Cisco Systems 102075 Cisco Aironet 802.11n Dual Band Access Points User Manual Cisco Wireless LAN Controller Configuration Guide 10

Cisco Systems Inc Cisco Aironet 802.11n Dual Band Access Points Cisco Wireless LAN Controller Configuration Guide 10

Cisco Wireless LAN Controller Configuration Guide_10

D-45Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Configuring Wireless Sniffing • WiresharkNote The latest version of Wireshark can decode the packets by going to the Anaylze mode. Select decode as, and switch UDP5555 to decode as AIROPEEK.Note You must disable IP-MAC address binding in order to use an access point in sniffer mode if the access point is joined to a Cisco 5500 Series Controller, a Cisco 2100 Series Controller, or a controller network module that runs software release 6.0 or later releases. To disable IP-MAC address binding, enter the config network ip-mac-binding disable command in the controller CLI. See the “Configuring IP-MAC Address Binding” section on page 4-67 for more information.Note You must enable WLAN 1 in order to use an access point in sniffer mode if the access point is joined to a Cisco 5500 Series Controller, a Cisco 2100 Series Controller, or a controller network module that runs software release 6.0 or later releases. If WLAN 1 is disabled, the access point cannot send packets.Prerequisites for Wireless SniffingTo perform wireless sniffing, you need the following hardware and software: • A dedicated access point—An access point configured as a sniffer cannot simultaneously provide wireless access service on the network. To avoid disrupting coverage, use an access point that is not part of your existing wireless network. • A remote monitoring device—A computer capable of running the analyzer software. • Windows XP or Linux operating system—The controller supports sniffing on both Windows XP and Linux machines. • Software and supporting files, plug-ins, or adapters—Your analyzer software may require specialized files before you can successfully enable Using the GUI to Configure Sniffing on an Access PointTo configure sniffing on an access point using the controller GUI, follow these steps:Step 1 Choose Wireless > Access Points > All APs to open the All APs page.Step 2 Click the name of the access point that you want to configure as the sniffer. The All APs > Details for page appears (see Figure D-14).
D-46Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Configuring Wireless SniffingFigure D-14 All APs > Details for PageStep 3 From the AP Mode drop-down list, choose Sniffer.Step 4 Click Apply to commit your changes. Step 5 Click OK when warned that the access point will be rebooted.Step 6 Choose Wireless > Access Points > Radios > 802.11a/n (or 802.11b/g/n) to open the 802.11a/n (or 802.11b/g/n) Radios page.Step 7 Hover your cursor over the blue drop-down arrow for the desired access point and choose Configure. The 802.11a/n (or 802.11b/g/n) Cisco APs > Configure page appears (see Figure D-15).
D-47Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Configuring Wireless SniffingFigure D-15 802.11a/n Cisco APs > Configure PageStep 8 Unselect the Sniff check box to enable sniffing on this access point, or leave it unselected to disable sniffing. The default value is unchecked.Step 9 If you enabled sniffing in Step 8, follow these steps: a. From the Channel drop-down list, choose the channel on which the access point sniffs for packets.b. In the Server IP Address text box, enter the IP address of the remote machine running Omnipeek, Airopeek, AirMagnet, or Wireshark.Step 10 Click Apply to commit your changes. Step 11 Click Save Configuration to save your changes.Using the CLI to Configure Sniffing on an Access PointTo configure sniffing on an access point using the controller CLI, follow these steps:Step 1 To configure the access point as a sniffer, enter this command:config ap mode sniffer Cisco_APwhere Cisco_AP is the access point configured as the sniffer.Step 2 When warned that the access point will be rebooted and asked if you want to continue, enter Y. The access point reboots in sniffer mode.Step 3 To enable sniffing on the access point, enter this command:config ap sniff {802.11a | 802.11b} enable channel server_IP_address Cisco_AP
D-48Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Troubleshooting Access Points Using Telnet or SSHwhere –channel is the radio channel on which the access point sniffs for packets. The default values are 36 (802.11a/n) and 1 (802.11b/g/n). –server_IP_address is the IP address of the remote machine running Omnipeek, Airopeek, AirMagnet, or Wireshark. –Cisco_AP is the access point configured as the sniffer.Note To disable sniffing on the access point, enter the config ap sniff {802.11a | 802.11b} disable Cisco_AP command.Step 4 To save your changes, enter this command:save configStep 5 To view the sniffer configuration settings for an access point, enter this command: show ap config {802.11a | 802.11b} Cisco_APInformation similar to the following appears: Cisco AP Identifier................................ 17 Cisco AP Name.......................................... AP1131:46f2.98ac... AP Mode ........................................... Sniffer Public Safety ..................................... Global: Disabled, Local: Disabled Sniffing .............................................. No ... Troubleshooting Access Points Using Telnet or SSHThe controller supports the use of the Telnet and Secure Shell (SSH) protocols to troubleshoot lightweight access points. Using these protocols makes debugging easier, especially when the access point is unable to connect to the controller. • To avoid potential conflicts and security threats to the network, the following commands are unavailable while a Telnet or SSH session is enabled: config terminal, telnet, ssh, rsh, ping, traceroute, clear, clock, crypto, delete, fsck, lwapp, mkdir, radius, release, reload, rename, renew, rmdir, save, set, test, upgrade. • Commands available during a Telnet or SSH session include debug, disable, enable, help, led, login, logout, more, no debug, show, systat, undebug, where.You can configure Telnet or SSH by using the controller CLI in software release 5.0 or later releases or using the controller GUI in software release 6.0 or later releases.Note See the “Configuring Telnet and SSH Sessions” section on page 2-34 for instructions on configuring Telnet or SSH sessions on the controller.
D-49Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Troubleshooting Access Points Using Telnet or SSHUsing the GUI to Troubleshoot Access Points Using Telnet or SSHTo enable Telnet or SSH access (or both) on lightweight access points using the controller GUI, follow these steps:Step 1 Choose Wireless > Access Points > All APs to open the All APs page.Step 2 Click the name of the access point for which you want to enable Telnet or SSH.Step 3 Choose the Advanced tab to open the All APs > Details for (Advanced) page (see Figure D-16).Figure D-16 All APs > Details for (Advanced) PageStep 4 To enable Telnet connectivity on this access point, select the Telne t check box. The default value is unchecked.Step 5 To enable SSH connectivity on this access point, select the SSH check box. The default value is unchecked.Step 6 Click Apply to commit your changes.Step 7 Click Save Configuration to save your changes.Using the CLI to Troubleshoot Access Points Using Telnet or SSHTo enable Telnet or SSH access (or both) on lightweight access points using the controller CLI, follow these steps:Step 1 To enable Telnet or SSH connectivity on an access point, enter this command:config ap {telnet | ssh} enable Cisco_APThe default value is disabled.
D-50Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Debugging the Access Point Monitor ServiceNote To disable Telnet or SSH connectivity on an access point, enter this command: config ap {telnet | ssh} disable Cisco_APStep 2 To save your changes, enter this command:save configStep 3 To see whether Telnet or SSH is enabled on an access point, enter this command:show ap config general Cisco_APInformation similar to the following appears:Cisco AP Identifier.............................. 5Cisco AP Name.................................... AP33Country code..................................... Multiple Countries:US,AE,AR,AT,AU,BHReg. Domain allowed by Country................... 802.11bg:-ABCENR 802.11a:-ABCENAP Country code.................................. US - United StatesAP Regulatory Domain............................. 802.11bg:-A 802.11a:-A Switch Port Number .............................. 2MAC Address...................................... 00:19:2f:11:16:7aIP Address Configuration......................... Static IP assignedIP Address....................................... 10.22.8.133IP NetMask....................................... 255.255.248.0Gateway IP Addr.................................. 10.22.8.1Domain........................................... Name Server...................................... Telnet State..................................... EnabledSsh State........................................ Enabled... Debugging the Access Point Monitor ServiceThe controller sends access point status information to the Cisco 3300 Series Mobility Services Engine (MSE) using the access point monitor service.The MSE sends a service subscription and an access point monitor service request to get the status of all access points currently known to the controller. When any change is made in the status of an access point, a notification is sent to the MSE.Using the CLI to Debug Access Point Monitor Service IssuesIf you experience any problems with the access point monitor service, enter this command:debug service ap-monitor {all | error | event | nmsp | packet} {enable | disable}where • all configures debugging of all access point status messages. • error configures debugging of access point monitor error events. • event configures debugging of access point monitor events. • nmsp configures debugging of access point monitor NMSP events. • packet configures debugging of access point monitor packets.
D-51Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Troubleshooting OfficeExtend Access Points • enable enables the debub service ap-monitor mode. • disable disables the debug service ap-monitor mode.Troubleshooting OfficeExtend Access PointsThis section provides troubleshooting information if you experience any problems with your OfficeExtend access points.Interpreting OfficeExtend LEDsThe LED patterns are different for 1130 series and 1140 series OfficeExtend access points. See the Cisco OfficeExtend Access Point Quick Start Guide for a description of the LED patterns. You can find this guide at this URL:http://www.cisco.com/en/US/products/hw/wireless/index.htmlPositioning OfficeExtend Access Points for Optimal RF CoverageWhen positioning your OfficeExtend access point, consider that its RF signals are emitted in a cone shape spreading outward from the LED side of the access point (see Figure D-17). Be sure to mount the access point so that air can flow behind the metal back plate and prevent the access point from overheating.Figure D-17 OfficeExtend Access Point Radiation PatternsTroubleshooting Common ProblemsMost of the problems experienced with OfficeExtend access points are one of the following: • The access point cannot join the controller because of network or firewall issues.Resolution: Follow the instructions in the “Viewing Access Point Join Information” section on page 8-55 to view join statistics for the OfficeExtend access point, or find the access point’s public IP address and perform pings of different packet sizes from inside the company. • The access point joins but keeps dropping off. This behavior usually occurs because of network problems or when the network address translation (NAT) or firewall ports close because of short timeouts.
D-52Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix D Troubleshooting Troubleshooting OfficeExtend Access PointsResolution: Ask the teleworker for the LED status. • Clients cannot associate because of NAT issues.Resolution: Ask the teleworker to perform a speed test and a ping test. Some servers do not return big packet pings. • Clients keep dropping data. This behavior usually occurs because the home router closes the port because of short timeouts.Resolution: Perform client troubleshooting in WCS to determine if the problem is related to the OfficeExtend access point or the client. • The access point is not broadcasting the enterprise WLAN.Resolution: Ask the teleworker to check the cables, power supply, and LED status. If you still cannot identify the problem, ask the teleworker to try the following: –Connect to the home router directly and see if the PC is able to connect to an Internet website such as http://www.cisco.com/. If the PC cannot connect to the Internet, check the router or modem. If the PC can connect to the Internet, check the home router configuration to see if a firewall or MAC-based filter is enabled that is blocking the access point from reaching the Internet. –Log into the home router and check to see if the access point has obtained an IP address. If it has, the access point’s LED normally blinks orange. • The access point cannot join the controller, and you cannot identify the problem.Resolution: A problem could exist with the home router. Ask the teleworker to check the router manual and try the following: –Assign the access point a static IP address based on the access point’s MAC address. –Put the access point in a demilitarized zone (DMZ), which is a small network inserted as a neutral zone between a company’s private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. –If problems still occur, contact your company’s IT department for assistance. • The teleworker experiences problems while configuring a personal SSID on the access point.Resolution: Clear the access point configuration and return it to factory default settings by clicking Clear Config on the access point GUI or by entering the clear ap config Cisco_AP command and then follow the steps in the “Configuring a Personal SSID on an OfficeExtend Access Point” section on page 8-85 to try again. If problems still occur, contact your company’s IT department for assistance. • The home network needs to be rebooted.Resolution: Ask the teleworker to follow these steps:a. Leave all devices networked and connected, and then power down all the devices.b. Turn on the cable or DSL modem, and then wait for 2 minutes. (Check the LED status.)c. Turn on the home router, and then wait for 2 minutes. (Check the LED status.)d. Turn on the access point, and then wait for 5 minutes. (Check the LED status.)e. Turn on the client.
E-1Cisco Wireless LAN Controller Configuration GuideOL-21524-02APPENDIXELogical Connectivity DiagramsThis appendix provides logical connectivity diagrams for the controllers integrated into other Cisco products, specifically the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco WiSM, and the Cisco 28/37/38xx Series Integrated Services Router. These diagrams show the internal connections between the switch or router and the controller. The software commands used for communication between the devices are also provided. This appendix contains these sections: • Cisco WiSM, page E-1 • Cisco 28/37/38xx Integrated Services Router, page E-3 • Catalyst 3750G Integrated Wireless LAN Controller Switch, page E-4Cisco WiSMFigure E-1 shows the logical connectivity for the Cisco WiSM.
E-2Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Cisco WiSMFigure E-1 Logical Connectivity Diagram for the Cisco WiSM The commands used for communication between the Cisco WiSM, the Supervisor 720, and the 4404 controllers are documented in Configuring a Cisco Wireless Services Module and Wireless Control System at this URL:155912Switch or Router MotherboardVarious Switch or Router Blades providing100M/Gig/PoE/SFP PortsController Motherboard4 Gig EPortsEthernetEthernetEthernetEthernetRS-232 Serialat 9600 baudSupervisor 7204404Controller-A4404Controller-BHiddenPort 1Port 2Port 3Port 4HiddenPort 5Port 6Port 7Port 8HiddenPort 9HiddenPort 102 SFP PortsConsoleConsoleRS-232 Serialat 9600 baudConsoleRS-232 Serialat 9600 baudMemory Boot FlashMemory Boot FlashFlash File System Flash File Systemon CF CardDisk 0Disk 1Flash File Systemon CF CardDo not removeFlash File Systemon CF CardDo not removeGig EServiceController Motherboard4 Gig EPortsMemory Boot FlashGig EServiceCatalyst 6500 WiSM or Cisco 7600 Series Router WiSM
E-3Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Cisco 28/37/38xx Integrated Services Routerhttp://www.cisco.com/en/US/docs/wireless/technology/wism/technical/reference/appnote.html#wp39498Cisco 28/37/38xx Integrated Services RouterFigure E-2 shows the logical connectivity for the Cisco 28/37/38xx integrated services router.Figure E-2 Logical Connectivity Diagram for the Cisco 28/37/38xx Integrated Services Router These commands are used for communication between the 28/37/38xx Integrated Services Router and the controller network module. They are initiated from the router. The commands vary depending on the version of the network module.These commands are used for communication between the router and Fast Ethernet versions of the controller network module: • interface wlan-controller slot/unit (and support for subinterfaces with dot1q encap) • show interfaces wlan-controller slot/unit • show controllers wlan-controller slot/unit • test service-module wlan-controller slot/unit • test HW-module wlan-controller slot/unit reset {enable | disable} • service-module wlan-controller slot/port {reload | reset | session [clear] | shutdown | status}These commands are used for communication between the router and Gigabit Ethernet versions of the controller network module: • interface integrated-service-engine slot/unit (and support for subinterfaces with dot1q encap) • show interfaces integrated-service-engine slot/unit • show controllers integrated-service-engine slot/unit • test service-module integrated-service-engine slot/unit • test HW-module integrated-service-engine slot/unit reset {enable | disable}Console28/37/38xxIntegratedServices RouterControllerNetwork ModuleRouter CPU(Cisco IOS Software)MemoryFlashInternal EthernetInterfaceInternal EthernetInterface 1 CPUCompact Flash Memory StrataFlash230621
E-4Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Catalyst 3750G Integrated Wireless LAN Controller Switch • service-module integrated-service engine slot/port {reload | reset | session [clear] | shutdown | status}Note See the Cisco Wireless LAN Controller Network Module Feature Guide for more information. You can find this document at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124limit/124x/124xa2/boxernm.htm#wp2033271Catalyst 3750G Integrated Wireless LAN Controller SwitchFigure E-3 shows the logical connectivity for the catalyst 3750G integrated wireless LAN.Figure E-3 Logical Connectivity Diagram for the Catalyst 3750G Integrated Wireless LAN Controller Switch3750G Switch4402ControllerHiddenG1/0/27G1/0/2815591124 Gig PoE PortsSwitch MotherboardController MotherboardConsoleConsole Gig E ServiceRS-232 Serialat 9600 baudEthernet2 SFP PortsG1/0/1 through G1/0/24RS-232 Serialat 9600 baudG1/0/25G1/0/262 SFP PortsHiddenPort 1Port 22 SFP PortsMemory Boot Flash Flash File SystemMemory Boot FlashFlash File Systemon CF CardDo not remove
E-5Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Catalyst 3750G Integrated Wireless LAN Controller SwitchThese commands are used for communication between the Catalyst 3750G switch and the 4402 controller.Login CommandThis command is used to initiate a telnet session from the switch to the controller:session switch_number processor 1Because there can be several switches in a stack, the switch_number parameter is used to indicate to which controller in the stack this session should be directed. Once a session is established, the user interacts with the controller CLI. Entering exit terminates the session and returns the user to the switch CLI.Show Commands These commands are used to view the status of the internal controller. They are initiated from the switch. • show platform wireless-controller switch_number summaryInformation similar to the following appears:Switch Status State1 up operational2 up operational • show platform wireless-controller switch_number status 3750G Switch4402ControllerHiddenG1/0/27G1/0/2815591124 Gig PoE PortsSwitch MotherboardController MotherboardConsoleConsole Gig E ServiceRS-232 Serialat 9600 baudEthernet2 SFP PortsG1/0/1 through G1/0/24RS-232 Serialat 9600 baudG1/0/25G1/0/262 SFP PortsHiddenPort 1Port 22 SFP PortsMemory Boot Flash Flash File SystemMemory Boot FlashFlash File Systemon CF CardDo not remove
E-6Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Catalyst 3750G Integrated Wireless LAN Controller SwitchInformation similar to the following appears:Switch Service IP Management IP SW Version Status------+---------------+---------------+---------------+------- 1 127.0.1.1 70.1.30.1 4.0.52.0 operational 2 127.0.1.2 70.1.31.1 4.0.45.0 operational • show platform wireless-controller switch_number management-info sw vlan ip gateway http https mac version1 0 70.1.30.1/16 70.1.1.1 1 1 0016.9dca.d963 4.0.52.02 0 70.1.31.1/16 70.1.1.1 0 1 0016.9dca.dba3 4.0.45.0Debug Commands The Wireless Control Protocol (WCP) is an internal keep-alive protocol that runs between the switch and the controller. It enables the switch to monitor the health of the controller and to report any problems. It uses UDP and runs over the two internal Gigabit ports, but it creates an internal VLAN 4095 to separate control traffic from data traffic. Every 20 seconds the switch sends a keep-alive message to the controller. If the controller does not acknowledge 16 consecutive keep-alive messages, the switch declares the controller dead and sends a reset signal to reboot the controller.These commands are used to monitor the health of the internal controller.This command is initiated from the controller. • debug wcp ?where ? is one of the following: packet—Debugs WCP packets.events—Debugs WCP events.Information similar to the following appears:Tue Feb 7 23:30:31 2006: Received WCP_MSG_TYPE_REQUESTTue Feb 7 23:30:31 2006: Received WCP_MSG_TYPE_REQUEST,of type WCP_TLV_KEEP_ALIVETue Feb 7 23:30:31 2006: Sent WCP_MSG_TYPE_RESPONSE,of type WCP_TLV_KEEP_ALIVETue Feb 7 23:30:51 2006: Received WCP_MSG_TYPE_REQUESTTue Feb 7 23:30:51 2006: Received WCP_MSG_TYPE_REQUEST,of type WCP_TLV_KEEP_ALIVETue Feb 7 23:30:51 2006: Sent WCP_MSG_TYPE_RESPONSE,of type WCP_TLV_KEEP_ALIVETue Feb 7 23:31:11 2006: Received WCP_MSG_TYPE_REQUESTTue Feb 7 23:31:11 2006: Received WCP_MSG_TYPE_REQUEST,of type WCP_TLV_KEEP_ALIVETue Feb 7 23:31:11 2006: Sent WCP_MSG_TYPE_RESPONSE,of type WCP_TLV_KEEP_ALIVEThis command is initiated from the switch. • debug platform wireless-controller switch_number ?where ? is one of the following: all—All errors—Errors packets—WCP packets sm—State machine wcp—WCP protocol
E-7Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Catalyst 3750G Integrated Wireless LAN Controller SwitchReset Commands These two commands (in this order) are used to reset the controller from the switch. They are not yet available but will be supported in a future release. • test wireless-controller stop switch_number • test wireless-controller start switch_numberNote A direct console connection to the controller does not operate when hardware flow control is enabled on the PC. However, the switch console port operates with hardware flow control enabled.
E-8Cisco Wireless LAN Controller Configuration GuideOL-21524-02Appendix E Logical Connectivity Diagrams Catalyst 3750G Integrated Wireless LAN Controller Switch
IN-1Cisco Wireless LAN Controller Configuration GuideOL-21524-02INDEXSymbols. D-5Numerics11n Mode parameter 4-341250 series access pointsand PoE Status field 8-130operating modes when using PoE 8-128transmit power settings when using PoE 8-1293DES IPSec data encryption 6-97920 AP CAC parameter 7-417920 Client CAC parameter 7-417920 support modeconfiguring 7-39described 7-397921 support mode 7-40802.11a (or 802.11b) > Client Roaming page 4-64802.11a (or 802.11b) > Voice Parameters page 4-78, 4-80, 4-85802.11a (or 802.11b/g) > EDCA Parameters page 4-94802.11a (or 802.11b/g) Global Parameters > Auto RF page 13-9802.11a (or 802.11b/g) Global Parameters page 4-29, 13-49802.11a (or 802.11b/g) Network Status parameter 4-30, 4-38802.11a/n (4.9 GHz) > Configure page 9-128802.11a/n (or 802.11b/g/n) Cisco APs > Configure page 13-33802.11a/n (or 802.11b/g/n) Radios page 4-83, 13-32, 13-45802.11a/n Cisco APs > Configure page 9-19, 13-46802.11a/n Radios page (from Monitor Menu) 8-31802.11a/n Radios page (from Wireless Menu) 8-31802.11a > RRM > Coverage page 13-21802.11a > RRM > DCA page 13-17802.11a > RRM > Dynamic Channel Assignment (DCA) page 13-17802.11a > RRM > General page 13-23802.11a Global Parameters page 13-44802.11b/g/n Cisco APs > Configure page 8-117, D-47802.11 bandsconfiguring using the CLI 4-31 to 4-33configuring using the GUI 4-29 to 4-31802.11g Support parameter 4-30802.11h, described 4-38802.11h Global Parameters page 4-38802.11h parameters, configuringusing the CLI 4-39using the GUI 4-38 to 4-39802.11nclients 8-133configuringusing the CLI 4-35 to 4-37using the GUI 4-33 to 4-35devices 4-33802.11n (2.4 GHz) High Throughput page 4-34802.1Q VLAN trunk port 3-5802.1Xconfiguring 7-24described 7-25dynamic key settings 7-24802.1X+CCKMconfiguring 7-27described 7-26802.1X authentication for access pointsconfiguring
IndexIN-2Cisco Wireless LAN Controller Configuration GuideOL-21524-02the switch 8-41using the CLI 8-39 to 8-41using the GUI 8-38 to 8-39described 8-37802.1x Authentication parameter 8-38802.3 bridgingconfiguring using the CLI 4-56configuring using the GUI 4-55 to 4-56802.3 Bridging parameter 4-56802.3 frames 4-55802.3X flow control, enabling 4-54AAAA overrideconfiguringusing the CLI 6-88using the GUI 6-88described 6-86AC adapter warning for Japan B-2Access Control List Name parameter 6-63access control lists (ACLs)applying to an interfaceusing the CLI 6-71applying to a WLANusing the CLI 6-72using the GUI 6-68 to 6-69applying to the controller CPUusing the CLI 6-72using the GUI 6-67 to 6-68configuringusing the CLI 6-70 to 6-71using the GUI 6-62 to 6-66countersconfiguring using the CLI 6-70configuring using the GUI 6-63described 6-61identity networking 6-84rules 6-62, 6-64, 6-71using with the debug facility D-40 to D-41Access Control Lists > Edit page 6-65Access Control Lists > New page 6-63Access Control Lists > Rules > New page 6-63Access Control Lists page 6-62Access Mode parameter 4-44, 4-46access pointassisted roaming, described 9-92access point core dumps, uploadingusing the CLI 8-63using the GUI 8-63access point count, approved tiers for 5500 series controllers 4-4access point event logs, viewing D-15access point groupsassigning access points tousing the CLI 7-61using the GUI 7-60creatingusing the CLI 7-60 to 7-61using the GUI 7-57 to 7-60default group 7-57described 7-55illustrated 7-56removingusing the CLI 7-61using the GUI 7-58viewing 7-61 to 7-62access point monitor service, debugging D-50access point radios, searching for 8-31 to 8-32access points20-MHz channelization 13-3340-MHz channelization 13-34adding MAC address to controller filter listusing the GUI ?? to 9-25assisted roaming 4-63authorization list 8-51authorizingusing LSCs 8-46 to 8-50
IndexIN-3Cisco Wireless LAN Controller Configuration GuideOL-21524-02using MICs 8-46using SSCs 8-45using the CLI 8-51using the GUI 8-50configuring hybrid REAP using the CLI 15-16 to 15-17converting to mesh access points 9-124embedded 8-41guidelines for operating in Japan B-1LEDsconfiguring 8-132interpreting D-2migrating from the -J regulatory domain to the -U regulatory domain 8-111 to 8-114number supported per controller 3-5priming 8-8regulatory information ?? to B-2searching for 8-10 to 8-12supported for use with hybrid REAP 15-1supporting oversized images 8-68 to 8-69troubleshootingthe join process 8-53 to 8-60using Telnet or SSH D-48 to D-50VCI strings 8-52verifying that they join the controller 8-9viewing join informationusing the CLI 8-58 to 8-60using the GUI 8-55 to 8-58viewing multicast client table 4-62Accounting Server parameters 7-67accounting servers, disabling per WLAN 7-66ACL. See access control lists (ACLs)ACL Name parameter 6-67, 6-68ACS server configuration page 7-64Action parameter 6-65active exploits 6-133Add AAA Client page (on CiscoSecure ACS) 6-4, 6-21Add AP button 15-22Add New Rule button 6-63Add Web Server button 11-19AdHoc Rogue AP parameter 6-94administrator access 4-41administrator usernames and passwords, configuring 4-41Admin Status parameter 3-25, 3-26Admission Control (ACM) parameter 4-78, 4-80AES CBS IPSec data encryption 6-10AES-CCMP 7-25AES parameter 7-27Aggregated MAC Protocol Data Unit (A-MPDU) 4-36Aggregated MAC Service Data Unit (A-MSDU) 4-36aggregation method, specifying 4-35AirMagnet Enterprise Analyzer D-44Aironet IE parameter 7-29, 7-53Aironet IEsconfiguring using the CLI 7-55configuring using the GUI 7-53Airopeek D-44Alarm Trigger Threshold parameter 13-42All APs > Access Point Name > Link Details > Neighbor Name page 9-122All APs > Access Point Name > Mesh Neighbor Stats page 9-123All APs > Access Point Name > Neighbor Info page 9-122All APs > Access Point Name > Statistics page 9-117All APs > Access Point Name > VLAN Mappings page 15-15All APs > Details (Advanced) pageconfiguring CDP 4-101All APs > Details for (Advanced) page 8-4, 8-63, D-49configuring country codes 8-108configuring link latency 8-125configuring PoE 8-130All APs > Details for (Credentials) page 8-34, 8-38, 8-82All APs > Details for (General) page 8-67, 8-80, 15-14All APs > Details for (High Availability) page 8-80, 8-98, 8-102All APs > Details for (H-REAP) page 8-81, 15-14All APs > Details for (Inventory) page 8-121All APs > Details for page D-46, D-51All APs > Details page 9-26, 9-54, 9-79, 13-41
IndexIN-4Cisco Wireless LAN Controller Configuration GuideOL-21524-02All APs page 8-10, 9-116, 9-121, 13-41, 15-14Allow AAA Override parameter 6-88AnchorTime parameter 9-70, 13-18anonymous local authentication bind method 6-38, 6-40Anonymous Provision parameter 6-48Antenna Gain parameter 13-35Antenna parameter 13-35Antenna Type parameter 13-35AP > Clients > Traffic Stream Metrics page 4-84AP > Clients page 4-84AP801 access pointdescribed 8-41using with a controller 8-41AP Authentication Policy page 6-74, 13-42AP Core Dump parameter 8-63ap-count evaluation licenses, activatingusing the CLI 4-19 to 4-20using the GUI 4-17 to 4-19AP Ethernet MAC Addresses parameter 8-48AP Failover Priority parameter 8-102AP Group Name parameter 7-58AP Groups > Edit (APs) page 7-60AP Groups > Edit (General) page 7-59AP Groups > Edit (WLANs) page 7-59, 7-73AP Groups page 7-57, 7-72AP image download 8-27AP Join Stats Detail page 8-58AP Join Stats page 8-56AP local authenticationUsing GUI 15-18AP Local Authentication on a WLANUsing the CLI 15-18AP-manager interfaceand dynamic interfaces 3-9configuringusing the CLI 3-16using the GUI 3-11 to 3-14creating multiple interfacesusing the CLI 3-47using the GUI 3-45 to 3-46described 3-7illustrationof four AP-manager interfaces 3-45of three AP-manager interfaces 3-44of two AP-manager interfaces 3-43using multiple 3-42 to 3-47AP Mode parameter 8-80, 13-41, 15-14, D-46AP Name parameter 7-60AP Policies page 8-51AP Primary Discovery Timeout parameter 8-97, 9-30ASLEAP detection 6-133Assignment Method parameter 13-33, 13-36asymmetric tunnelingdescribed 14-26illustrated 14-27authenticated local authentication bind method 6-38, 6-40Authentication Protocol parameter 4-46Auth Key Mgmt parameter 7-27Authority ID Information parameter 6-48, 15-24, 15-26Authority ID parameter 6-48, 15-24Authorize LSC APs against auth-list parameter 8-51Authorize MIC APs against auth-list or AAA parameter 8-51authorizing access pointsusing the CLI 8-51using the GUI 8-50auto-anchor mobilityconfiguringusing the GUI 14-22 to 14-24guidelines 14-22overview 14-21 to 14-22auto-immune feature 6-114AutoInstalldescribed 2-26, 2-29example operation 2-29obtainingDHCP addresses for interfaces 2-26TFTP server information 2-26
IndexIN-5Cisco Wireless LAN Controller Configuration GuideOL-21524-02overview 2-26selecting configuration file 2-28using 2-26Average Data Rate parameter 4-69, 4-73Average Real-Time Rate parameter 4-69, 4-73Avoid Cisco AP Load parameter 9-70, 13-18Avoid Foreign AP Interference parameter 9-70, 13-18, 14-19Avoid Non-802.11a (802.11b) Noise parameter 9-71, 13-18BBackhaul Client Access parameter 9-37, 9-128backup controllersconfiguringusing the CLI 8-99 to 8-100, 9-31 to 9-33using the GUI 8-96 to 8-98, 9-29 to 9-31described 8-95, 9-28Back-up Primary Controller IP Address parameter 8-97, 9-30Back-up Primary Controller Name field 8-97, 9-30Back-up Secondary Controller IP Address parameter 8-98, 9-30Back-up Secondary Controller Name parameter 8-98, 9-30bandwidth-based CACdescribed 4-75enablingusing the CLI 4-87using the GUI 4-78for mesh networks 9-94Base MAC Address parameter 3-32Beacon Period parameter 4-30beamformingconfiguringusing the CLI ?? to 9-20, 13-46 to 13-47using the GUI ?? to 9-19, 13-44 to 13-46described 13-43guidelines 13-44Beamforming parameter 13-45, 13-46Bind Password parameter 6-38Bind Username parameter 6-38bridge protocol data units (BPDUs) 3-28bridging parametersconfiguring using the GUI ?? to 9-80browsers supported 2-17Buffered Log Level parameter D-9Burst Data Rate parameter 4-69, 4-73Burst Real-Time Rate parameter 4-69, 4-73CCACconfiguring for 7920 phones 7-39described 4-75enablingusing the CLI 4-88using the GUI 4-80in mesh networks 9-94viewing in mesh networks 9-102 to 9-103viewing using the CLI 4-89capacity adder license. See licensesCAPWAPand mesh access points 9-12cascading 13-6CA Server URL parameter 8-47Catalyst 3750G Integrated Wireless LAN Controller Switchdescribed 1-13logical connectivity diagram and associated software commands E-4 to E-7ports 3-3, 3-5CCKMconfiguring 7-27described 7-25hybrid-REAP groups 15-20with mobility 14-7CCXconfiguring Aironet IEsusing the CLI 7-55
IndexIN-6Cisco Wireless LAN Controller Configuration GuideOL-21524-02using the GUI 7-53described 7-52link test 8-121viewing a client’s versionusing the CLI 7-55using the GUI 7-53 to 7-55CCX Layer 2 client roamingconfiguringusing the CLI 4-66using the GUI 4-64 to 4-66debugging using the CLI 4-67described 4-63 to 4-64obtaining information using the CLI 4-66CCX radio managementconfiguringusing the CLI 13-50using the GUI 13-49 to 13-50debugging using the CLI 13-52features 13-48hybrid-REAP considerations 13-48obtaining information using the CLI 13-50 to 13-52CCXv5 clientsenabling location presence 4-117troubleshooting D-25 to D-39CCXv5 Req button D-32CCX Version parameter 7-54CDP > AP Neighbors > Detail page 4-104CDP > AP Neighbors page 4-104CDP > Global Configuration page 4-100CDP > Interface Neighbors > Detail page 4-102CDP > Interface Neighbors page 4-102CDP > Traffic Metrics page 4-105CDP Advertisement Version parameter 4-100CDP AP Neighbors page 4-103CDP Protocol Status parameter 4-100CDP State parameter 4-101Certificate Authority (CA) certificatesdownloadingusing the CLI 10-23 to 10-25using the GUI 10-22overview 10-22using with local EAP 6-43, 6-49Certificate File Name parameter 11-8Certificate File Path parameter 11-8Certificate Issuer parameter 6-47Certificate Password parameter 10-20, 11-8Certificate Type parameter 8-51Change Filter link 8-10, 8-32, 8-56Change Rules Priority parameter 6-99Channel Announcement parameter 4-38Channel Assignment Leader parameter 9-71, 13-19Channel Assignment Method parameter 9-70, 13-17channel bonding in the 5-GHz band 13-34Channel parameter 13-33, D-47Channel Quiet Mode parameter 4-38channelsstatically assigning using the CLI 13-37statically assigning using the GUI 13-32 to 13-36Channel Scan Duration parameter 13-24Channel Width Parameter 13-18Channel Width parameter 9-71, 13-33Check Against CA Certificates parameter 6-47Check Certificate Date Validity parameter 6-47chokepoints for RFID tag tracking 4-109CIDS Sensor Add page 6-112CIDS Sensors List page 6-112CIDS Shun List page 6-116ciphersconfiguring 7-27, 7-28described 7-26Cisco 2100 Series Wireless LAN ControllersAutoInstall interfaces 2-26described 1-7FCC statement B-3features not supported 1-7network connections 1-16ports 3-2, 3-3Cisco 2500 Series Controller 1-8
IndexIN-7Cisco Wireless LAN Controller Configuration GuideOL-21524-02Cisco 2500 Series ControllersLicense SKUs 4-4Cisco 28/37/38xx Integrated Services Routerdescribed 1-12logical connectivity diagram and associated software commands E-3ports 3-3, 3-5, 4-123using 4-123versions 1-12Cisco 3200 Series Mobile Access Router (MAR)described 9-127operating with mesh access pointsusing the CLI to configure 9-129using the GUI to configure 9-128Cisco 3300 Series Mobility Services Engine (MSE), using with wIPS 6-128Cisco 4400 Series Wireless LAN ControllersAutoInstall interfaces 2-26choosing between link aggregation and multiple AP-manager interfaces 3-36 to 3-46described 1-9FCC statement B-3models 3-4network connections 1-17ports 3-2, 3-3, 3-4Cisco 5500 Series Wireless LAN Controllerschoosing between link aggregation and multiple AP-manager interfaces 3-36 to 3-46CPUs D-5described 1-9FCC statement B-3features not supported 1-9interface configuration example 3-48licenses. See licensesmodels 3-4multiple AP-manager interfaces 3-47 to 3-48network connections 1-17ports 3-2, 3-4using the USB console port 3-34 to 3-35Cisco 7920 Wireless IP Phones 7-40Cisco 7921 Wireless IP Phones 7-40Cisco Adaptive Wireless Path Protocol (AWPP) 9-12Cisco AV-pairs 7-62, 7-63, 7-64Cisco Centralized Key Management (CCKM). See CCKMCisco Clean Access (CCA) 7-68Cisco CleanAir 12-1Cisco Client Extensions (CCX). See CCXCisco Discovery Protocol (CDP)configuringusing the CLI 4-105 to 4-106using the GUI 4-99 to 4-101debugging using the CLI 4-108described 4-96enabling using the GUI 4-100 to 4-101sample network 4-99supported devices 4-97viewing neighborsusing the CLI 4-106 to 4-107using the GUI 4-101 to 4-105viewing traffic informationusing the CLI 4-107using the GUI 4-105Cisco Discovery Protocol parameter 4-101Cisco License Manager (CLM)and the controller license agent 4-26using to register PAKs 4-6Cisco Licensing website 4-21Cisco Logo parameter 11-12Cisco NAC Appliance 7-68CiscoSecure Access Control Server (ACS) 6-4Cisco Spectrum Intelligence 12-24Cisco Unified Wireless Network (UWN) Solutiondescribed 1-1 to 1-4illustrated 1-2Cisco Wireless Control System (WCS) 1-2Cisco WiSMconfiguring the Supervisor 720 4-121 to ??described 1-10 to 1-12guidelines 4-122
IndexIN-8Cisco Wireless LAN Controller Configuration GuideOL-21524-02logical connectivity diagram and associated software commands E-1 to E-3ports 3-3, 3-4SSC key-hash 8-44CKIPconfiguringusing the CLI 7-30using the GUI 7-29 to 7-30described 7-29CleanAir Benefits 12-2CleanAir guidelines 12-4Clear Config button 8-87Clear Filter link 7-8, 8-12, 8-32, 8-57clearing the controller configuration 10-34Clear Stats button 14-20Clear Stats on All APs button 8-56CLIbasic commands 2-25enabling wireless connections 2-37logging into 2-23 to 2-25logging out 2-25navigating 2-25troubleshooting commands D-6 to D-7using 2-22 to 2-25Client Certificate Required parameter 6-47client exclusion policies, configuringusing the CLI 6-81 to 6-82using the GUI 6-80 to 6-81Client Exclusion Policies page 6-80ClientLink. See beamformingclient location, using WCS 1-7client MFP 6-73Client Protection parameter 6-77client reportingconfiguring using the CLI D-34 to D-37configuring using the GUI D-31 to D-34described D-26Client Reporting page D-33client roaming, configuring 4-62 to 4-67clientsconnecting to WLANs 15-18viewingusing the CLI 8-137using the GUI 8-133 to 8-137viewing CCX versionusing the CLI 7-55using the GUI 7-53 to 7-55Clients > AP > Traffic Stream Metrics page 4-83Clients > Detail pageconfiguring client reporting D-32viewing a client’s CCX version 7-54viewing client details 8-92, 8-136viewing the status of workgroup bridges 8-91viewing voice and video settings 4-82Clients pageperforming a link test 8-123viewing clients 8-133viewing the status of workgroup bridges 8-91viewing voice and video settings 4-81Client Type parameter 8-92, 8-93Commands > Reset to Factory Defaults page 4-124comma-separated values (CSV) file, uploading 15-23Community Name parameter 4-44conditional web redirect 7-62configuringusing the CLI 7-65using the GUI 7-64 to 7-65described 7-63Conditional Web Redirect parameter 7-65Configuration File Encryption parameter 10-30configuration filesdownloadingusing the CLI 10-31 to 10-32using the GUI 10-30 to 10-31editing 10-33 to 10-34uploadingusing the CLI 10-29 to 10-30configuration wizard
IndexIN-9Cisco Wireless LAN Controller Configuration GuideOL-21524-02CLI version 2-13 to 2-16described 2-1GUI version 2-2 to 2-13Configuration Wizard - 802.11 Configuration page 2-11Configuration Wizard Completed page 2-13Configuration Wizard - Management Interface Configuration page 2-6Configuration Wizard - Miscellaneous Configuration page 2-7Configuration Wizard - Service Interface Configuration page 2-5Configuration Wizard - Set Time page 2-12Configuration Wizard - SNMP Summary page 2-4, 2-6Configuration Wizard - System Information page 2-3Configuration Wizard - Virtual Interface Configuration page 2-8Configure 12-1Configure Dynamic Anchoring of Static IP ClientsUsing the CLI 14-31Configure option for RRM override 13-33Configure RF GroupUsing CLI 13-12Configure RF Group ModeUsing GUI 13-11Configuring a Spectrum Expert 12-23Configuring Cisco CleanAirUsing the GUI 12-5Configuring Cisco CleanairUsing the CLI 12-8Configuring Dynamic Anchoring of Static IP ClientsUsing the GUI 14-31Configuring Sniffing on an Access PointUsing the GUI D-45Confirm Password parameter 15-12Console Log Level parameter D-9console portconnecting 2-1 to 2-2Control and Provisioning of Wireless Access Points protocol (CAPWAP) 1-5debugging 8-7described 8-2guidelines 8-2viewing MTU information 8-6controller failure detection time, reducing 8-95controller network modulebaud rate 3-3versions 3-5controllersconfigurationclearing 10-34erasing 10-34saving 10-33connections 1-13discovery process 8-7guidelines for operating in Japan B-1 to B-2multiple-controller deployment 1-3 to 1-4overview 1-6 to 1-7platforms 1-7 to 1-13resetting factory default settingsusing the GUI 4-124single-controller deployment 1-2 to 1-3synchronizing with location appliance 4-114types of memory 1-15upgrading softwareusing the CLI 10-8 to 10-10using the GUI 10-5 to 10-7Controller Spanning Tree Configuration page 3-31Controller Time Source Valid parameter 6-77Control Path parameter 14-23core dump filesdescribed D-18uploading automatically to an FTP serverusing the CLI D-19using the GUI D-18uploading from a 5500 series controller to a TFTP or FTP server D-20Core Dump page D-18Country Code parameter 8-108country codes
IndexIN-10Cisco Wireless LAN Controller Configuration GuideOL-21524-02configuringusing the CLI 8-109 to 8-111using the GUI 8-107 to 8-108described 8-106Japanese 8-112viewing using the CLI 8-110Country page 8-107Coverage Exception Level per AP parameter 13-21coverage hole detectionconfiguring per controllerusing the CLI 13-27using the GUI 13-20 to 13-22disabling on a WLANdescribed 7-67using the CLI 7-68using the GUI 7-67 to 7-68coverage hole detection and correction 13-4Coverage Hole Detection Enabled parameter 7-67CPU Access Control Lists page 6-68CPUs, 5500 series controllers D-5crash filesuploadingusing the CLI D-17using the GUI D-16 to D-17create 3-50create interface groupusing GUI 3-50Create Interface Groupsusing CLI 3-51Creating Interface GroupsCLI 3-51GUI 3-50Current Channel parameter 13-36Custom Signatures page 6-121Ddata encryptionand OfficeExtend access points 8-84configuringusing the CLI 8-5 to 8-6using the GUI 8-4 to 8-5for OfficeExtend access points 8-82Data Encryption parameter 8-5, 8-82Datagram Transport Layer Security 8-26Data Path parameter 14-23Data Rates parameter 4-31dateconfiguring manually 2-31configuring through NTP server 2-29settingusing the CLI 2-32DCA Channel Sensitivity parameter 9-71, 13-18DCA Channels parameter 9-71, 13-19debug commands, sending 8-60debug facilityconfiguring D-41 to D-44described D-40 to D-41default enable password 8-33default-group access point group 7-57Default Mobility Group parameter 14-12Default Routers parameter 7-15Delivery Traffic Indication Map (DTIM). See DTIM periodDeny Counters parameter 6-65Description parameter 6-34, 9-25, 15-12Designated Root parameter 3-32DES IPSec data encryption 6-9Destination parameter 6-64Destination Port parameter 6-65Detect and Report Ad-Hoc Networks parameter 6-93device certificatesdownloadingusing the CLI 10-21using the GUI 10-19 to 10-20overview 10-19using with local EAP 6-43, 6-49DHCP
IndexIN-11Cisco Wireless LAN Controller Configuration GuideOL-21524-02configuring using the CLI 7-13configuring using the GUI 7-12debugging 7-13DHCP Addr. Assignment Required parameter 7-12DHCP Allocated Lease page 7-16DHCP option 43, in controller discovery process 8-8DHCP option 82configuringusing the CLI 6-61using the GUI 6-60described 6-59example 6-59DHCP Option 82 Remote ID Field Format parameter 6-60DHCP Parameters page 4-40, 4-41, 6-60DHCP proxyconfiguringusing the CLI 4-41using the GUI 4-39 to 4-40, ?? to 4-41, ?? to 4-94described 4-39DHCP Scope > Edit page 7-15DHCP scopesconfiguringusing the CLI 7-16 to 7-17using the GUI 7-14 to 7-15described 7-14DHCP Scopes page 7-14DHCP server discovery 8-8DHCP Server IP Addr parameter 7-12DHCP Server Override parameter 7-12DHCP serversexternal 7-10 to 7-12internal 7-10DHCP Timeoutconfigurie using GUI 4-41diagnostic channelconfiguringusing the CLI D-27 to D-31using the GUI D-26 to D-27described D-25Diagnostic Channel parameter D-27directed roam request 4-64Direction parameter 6-65disabled clients, configuring a timeout 7-18discovery request timer, configuring 8-99, 9-31distribution system ports 3-3 to 3-5Diversity parameter 13-35DNS Domain Name parameter 7-15DNS IP Address parameter 8-67DNS Servers parameter 7-15Domain Name parameter 8-67domain name server (DNS) discovery 8-8Download buttondownloading a CA certificate 10-23downloading a configuration file 10-31downloading a customized web authentication login page 11-22downloading a device certificate 10-20downloading a signature file 6-120Download File to Controller page 10-17downloading a customized web authentication login page 11-21downloading CA certificates 10-23downloading configuration files 10-30downloading device certificates 10-20downloading IDS signatures 6-120downloading login banner file 10-16Download SSL Certificate parameter 11-7DSCP parameter 6-65DTIM period, configuring for MAC filtering 7-19DTLS 4-2, 8-26DTLS data encryption. See data encryptionDTPC Support parameter 4-30Dynamic Anchoring for Clients with Static IP AddressesConfiguring 14-30dynamic AP managementfor dynamic interface 3-21for the management interface 3-15Dynamic AP Management parameter 3-9
IndexIN-12Cisco Wireless LAN Controller Configuration GuideOL-21524-02for dynamic interface 3-20for management interface 3-13dynamic AP-manager interface 3-10dynamic channel assignment (DCA)20-MHz channelization 13-4, 13-1940-MHz channelization 13-4, 13-19configuringusing the CLI 13-25 to 13-27using the GUI 9-69 to 9-72, 13-16 to 13-20described 13-3sensitivity thresholds 9-71dynamic frequency selection 8-115 to 8-116dynamic interfaceconfiguringusing the CLI 3-21 to 3-22using the GUI 3-18 to 3-21described 3-9dynamic interface example 3-48dynamic transmit power control, configuring 4-30dynamic WEP, configuring 7-24Dynamic WEP Key Index parameter 6-45EEAP-FAST Method Parameters page 6-48EAP-FAST parameter 6-46EAPOL-Key Max Retries parameter 6-45EAPOL-Key Timeout parameter 6-45EAP Profile Name parameter 6-49EAP-TLS parameter 6-46EDCA Profile parameter 4-95Edit QoS Profile page 4-68Edit QoS Role Data Rates page 4-72Egress Interface parameter 11-30Email Input parameter 11-31Enable AP Local Authentication parameter 15-23Enable Authentication for Listener parameter 4-27Enable Check for All Standard and Custom Signatures parameter 6-122Enable Controller Management to be accessible from Wireless Clients parameter 2-37, 6-58Enable Counters parameter 6-63Enable Coverage Hole Detection parameter 13-21Enable CPU ACL parameter 6-68Enable Default Authentication parameter 4-27Enable DHCP Proxy parameter 4-40Enable Dynamic AP Management parameter 3-46Enable EAP-FAST Authentication parameter 15-24Enable IGMP Snooping parameter 4-59Enable LEAP Authentication parameter 15-24Enable Least Latency Controller Join parameter 8-82Enable Link Latency parameter 8-82, 8-125, 8-126Enable Listener parameter 4-27Enable Low Latency MAC parameter 4-95Enable LSC on Controller parameter 8-47Enable NAT Address parameter 3-12Enable Notification parameter 4-27Enable OfficeExtend AP parameter 8-81Enable passive client 7-77Enable Password parameter 8-34Enable Server Status parameter 6-38Enable Tracking Optimization parameter 8-117Encryption Key parameter 7-30end user license agreement C-1 to C-4end-user license agreement (EULA) 4-8enhanced distributed channel access (EDCA) parametersconfiguring using the CLI 4-95 to 4-96enhanced neighbor listdescribed 4-63, 9-92request (E2E) 4-63Enter Saved Permission Ticket File Name parameter 4-23EoIP port 14-23, 14-29epings 14-23, 14-29erasing the controller configuration 10-34error codes, for failed VoIP calls 7-45 to 7-47Ethernet connection, using remotely 2-24 to 2-25Ethernet Multicast Mode parameter 4-59evaluation licenses
IndexIN-13Cisco Wireless LAN Controller Configuration GuideOL-21524-02installed on 5500 series controllers 4-3event reporting for MFP 6-73Excessive 802.11 Association Failures parameter 6-81Excessive 802.11 Authentication Failures parameter 6-81Excessive 802.1X Authentication Failures parameter 6-81Excessive Web Authentication Failures parameter 6-81Expedited Bandwidth parameter 4-78expedited bandwidth requestsdescribed 4-76enablingusing the GUI 4-78Expiration Timeout for Rogue AP and Rogue Client Entries parameter 6-93Extensible Authentication Protocol (EAP)configuring 7-24setting local timers 6-50 to 6-51timeout and failure countersper access point 6-53per client 6-53extension channel 13-36Ffactory default settingsresetting using the GUI 4-124failover priority for access pointsconfiguringusing the CLI 8-102using the GUI 8-101 to 8-102described 8-101viewing using the CLI 8-103failover protection 1-15fake access point detection 6-133Fallback Mode parameter 6-10Fast Ethernet port 3-5fast heartbeat timerconfiguringusing the CLI 8-99using the GUI 8-97described 8-95fast SSID changingconfiguring using the CLI 4-54configuring using the GUI 4-54fault tolerance 15-5FCC statement2100 series controllers B-34400 series controllers B-35500 series controllers B-3Federal Information Processing Standards (FIPS) 6-12File Compression parameter 8-63File Name to Save Credentials parameter 4-21file transfers 1-14File Type parameterdownloading a CA certificate 10-23downloading a configuration file 10-30downloading a customized web authentication login page 11-21downloading a device certificate 10-20Login Banner 10-17upgrading controller software 10-7uploading a configuration file 10-28uploading packet capture files D-22uploading PACs 10-25filter, using to view clients 8-134 to 8-135Fingerprint parameter 6-113flashing LEDs, configuring 8-132Forward Delay parameter 3-32, 3-33forwarding plane architecture 4-55Fragmentation Threshold parameter 4-30fragmented pings 3-6Friendly Rogue > Create page 6-99FTP server guidelines 10-2GGeneral (controller) pageconfiguring 802.3 bridging 4-56configuring an RF group 13-8
IndexIN-14Cisco Wireless LAN Controller Configuration GuideOL-21524-02enabling link aggregation 3-40General (security) page 6-31General page 6-44Generate Password parameter 11-4Generate Rehost Ticket button 4-23gigabit Ethernet port 3-5Global AP Failover Priority parameter 8-102Global Configuration pageconfiguring backup controllers 8-96, 9-29configuring failover priority for access points 8-101configuring global credentials for access points 8-34global credentials for access pointsconfiguringusing the CLI 8-35 to 8-36using the GUI 8-33 to 8-35described 8-33overridingusing the CLI 8-35using the GUI 8-34Global multicast mode 7-76Group Mode parameter 13-10, 14-18Group Name parameter 14-13, 15-22Group Setup page (on CiscoSecure ACS) 6-23Guest LAN parameter 11-29guest N+1 redundancy 14-21guest user accountscreating 11-1 to 11-6creating as a lobby ambassador 11-3 to 11-5viewingusing the CLI 11-6using the GUI 11-5 to 11-6Guest User parameter 6-33, 15-12Guest User Role parameter 6-33, 15-12guest WLAN, creating 11-5GUIbrowsers supported 2-17enabling wireless connections 2-37guidelines 2-17logging into 2-17logging out of 2-17using 2-16Guidelines and Limitations for Predownloading 10-12GUI to configure passive client 7-75HHeadline parameter 11-13Hello Time parameter 3-32, 3-33help, obtaining 2-17hex2pcap sample output D-43Holdtime parameter 3-32, 4-100Honeypot access point detection 6-133HREAP Groups > Edit (Local Authentication > Local Users) page 15-23HREAP Groups > Edit (Local Authentication > Protocols) page 15-24HREAP Groups > Edit page 15-22HREAP Groups page 15-21HREAP Group Support 15-21H-REAP Local Switching parameter 15-10H-REAP Mode AP Fast Heartbeat Timeout parameter 8-97H-REAP Mode AP Fast Heartbeat Timer State parameter 8-97H-REAP parameter 8-80HTTP Access parameter 2-18HTTP Configuration page 2-18HTTPS Access parameter 2-19hybrid REAPaccess points supported 15-1authentication process 15-2 to 15-5bandwidth restriction 15-2, 15-3configuringaccess points using the CLI 15-16 to 15-17access points using the GUI 15-13 to 15-16controller using the GUI 15-8 to 15-12guidelines 15-6illustrated 15-2number of access points supported 15-2
IndexIN-15Cisco Wireless LAN Controller Configuration GuideOL-21524-02overview 15-1hybrid-REAPdebugging 15-13, 15-17hybrid-REAP groupsbackup RADIUS server 15-20CCKM 15-20configuringusing the CLI 15-25using the GUI 15-21 to 15-25described 15-19example 15-19local authentication 15-20Hybrid-REAP Groups and OKC 15-20Hysteresis parameter 4-65Iidentity networkingconfiguring 6-82 to 6-86overview 6-82 to 6-83RADIUS attributes 6-83 to 6-86Identity Request Max Retries parameter 6-45Identity Request Timeout parameter 6-45IDS 6-112IDS sensorsconfiguringusing the CLI 6-114 to 6-115using the GUI 6-112 to 6-114described 6-112IDS signature eventsviewing using the CLI 6-126 to 6-128viewing using the GUI 6-123 to 6-124IDS signaturesconfiguringusing the CLI 6-124 to 6-126using the GUI 6-119 to 6-123described 6-117frequency 6-123MAC frequency 6-123, 6-125measurement interval 6-122pattern 6-122quiet time 6-123, 6-125tracking method 6-122uploading or downloading using the GUI 6-119 to 6-120viewingusing the CLI 6-126 to 6-128using the GUI 6-123 to 6-124IGMP Snooping 7-77IGMP Timeout parameter 4-59IKE Diffie Hellman Group parameter 6-10IKE Phase 1 parameter 6-10Image pre-download 8-27Index parameter for IDS 6-113indoor access pointsconverting to mesh access points 9-124infrastructure MFPcomponents 6-73described 6-72Infrastructure Protection parameter 6-77Infrastructure Validation parameter 6-77Ingress Interface parameter 11-30Injector Switch MAC Address parameter 8-130inline power 8-128Install License button 4-8inter-controller roamingdescribed 4-62example 14-2Interface Groups 3-50using GUI 3-50Interface groups 3-50Interface Name parameter 7-59, 7-70, 7-73, 9-25Interface parameter 7-12interfacesand identity networking 6-84assigning WLANs 7-18configuringusing the CLI 3-14 to 3-17
IndexIN-16Cisco Wireless LAN Controller Configuration GuideOL-21524-02using the GUI 3-11 to 3-14overview 3-6 to 3-9Interfaces > Edit pageapplying an ACL to an interface 6-67configuring dynamic interfaces 3-19configuring NAC out-of-band integration 7-71creating multiple AP-manager interfaces 3-45Interfaces > New page 3-18, 3-45Interfaces page 3-12interference 13-3Interferences 12-2Interference threshold parameter 13-23Internet Group Management Protocol (IGMP)configuringusing the CLI 4-61using the GUI 4-59snooping 4-57inter-release mobility 14-10inter-subnet mobility 14-7inter-subnet roamingdescribed 4-63illustrated 14-3 to 14-4Interval parameter 9-70, 13-18, 13-49intra-controller roamingdescribed 4-62illustrated 14-1Inventory page 8-120Invoke Channel Update Now button 9-70, 13-17Invoke Power Update Now button 13-13IP address-to-MAC address bindingconfiguring 4-67described 4-67IP Mask parameter 4-44IPSec parameter 6-9IP Theft or IP Reuse parameter 6-81IPv6 bridgingconfiguringusing the CLI 7-52using the GUI 7-51 to 7-52described 7-49guidelines 7-49IPv6 bridging and IPv4 web authentication example 7-51IPv6 Enable parameter 7-52JJapanese country codes 8-112Japanese regulations for migrating access points from the -J to the -U regulatory domain 8-111 to 8-114KKeep Alive Count parameter 14-22Keep Alive Interval parameter 14-22Key Encryption Key (KEK) parameter 6-8Key Format parameter 7-30Key Index parameter 7-30key permutationconfiguring 7-30, 7-31described 7-29Key Permutation parameter 7-30Key Size parameter 7-30Key Wrap Format parameter 6-8Key Wrap parameter 6-8LLAG. See link aggregation (LAG)LAG Mode on Next Reboot parameter 3-40Last Auto Channel Assignment parameter 9-71, 13-19Last Power Level Assignment parameter 13-14Layer 1 security 6-2Layer 2operation 1-5securityconfiguring 7-24 to 7-31described 6-2Layer 2 Security parameter 7-27, 7-30, 7-65
IndexIN-17Cisco Wireless LAN Controller Configuration GuideOL-21524-02Layer 3operation 1-5securityconfiguring 7-32 to 7-34described 6-2Layer 3 Security parameterfor VPN passthrough 7-33, 7-36for web authentication 7-34for web redirect 7-65for wired guest access 11-30LDAPchoosing server priority order 6-38configuringusing the CLI 6-40 to 6-41using the GUI 6-36 to 6-39LDAP serverassigning to WLANs 6-39choosing local authentication bind methodusing the CLI 6-40using the GUI 6-38LDAP Servers > New page 6-37LDAP Servers page 6-37LDAP Servers parameter 6-49LEAP parameter 6-46Learn Client IP Address parameter 15-11Lease Time parameter 7-15LEDsconfiguring 8-132interpreting D-1license agentconfiguringusing the CLI 4-28 to 4-29using the GUI 4-26 to 4-28described 4-26License Agent Configuration page 4-27license agreement C-1 to C-4License Commands (Rehost) page 4-21License Commands page 4-7License Detail page 4-10, 4-18license level, changingusing the CLI 4-16using the GUI 4-15License Level page 4-14licensesactivating ap-count evaluation licensesusing the CLI 4-19 to 4-20using the GUI 4-17 to 4-19choosing feature setusing the CLI 4-16using the GUI 4-14 to 4-16installingusing the CLI 4-8 to 4-9using the GUI 4-7 to 4-8obtaining 4-3 to 4-7rehostingdescribed 4-20using the CLI 4-23 to 4-25using the GUI 4-21 to 4-23removingusing the CLI 4-8using the GUI 4-10required for OfficeExtend access points 8-80savingusing the CLI 4-9using the GUI 4-8SKUs 4-5, 4-6transferring to a replacement controller after an RMA 4-25 to 4-26viewingusing the CLI 4-11 to 4-14using the GUI 4-9 to 4-11Licenses page 4-9, 4-15, 4-17licensing portal, using to register PAKs 4-6Lifetime parameter 6-33, 11-4, 15-12Lightweight Access Point Protocol (LWAPP) 1-5, 8-2lightweight mode, reverting to autonomous mode 8-44limited warranty C-4 to C-6link aggregation (LAG)
IndexIN-18Cisco Wireless LAN Controller Configuration GuideOL-21524-02configuring neighboring devices 3-41described 3-36 to 3-37enablingusing the CLI 3-41using the GUI 3-40 to 3-41example 3-37guidelines 3-39 to 3-40illustrated 3-39verifying settings using the CLI 3-41link latencyand OfficeExtend access points 8-82, 8-84configuringusing the CLI 8-126 to 8-127using the GUI 8-125 to 8-126described 8-124Link Status parameter 3-25Link Testbutton 8-123option 8-123, 9-122page 8-123window 9-122link testdescribed 8-121performingusing the CLI 8-124using the GUI 8-122 to 8-123, 9-122types of packets 8-121Link Trap parameter 3-25, 3-26Listener Message Processing URL parameter 4-27Load-based AC parameter 4-78load-based CACdescribed 4-75 to 4-76enablingusing the GUI 4-78lobby ambassador accountcreating using the CLI 11-3creating using the GUI 11-1 to 11-3Lobby Ambassador Guest Management > Guest Users List > New page 11-4Lobby Ambassador Guest Management > Guest Users List page 11-3, 11-5Local Auth Active Timeout parameter 6-45local authentication, local switching 15-3Local Authentication on a WLANusing the GUI 15-17local EAPconfiguringusing the CLI 6-49 to 6-54using the GUI 6-43 to 6-49debugging 6-54described 6-42 to 6-43example 6-43viewing information using the CLI 6-52Local EAP Authentication parameter 6-49Local EAP Profiles > Edit page 6-46Local EAP Profiles page 6-45Local Management Users > New page 11-2Local Management Users page 11-1Local Mode AP Fast Heartbeat Timeout parameter 8-97Local Mode AP Fast Heartbeat Timer parameter 8-97Local Net Users > New page 6-33, 15-12Local Net Users page 6-32, 11-6local network usersconfiguring using the CLI 6-34 to 6-35configuring using the GUI 6-32 to 6-34local significant certificate (LSC)configuringusing the CLI 8-49 to 8-50using the GUI 8-46 to 8-48described 8-46Local Significant Certificates (LSC) - AP Provisioning page 8-47Local Significant Certificates (LSC) - General page 8-46local user database, capacity 11-1locationcalibration 13-49configuring settings using the CLI 4-114 to 4-116viewing settings using the CLI 4-116 to 4-118
IndexIN-19Cisco Wireless LAN Controller Configuration GuideOL-21524-02location applianceinstalling certificate 4-113 to 4-114synchronizing with controller 4-114location-based services 13-48location presence 4-117logical connectivity diagramCatalyst 3750G Integrated Wireless LAN Controller Switch E-4Cisco 28/37/38xx Integrated Services Router E-3Cisco WiSM E-1login banner fileclearing 10-18 to 10-19described 10-15downloadingusing the CLI 10-17 to 10-18using the GUI 10-16 to 10-17Login Banner page 10-19logsroaming D-26, D-37RSNA D-26, D-37 to D-38syslog D-26, D-37 to D-38uploadingusing the CLI D-17using the GUI D-16 to D-17long preamblesdescribed 6-54enabling on SpectraLink NetLink phonesusing the CLI 6-55using the GUI 6-54LWAPP-enabled access pointsdebug commands 8-60disabling the reset button 8-66guidelines 8-44MAC addresses displayed on controller GUI 8-65radio core dumpsdescribed 8-60receiving debug commands from controller 8-60retrieving radio core dumps 8-61reverting to autonomous mode 8-44 to 8-45sending crash information to controller 8-60uploadingaccess point core dumps 8-63 to 8-64radio core dumps 8-61 to 8-62MMAC address of access pointadding to controller filter listusing the GUI ?? to 9-25displayed on controller GUI 8-65MAC Address parameter 9-25MAC filteringconfiguring on WLANs 7-17 to 7-18DTIM period 7-19MAC Filtering page 9-24MAC Filters > New page 9-24management frame protection (MFP)configuringusing the CLI 6-77using the GUI 6-74 to 6-76debugging 6-80described 6-72 to ??guidelines 6-74types 6-72viewing settings 6-78 to 6-80Management Frame Protection parameter 6-77Management Frame Protection Settings page 6-77management frame validation 6-73management interfaceconfiguringusing the CLI 3-14using the GUI 3-11 to 3-14described 3-7Management IP Address parameter 8-80management over wirelessdescribed 6-58enablingusing the CLI 6-59
IndexIN-20Cisco Wireless LAN Controller Configuration GuideOL-21524-02using the GUI 6-58Master Controller Configuration page 8-9Master Controller Mode parameter 8-9Max Age parameter 3-32Max HTTP Message Size parameter 4-27Maximum Age parameter 3-33maximum local database entriesconfiguring using the CLI 6-31configuring using the GUI 6-31Maximum Local Database Entries parameter 6-31Maximum Number of Sessions parameter 4-27Maximum RF Usage Per AP parameter 4-69Max-Login Ignore Identity Response parameter 6-45Max RF Bandwidth parameter 4-78, 4-80MCS data rates 4-34Member MAC Address parameter 14-13memorytypes 1-15memory leaks, monitoring D-24 to D-25meshnetwork example 9-101parametersconfiguring using the CLI 9-40, 9-64configuring using the GUI 9-35 to 9-40statisticsviewing for an access point using the CLI ?? to 9-104, 9-120 to 9-121viewing for an access point using the GUI 9-116 to 9-120Mesh > LinkTest Results page 9-122mesh access pointsand CAPWAP 9-12converting to non-mesh access points 9-126models 9-1network access 9-3operating with Cisco 3200 Series Mobile Access Routersconfiguration guidelines 9-127described 9-127using the CLI to configure 9-129using the GUI to configure 9-128roles 9-2mesh neighbors, parents, and children 9-12mesh network hierarchy 9-3mesh node security statistics 9-119 to 9-120mesh node statistics 9-117mesh routing 9-12Message Authentication Code Key (MACK) parameter 6-8, 6-12message logsconfiguringusing the CLI D-11 to D-14using the GUI D-8viewingusing the CLI D-14using the GUI D-10 to D-11See also system loggingMessage Logs page D-10Message parameter for web authentication 11-13Metrics Collection parameter 4-79MFP Client Protection parameter 6-76MFP Frame Validation parameter 6-76MIC 7-25, 7-29migrating access points from the -J to the -U regulatory domain 8-111 to 8-114Min Failed Client Count per AP parameter 13-21Minimum RSSI parameter 4-65mirror mode. See port mirroring, configuringMMH MICconfiguring 7-30, 7-31described 7-29MMH Mode parameter 7-30Mobile Announce messages 14-7mobilityfailover 14-21overview 14-1Mobility Anchor Config page 14-28Mobility Anchor Create button 14-23mobility anchors. See auto-anchor mobility
IndexIN-21Cisco Wireless LAN Controller Configuration GuideOL-21524-02Mobility Anchors option 14-23Mobility Anchors page 14-23Mobility Group Member > New page 14-12Mobility Group Members > Edit All page 14-14mobility groupsconfiguringusing the CLI 14-15using the GUI 14-11 to 14-14with one NAT device 14-8with two NAT devices 14-9determining when to include controllers 14-7difference from RF groups 13-5examples 14-7illustrated 14-5messaging among 14-7number of access points supported 14-5number of controllers supported 14-5prerequisites 14-9 to 14-10using with NAT devices 14-8 to 14-9mobility group statisticstypes 14-17viewingusing the CLI 14-20using the GUI 14-17 to 14-20mobility listdetecting failed members 14-21number of controllers supported 14-7ping requests to members 14-21Mobility Multicast Messaging > Edit page 14-15Mobility Multicast Messaging page 14-14mobility ping tests, running 14-29Mobility Statistics page 14-18MODE access point button 8-45, 8-66Mode parameter 4-65, 13-49Monitoring 12-18monitor intervals, configuring using the GUI 13-24mpings 14-23, 14-29Multicast Appliance Mode parameter 3-26multicast client table, viewing 4-62multicast groupsviewing using the CLI 4-61viewing using the GUI 4-60Multicast Groups page 4-60multicast modeconfiguringusing the CLI 4-60using the GUI 4-59described 4-57 to 4-58guidelines 4-58, 8-88multicast-multicast 7-75Multicast-Multicast mode 7-75Multicast Optimization 3-52Multicast page 4-59Multicast VLANUsing the CLI 3-53using the GUI 3-52multiple AP-manager interfaces5500 series controller example 3-47 to 3-48multiple country codesconfiguration guidelines 8-106configuringusing the CLI 8-109using the GUI 8-107 to 8-108NNAC in-band mode 7-68NAC out-of-band integrationand hybrid REAP 15-7configuringusing the CLI 7-73 to 7-74using the GUI 7-70 to 7-73described 7-68 to 7-69diagram 7-69guidelines 7-69 to 7-70NAC out-of-band supportconfiguring for a specific access point groupusing the CLI 7-74
IndexIN-22Cisco Wireless LAN Controller Configuration GuideOL-21524-02using the GUI 7-72NAC State parameter 7-59, 7-72, 7-73NAT addressfor dynamic interface 3-19, 3-22for management interface 3-12, 3-15NAT devices in mobility groups 14-8 to 14-9Native VLAN ID parameter 15-15Neighbor Discovery Packet 13-31neighbor informationviewing for an access point using the CLI 9-123viewing for an access point using the GUI 9-121 to 9-123Neighbor Information option 9-121Neighbor Packet Frequency parameter 13-24neighbor statisticsviewing for an access point using the CLI 9-123viewing for an access point using the GUI 9-121 to 9-123Netbios Name Servers parameter 7-15Netmask parameter 7-15Network Mobility Services Protocol (NMSP) 4-109debugging 4-121modifying the notification interval for clients, RFID tags, and rogues 4-118viewing settings 4-118 to 4-121Network parameter 7-15NTP serverconfiguring to obtain time and date 2-30Number of Attempts to LSC parameter 8-48Number of Hits parameter 6-65OOfficeExtend Access Point Configuration page 8-86OfficeExtend Access Point Home page 8-85OfficeExtend Access PointsLEDs D-51positioning D-51OfficeExtend access pointsand NAT 8-69configuringa personal SSID 8-85 to 8-87using the CLI 8-83 to 8-85using the GUI 8-80 to 8-83described 8-69firewall requirements 8-79implementing security for 8-79licensing requirements 8-80supported access point models 8-69trap logs 8-80typical setup 8-69viewing statistics 8-87 to 8-88OfficeExtend APenabling 8-24OfficeExtend AP parameter 8-82online help, using 2-17open source terms C-8OpenSSL license issues C-6 to C-8operating systemsecurity 1-4 to 1-5software 1-4Order Used for Authentication parameter 6-11, 6-26Override Global Config parameter 11-24, 11-31Over-ride Global Credentials parameter 8-35, 8-39, 8-82, 8-83Override Interface ACL parameter 6-69oversized access point images 8-68over-the-air provisioning (OTAP) 8-8Overview of CleanAir 12-1PP2P Blocking parameter 7-23packet capture filesdescribed D-21sample output in Wireshark D-21uploadingusing the CLI D-23
IndexIN-23Cisco Wireless LAN Controller Configuration GuideOL-21524-02using the GUI D-22Params parameter 8-47Passive clients 7-75passwordrestoring 4-42password guidelines 8-38Password parameterfor access point authentication 8-38for access points 8-34for local net users 6-33, 15-12for PACs 10-26passwordsviewing in clear text D-7path loss measurement (S60), CLI command 4-114PEAP parameter 6-46peer-to-peer blockingconfiguringusing the CLI 7-23 to 7-24using the GUI 7-22 to 7-23described 7-21examples 7-22guidelines 7-22, 7-69permanent licenses, installed on 5500 series controllers 4-3Personal SSID parameter 8-86Physical Mode parameter 3-25, 3-26Physical Status parameter 3-25ping link test 8-121ping tests 14-29pinning 13-6PMK cache lifetime timer 7-28PMKID caching 7-28PoE Status parameter 8-130Pool End Address parameter 7-15Pool Start Address parameter 7-15Port > Configure page 3-24port mirroring, configuring 3-27 to 3-28Port Number parameterfor controller 3-25for LDAP server 6-37for RADIUS server 6-9for TACACS+ server 6-25for wired guest access 11-29Port parameter for IDS 6-113portsconfiguring 3-23 to 3-34on 2100 series controllers 3-2, 3-3on 4400 series controllers 3-2, 3-3, 3-4on 5500 series controllers 3-2, 3-4on Catalyst 3750G Integrated Wireless LAN Controller Switch 3-3, 3-5on Cisco 28/37/38xx Series Integrated Services Router 3-3 to 3-5, 4-123, 8-54on Cisco WiSM 3-3, 3-4overview 3-1 to 3-6Ports page 3-23Power Assignment Leader parameter 13-14power cable warning for Japan B-2Power Injector Selection parameter 8-130Power Injector State parameter 8-130Power Neighbor Count parameter 13-14Power over Ethernet (PoE)configuringusing the CLI 8-131using the GUI 8-129 to 8-131described 1-14, 8-128Power Over Ethernet (PoE) parameter 3-25Power Threshold parameter 13-13preauthentication access control list (ACL)applying to a WLANusing the CLI 6-72using the GUI 6-69 to 6-70for external web server 11-19, 15-11Preauthentication ACL parameter 6-70, 7-65pre-download 8-27Predownloading an image 10-11Primary Controller Name parameter 8-80Primary Controller parameters 8-80, 8-98, 9-30
IndexIN-24Cisco Wireless LAN Controller Configuration GuideOL-21524-02primary image pre-download 8-27Primary RADIUS Server parameter 15-22priming access points 8-8Priority Order > Local-Auth page 6-38, 6-44Priority Order > Management User page 6-11, 6-26Priority parameter 3-33Privacy Protocol parameter 4-46probe request forwarding, configuring 8-119probe requests, described 8-119product authorization key (PAK)obtaining for license upgrade 4-3registering 4-6product ID for controller, finding 4-24product ID of controller, finding 4-22Product License Registration page 4-22Profile Details page D-34Profile Name parameter 7-5, 7-83, 9-25, 11-29, 15-9protected access credentials (PACs)overview 10-25uploadingusing the CLI 10-26 to 10-27using the GUI 10-25using with local EAP 6-43, 15-24Protection Type parameter 6-75, 13-42Protocol parameter 6-64Protocol Type parameter 4-70PSKconfiguring 7-27described 7-25PSK Format parameter 7-27public key cryptography (PKC), with mobility 14-7QQBSSconfiguringusing the CLI 7-41using the GUI 7-40 to 7-41described 7-39guidelines 7-40QoSidentity networking 6-83levels 4-68, 7-37translation values 7-37with CAC 4-75QoS profilesassigning to a WLANusing the CLI 7-38using the GUI 7-38configuringusing the CLI 4-70 to 4-71using the GUI 4-68 to 4-70QoS rolesassigning for use with hybrid REAP 15-12configuringusing the CLI 4-73 to 4-74using the GUI 4-71 to 4-73QoS Roles for Guest Users page 4-72Quality of Service (QoS) parameter 7-38quarantined VLANconfiguring 3-12, 3-19using 15-10with hybrid REAP 15-5with NAC out-of-band integration 7-71Quarantine parameterfor dynamic interface 3-19for management interface 3-12NAC out-of-band integration 7-71Query Interval parameter 6-113Queue Depth parameter 4-69queue statistics 9-118RRadio > Statistics page 7-44radio core dumpsdescribed 8-60retrieving 8-61
IndexIN-25Cisco Wireless LAN Controller Configuration GuideOL-21524-02uploadingusing the CLI 8-62using the GUI 8-61 to 8-62radio measurement requestsconfiguringon the CLI 13-50on the GUI 13-49overview 13-48viewing status using the CLI 13-51radio preamble 6-54radio resource management (RRM)benefits 13-5CCX features. See CCX radio managementconfiguringmonitor intervals using the GUI 13-24using the CLI 13-24 to 13-28using the GUI 13-11 to 13-24coverage hole detectionconfiguring per controller using the CLI 13-27configuring per controller using the GUI 13-20 to 13-22described 13-4debugging 13-30disabling dynamic channel and power assignmentusing the CLI 13-40using the GUI 13-39overriding RRM 13-32 to 13-40overview 13-1specifying channels 9-69 to 9-71, 13-16 to 13-19statically assigning channel and transmit power settingsusing the CLI 13-37using the GUI 13-32 to 13-36update interval 13-7, 13-10Wireless > 802.11a/n (or 802.11b/g/n) > RRM > TPC parameter 13-13radio resource management (RRM) settingsviewing using the CLI 13-28 to 13-30radio resource monitoring 13-2RADIUSaccounting 6-3authentication 6-3choosing authentication priority order 6-11configuringusing the CLI 6-11 to 6-15using the GUI 6-6 to 6-11configuring on ACS 6-4described 6-3FIPS standard 6-12KEK parameter 6-12MACK parameter 6-12server fallback behavior 6-10, 6-13using with hybrid REAP 15-20RADIUS > Fallback Parameters page 6-10RADIUS accounting attributes 6-18 to 6-19RADIUS authentication attributes 6-15 to 6-18Range (RootAP to MeshAP) parameter 9-37Redirect URL After Login parameter 11-12Refresh-time Interval parameter 4-100Regenerate Certificate button 11-7regulatory informationfor 2100 series controllers B-3for 4400 series controllers B-3for lightweight access points ?? to B-2rehosting a license. See licensesRehost Ticket File Name parameter 4-23Remote Authentication Dial-In User Service. See RADIUSRequest Max Retries parameter 6-45Request Timeout parameter 6-45Reserved Roaming Bandwidth parameter 4-78Reset Link Latency button 8-126Reset Personal SSID parameter 8-81resetting the controller 10-35restoring passwords 4-42Re-sync button 6-116reverse path filtering (RPF) 14-27RF Channel Assignment parameter 13-39RF Group LeaderAuto mode, Static Mode 13-6
IndexIN-26Cisco Wireless LAN Controller Configuration GuideOL-21524-02RF group leaderdescribed 13-6RF group namedescribed 13-7entering 13-8RF groupscascading 13-6configuringusing the CLI 13-8using the GUI 13-8difference from mobility groups 13-5overview 13-5 to 13-7pinning 13-6viewing statususing the CLI 13-10using the GUI 13-9 to 13-10RF Group support 13-5RFID tagsdescribed 4-109number supported per controller 4-110trackingconfiguring using the CLI 4-110debugging using the CLI 4-112viewing information using the CLI 4-111 to 4-112RFID tracking on access points, optimizingusing the CLI 8-118using the GUI 8-116 to 8-117RF-Network Name parameter 13-8RLDP. See Rogue Location Discovery Protocol (RLDP)roaming and real-time diagnosticsconfiguring using the CLI D-37 to D-39described D-26logsdescribed D-26viewing D-37roam reason report 4-64roam reason report, described 9-92rogue access pointsalarm 13-42automatically containingusing the CLI 6-95using the GUI 6-93classification mapping table 6-91classifying 6-90configuring RLDP 6-93 to 6-96detectingusing the CLI 13-42 to 13-43using the GUI 13-41 to 13-42managing 6-89rule-based classification support 6-90tagging, location, and containment 6-89viewing and classifyingusing the CLI 6-107 to 6-111using the GUI 6-102 to 6-107WCS support for rule-based classification 6-92Rogue AP Detail page 6-103Rogue AP Ignore-List page 6-107rogue classification rulesconfiguring using the CLI 6-100 to 6-102configuring using the GUI 6-96 to 6-100Rogue Client Detail page 6-105rogue detection 6-93, 6-94and OfficeExtend access points 8-81, 8-84Rogue Detection parameter 6-93, 8-81Rogue Location Discovery Protocol (RLDP)configuringusing the CLI 6-94 to 6-96using the GUI ?? to 6-94defined 6-89Rogue Location Discovery Protocol parameter 6-93Rogue on Wire parameter 6-94Rogue Policies page 6-93Rogue Rule > Edit page 6-98Rogue Rules > Priority page 6-99rogue states 6-91, 6-92Role Name parameter 4-72Role of the Controller 12-1Role parameter 6-33, 15-12
IndexIN-27Cisco Wireless LAN Controller Configuration GuideOL-21524-02root bridge 3-28Root Cost parameter 3-32Root Port parameter 3-32RRM. See radio resource management (RRM)RSNA logsconfiguring D-37 to D-38described D-26Ssafety warnings A-1 to A-26Save and Reboot button 10-20, 10-23Save Licenses button 4-8saving configuration settings 10-33Scan Threshold parameter 4-65Scope Name parameter 7-14Search AP window 8-10, 8-32, 8-56Search Clients page 8-134Search WLANs window 7-8, 8-10, 8-32Secondary Controller parameters 8-98, 9-30Secondary RADIUS Server parameter 15-22SE-Connect 12-4, 12-24secure web modedescribed 2-18enablingusing the CLI 2-19using the GUI 2-18securityoverview 6-2solutions 6-1 to 6-2Security Mode parameter 9-38Security Policy Completed parameter 7-51security settingslocal and external authentication 9-36Select APs from Current Controller parameter 15-22self-signed certificate (SSC)used to authorize access points 8-45Sequence parameter 6-64serial number for controller, finding 4-24serial number of controller, finding 4-22serial portbaud rate setting 2-24timeout 2-24Server Address parameter 6-113Server Index (Priority) parameter 6-8, 6-25, 6-37Server IP Address parameterfor LDAP server 6-37for RADIUS server 6-8for TACACS+ server 6-25for wireless sniffer D-47Server Key parameter 6-48, 15-24Server Status parameter 6-9, 6-25Server Timeout parameter 6-9, 6-26, 6-38service port 3-5service-port interfaceconfiguringusing the CLI 3-17using the GUI 3-11 to 3-14described 3-9session timeoutconfiguringusing the CLI 7-32using the GUI 7-31described 7-31Set Priority button 4-18Set reboot time 10-14Set to Factory Default button 13-24Severity Level Filtering parameter D-8Shared Secret Format parameter 6-8, 6-25Shared Secret parameter 6-8, 6-25Short Preamble Enabled parameter 6-55short preambles 6-54Show Wired Clients option 8-92shunned clientsdescribed 6-115viewingusing the CLI 6-116using the GUI 6-116
IndexIN-28Cisco Wireless LAN Controller Configuration GuideOL-21524-02Signature Events Detail page 6-124Signature Events Summary page 6-123Signature Events Track Detail page 6-124Simple Bind parameter 6-38sniffing. See wireless sniffing D-44Sniff parameter D-47SNMP, configuring 4-42 to 4-43SNMP community stringchanging default values using the CLI 4-44 to 4-45changing default values using the GUI 4-43 to 4-44SNMP engine Id 4-43SNMP v1 / v2c Community > New page 4-44SNMP v1 / v2c Community page 4-43SNMP v3 userschanging default values using the CLI 4-47changing default values using the GUI 4-45 to 4-47SNMP V3 Users > New page 4-46SNMP V3 Users page 4-45software, upgradingguidelines 10-1 to 10-3using the CLI 10-8 to 10-10using the GUI 10-5 to 10-7software, upgrading in mesh networksguidelines 10-3 to 10-5Source parameter for ACLs 6-64Source Port parameter 6-65Spanning Tree Algorithm parameter 3-33Spanning Tree Protocol (STP)configuringusing the CLI 3-33 to 3-34using the GUI 3-29 to 3-33described 3-28spanning-tree root 3-28Spanning Tree Specification parameter 3-32SpectraLink NetLink phonesenabling long preamblesusing the CLI 6-55using the GUI 6-54overview 6-54Spectralink Voice Priority parameter 4-95Spectrum Expert 12-23splash page web redirect 7-63Splash Page Web Redirect parameter 7-65SSC key-hash on Cisco WiSM 8-44SSHand OfficeExtend access points 8-82, 8-84configuringusing the CLI 2-36 to 2-37troubleshooting access pointsusing the CLI D-49 to D-50using the GUI D-48 to D-49SSH parameter D-49SSIDconfiguringusing the CLI 7-6using the GUI 7-5described 7-2SSL certificategeneratingusing the CLI 2-20loadingusing the CLI 2-21 to 2-22using the GUI 2-20 to 2-21SSL protocol 2-18SSLv2, configuring for web administration 2-19SSLv2 for web authentication, disabling 11-12Standard Signature > Detail page 6-122Standard Signatures page 6-121stateful DHCPv6 IP addressing 7-50State parameter 6-113, 6-123static IP addressconfiguringusing the CLI 8-67 to 8-68using the GUI 8-66 to 8-67described 8-66Static IP parameter 8-67Static Mobility Group Members page 14-12Statistics option 9-116
IndexIN-29Cisco Wireless LAN Controller Configuration GuideOL-21524-02Status parameterfor DHCP scopes 7-15for guest LANs 11-30for SNMP community 4-44for WLANs 7-6, 7-83STP Mode parameter 3-30STP Port Designated Bridge parameter 3-29STP Port Designated Cost parameter 3-29STP Port Designated Port parameter 3-30STP Port Designated Root parameter 3-29STP Port Forward Transitions Count parameter 3-30STP Port ID parameter 3-29STP Port Path Cost Mode parameter 3-30STP Port Path Cost parameter 3-31STP Port Priority parameter 3-30STP State parameter 3-29strong passwords 8-38Summary page 2-36Supervisor 720configuring 4-121 to ??described 4-121switch, configuring at the remote site 15-7 to 15-8Switch IP Address (Anchor) parameter 14-23SX/LC/T small form-factor plug-in (SFP) modules 3-4symmetric mobility tunnelingillustrated 14-27overview 14-26 to 14-28verifying statususing the CLI 14-28using the GUI 14-28Symmetric Mobility Tunneling Mode parameter 14-28syslogdescribed D-26levels D-9logs D-37 to D-38Syslog Configuration page D-8Syslog Facility parameter D-9syslog servernumber supported by controller D-8removing from controller D-8severity level filtering D-8Syslog Server IP Address parameter D-8system loggingconfiguringusing the CLI D-11 to D-14using the GUI D-8 to D-10setting severity level D-9system logs, viewing using the CLI D-14System Resource Information page D-5system resourcesviewing using the CLI D-5viewing using the GUI D-5TTACACS+accounting 6-20authentication 6-19authorization 6-19choosing authentication priority order 6-26configuringusing the CLI 6-26 to 6-28using the GUI 6-24 to 6-26configuring on ACS 6-20 to 6-24described 6-19 to 6-20roles 6-19, 6-23viewing administration server logs 6-29 to 6-30TACACS+ (Authentication, Authorization, or Accounting) Servers > New page 6-25TACACS+ (Authentication, Authorization, or Accounting) Servers page 6-24TACACS+ (Cisco) page (on CiscoSecure ACS) 6-22TACACS+ Administration .csv page (on CiscoSecure ACS) 6-29, 6-30TCP MSSconfiguring 8-127 to 8-128described 8-127Telnet
IndexIN-30Cisco Wireless LAN Controller Configuration GuideOL-21524-02and OfficeExtend access points 8-82, 8-84troubleshooting access pointsusing the CLI D-49 to D-50using the GUI D-48 to D-49Telnet parameter D-49Telnet sessionsconfiguringusing the CLI 2-36 to 2-37using the GUI 2-34 to 2-36Telnet-SSH Configuration page 2-35Tertiary Controller parameters 8-98, 9-31text2pcap sample output D-43TFTP server guidelines 10-2time, configuringusing the CLI 2-32using the NTP server 2-29time-length-values (TLVs), supported for CDP 4-97timeout, configuring for disabled clients 7-18Time Since Topology Changed parameter 3-32timestamps, enabling or disabling in log and debug messages D-13Time to Live for the PAC parameter 6-48, 15-24time zoneconfiguring using the CLI 2-32configuring using the GUI 2-32TKIPconfiguring 7-27, 7-28described 7-25parameter 7-27To 6-66Topology Change Count parameter 3-32traffic specifications (TSPEC) requestdescribed 4-76examples 4-76traffic stream metrics (TSM)configuringusing the GUI 4-79described 4-77viewing statisticsusing the CLI 4-90 to 4-91using the GUI 4-83 to 4-85Transfer Mode parameterdownloading a CA certificate 10-23downloading a configuration file 10-30downloading a customized web authentication login page 11-21downloading a device certificate 10-20upgrading controller software 10-7uploading a configuration file 10-28uploading a PAC 10-26uploading packet capture files D-22Transition Time parameter 4-65transmit powerstatically assigning using the CLI 13-37statically assigning using the GUI 13-32 to 13-36transmit power levels 13-36transmit power threshold, decreasing 13-25trap logsfor OfficeExtend access points 8-80Trap Logs page 4-3, 7-44troubleshootingaccess point join process 8-53 to 8-60CCXv5 clients D-25 to D-39problems D-6 to D-7Troubleshooting OEAPs D-51tunnel attributes and identity networking 6-85 to 6-86Tx Power Level Assignment parameter 13-40Type parameter 7-5, 7-83, 11-29, 15-9UU-APSDdescribed 4-77viewing statususing the CLI 4-90using the GUI 4-82UDP, use in RADIUS 6-3UDP port 14-23, 14-29

Navigation menu