAN Controller Configuration Guide, Release
7.4viii OL-28744-01
Contents
-
Configuring CCX Client Roaming Parameters (GUI) 121
Configuring CCX Client Roaming Parameters (CLI) 122
Obtaining CCX Client Roaming Information (CLI) 122
Debugging CCX Client Roaming Issues (CLI) 123
C H A P T E R 1 3 Configuring IP-MAC Address Binding 125
Information About Configuring IP-MAC Address Binding 125
Configuring IP-MAC Address Binding (CLI) 125
C H A P T E R 1 4 Configuring Quality of Service 127
Configuring Quality of Service 127
Information About Quality of Service 127
Configuring Quality of Service Profiles 128
Configuring QoS Profiles (GUI) 128
Configuring QoS Profiles (CLI) 129
Configuring Quality of Service Roles 131
Information About Quality of Service Roles 131
Configuring QoS Roles 131
Configuring QoS (GUI) 131
Configuring QoS Roles (CLI) 132
C H A P T E R 1 5 Configuring Application Visibility and Control
135
Information About Application Visibility and Control 135
Restrictions for Application Visibility and Control 136
Configuring Application Visibility and Control (GUI) 136
Configuring Application Visibility and Control (CLI) 137
Configuring NetFlow 139
Information About NetFlow 139
Configuring NetFlow (GUI) 139
Configuring NetFlow (CLI) 140
C H A P T E R 1 6 Configuring Media and EDCA Parameters 141
Configuring Voice and Video Parameters 141
Information About Configuring Voice and Video Parameters 141
Call Admission Control 141
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 ix
Contents
-
Bandwidth-Based CAC 142
Load-Based CAC 142
Expedited Bandwidth Requests 142
U-APSD 143
Traffic Stream Metrics 143
Configuring Voice Parameters 144
Configuring Voice Parameters (GUI) 144
Configuring Voice Parameters (CLI) 146
Configuring Video Parameters 147
Configuring Video Parameters (GUI) 147
Configuring Video Parameters (CLI) 148
Viewing Voice and Video Settings 149
Viewing Voice and Video Settings (GUI) 149
Viewing Voice and Video Settings (CLI) 150
Configuring SIP-Based CAC 153
Restrictions for SIP-Based CAC 153
Configuring SIP-Based CAC (GUI) 153
Configuring SIP-Based CAC (CLI) 154
Configuring Media Parameters 155
Configuring Media Parameters (GUI) 155
Configuring Voice Prioritization Using Preferred Call Numbers
155
Information About Configuring Voice Prioritization Using
Preferred Call Numbers 155
Prerequisites for Configuring Voice Prioritization Using
Preferred Call Numbers 156
Configuring a Preferred Call Number (GUI) 156
Configuring a Preferred Call Number (CLI) 156
Configuring EDCA Parameters 157
Information About EDCA Parameters 157
Configuring EDCA Parameters (GUI) 157
Configuring EDCA Parameters (CLI) 158
C H A P T E R 1 7 Configuring the Cisco Discovery Protocol
161
Information About Configuring the Cisco Discovery Protocol
161
Restrictions for Configuring the Cisco Discovery Protocol
161
Configuring the Cisco Discovery Protocol 163
Configuring the Cisco Discovery Protocol (GUI) 163
Cisco Wireless LAN Controller Configuration Guide, Release 7.4x
OL-28744-01
Contents
-
Configuring the Cisco Discovery Protocol (CLI) 164
Viewing Cisco Discovery Protocol Information 165
Viewing Cisco Discovery Protocol Information (GUI) 165
Viewing Cisco Discovery Protocol Information (CLI) 167
Getting CDP Debug Information 168
C H A P T E R 1 8 Configuring Authentication for the Controller
and NTP Server 169
Information About Configuring Authentication for the Controller
and NTP Server 169
Configuring the NTP Server for Authentication (GUI) 169
Configuring the NTP Server for Authentication (CLI) 170
C H A P T E R 1 9 Configuring RFID Tag Tracking 171
Information About Configuring RFID Tag Tracking 171
Configuring RFID Tag Tracking (CLI) 172
Viewing RFID Tag Tracking Information (CLI) 173
Debugging RFID Tag Tracking Issues (CLI) 173
C H A P T E R 2 0 Resetting the Controller to Default Settings
175
Information About Resetting the Controller to Default Settings
175
Resetting the Controller to Default Settings (GUI) 175
Resetting the Controller to Default Settings (CLI) 176
C H A P T E R 2 1 Managing Controller Software and
Configurations 177
Upgrading the Controller Software 177
Restrictions for Upgrading Controller Software 177
Upgrading Controller Software (GUI) 180
Upgrading Controller Software (CLI) 182
Predownloading an Image to an Access Point 184
Access Point Predownload Process 184
Restrictions for Predownloading an Image to an Access Point
185
Predownloading an Image to Access PointsGlobal Configuration
(GUI) 186
Predownloading an Image to Access Points (CLI) 188
Transferring Files to and from a Controller 190
Downloading a Login Banner File 190
Downloading a Login Banner File (GUI) 191
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xi
Contents
-
Downloading a Login Banner File (CLI) 191
Clearing the Login Banner (GUI) 192
Downloading Device Certificates 193
Downloading Device Certificates (GUI) 193
Downloading Device Certificates (CLI) 194
Uploading Device Certificates 195
Uploading Device Certificates (GUI) 195
Uploading Device Certificates (CLI) 196
Downloading CA Certificates 196
Download CA Certificates (GUI) 197
Downloading CA Certificates (CLI) 198
Uploading CA Certificates 199
Uploading CA Certificates (GUI) 199
Uploading CA Certificates (CLI) 199
Uploading PACs 200
Uploading PACs (GUI) 201
Uploading PACs (CLI) 201
Uploading and Downloading Configuration Files 202
Uploading Configuration Files 203
Uploading the Configuration Files (GUI) 203
Uploading the Configuration Files (CLI) 203
Downloading Configuration Files 204
Downloading the Configuration Files (GUI) 205
Downloading the Configuration Files (CLI) 205
Saving Configurations 207
Editing Configuration Files 207
Clearing the Controller Configuration 208
Erasing the Controller Configuration 209
Resetting the Controller 209
C H A P T E R 2 2 Managing User Accounts 211
Configuring Guest User Accounts 211
Information About Creating Guest Accounts 211
Restrictions on Managing User Accounts 211
Creating a Lobby Ambassador Account 212
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xii OL-28744-01
Contents
-
Creating a Lobby Ambassador Account (GUI) 212
Creating a Lobby Ambassador Account (CLI) 212
Creating Guest User Accounts as a Lobby Ambassador (GUI) 213
Viewing Guest User Accounts 214
Viewing the Guest Accounts (GUI) 214
Viewing the Guest Accounts (CLI) 214
Configuring Administrator Usernames and Passwords 214
Information About Configuring Administrator Usernames and
Passwords 214
Configuring Usernames and Passwords (GUI) 214
Configuring Usernames and Passwords (CLI) 215
Restoring Passwords 215
Changing the Default Values for SNMP v3 Users 216
Information About Changing the Default Values for SNMP v3 Users
216
Changing the SNMP v3 User Default Values (GUI) 216
Changing the SNMP v3 User Default Values (CLI) 217
Generating a Certificate Signing Request 217
Downloading Third-Party Certificate (GUI) 219
Downloading Third-Party Certificate (CLI) 220
C H A P T E R 2 3 Managing Web Authentication 221
Obtaining a Web Authentication Certificate 221
Information About Web Authentication Certificates 221
Support for Chained Certificate 222
Obtaining a Web Authentication Certificate (GUI) 222
Obtaining a Web Authentication Certificate (CLI) 223
Web Authentication Process 224
Disabling Security Alert for Web Authentication Process 225
Choosing the Default Web Authentication Login Page 227
Information About Default Web Authentication Login Page 227
Choosing the Default Web Authentication Login Page (GUI) 228
Choosing the Default Web Authentication Login Page (CLI) 228
Example: Creating a Customized Web Authentication Login Page
230
Example: Modified Default Web Authentication Login Page Example
233
Using a Customized Web Authentication Login Page from an
External Web Server 233
Information About Customized Web Authentication Login Page
233
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xiii
Contents
-
Choosing a CustomizedWeb Authentication Login Page from an
External Web Server
(GUI) 234
Choosing a CustomizedWeb Authentication Login Page from an
External Web Server
(CLI) 234
Downloading a Customized Web Authentication Login Page 234
Prerequisites for Downloading a Customized Web Authentication
Login Page 235
Downloading a Customized Web Authentication Login Page (GUI)
235
Downloading a Customized Web Authentication Login Page (CLI)
236
Example: Customized Web Authentication Login Page 237
Verifying the Web Authentication Login Page Settings (CLI)
237
Assigning Login, Login Failure, and Logout Pages per WLAN
238
Information About Assigning Login, Login Failure, and Logout
Pages per WLAN 238
Assigning Login, Login Failure, and Logout Pages per WLAN (GUI)
238
Assigning Login, Login Failure, and Logout Pages per WLAN (CLI)
239
C H A P T E R 2 4 Configuring Wired Guest Access 241
Information About Wired Guest Access 241
Prerequisites for Configuring Wired Guest Access 242
Restrictions for Configuring Wired Guest Access 242
Configuring Wired Guest Access (GUI) 243
Configuring Wired Guest Access (CLI) 244
Supporting IPv6 Client Guest Access 247
C H A P T E R 2 5 Troubleshooting 249
Interpreting LEDs 249
Information About Interpreting LEDs 249
Interpreting Controller LEDs 250
Interpreting Lightweight Access Point LEDs 250
System Messages 250
Information About System Messages 250
Viewing System Resources 253
Information About Viewing System Resources 253
Viewing System Resources (GUI) 254
Viewing System Resources (CLI) 254
Using the CLI to Troubleshoot Problems 254
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xiv OL-28744-01
Contents
-
Configuring System and Message Logging 256
Information About System and Message Logging 256
Configuring System and Message Logging (GUI) 256
Viewing Message Logs (GUI) 258
Configuring System and Message Logging (CLI) 258
Viewing System and Message Logs (CLI) 262
Viewing Access Point Event Logs 262
Information About Access Point Event Logs 262
Viewing Access Point Event Logs (CLI) 262
Uploading Logs and Crash Files 263
Prerequisites to Upload Logs and Crash Files 263
Uploading Logs and Crash Files (GUI) 263
Uploading Logs and Crash Files (CLI) 264
Uploading Core Dumps from the Controller 265
Information About Uploading Core Dumps from the Controller
265
Configuring the Controller to Automatically Upload Core Dumps to
an FTP Server
(GUI) 266
Configuring the Controller to Automatically Upload Core Dumps to
an FTP Server
(CLI) 266
Uploading Core Dumps from Controller to a Server (CLI) 267
Uploading Packet Capture Files 268
Information About Uploading Packet Capture Files 268
Restrictions for Uploading Packet Capture Files 269
Uploading Packet Capture Files (GUI) 270
Uploading Packet Capture Files (CLI) 270
Monitoring Memory Leaks 271
Monitoring Memory Leaks (CLI) 271
Troubleshooting CCXv5 Client Devices 272
Information About Troubleshooting CCXv5 Client Devices 272
Restrictions for CCXv5 Client Devices 272
Configuring Diagnostic Channel 273
Configuring the Diagnostic Channel (GUI) 273
Configuring the Diagnostic Channel (CLI) 274
Configuring Client Reporting 278
Configuring Client Reporting (GUI) 278
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xv
Contents
-
Configuring Client Reporting (CLI) 278
Configuring Roaming and Real-Time Diagnostics 279
Configuring Roaming and Real-Time Diagnostics (CLI) 279
Using the Debug Facility 282
Information About Using the Debug Facility 282
Configuring the Debug Facility (CLI) 283
Configuring Wireless Sniffing 287
Information About Wireless Sniffing 287
Prerequisites for Wireless Sniffing 287
Restrictions for Wireless Sniffing 287
Configuring Sniffing on an Access Point (GUI) 288
Configuring Sniffing on an Access Point (CLI) 288
Troubleshooting Access Points Using Telnet or SSH_old 289
Information About Troubleshooting Access Points Using Telnet or
SSH 289
Troubleshooting Access Points Using Telnet or SSH (GUI) 290
Troubleshooting Access Points Using Telnet or SSH (CLI) 290
Debugging the Access Point Monitor Service 291
Information About Debugging the Access Point Monitor Service
291
Debugging Access Point Monitor Service Issues (CLI) 291
Troubleshooting Memory Leaks 292
Troubleshooting Memory Leaks 292
Troubleshooting OfficeExtend Access Points 292
Information About Troubleshooting OfficeExtend Access Points
292
Interpreting OfficeExtend LEDs 292
Positioning OfficeExtend Access Points for Optimal RF Coverage
293
Troubleshooting Common Problems 293
P A R T I I Ports and Interfaces 295
C H A P T E R 2 6 Overview of Ports and Interfaces 297
Information About Ports 297
Information About Distribution System Ports 298
Restrictions for Configuring Distribution System Ports 298
Information About Service Port 299
Information About Interfaces 300
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xvi OL-28744-01
Contents
-
Restrictions for Configuring Interfaces 300
Information About Dynamic AP Management 301
Information About WLANs 302
C H A P T E R 2 7 Configuring the Management Interface 305
Information About the Management Interface 305
Configuring the Management Interface (GUI) 307
Configuring the Management Interface (CLI) 308
C H A P T E R 2 8 Configuring the AP-Manager Interface 311
Information About AP-Manager Interface 311
Restrictions_for_Configuring_AP_Manager_Interface 312
Configuring the AP-Manager Interface (GUI) 312
Configuring the AP Manager Interface (CLI) 313
Configuration Example: Configuring AP-Manager on a Cisco 5500
Series Controller 313
C H A P T E R 2 9 Configuring Virtual Interfaces 317
Information About the Virtual Interface 317
Configuring Virtual Interfaces (GUI) 318
Configuring Virtual Interfaces (CLI) 318
C H A P T E R 3 0 Configuring Service-Port Interfaces 319
Information About Service-Port Interfaces 319
Restrictions for Configuring Service-Port Interfaces 320
Configuring Service-Port Interfaces Using IPv4 (GUI) 320
Configuring Service-Port Interfaces Using IPv4 (CLI) 320
Configuring Service-Port Interface Using IPv6 (GUI) 321
Configuring Service-Port Interfaces Using IPv6 (CLI) 321
C H A P T E R 3 1 Configuring Dynamic Interfaces 323
Information About Dynamic Interface 323
Pre - requisites for Configuring Dynamic Interfaces 324
Restrictions for Configuring Dynamic Interfaces 324
Configuring Dynamic Interfaces (GUI) 325
Configuring Dynamic Interfaces (CLI) 326
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xvii
Contents
-
C H A P T E R 3 2 Configuring Ports 329
Configuring Ports (GUI) 329
C H A P T E R 3 3 Information About Using Cisco 5500 Series
Controller USB Console Port 331
USB Console OS Compatibility 331
Changing the Cisco USB Systems Management Console COM Port to an
Unused Port 332
C H A P T E R 3 4 Configuring Link Aggregation 333
Information About Link Aggregation 333
Restrictions for Link Aggregation 333
Configuring Link Aggregation (GUI) 335
Configuring Link Aggregation (CLI) 336
Verifying Link Aggregation Settings (CLI) 336
Configuring Neighbor Devices to Support Link Aggregation 336
Choosing Between Link Aggregation and Multiple AP-Manager
Interfaces 336
C H A P T E R 3 5 Configuring Multiple AP-Manager Interfaces
339
Information About Multiple AP-Manager Interfaces 339
Restrictions for Configuring Multiple AP Manager Interfaces
339
Creating Multiple AP-Manager Interfaces (GUI) 340
Creating Multiple AP-Manager Interfaces (CLI) 340
C H A P T E R 3 6 Configuring VLAN Select 343
Information About VLAN Select 343
Restrictions for Configuring VLAN Select 344
Configuring Interface Groups 344
Information About Interface Groups 344
Restrictions for Configuring Interface Groups 344
Creating Interface Groups (GUI) 345
Creating Interface Groups (CLI) 345
Adding Interfaces to Interface Groups (GUI) 345
Adding Interfaces to Interface Groups (CLI) 346
Viewing VLANs in Interface Groups (CLI) 346
Adding an Interface Group to a WLAN (GUI) 346
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xviii OL-28744-01
Contents
-
Adding an Interface Group to a WLAN (CLI) 346
C H A P T E R 3 7 Configuring Interface Groups 347
Information About Interface Groups 347
Restrictions for Configuring Interface Groups 348
Creating Interface Groups (GUI) 348
Creating Interface Groups (CLI) 349
Adding Interfaces to Interface Groups (GUI) 349
Adding Interfaces to Interface Groups (CLI) 349
Viewing VLANs in Interface Groups (CLI) 349
Adding an Interface Group to a WLAN (GUI) 349
Adding an Interface Group to a WLAN (CLI) 350
C H A P T E R 3 8 Configuring Multicast Optimization 351
Information About Multicast Optimization 351
Configuring a Multicast VLAN (GUI) 351
Configuring a Multicast VLAN (CLI) 352
P A R T I I I VideoStream 353
C H A P T E R 3 9 VideoStream 355
Information about VideoStream 355
Prerequisites for VideoStream 355
Restrictions for Configuring VideoStream 355
Configuring VideoStream (GUI) 356
Configuring VideoStream (CLI) 359
Viewing and Debugging Media Streams 360
P A R T I V Security Solutions 363
C H A P T E R 4 0 Cisco Unified Wireless Network Solution
Security 365
Security Overview 365
Layer 1 Solutions 365
Layer 2 Solutions 365
Restrictions for Layer 2 Solutions 366
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xix
Contents
-
Layer 3 Solutions 366
Integrated Security Solutions 366
C H A P T E R 4 1 Configuring RADIUS 367
Information About RADIUS 367
Configuring RADIUS on the ACS 369
Configuring RADIUS (GUI) 370
Configuring RADIUS (CLI) 374
RADIUS Authentication Attributes Sent by the Controller 378
Authentication Attributes Honored in Access-Accept Packets
(Airespace) 380
RADIUS Accounting Attributes 386
C H A P T E R 4 2 Configuring TACACS+ 389
Information About TACACS+ 389
TACACS+ VSA 391
Configuring TACACS+ on the ACS 392
Configuring TACACS+ (GUI) 394
Configuring TACACS+ (CLI) 395
Viewing the TACACS+ Administration Server Logs 396
C H A P T E R 4 3 Configuring Maximum Local Database Entries
399
Information About Configuring Maximum Local Database Entries
399
Configuring Maximum Local Database Entries (GUI) 399
Configuring Maximum Local Database Entries (CLI) 400
C H A P T E R 4 4 Configuring Local Network Users on the
Controller 401
Information About Local Network Users on Controller 401
Configuring Local Network Users for the Controller (GUI) 401
Configuring Local Network Users for the Controller (CLI) 402
C H A P T E R 4 5 Configuring Password Policies 405
Information About Password Policies 405
Configuring Password Policies (GUI) 406
Configuring Password Policies (CLI) 406
Cisco Wireless LAN Controller Configuration Guide, Release 7.4xx
OL-28744-01
Contents
-
C H A P T E R 4 6 Configuring LDAP 409
Information About LDAP 409
Configuring LDAP (GUI) 410
Configuring LDAP (CLI) 412
C H A P T E R 4 7 Configuring Local EAP 415
Information About Local EAP 415
Restrictions for Local EAP 416
Configuring Local EAP (GUI) 417
Configuring Local EAP (CLI) 420
C H A P T E R 4 8 Configuring the System for SpectraLink NetLink
Telephones 425
Information About SpectraLink NetLink Telephones 425
Configuring SpectraLink NetLink Phones 425
Enabling Long Preambles (GUI) 425
Enabling Long Preambles (CLI) 426
Configuring Enhanced Distributed Channel Access (CLI) 426
C H A P T E R 4 9 Configuring RADIUS NAC Support 429
Information About RADIUS NAC Support 429
Device Registration 430
Central Web Authentication 430
Local Web Authentication 430
Restrictions for RADIUS NAC Support 430
Configuring RADIUS NAC Support (GUI) 431
Configuring RADIUS NAC Support (CLI) 432
C H A P T E R 5 0 Using Management Over Wireless 433
Information About Management over Wireless 433
Enabling Management over Wireless (GUI) 433
Enabling Management over Wireless (CLI) 434
C H A P T E R 5 1 Using Dynamic Interfaces for Management
435
Information About Using Dynamic Interfaces for Management
435
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxi
Contents
-
Configuring Management using Dynamic Interfaces (CLI) 436
C H A P T E R 5 2 Configuring DHCP Option 82 437
Information About DHCP Option 82 437
Restrictions on DHCP Option 82 438
Configuring DHCP Option 82 (GUI) 438
Configuring DHCP Option 82 (CLI) 438
C H A P T E R 5 3 Configuring and Applying Access Control Lists
441
Information About Access Control Lists 441
Restrictions for Access Control Lists 441
Configuring and Applying Access Control Lists (GUI) 442
Configuring Access Control Lists 442
Applying an Access Control List to an Interface 445
Applying an Access Control List to the Controller CPU 445
Applying an Access Control List to a WLAN 446
Applying a Preauthentication Access Control List to a WLAN
446
Configuring and Applying Access Control Lists (CLI) 446
Configuring Access Control Lists 446
Applying Access Control Lists 447
C H A P T E R 5 4 Configuring Management Frame Protection
449
Information About Management Frame Protection 449
Restrictions for Management Frame Protection 451
Configuring Management Frame Protection (GUI) 451
Viewing the Management Frame Protection Settings (GUI) 451
Configuring Management Frame Protection (CLI) 452
Viewing the Management Frame Protection Settings (CLI) 452
Debugging Management Frame Protection Issues (CLI) 452
C H A P T E R 5 5 Configuring Client Exclusion Policies 455
Configuring Client Exclusion Policies (GUI) 455
Configuring Client Exclusion Policies (CLI) 456
C H A P T E R 5 6 Configuring Identity Networking 459
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxii OL-28744-01
Contents
-
Information About Identity Networking 459
RADIUS Attributes Used in Identity Networking 460
C H A P T E R 5 7 Configuring AAA Override 465
Information About AAA Override 465
Restrictions for AAA Override 465
Updating the RADIUS Server Dictionary File for Proper QoS Values
466
Configuring AAA Override (GUI) 467
Configuring AAA Override (CLI) 467
C H A P T E R 5 8 Managing Rogue Devices 469
Information About Rogue Devices 469
Configuring Rogue Detection (GUI) 473
Configuring Rogue Detection (CLI) 475
C H A P T E R 5 9 Classifying Rogue Access Points 479
Information About Classifying Rogue Access Points 479
Restrictions for Classifying Rogue Access Points 481
Configuring Rogue Classification Rules (GUI) 482
Viewing and Classifying Rogue Devices (GUI) 485
Configuring Rogue Classification Rules (CLI) 488
Viewing and Classifying Rogue Devices (CLI) 490
C H A P T E R 6 0 Configuring Cisco TrustSec SXP 495
Information About Cisco TrustSec SXP 495
Restrictions for Cisco TrustSec SXP 496
Configuring Cisco TrustSec SXP (GUI) 497
Creating a New SXP Connection (GUI) 497
Configuring Cisco TrustSec SXP (CLI) 498
C H A P T E R 6 1 Configuring Cisco Intrusion Detection System
501
Information About Cisco Intrusion Detection System 501
Shunned Clients 501
Additional Information 502
Configuring IDS Sensors (GUI) 502
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxiii
Contents
-
Viewing Shunned Clients (GUI) 503
Configuring IDS Sensors (CLI) 503
Viewing Shunned Clients (CLI) 504
C H A P T E R 6 2 Configuring IDS Signatures 507
Information About IDS Signatures 507
Configuring IDS Signatures (GUI) 509
Uploading or Downloading IDS Signatures 509
Enabling or Disabling IDS Signatures 510
Viewing IDS Signature Events (GUI) 512
Configuring IDS Signatures (CLI) 513
Viewing IDS Signature Events (CLI) 514
C H A P T E R 6 3 Configuring wIPS 517
Information About wIPS 517
Restrictions for wIPS 523
Configuring wIPS on an Access Point (GUI) 523
Configuring wIPS on an Access Point (CLI) 524
Viewing wIPS Information (CLI) 525
C H A P T E R 6 4 Configuring the Wi-Fi Direct Client Policy
527
Information About the Wi-Fi Direct Client Policy 527
Restrictions for the Wi-Fi Direct Client Policy 527
Configuring the Wi-Fi Direct Client Policy (GUI) 528
Configuring the Wi-Fi Direct Client Policy (CLI) 528
Monitoring and Troubleshooting the Wi-Fi Direct Client Policy
(CLI) 528
C H A P T E R 6 5 Configuring Web Auth Proxy 531
Information About the Web Authentication Proxy 531
Configuring the Web Authentication Proxy (GUI) 532
Configuring the Web Authentication Proxy (CLI) 532
C H A P T E R 6 6 Detecting Active Exploits 535
Detecting Active Exploits 535
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxiv OL-28744-01
Contents
-
P A R T V WLANs 537
C H A P T E R 6 7 Overview 539
Information About WLANs 539
Prerequisites for WLANs 539
Restrictions for WLANs 540
C H A P T E R 6 8 Configuring WLANs 543
Prerequisites for WLANs 543
Restrictions for WLANs 544
Information About WLANs 545
Creating and Removing WLANs (GUI) 545
Enabling and Disabling WLANs (GUI) 546
Editing WLAN SSID or Profile Name for WLANs (GUI) 547
Creating and Deleting WLANs (CLI) 547
Enabling and Disabling WLANs (CLI) 548
Editing WLAN SSID or Profile Name for WLANs (CLI) 548
Viewing WLANs (CLI) 549
Searching WLANs (GUI) 549
Assigning WLANs to Interfaces 549
Configuring Network Access Identifier (CLI) 550
C H A P T E R 6 9 Setting the Client Count per WLAN 551
Restrictions for Setting Client Count for WLANs 551
Information About Setting the Client Count per WLAN 552
Configuring the Client Count per WLAN (GUI) 552
Configuring the Maximum Number of Clients per WLAN (CLI) 552
Configuring the Maximum Number of Clients for each AP Radio per
WLAN (GUI) 553
Configuring the Maximum Number of Clients for each AP Radio per
WLAN (CLI) 553
C H A P T E R 7 0 Configuring DHCP 555
Restrictions for Configuring DHCP for WLANs 555
Information About the Dynamic Host Configuration Protocol
555
Internal DHCP Servers 555
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxv
Contents
-
External DHCP Servers 556
DHCP Assignments 556
Configuring DHCP (GUI) 557
Configuring DHCP (CLI) 558
Debugging DHCP (CLI) 558
DHCP Client Handling 559
C H A P T E R 7 1 Configuring DHCP Scopes 561
Restrictions for Configuring DHCP Scopes 561
Information About DHCP Scopes 561
Configuring DHCP Scopes (GUI) 561
Configuring DHCP Scopes (CLI) 562
C H A P T E R 7 2 Configuring MAC Filtering for WLANs 565
Restrictions for MAC Filtering 565
Information About MAC Filtering of WLANs 565
Enabling MAC Filtering 565
C H A P T E R 7 3 Configuring Local MAC Filters 567
Prerequisites for Configuring Local MAC Filters 567
Information About Local MAC Filters 567
Configuring Local MAC Filters (CLI) 567
C H A P T E R 7 4 Configuring Timeouts 569
Configuring a Timeout for Disabled Clients 569
Information About Configuring a Timeout for Disabled Clients
569
Configuring Timeout for Disabled Clients (CLI) 569
Configuring Session Timeout 569
Information About Session Timeouts 569
Configuring a Session Timeout (GUI) 570
Configuring a Session Timeout (CLI) 570
Configuring the User Idle Timeout 571
Information About the User Idle Timeout Per WLAN 571
Configuring Per-WLAN User Idle Timeout (CLI) 571
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxvi OL-28744-01
Contents
-
C H A P T E R 7 5 Configuring the DTIM Period 573
Information About DTIM Period 573
Configuring the DTIM Period (GUI) 574
Configuring the DTIM Period (CLI) 574
C H A P T E R 7 6 Configuring Peer-to-Peer Blocking 575
Restrictions for Peer-to-Peer Blocking 575
Information About Peer-to-Peer Blocking 575
Configuring Peer-to-Peer Blocking (GUI) 576
Configuring Peer-to-Peer Blocking (CLI) 576
C H A P T E R 7 7 Configuring Layer2 Security 579
Prerequisites for Layer 2 Security 579
Configuring Static WEP Keys (CLI) 580
Configuring Dynamic 802.1X Keys and Authorization (CLI) 580
Configuring 802.11r BSS Fast Transition 581
Restrictions for 802.11r Fast Transition 581
Information About 802.11r Fast Transition 582
Configuring 802.11r Fast Transition (GUI) 584
Configuring 802.11r Fast Transition (CLI) 585
Troubleshooting 802.11r BSS Fast Transition 586
Configuring MAC Authentication Failover to 802.1X Authentication
586
Configuring MAC Authentication Failover to 802.1x Authentication
(GUI) 586
Configuring MAC Authentication Failover to 802.1X Authentication
(CLI) 586
Configuring 802.11w 587
Restrictions for 802.11w 587
Information About 802.11w 587
Configuring 802.11w (GUI) 588
Configuring 802.11w (CLI) 589
C H A P T E R 7 8 Configuring a WLAN for Both Static and Dynamic
WEP 591
Restrictions for Configuring Static and Dynamic WEP 591
Information About WLAN for Both Static and Dynamic WEP 591
WPA1 and WPA2 592
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxvii
Contents
-
Configuring WPA1+WPA2 593
Configuring WPA1+WPA2 (GUI) 593
Configuring WPA1+WPA2 (CLI) 593
C H A P T E R 7 9 Configuring Sticky Key Caching 595
Information About Sticky Key Caching 595
Restrictions for Sticky Key Caching 595
Configuring Sticky Key Caching (CLI) 596
C H A P T E R 8 0 Configuring CKIP 599
Information About CKIP 599
Configuring CKIP (GUI) 600
Configuring CKIP (CLI) 600
C H A P T E R 8 1 Configuring Layer 3 Security 603
Configuring Layer 3 Security Using VPN Passthrough 603
Restrictions for Layer 3 Security Using VPN Passthrough 603
Information About VPN Passthrough 603
Configuring VPN Passthrough 604
Configuring VPN Passthrough (GUI) 604
Configuring VPN Passthrough (CLI) 604
Configuring Layer 3 Security Using Web Authentication 604
Prerequisites for Configuring Web Authentication on a WLAN
604
Restrictions for Configuring Web Authentication on a WLAN
605
Information About Web Authentication 605
Configuring Web Authentication 606
Configuring Web Authentication (GUI) 606
Configuring Web Authentication (CLI) 606
C H A P T E R 8 2 Configuring Captive Bypassing 607
Information About Captive Bypassing 607
Configuring Captive Bypassing (CLI) 608
C H A P T E R 8 3 Configuring a Fallback Policy with MAC
Filtering and Web Authentication 609
Information About Fallback Policy with MAC Filtering and Web
Authentication 609
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxviii OL-28744-01
Contents
-
Configuring a Fallback Policy with MAC Filtering and Web
Authentication (GUI) 609
Configuring a Fallback Policy with MAC Filtering and Web
Authentication (CLI) 610
C H A P T E R 8 4 Assigning QoS Profiles 611
Information About QoS Profiles 611
Assigning a QoS Profile to a WLAN (GUI) 612
Assigning a QoS Profile to a WLAN (CLI) 613
C H A P T E R 8 5 Configuring QoS Enhanced BSS 615
Prerequisites for Using QoS Enhanced BSS on Cisco 7921 and 7920
Wireless IP Phones 615
Restrictions for QoS Enhanced BSS 616
Information About QoS Enhanced BSS 616
Configuring QBSS (GUI) 617
Configuring QBSS (CLI) 617
C H A P T E R 8 6 Configuring Media Session Snooping and
Reporting 619
Restrictions for Media Session Snooping and Reporting 619
Information About Media Session Snooping and Reporting 619
Configuring Media Session Snooping (GUI) 620
Configuring Media Session Snooping (CLI) 620
C H A P T E R 8 7 Configuring Key Telephone System-Based CAC
625
Restrictions for Key Telephone System-Based CAC 625
Information About Key Telephone System-Based CAC 625
Configuring KTS-based CAC (GUI) 626
Configuring KTS-based CAC (CLI) 626
Related Commands 627
C H A P T E R 8 8 Configuring Reanchoring of Roaming Voice
Clients 629
Restrictions for Configuring Reanchoring of Roaming Voice
Clients 629
Information About Reanchoring of Roaming Voice Clients 629
Configuring Reanchoring of Roaming Voice Clients (GUI) 630
Configuring Reanchoring of Roaming Voice Clients (CLI) 630
C H A P T E R 8 9 Configuring Seamless IPv6 Mobility 631
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxix
Contents
-
Prerequisites for Configuring IPv6 Mobility 631
Restrictions for Configuring IPv6 Mobility 631
Information About IPv6 Mobility 632
Configuring IPv6 Globally 633
Configuring IPv6 Globally (GUI) 633
Configuring IPv6 Globally (CLI) 633
Configuring RA Gaurd for IPv6 Clients 633
Information About RA Guard 633
Configuring RA Guard (GUI) 634
Configuring RA Guard (CLI) 634
Configuring RA Throttling for IPv6 Clients 634
Information about RA Throttling 634
Configuring RA Throttling (GUI) 634
Configuring the RA Throttle Policy (CLI) 635
Configuring IPv6 Neighbor Discovery Caching 635
Information About IPv6 Neighbor Discovery 635
Configuring Neighbor Binding (GUI) 636
Configuring Neighbor Binding (CLI) 636
C H A P T E R 9 0 Configuring Cisco Client Extensions 637
Prerequisites for Configuring Cisco Client Extensions 637
Restrictions for Configuring Cisco Client Extensions 637
Information About Cisco Client Extensions 638
Configuring CCX Aironet IEs (GUI) 638
Viewing a Clients CCX Version (GUI) 638
Configuring CCX Aironet IEs (CLI) 638
Viewing a Clients CCX Version (CLI) 639
C H A P T E R 9 1 Configuring Remote LANs 641
Prerequisites for Configuring Remote LANs 641
Restrictions for Configuring Remote LANs 641
Information About Remote LANs 641
Configuring a Remote LAN (GUI) 642
Configuring a Remote LAN (CLI) 642
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxx OL-28744-01
Contents
-
C H A P T E R 9 2 Configuring AP Groups 645
Prerequisites for Configuring AP Groups 645
AP Groups Supported on Controller Platforms 645
Restrictions for Configuring Access Point Groups 646
Information About Access Point Groups 646
Configuring Access Point Groups 647
Creating Access Point Groups (GUI) 647
Creating Access Point Groups (CLI) 649
Viewing Access Point Groups (CLI) 649
C H A P T E R 9 3 Configuring RF Profiles 651
Prerequisites for Configuring RF Profiles 651
Restrictions for Configuring RF Profiles 651
Information About RF Profiles 652
Configuring an RF Profile (GUI) 654
Configuring an RF Profile (CLI) 655
Applying an RF Profile to AP Groups (GUI) 657
Applying RF Profiles to AP Groups (CLI) 657
C H A P T E R 9 4 Configuring Web Redirect with 8021.X
Authentication 659
Information About Web Redirect with 802.1X Authentication
659
Conditional Web Redirect 659
Splash Page Web Redirect 660
Configuring the RADIUS Server (GUI) 660
Configuring Web Redirect 661
Configuring Web Redirect (GUI) 661
Configuring Web Redirect (CLI) 661
Disabling Accounting Servers per WLAN (GUI) 662
Disabling Coverage Hole Detection per WLAN 662
Disabling Coverage Hole Detection on a WLAN (GUI) 663
Disabling Coverage Hole Detection on a WLAN (CLI) 663
C H A P T E R 9 5 Configuring NAC Out-of-Band Integration
665
Prerequisites for NAC Out Of Band 665
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxxi
Contents
-
Restrictions for NAC Out of Band 666
Information About NAC Out-of-Band Integration 666
Configuring NAC Out-of-Band Integration (GUI) 667
Configuring NAC Out-of-Band Integration (CLI) 669
C H A P T E R 9 6 Configuring Passive Clients 671
Restrictions for Passive Clients 671
Information About Passive Clients 671
Configuring Passive Clients (GUI) 672
Enabling the Multicast-Multicast Mode (GUI) 673
Enabling the Global Multicast Mode on Controllers (GUI) 673
Enabling the Passive Client Feature on the Controller (GUI)
674
Configuring Passive Clients (CLI) 674
C H A P T E R 9 7 Configuring Client Profiling 675
Prerequisites for Configuring Client Profiling 675
Restrictions for Configuring Client Profiling 676
Information About Client Profiling 676
Configuring Client Profiling (GUI) 677
Configuring Client Profiling (CLI) 677
C H A P T E R 9 8 Configuring Per-WLAN RADIUS Source Support
679
Prerequisites for Per-WLAN RADIUS Source Support 679
Restrictions for Per-WLAN RADIUS Source Support 679
Information About Per-WLAN RADIUS Source Support 679
Configuring Per-WLAN RADIUS Source Support (CLI) 680
Monitoring the Status of Per-WLAN RADIUS Source Support (CLI)
680
C H A P T E R 9 9 Configuring Mobile Concierge 683
Information About Mobile Concierge 683
Configuring Mobile Concierge (802.11u) 683
Configuring Mobile Concierge (802.11u) (GUI) 683
Configuring Mobile Concierge (802.11u) (CLI) 684
Configuring 802.11u Mobility Services Advertisement Protocol
685
Information About 802.11u MSAP 685
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxxii OL-28744-01
Contents
-
Configuring 802.11u MSAP (GUI) 686
Configuring MSAP (CLI) 686
Configuring 802.11u HotSpot 686
Information About 802.11u HotSpot 686
Configuring 802.11u HotSpot (GUI) 686
Configuring HotSpot 2.0 (CLI) 687
Configuring Access Points for HotSpot2 (GUI) 688
Configuring Access Points for HotSpot2 (CLI) 689
Downloading the Icon File (CLI) 693
C H A P T E R 1 0 0 Configuring Assisted Roaming 695
Restrictions for Assisted Roaming 695
Information About Assisted Roaming 695
Configuring Assisted Roaming (CLI) 696
P A R T V I Lightweight Access Points 699
C H A P T E R 1 0 1 Using Access Point Communication Protocols
701
Information About Access Point Communication Protocols 701
Restrictions for Access Point Communication Protocols 702
Configuring Data Encryption 702
Guidelines for Data Encryption 702
Upgrading or Downgrading DTLS Images for Cisco 5500 Series
Controllers 703
Guidelines When Upgrading to or from a DTLS Image 704
Configuring Data Encryption (GUI) 704
Configuring Data Encryption (CLI) 704
Viewing CAPWAP Maximum Transmission Unit Information 705
Debugging CAPWAP 705
Controller Discovery Process 706
Restrictions for Controller Discovery Process 707
Verifying that Access Points Join the Controller 707
Verifying that Access Points Join the Controller (GUI) 707
Verifying that Access Points Join the Controller (CLI) 707
C H A P T E R 1 0 2 Searching for Access Points 709
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxxiii
Contents
-
Information About Searching for Access Points 709
Searching the AP Filter (GUI) 709
Monitoring the Interface Details 712
Searching for Access Point Radios 714
Information About Searching for Access Point Radios 714
Searching for Access Point Radios (GUI) 714
C H A P T E R 1 0 3 Searching for Access Point Radios 717
Information About Searching for Access Point Radios 717
Searching for Access Point Radios (GUI) 717
C H A P T E R 1 0 4 Configuring Global Credentials for Access
Points 719
Information About Configuring Global Credentials for Access
Points 719
Restrictions for Global Credentials for Access Points 720
Configuring Global Credenitals for Access Points 720
Configuring Global Credentials for Access Points (GUI) 720
Configuring Global Credentials for Access Points (CLI) 721
C H A P T E R 1 0 5 Configuring Authentication for Access Points
723
Information About Configuring Authentication for Access Points
723
Prerequisites for Configuring Authentication for Access Points
723
Restrictions for Authenticating Access Points 724
Configuring Authentication for Access Points (GUI) 724
Configuring Authentication for Access Points (CLI) 725
Configuring the Switch for Authentication 726
C H A P T E R 1 0 6 Configuring Embedded Access Points 727
Information About Embedded Access Points 727
C H A P T E R 1 0 7 Converting Autonomous Access Points to
Lightweight Mode 729
Information About Converting Autonomous Access Points to
Lightweight Mode 729
Restrictions for Converting Autonomous Access Points to
Lightweight Mode 730
Converting Autonomous Access Points to Lightweight Mode 730
Reverting from Lightweight Mode to Autonomous Mode 731
Reverting to a Previous Release (CLI) 731
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxxiv OL-28744-01
Contents
-
Reverting to a Previous Release Using the MODE Button and a TFTP
Server 732
Authorizing Access Points 732
Authorizing Access Points Using SSCs 732
Authorizing Access Points for Virtual Controllers Using SSC
732
Configuring SSC (GUI) 733
Configuring SSC (CLI) 733
Authorizing Access Points Using MICs 733
Authorizing Access Points Using LSCs 734
Configuring Locally Significant Certificates (GUI) 734
Configuring Locally Significant Certificates (CLI) 735
Authorizing Access Points (GUI) 737
Authorizing Access Points (CLI) 737
Configuring VLAN Tagging for CAPWAP Frames from Access Points
738
Information About VLAN Tagging for CAPWAP Frames from Access
Points 738
Configuring VLAN Tagging for CAPWAP Frames from Access Points
(GUI) 738
Configuring VLAN Tagging for CAPWAP Frames from Access Points
(CLI) 739
Using DHCP Option 43 and DHCP Option 60 739
Troubleshooting the Access Point Join Process 740
Configuring the Syslog Server for Access Points (CLI) 741
Viewing Access Point Join Information 742
Viewing Access Point Join Information (GUI) 742
Viewing Access Point Join Information (CLI) 743
Sending Debug Commands to Access Points Converted to Lightweight
Mode 744
Understanding How Converted Access Points Send Crash Information
to the Controller 745
Understanding How Converted Access Points Send Radio Core Dumps
to the Controller 745
Retrieving Radio Core Dumps (CLI) 745
Uploading Radio Core Dumps (GUI) 745
Uploading Radio Core Dumps (CLI) 746
Uploading Memory Core Dumps from Converted Access Points 747
Uploading Access Point Core Dumps (GUI) 747
Uploading Access Point Core Dumps (CLI) 747
Viewing the AP Crash Log Information 748
Viewing the AP Crash Log information (GUI) 748
Viewing the AP Crash Log information (CLI) 748
Displaying MAC Addresses for Converted Access Points 748
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxxv
Contents
-
Disabling the Reset Button on Access Points Converted to
Lightweight Mode 749
Configuring a Static IP Address on a Lightweight Access Point
749
Configuring a Static IP Address (GUI) 749
Configuring a Static IP Address (CLI) 750
Supporting Oversized Access Point Images 751
Recovering the Access PointUsing the TFTP Recovery Procedure
751
C H A P T E R 1 0 8 Configuring Packet Capture 753
Information About Packet Capture 753
Restrictions for Packet Capture 754
Configuring Packet Capture (CLI) 754
C H A P T E R 1 0 9 Configuring OfficeExtend Access Points
757
Information About OfficeExtend Access Points 757
OEAP 600 Series Access Points 758
OEAP in Local Mode 758
Supported WLAN Settings for 600 Series OfficeExtend Access Point
759
WLAN Security Settings for the 600 Series OfficeExtend Access
Point 759
Authentication Settings 763
Supported User Count on 600 Series OfficeExtend Access Point
764
Remote LAN Settings 764
Channel Management and Settings 765
Additional Caveats 766
Implementing Security 766
Licensing for an OfficeExtend Access Point 767
Configuring OfficeExtend Access Points 767
Configuring OfficeExtend Access Points (GUI) 767
Configuring OfficeExtend Access Points (CLI) 769
Configuring a Personal SSID on an OfficeExtend Access Point
Other than 600 Series
OEAP 771
Viewing OfficeExtend Access Point Statistics 772
C H A P T E R 1 1 0 Using Cisco Workgroup Bridges 773
Information About Cisco Workgroup Bridges 773
Restrictions for Cisco Workgroup Bridges 775
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxxvi OL-28744-01
Contents
-
WGB Configuration Example 776
Viewing the Status of Workgroup Bridges (GUI) 777
Viewing the Status of Workgroup Bridges (CLI) 777
Debugging WGB Issues (CLI) 778
C H A P T E R 1 1 1 Using Non-Cisco Workgroup Bridges 779
Information About Non-Cisco Workgroup Bridges 779
Restrictions for Non-Cisco Workgroup Bridges 780
C H A P T E R 1 1 2 Configuring Backup Controllers 781
Information About Configuring Backup Controllers 781
Restrictions for Configuring Backup Controllers 782
Configuring Backup Controllers (GUI) 782
Configuring Backup Controllers (CLI) 783
C H A P T E R 1 1 3 Configuring High Availability 787
Information About High Availability 787
Restrictions on High Availability 790
Configuring High Availability (GUI) 792
Configuring High Availability (CLI) 793
C H A P T E R 1 1 4 Configuring Failover Priority for Access
Points 797
Information About Configuring Failover Priority for Access
Points 797
Configuring Failover Priority for Access Points (GUI) 798
Configuring Failover Priority for Access Points (CLI) 798
Viewing Failover Priority Settings (CLI) 798
C H A P T E R 1 1 5 Configuring AP Retransmission Interval and
Retry Count 801
Information About Configuring the AP Retransmission Interval and
Retry Count 801
Restrictions for Access Point Retransmission Interval and Retry
Count 801
Configuring the AP Retransmission Interval and Retry Count (GUI)
802
Configuring the Access Point Retransmission Interval and Retry
Count (CLI) 802
C H A P T E R 1 1 6 Configuring Country Codes 805
Information About Configuring Country Codes 805
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxxvii
Contents
-
Restrictions for Configuring Country Codes 806
Configuring Country Codes (GUI) 806
Configuring Country Codes (CLI) 807
C H A P T E R 1 1 7 Optimizing RFID Tracking on Access Points
809
Information About Optimizing RFID Tracking on Access Points
809
Optimizing RFID Tracking on Access Points (GUI) 809
Optimizing RFID Tracking on Access Points (CLI) 810
C H A P T E R 1 1 8 Configuring Probe Request Forwarding 811
Information About Configuring Probe Request Forwarding 811
Configuring Probe Request Forwarding (CLI) 811
C H A P T E R 1 1 9 Retrieving the Unique Device Identifier on
Controllers and Access Points 813
Information About Retrieving the Unique Device Identifier on
Controllers and Access
Points 813
Retrieving the Unique Device Identifier on Controllers and
Access Points (GUI) 813
Retrieving the Unique Device Identifier on Controllers and
Access Points (CLI) 814
C H A P T E R 1 2 0 Performing a Link Test 815
Information About Performing a Link Test 815
Performing a Link Test (GUI) 816
Performing a Link Test (CLI) 816
C H A P T E R 1 2 1 Configuring Link Latency 819
Information About Configuring Link Latency 819
Restrictions for Link Latency 820
Configuring Link Latency (GUI) 820
Configuring Link Latency (CLI) 820
C H A P T E R 1 2 2 Configuring the TCP MSS 823
Information About Configuring the TCP MSS 823
Configuring TCP MSS (GUI) 823
Configuring TCP MSS (CLI) 824
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xxxviii OL-28744-01
Contents
-
C H A P T E R 1 2 3 Configuring Power Over Ethernet 825
Information About Configuring Power over Ethernet 825
Configuring Power over Ethernet (GUI) 827
Configuring Power over Ethernet (CLI) 828
C H A P T E R 1 2 4 Viewing Clients 831
Viewing Clients (GUI) 831
Viewing Clients (CLI) 832
C H A P T E R 1 2 5 Configuring LED States for Access Points
833
Configuring LED States 833
Information About Configuring LED States for Access Points
833
Configuring the LED State for Access Points in a Network
Globally (GUI) 833
Configuring the LED State for Access Point in a Network Globally
(CLI) 833
Configuring LED State on a Specific Access Point (GUI) 834
Configuring LED State on a Specific Access Point (CLI) 834
Configuring Flashing LEDs 834
Information About Configuring Flashing LEDs 834
Configuring Flashing LEDs (CLI) 834
C H A P T E R 1 2 6 Configuring Access Points with Dual-Band
Radios 837
Configuring Access Points with Dual-Band Radios (GUI) 837
Configuring Access Points with Dual-Band Radios (CLI) 838
P A R T V I I Radio Resource Management 839
C H A P T E R 1 2 7 Configuring RRM 841
Information About Radio Resource Management 841
Radio Resource Monitoring 842
Transmit Power Control 842
Overriding the TPC Algorithm with Minimum and Maximum Transmit
Power
Settings 843
Dynamic Channel Assignment 843
Coverage Hole Detection and Correction 845
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xxxix
Contents
-
Benefits of RRM 845
Information About Configuring RRM 845
Restrictions for Configuring RRM 845
Configuring the RF Group Mode (GUI) 846
Configuring the RF Group Mode (CLI) 847
Configuring Transmit Power Control (GUI) 847
Configuring Off-Channel Scanning Defer 849
Information About Off-Channel Scanning Defer 849
Configuring Off-Channel Scanning Defer for WLANs 849
Configuring Off-Channel Scanning Defer for a WLAN (GUI) 849
Configuring Off Channel Scanning Defer for a WLAN (CLI) 850
Configuring Dynamic Channel Assignment (GUI) 850
Configuring Coverage Hole Detection (GUI) 853
Configuring RRMProfile Thresholds,Monitoring Channels,
andMonitor Intervals
(GUI) 854
Configuring RRM (CLI) 855
Viewing RRM Settings (CLI) 859
Debug RRM Issues (CLI) 860
C H A P T E R 1 2 8 Configuring RRM Neighbor Discovery Packets
861
Information About RRM NDP and RF Grouping 861
Configuring RRM NDP (CLI) 861
C H A P T E R 1 2 9 Configuring RF Groups 863
Information About RF Groups 863
RF Group Leader 864
RF Group Name 865
Controllers and APs in RF Groups 865
Configuring RF Groups 866
Configuring an RF Group Name (GUI) 866
Configuring an RF Group Name (CLI) 866
Viewing the RF Group Status 867
Viewing the RF Group Status (GUI) 867
Viewing the RF Group Status (CLI) 867
Configuring Rogue Access Point Detection in RF Groups 868
Cisco Wireless LAN Controller Configuration Guide, Release 7.4xl
OL-28744-01
Contents
-
Information About Rogue Access Point Detection in RF Groups
868
Configuring Rogue Access Point Detection in RF Groups 868
Enabling Rogue Access Point Detection in RF Groups (GUI) 868
Configuring Rogue Access Point Detection in RF Groups (CLI)
869
C H A P T E R 1 3 0 Overriding RRM 871
Information About Overriding RRM 871
Prerequisites for Overriding RRM 871
Statically Assigning Channel and Transmit Power Settings to
Access Point Radios 872
Statically Assigning Channel and Transmit Power Settings (GUI)
872
Statically Assigning Channel and Transmit Power Settings (CLI)
873
Disabling Dynamic Channel and Power Assignment Globally for a
Cisco Wireless LAN
Controller 876
Disabling Dynamic Channel and Power Assignment (GUI) 876
Disabling Dynamic Channel and Power Assignment (CLI) 876
C H A P T E R 1 3 1 Configuring CCX Radio Management Features
879
Information About CCX Radio Management Features 879
Radio Measurement Requests 879
Location Calibration 880
Configuring CCX Radio Management 880
Configuring CCX Radio Management (GUI) 880
Configuring CCX Radio Management (CLI) 881
Viewing CCX Radio Management Information (CLI) 881
Debugging CCX Radio Management Issues (CLI) 882
P A R T V I I I Cisco CleanAir 883
C H A P T E R 1 3 2 Information About CleanAir 885
Information About CleanAir 885
Role of the Cisco Wireless LAN Controller in a Cisco CleanAir
System 886
Interference Types that Cisco CleanAir Can Detect 886
Persistent Devices 887
Persistent Devices Detection 887
Persistent Devices Propagation 887
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xli
Contents
-
Detecting Interferers by an Access Point 888
C H A P T E R 1 3 3 Prerequisites and Restrictions for CleanAir
889
Prerequisites for CleanAir 889
Restrictions for CleanAir 890
C H A P T E R 1 3 4 Cisco CleanAir 891
Configuring Cisco CleanAir on the Controller 891
Configuring Cisco CleanAir on the Cisco Wireless LAN Controller
(GUI) 891
Configuring Cisco CleanAir on the Cisco Wireless LAN Controller
(CLI) 893
Configuring Cisco CleanAir on an Access Point 897
Configuring Cisco CleanAir on an Access Point (GUI) 897
Configuring Cisco CleanAir on an Access Point (CLI) 898
C H A P T E R 1 3 5 Monitoring the Interference Devices 899
Prerequisites for Monitoring the Interference Devices 899
Monitoring the Interference Device (GUI) 899
Monitoring the Interference Device (CLI) 901
Detecting Interferers by an Access Point 901
Detecting Interferers by Device Type 901
Detecting Persistent Sources of Interference 901
Monitoring Persistent Devices (GUI) 902
Monitoring Persistent Devices (CLI) 902
Monitoring the Air Quality of Radio Bands 903
Monitoring the Air Quality of Radio Bands (GUI) 903
Monitoring the Air Quality of Radio Bands (CLI) 903
Viewing a Summary of the Air Quality 903
Viewing Air Quality for all Access Points on a Radio Band
903
Viewing Air Quality for an Access Point on a Radio Band 903
Monitoring the Worst Air Quality of Radio Bands (GUI) 904
Monitoring the Worst Air Quality of Radio Bands (CLI) 904
Viewing a Summary of the Air Quality (CLI) 904
Viewing the Worst Air Quality Information for all Access Points
on a Radio Band
(CLI) 904
Viewing the Air Quality for an Access Point on a Radio Band
(CLI) 904
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xlii OL-28744-01
Contents
-
Viewing the Air Quality for an Access Point by Device Type (CLI)
905
Detecting Persistent Sources of Interference (CLI) 905
C H A P T E R 1 3 6 Configuring a Spectrum Expert Connection
907
Information About Spectrum Expert Connection 907
Configuring Spectrum Expert (GUI) 907
P A R T I X FlexConnect 911
C H A P T E R 1 3 7 FlexConnect 913
Information About FlexConnect 913
FlexConnect Authentication Process 914
Restrictions on FlexConnect 918
Configuring FlexConnect 920
Configuring the Switch at a Remote Site 920
Configuring the Controller for FlexConnect 921
Configuring the Controller for FlexConnect for a Centrally
Switched WLAN Used
for Guest Access 922
Configuring the Controller for FlexConnect (GUI) 922
Configuring the Controller for FlexConnect (CLI) 924
Configuring an Access Point for FlexConnect 926
Configuring an Access Point for FlexConnect (GUI) 926
Configuring an Access Point for FlexConnect (CLI) 928
Configuring an Access Point for Local Authentication on a WLAN
(GUI) 930
Configuring an Access Point for Local Authentication on a WLAN
(CLI) 930
Connecting Client Devices to WLANs 931
C H A P T E R 1 3 8 Configuring FlexConnect ACLs 933
Information About Access Control Lists 933
Restrictions for FlexConnect ACLs 933
Configuring FlexConnect ACLs (GUI) 934
Configuring FlexConnect ACLs (CLI) 936
Viewing and Debugging FlexConnect ACLs (CLI) 937
C H A P T E R 1 3 9 Configuring FlexConnect Groups 939
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xliii
Contents
-
Information About FlexConnect Groups 939
FlexConnect Groups and Backup RADIUS Servers 940
FlexConnect Groups and CCKM 940
FlexConnect Groups and Opportunistic Key Caching 940
FlexConnect Groups and Local Authentication 941
Configuring FlexConnect Groups 941
Configuring FlexConnect Groups (GUI) 941
Configuring FlexConnect Groups (CLI) 943
Configuring VLAN-ACL Mapping on FlexConnect Groups 945
Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) 945
Configuring VLAN-ACL Mapping on FlexConnect Groups (CLI) 946
Viewing VLAN-ACL Mappings (CLI) 946
C H A P T E R 1 4 0 Configuring AAA Overrides for FlexConnect
947
Information About Authentication, Authorization, Accounting
Overrides 947
Restrictions for AAA Overrides for FlexConnect 948
Configuring AAA Overrides for FlexConnect on an Access Point
(GUI) 948
Configuring VLAN Overrides for FlexConnect on an Access Point
(CLI) 949
C H A P T E R 1 4 1 Configuring FlexConnect AP Upgrades for
FlexConnect APs 951
Information About FlexConnect AP Upgrades 951
Restrictions for FlexConnect AP Upgrades for FlexConnect Access
Points 951
Configuring FlexConnect AP Upgrades (GUI) 952
Configuring FlexConnect AP Upgrades (CLI) 952
P A R T X Mobility Groups 953
C H A P T E R 1 4 2 Mobility Groups 955
Information About Mobility 955
Information About Mobility Groups 959
Messaging Among Mobility Groups 961
Using Mobility Groups with NAT Devices 962
Rogue Detection Behavior in Mobility Groups 962
Prerequisites for Configuring Mobility Groups 963
Configuring Mobility Groups (GUI) 965
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xliv OL-28744-01
Contents
-
Configuring Mobility Groups (CLI) 966
C H A P T E R 1 4 3 Viewing Mobility Group Statistics 969
Viewing Mobility Group Statistics (GUI) 969
Viewing Mobility Group Statistics (CLI) 970
C H A P T E R 1 4 4 Configuring Auto-Anchor Mobility 971
Information About Auto-Anchor Mobility 971
Restrictions on Auto-Anchor Mobility 972
Configuring Auto-Anchor Mobility (GUI) 973
Configuring Auto-Anchor Mobility (CLI) 973
C H A P T E R 1 4 5 Validating WLANMobility Security Values
977
Information About WLAN Mobility Security Values 977
C H A P T E R 1 4 6 Using Symmetric Mobility Tunneling 979
Information About Symmetric Mobility Tunneling 979
Guidelines and Limitations 980
Verifying Symmetric Mobility Tunneling (GUI) 980
Verifying if Symmetric Mobility Tunneling is Enabled (CLI)
980
C H A P T E R 1 4 7 Running Mobility Ping Tests 981
Information About Mobility Ping Tests 981
Guidelines and Limitations 981
Running Mobility Ping Tests (CLI) 982
C H A P T E R 1 4 8 Configuring Dynamic Anchoring for Clients
with Static IP Addresses 983
Information About Dynamic Anchoring for Clients with Static IP
983
How Dynamic Anchoring of Static IP Clients Works 983
Restrictions on Dynamic Anchoring for Clients With Static IP
Addresses 984
Configuring Dynamic Anchoring of Static IP Clients (GUI) 985
Configuring Dynamic Anchoring of Static IP Clients (CLI) 985
C H A P T E R 1 4 9 Configuring Foreign Mappings 987
Information About Foreign Mappings 987
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xlv
Contents
-
Configuring Foreign Controller MAC Mapping (GUI) 987
Configuring Foreign Controller MAC Mapping (CLI) 987
C H A P T E R 1 5 0 Configuring Proxy Mobile IPv6 989
Information About Proxy Mobile IPv6 989
Restrictions on Proxy Mobile IPv6 990
Configuring Proxy Mobile IPv6 (GUI) 990
Configuring Proxy Mobile IPv6 (CLI) 992
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xlvi OL-28744-01
Contents
-
Preface
This preface describes the audience, organization, and
conventions of this document. It also providesinformation on how to
obtain other documentation. This chapter includes the following
sections:
Audience, page xlvii
Conventions, page xlvii
Related Documentation, page xlviii
Obtaining Documentation and Submitting a Service Request, page
xlix
AudienceThis publication is for experienced network
administrators who configure and maintain Cisco wirelesscontrollers
and Cisco lightweight access points.
ConventionsThis document uses the following conventions:
Table 1: Conventions
IndicationConvention
Commands and keywords and user-entered text appear in bold
font.bold font
Document titles, new or emphasized terms, and arguments for
which you supplyvalues are in italic font.
italic font
Elements in square brackets are optional.[ ]
Required alternative keywords are grouped in braces and
separated by verticalbars.
{x | y | z }
Optional alternative keywords are grouped in brackets and
separated by verticalbars.
[ x | y | z ]
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xlvii
-
IndicationConvention
A nonquoted set of characters. Do not use quotation marks around
the string orthe string will include the quotation marks.
string
Terminal sessions and information the system displays appear in
courier font.courier font
Nonprinting characters such as passwords are in angle
brackets.
Default responses to system prompts are in square
brackets.[]
An exclamation point (!) or a pound sign (#) at the beginning of
a line of codeindicates a comment line.
!, #
Means reader take note. Notes contain helpful suggestions or
references to material not covered in themanual.
Note
Means the following information will help you solve a
problem.Tip
Means reader be careful. In this situation, you might perform an
action that could result in equipmentdamage or loss of data.
Caution
Related DocumentationThese documents provide complete
information about Cisco Wireless:
Cisco Wireless Controller configuration guides:
http://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-controllers/products-installation-and-configuration-guides-list.html
Cisco Wireless Controller command references:
http://www.cisco.com/en/US/products/ps10315/prod_command_reference_list.html
Cisco Wireless Controller System Message
Guide:http://www.cisco.com/en/US/products/ps10315/products_system_message_guides_list.html
Release Notes for Cisco Wireless Controllers and Lightweight
Access
Points:http://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-controllers/products-release-notes-list.html
Cisco Wireless Mesh Access Points, Design and Deployment
Guide:http://www.cisco.com/c/en/us/support/wireless/aironet-1550-series/products-implementation-design-guides-list.html
Cisco Prime Infrastructure documentation:
http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-documentation-roadmaps-list.html
Cisco Mobility Services Engine documentation:
http://www.cisco.com/c/en/us/support/wireless/context-aware-software/tsd-products-support-series-home.html
Cisco Wireless LAN Controller Configuration Guide, Release
7.4xlviii OL-28744-01
PrefaceRelated Documentation
-
Click this link to access user documentation pertaining to Cisco
Wireless solution:
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
Obtaining Documentation and Submitting a Service RequestFor
information on obtaining documentation, using the Cisco Bug Search
Tool (BST), submitting a servicerequest, and gathering additional
information, seeWhat's New in Cisco Product Documentation, at:
http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe toWhat's New in Cisco Product Documentation, which
lists all new and revised Cisco technicaldocumentation as an RSS
feed and delivers content directly to your desktop using a reader
application. TheRSS feeds are a free service.
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 xlix
PrefaceObtaining Documentation and Submitting a Service
Request
-
Cisco Wireless LAN Controller Configuration Guide, Release 7.4l
OL-28744-01
PrefaceObtaining Documentation and Submitting a Service
Request
-
P A R T ISystem Management Overview, page 3
Getting Started, page 15
Managing Licenses, page 55
Configuring 802.11 Bands, page 73
Configuring 802.11 Parameters, page 81
Configuring DHCP Proxy, page 87
Configuring SNMP, page 91
Configuring Aggressive Load Balancing, page 97
Configuring Fast SSID Changing, page 101
Configuring 802.3 Bridging, page 103
Configuring Multicast, page 105
Configuring Client Roaming, page 119
Configuring IP-MAC Address Binding, page 125
Configuring Quality of Service, page 127
Configuring Application Visibility and Control, page 135
Configuring Media and EDCA Parameters, page 141
Configuring the Cisco Discovery Protocol, page 161
-
Configuring Authentication for the Controller and NTP Server,
page 169
Configuring RFID Tag Tracking, page 171
Resetting the Controller to Default Settings, page 175
Managing Controller Software and Configurations, page 177
Managing User Accounts, page 211
Managing Web Authentication, page 221
Configuring Wired Guest Access, page 241
Troubleshooting, page 249
-
C H A P T E R 1Overview
Cisco Wireless Overview, page 3
Operating System Software, page 6
Operating System Security, page 6
Layer 2 and Layer 3 Operation, page 7
Cisco Wireless LAN Controllers, page 8
Controller Platforms, page 8
Cisco UWN Solution WLANs, page 11
File Transfers, page 11
Power over Ethernet, page 11
Cisco Wireless LAN Controller Memory, page 12
Cisco Wireless LAN Controller Failover Protection, page 12
Cisco Wireless OverviewCisco Wireless is designed to provide
802.11 wireless networking solutions for enterprises and
serviceproviders. CiscoWireless simplifies deploying and managing
large-scale wireless LANs and enables a uniquebest-in-class
security infrastructure. The operating systemmanages all data
client, communications, and systemadministration functions,
performs radio resource management (RRM) functions, manages
system-widemobility policies using the operating system security
solution, and coordinates all security functions usingthe operating
system security framework.
Cisco Wireless solution consists of Cisco wireless LAN
controllers and their associated lightweight accesspoints
controlled by the operating system, all concurrently managed by any
or all of the operating system userinterfaces:
An HTTP and/or HTTPS full-featured Web User Interface hosted by
Cisco wireless LAN controllerscan be used to configure and monitor
individual controllers.
A full-featured command-line interface (CLI) can be used to
configure and monitor individual Ciscowireless LAN controllers.
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 3
-
The Cisco Prime Infrastructure, which you use to configure and
monitor one or more Cisco wirelessLAN controllers and associated
access points. The Prime Infrastructure has tools to facilitate
large-systemmonitoring and control. For more information about
Cisco Prime Infrastructure,
seehttp://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/tsd-products-support-series-home.html.
An industry-standard SNMPV1, V2c, andV3 interface can be
usedwith any SNMP-compliant third-partynetwork management
system.
The Cisco Wireless solution supports client data services,
client monitoring and control, and all rogue accesspoint detection,
monitoring, and containment functions. It uses lightweight access
points, Cisco wireless LANcontrollers, and the optional Cisco Prime
Infrastructure to provide wireless services to enterprises and
serviceproviders.
Unless otherwise noted in this publication, all of the Cisco
wireless LAN controllers are referred to ascontrollers, and all of
the Cisco lightweight access points are referred to as access
points.
Note
Single-Controller DeploymentsA standalone controller can support
lightweight access points across multiple floors and
buildingssimultaneously and support the following features:
Autodetecting and autoconfiguring lightweight access points as
they are added to the network.
Full control of lightweight access points.
Lightweight access points connect to controllers through the
network. The network equipment may ormay not provide Power over
Ethernet (PoE) to the access points.
Some controllers use redundant Gigabit Ethernet connections to
bypass single network failures.
Some controllers can connect through multiple physical ports to
multiple subnets in the network. Thisfeature can be helpful when
you want to confine multiple VLANs to separate subnets.
Note
Cisco Wireless LAN Controller Configuration Guide, Release 7.44
OL-28744-01
Cisco Wireless Overview
-
This figure shows a typical single-controller deployment.
Figure 1: Single-Controller Deployment
Multiple-Controller DeploymentsEach controller can support
lightweight access points across multiple floors and buildings
simultaneously.However, full functionality of the Cisco wireless
LAN solution occurs when it includes multiple controllers.A
multiple-controller system has the following additional
features:
Autodetecting and autoconfiguring RF parameters as the
controllers are added to the network.
Same-subnet (Layer 2) roaming and inter-subnet (Layer 3)
roaming.
Automatic access point failover to any redundant controller with
a reduced access point load.
The following figure shows a typical multiple-controller
deployment. The figure also shows an optionaldedicatedmanagement
network and the three physical connection types between the network
and the controllers.
Cisco Wireless LAN Controller Configuration Guide, Release 7.4
OL-28744-01 5
Cisco Wireless Overview
-
Figure 2: Typical Multiple-Controller Deployment
Operating System SoftwareThe operating system software controls
controllers and lightweight access points. It includes full
operatingsystem security and radio resource management (RRM)
features.
Operating System SecurityOperating system security bundles Layer
1, Layer 2, and Layer 3 security components into a simple,
CiscoWLAN solution-wide policy manager that creates independent
security policies for each of up to 16 wirelessLANs.
The 802.11 Static WEP weaknesses can be overcome using the
following robust industry-standard securitysolutions:
802.1X dynamic keys with extensible authentication protocol
(EAP).
Wi-Fi protected access (WPA) dynamic keys. The CiscoWLAN
solutionWPA implementation includes:
Temporal key integrity protocol (TKIP) and message integrity
code checksum dynamic keys
WEP keys, with or without a preshared key passphrase
Cisco Wireless LAN Controller Configuration Guide, Release 7.46
OL-28744-01
Operating System Software
-
RSN with or without a preshared key
Optional MAC filtering
The WEP problem can be further solved using the following
industry-standard Layer 3 security solutions:
Passthrough VPNs
Local and RADIUS MAC address filtering
Local and RADIUS user/password authentication
Manual and automated disabling to block access to network
services. In manual disabling, you blockaccess using client MAC
addresses. In automated disabling, which is always active, the
operating systemsoftware automatically blocks access to network
services for a user-defined period of time when a clientfails to
authenticate for a fixed number of consecutive attempts. This
feature can be used to deterbrute-force login attacks.
These and other security features use industry-standard
authorization and authentication methods to ensurethe highest
possible security f
