cisco 1242 configuration guide

of 514/514
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC September 2007 Text Part Number: 0L-14209-01

Post on 18-Apr-2015

420 views

Category:

Documents

3 download

Embed Size (px)

TRANSCRIPT

Cisco IOS Software Configuration Guide for Cisco Aironet Access PointsCisco IOS Releases 12.4(10b)JA and 12.3(8)JEC September 2007

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

Text Part Number: 0L-14209-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Copyright 2009 Cisco Systems, Inc. All rights reserved.

CONTENTSPrefacexix 1-xix 1-xix 1-xx 1-xxi 1-xxiii 1-xxiv

Audience Purpose

Organization Conventions

Related Publications

Obtaining Documentation, Obtaining Support, and Security Guidelines Overview1-1

Features 1-2 Features Introduced in This Release Management Options Roaming Client Devices1-2 1-3

1-2

Network Configuration Examples 1-3 Root Access Point 1-3 Repeater Access Point 1-4 Bridges 1-4 Workgroup Bridge 1-5 Central Unit in an All-Wireless Network Using the Web-Browser Interface2-1

1-6

Using the Web-Browser Interface for the First Time

2-2 2-2

Using the Management Pages in the Web-Browser Interface Using Action Buttons 2-3 Character Restrictions in Entry Fields 2-4 Enabling HTTPS for Secure Browsing 2-4 CLI Configuration Example 2-12 Deleting an HTTPS Certificate 2-12 Using Online Help 2-13 Changing the Location of Help Files Disabling the Web-Browser Interface2-13 2-14

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

1

Contents

Using the Command-Line Interface Cisco IOS Command Modes Getting Help3-3 3-3 3-2

3-1

Abbreviating Commands

Using no and default Forms of Commands Understanding CLI Messages3-4

3-4

Using Command History 3-4 Changing the Command History Buffer Size 3-5 Recalling Commands 3-5 Disabling the Command History Feature 3-5 Using Editing Features 3-6 Enabling and Disabling Editing Features 3-6 Editing Commands Through Keystrokes 3-6 Editing Command Lines that Wrap 3-7 Searching and Filtering Output of show and more Commands Accessing the CLI 3-9 Opening the CLI with Telnet 3-9 Opening the CLI with Secure Shell3-8

3-9 4-1

Configuring the Access Point for the First Time

Before You Start 4-2 Resetting the Device to Default Settings 4-2 Resetting to Default Settings Using the MODE Button Resetting to Default Settings Using the GUI 4-2 Resetting to Default Settings Using the CLI 4-3 Obtaining and Assigning an IP Address Default IP Address Behavior 4-44-4

4-2

Connecting to the 1100 Series Access Point Locally Connecting to the 1130 Series Access Point Locally

4-5 4-6 4-6

Connecting to the 1200, 1230, 1240, and 1250 Series Access Points Locally Connecting to the 1300 Series Access Point/Bridge Locally Default Radio Settings4-7 4-7

Assigning Basic Settings 4-8 Default Settings on the Express Setup Page Configuring Basic Security Settings4-15

4-13

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2

OL-14209-01

Contents

Understanding Express Security Settings 4-16 Using VLANs 4-16 Express Security Types 4-17 Express Security Limitations 4-19 Using the Express Security Page 4-19 CLI Configuration Examples 4-20 Configuring System Power Settings for 1130 and 1240 Series Access Points Assigning an IP Address Using the CLI Using a Telnet Session to Access the CLI4-26 4-26 4-25

Configuring the 802.1X Supplicant 4-27 Creating a Credentials Profile 4-27 Applying the Credentials to an Interface or SSID 4-28 Applying the Credentials Profile to the Wired Port 4-28 Applying the Credentials Profile to an SSID Used For the Uplink Creating and Applying EAP Method Profiles 4-30 Administering the Access Point Disabling the Mode Button5-2 5-3 5-1

4-29

Preventing Unauthorized Access to Your Access Point

Protecting Access to Privileged EXEC Commands 5-3 Default Password and Privilege Level Configuration 5-4 Setting or Changing a Static Enable Password 5-4 Protecting Enable and Enable Secret Passwords with Encryption Configuring Username and Password Pairs 5-7 Configuring Multiple Privilege Levels 5-8 Setting the Privilege Level for a Command 5-8 Logging Into and Exiting a Privilege Level 5-9 Controlling Access Point Access with RADIUS 5-9 Default RADIUS Configuration 5-10 Configuring RADIUS Login Authentication 5-10 Defining AAA Server Groups 5-12 Configuring RADIUS Authorization for User Privileged Access and Network Services 5-14 Displaying the RADIUS Configuration 5-15 Controlling Access Point Access with TACACS+ Default TACACS+ Configuration 5-155-15

5-6

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3

Contents

Configuring TACACS+ Login Authentication 5-15 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Displaying the TACACS+ Configuration 5-17 Configuring Ethernet Speed and Duplex Settings5-18 5-18 5-19

5-17

Configuring the Access Point for Wireless Network Management Configuring the Authentication Cache and Profile5-20

Configuring the Access Point for Local Authentication and Authorization Configuring the Access Point to Provide DHCP Service 5-22 Setting up the DHCP Server 5-22 Monitoring and Maintaining the DHCP Server Access Point Show Commands 5-24 Clear Commands 5-25 Debug Command 5-25 Configuring the Access Point for Secure Shell Understanding SSH 5-25 Configuring SSH 5-26 Configuring Client ARP Caching 5-26 Understanding Client ARP Caching Optional ARP Caching 5-26 Configuring ARP Caching 5-275-26 5-25

5-24

Managing the System Time and Date 5-27 Understanding Simple Network Time Protocol 5-27 Configuring SNTP 5-28 Configuring Time and Date Manually 5-28 Setting the System Clock 5-28 Displaying the Time and Date Configuration 5-29 Configuring the Time Zone 5-29 Configuring Summer Time (Daylight Saving Time) 5-30 Defining HTTP Access5-32

Configuring a System Name and Prompt 5-32 Default System Name and Prompt Configuration Configuring a System Name 5-32 Understanding DNS 5-33 Default DNS Configuration 5-33 Setting Up DNS 5-34 Displaying the DNS Configuration 5-35 Creating a Banner5-35

5-32

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

4

OL-14209-01

Contents

Default Banner Configuration 5-35 Configuring a Message-of-the-Day Login Banner Configuring a Login Banner 5-37 Migrating to Japan W52 Domain 5-37 Verifying the Migration 5-39

5-35

Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode

5-37

Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging CLI Command 5-40 Configuring Radio Settings Enabling the Radio Interface6-1 6-2

5-39

Configuring the Role in Radio Network 6-2 Universal Workgroup Bridge Mode 6-5 Configuring Dual-Radio Fallback 6-5 Radio Tracking 6-6 Fast Ethernet Tracking 6-6 MAC-Address Tracking 6-6 Bridge Features Not Supported 6-7 Configuring Radio Data Rates 6-7 Access Points Send Multicast and Management Frames at Highest Basic Rate Configuring MCS Rates6-10 6-8

Configuring Radio Transmit Power 6-11 Limiting the Power Level for Associated Client Devices Configuring Radio Channel Settings 6-14 802.11n Channel Widths 6-15 Dynamic Frequency Selection 6-16 CLI Commands 6-18 Confirming that DFS is Enabled 6-18 Configuring a Channel 6-19 Blocking Channels from DFS Selection Setting the 802.11n Guard Interval 6-20

6-13

6-19

Configuring Location-Based Services 6-21 Understanding Location-Based Services 6-21 Configuring LBS on Access Points 6-21 Enabling and Disabling World Mode6-22

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

5

Contents

Disabling and Enabling Short Radio Preambles Configuring Transmit and Receive Antennas Disabling and Enabling Aironet Extensions

6-23 6-24 6-25

Enabling and Disabling Gratuitous Probe Response6-26

Configuring the Ethernet Encapsulation Transformation Method Enabling and Disabling Reliable Multicast to Workgroup Bridges Enabling and Disabling Public Secure Packet Forwarding Configuring Protected Ports 6-30 Configuring the Beacon Period and the DTIM Configure RTS Threshold and Retries Configuring the Maximum Data Retries Configuring the Fragmentation Threshold Performing a Carrier Busy Test Configuring VoIP Packet Handling6-33 6-33 6-31 6-32 6-32 6-33 6-30 6-29

6-27 6-28

Enabling Short Slot Time for 802.11g Radios

Viewing VoWLAN Metrics 6-34 Viewing Voice Reports 6-34 Viewing Wireless Client Reports 6-37 Viewing Voice Fault Summary 6-38 Configuring Voice QoS Settings 6-38 Configuring Voice Fault Settings 6-39 Configuring Multiple SSIDs7-1

Understanding Multiple SSIDs 7-2 Effect of Software Versions on SSIDs

7-2

Configuring Multiple SSIDs 7-4 Default SSID Configuration 7-4 Creating an SSID Globally 7-4 Viewing SSIDs Configured Globally 7-6 Using Spaces in SSIDs 7-6 Using a RADIUS Server to Restrict SSIDs 7-7 Configuring Multiple Basic SSIDs 7-7 Requirements for Configuring Multiple BSSIDs Guidelines for Using Multiple BSSIDs 7-8 Configuring Multiple BSSIDs 7-8 CLI Configuration Example 7-107-8

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

6

OL-14209-01

Contents

Displaying Configured BSSIDs

7-10

Assigning IP Redirection for an SSID 7-11 Guidelines for Using IP Redirection 7-12 Configuring IP Redirection 7-12 Including an SSID in an SSIDL IE NAC Support for MBSSID 7-13 Configuring NAC for MBSSID Configuring Spanning Tree Protocol7-13

7-16 8-1

Understanding Spanning Tree Protocol 8-2 STP Overview 8-2 1300 and 350 Series Bridge Interoperability 8-3 Access Point/Bridge Protocol Data Units 8-3 Election of the Spanning-Tree Root 8-4 Spanning-Tree Timers 8-5 Creating the Spanning-Tree Topology 8-5 Spanning-Tree Interface States 8-5 Blocking State 8-7 Listening State 8-7 Learning State 8-7 Forwarding State 8-8 Disabled State 8-8 Configuring STP Features 8-8 Default STP Configuration 8-8 Configuring STP Settings 8-9 STP Configuration Examples 8-10 Root Bridge Without VLANs 8-10 Non-Root Bridge Without VLANs 8-11 Root Bridge with VLANs 8-11 Non-Root Bridge with VLANs 8-13 Displaying Spanning-Tree Status8-14 9-1

Configuring an Access Point as a Local Authenticator Understanding Local Authentication9-2

Configuring a Local Authenticator 9-2 Guidelines for Local Authenticators Configuration Overview 9-3

9-3

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

7

Contents

Configuring the Local Authenticator Access Point 9-3 Configuring Other Access Points to Use the Local Authenticator 9-6 Configuring EAP-FAST Settings 9-7 Configuring PAC Settings 9-7 Configuring an Authority ID 9-8 Configuring Server Keys 9-8 Possible PAC Failures Caused by Access Point Clock 9-8 Limiting the Local Authenticator to One Authentication Type 9-9 Unblocking Locked Usernames 9-9 Viewing Local Authenticator Statistics 9-9 Using Debug Messages 9-10 Configuring Cipher Suites and WEP10-1 10-2

Understanding Cipher Suites and WEP

Configuring Cipher Suites and WEP 10-3 Creating WEP Keys 10-3 WEP Key Restrictions 10-5 Example WEP Key Setup 10-5 Enabling Cipher Suites and WEP 10-6 Matching Cipher Suites with WPA and CCKM 10-7 Enabling and Disabling Broadcast Key Rotation 10-7 Configuring Authentication Types11-1

Understanding Authentication Types 11-2 Open Authentication to the Access Point 11-2 Shared Key Authentication to the Access Point 11-3 EAP Authentication to the Network 11-4 MAC Address Authentication to the Network 11-5 Combining MAC-Based, EAP, and Open Authentication 11-6 Using CCKM for Authenticated Clients 11-6 Using WPA Key Management 11-7 Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP Configuring Authentication Types 11-10 Assigning Authentication Types to an SSID 11-10 Configuring WPA Migration Mode 11-13 Configuring Additional WPA Settings 11-14 Configuring MAC Authentication Caching 11-15 Configuring Authentication Holdoffs, Timeouts, and Intervals 11-16 Creating and Applying EAP Method Profiles for the 802.1X Supplicant

11-8

11-17

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

8

OL-14209-01

Contents

Creating an EAP Method Profile 11-18 Applying an EAP Profile to the Fast Ethernet Interface Applying an EAP Profile to an Uplink SSID 11-19 Matching Access Point and Client Device Authentication Types

11-18

11-19

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services 12-1 Understanding WDS 12-2 Role of the WDS Device 12-2 Role of Access Points Using the WDS Device Understanding Fast Secure Roaming Understanding Radio Management Understanding Layer 3 Mobility12-5 12-6 12-3 12-5

12-3

Understanding Wireless Intrusion Detection Services

Configuring WDS 12-7 Guidelines for WDS 12-8 Requirements for WDS 12-8 Configuration Overview 12-8 Configuring Access Points as Potential WDS Devices 12-9 CLI Configuration Example 12-13 Configuring Access Points to use the WDS Device 12-14 CLI Configuration Example 12-15 Configuring the Authentication Server to Support WDS 12-15 Configuring WDS Only Mode 12-19 Viewing WDS Information 12-20 Using Debug Messages 12-21 Configuring Fast Secure Roaming 12-21 Requirements for Fast Secure Roaming 12-21 Configuring Access Points to Support Fast Secure Roaming CLI Configuration Example 12-24 Configuring Management Frame Protection12-24

12-22

Management Frame Protection 12-24 Overview 12-25 Protection of Unicast Management Frames 12-25 Protection of Broadcast Management Frames 12-25 Client MFP For Access Points in Root mode 12-25 Configuring Client MFP 12-26

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

9

Contents

Configuring Radio Management 12-28 CLI Configuration Example 12-29 Configuring Access Points to Participate in WIDS 12-30 Configuring the Access Point for Scanner Mode 12-30 Configuring the Access Point for Monitor Mode 12-30 Displaying Monitor Mode Statistics 12-31 Configuring Monitor Mode Limits 12-32 Configuring an Authentication Failure Limit 12-32 Configuring WLSM Failover 12-32 Resilient Tunnel Recovery 12-32 Active/Standby WLSM Failover 12-33 Configuring RADIUS and TACACS+ Servers13-1

Configuring and Enabling RADIUS 13-1 Understanding RADIUS 13-2 RADIUS Operation 13-2 Configuring RADIUS 13-3 Default RADIUS Configuration 13-4 Identifying the RADIUS Server Host 13-4 Configuring RADIUS Login Authentication 13-7 Defining AAA Server Groups 13-9 Configuring RADIUS Authorization for User Privileged Access and Network Services Configuring Packet of Disconnect 13-12 Starting RADIUS Accounting m 13-13 Selecting the CSID Format 13-14 Configuring Settings for All RADIUS Servers 13-15 Configuring the Access Point to Use Vendor-Specific RADIUS Attributes 13-16 Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication Configuring WISPr RADIUS Attributes 13-18 Displaying the RADIUS Configuration 13-19 RADIUS Attributes Sent by the Access Point 13-20 Configuring and Enabling TACACS+ 13-23 Understanding TACACS+ 13-23 TACACS+ Operation 13-24 Configuring TACACS+ 13-24 Default TACACS+ Configuration 13-25 Identifying the TACACS+ Server Host and Setting the Authentication Key Configuring TACACS+ Login Authentication 13-26

13-11

13-17

13-25

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

10

OL-14209-01

Contents

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Starting TACACS+ Accounting 13-28 Displaying the TACACS+ Configuration 13-29 Configuring VLANs14-1

13-27

Understanding VLANs 14-2 Related Documents 14-3 Incorporating Wireless Devices into VLANs

14-4

Configuring VLANs 14-4 Configuring a VLAN 14-5 Assigning Names to VLANs 14-7 Guidelines for Using VLAN Names 14-7 Creating a VLAN Name 14-8 Using a RADIUS Server to Assign Users to VLANs 14-8 Using a RADIUS Server for Dynamic Mobility Group Assignment Viewing VLANs Configured on the Access Point 14-9 VLAN Configuration Example Configuring QoS15-1 14-10

14-9

Understanding QoS for Wireless LANs 15-2 QoS for Wireless LANs Versus QoS on Wired LANs Impact of QoS on a Wireless LAN 15-2 Precedence of QoS Settings 15-3 Using Wi-Fi Multimedia Mode 15-4 Configuring QoS 15-5 Configuration Guidelines 15-5 Configuring QoS Using the Web-Browser Interface The QoS Policies Advanced Page 15-9 QoS Element for Wireless Phones 15-9 IGMP Snooping 15-10 AVVID Priority Mapping 15-10 WiFi Multimedia (WMM) 15-10 Adjusting Radio Access Categories 15-10 Configuring Nominal Rates 15-12 Optimized Voice Settings 15-12 Configuring Call Admission Control 15-12 QoS Configuration Examples15-14

15-2

15-5

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

11

Contents

Giving Priority to Voice Traffic Giving Priority to Video Traffic Configuring Filters16-1 16-2

15-14 15-15

Understanding Filters

Configuring Filters Using the CLI

16-2

Configuring Filters Using the Web-Browser Interface 16-3 Configuring and Enabling MAC Address Filters 16-3 Creating a MAC Address Filter 16-4 Using MAC Address ACLs to Block or Allow Client Association to the Access Point Creating a Time-Based ACL 16-8 ACL Logging 16-9 CLI Configuration Example 16-9 Configuring and Enabling IP Filters 16-9 Creating an IP Filter 16-11 Configuring and Enabling Ethertype Filters 16-12 Creating an Ethertype Filter 16-13 Configuring CDP17-1 17-2

16-6

Understanding CDP

Configuring CDP 17-2 Default CDP Configuration 17-2 Configuring the CDP Characteristics 17-2 Disabling and Enabling CDP 17-3 Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP Configuring SNMP18-1 17-4

17-4

Understanding SNMP 18-2 SNMP Versions 18-2 SNMP Manager Functions 18-3 SNMP Agent Functions 18-4 SNMP Community Strings 18-4 Using SNMP to Access MIB Variables Configuring SNMP 18-5 Default SNMP Configuration 18-5 Enabling the SNMP Agent 18-5 Configuring Community Strings 18-6

18-4

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

12

OL-14209-01

Contents

Specifying SNMP-Server Group Names 18-7 Configuring SNMP-Server Hosts 18-8 Configuring SNMP-Server Users 18-8 Configuring Trap Managers and Enabling Traps 18-8 Setting the Agent Contact and Location Information 18-10 Using the snmp-server view Command 18-10 SNMP Examples 18-10 Displaying SNMP Status18-12 19-1

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode Understanding Repeater Access Points Configuring a Repeater Access Point Default Configuration 19-4 Guidelines for Repeaters 19-4 Setting Up a Repeater 19-519-2 19-3

Aligning Antennas 19-6 Verifying Repeater Operation 19-6 Setting Up a Repeater As a LEAP Client Setting Up a Repeater As a WPA Client Understanding Hot Standby19-9

19-7 19-8

Configuring a Hot Standby Access Point 19-9 Verifying Standby Operation 19-12 Understanding Workgroup Bridge Mode 19-13 Treating Workgroup Bridges as Infrastructure Devices or as Client Devices Configuring a Workgroup Bridge for Roaming 19-15 Configuring a Workgroup Bridge for Limited Channel Scanning 19-15 Configuring the Limited Channel Set 19-15 Ignoring the CCX Neighbor List 19-16 Configuring a Client VLAN 19-16 Configuring Workgroup Bridge Mode19-16 19-14

The Workgroup Bridge in a Lightweight Environment 19-18 Guidelines for Using Workgroup Bridges in a Lightweight Environment Sample Workgroup Bridge Configuration 19-20

19-18

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

13

Contents

Managing Firmware and Configurations

20-1

Working with the Flash File System 20-1 Displaying Available File Systems 20-2 Setting the Default File System 20-3 Displaying Information About Files on a File System 20-3 Changing Directories and Displaying the Working Directory Creating and Removing Directories 20-4 Copying Files 20-4 Deleting Files 20-5 Creating, Displaying, and Extracting tar Files 20-5 Creating a tar File 20-5 Displaying the Contents of a tar File 20-6 Extracting a tar File 20-7 Displaying the Contents of a File 20-7

20-3

Working with Configuration Files 20-7 Guidelines for Creating and Using Configuration Files 20-8 Configuration File Types and Location 20-9 Creating a Configuration File by Using a Text Editor 20-9 Copying Configuration Files by Using TFTP 20-9 Preparing to Download or Upload a Configuration File by Using TFTP 20-10 Downloading the Configuration File by Using TFTP 20-10 Uploading the Configuration File by Using TFTP 20-11 Copying Configuration Files by Using FTP 20-11 Preparing to Download or Upload a Configuration File by Using FTP 20-12 Downloading a Configuration File by Using FTP 20-12 Uploading a Configuration File by Using FTP 20-13 Copying Configuration Files by Using RCP 20-14 Preparing to Download or Upload a Configuration File by Using RCP 20-15 Downloading a Configuration File by Using RCP 20-16 Uploading a Configuration File by Using RCP 20-17 Clearing Configuration Information 20-17 Deleting a Stored Configuration File 20-18 Working with Software Images 20-18 Image Location on the Access Point 20-18 tar File Format of Images on a Server or Cisco.com 20-19 Copying Image Files by Using TFTP 20-19 Preparing to Download or Upload an Image File by Using TFTP Downloading an Image File by Using TFTP 20-20

20-19

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

14

OL-14209-01

Contents

Uploading an Image File by Using TFTP 20-22 Copying Image Files by Using FTP 20-22 Preparing to Download or Upload an Image File by Using FTP 20-23 Downloading an Image File by Using FTP 20-24 Uploading an Image File by Using FTP 20-26 Copying Image Files by Using RCP 20-27 Preparing to Download or Upload an Image File by Using RCP 20-27 Downloading an Image File by Using RCP 20-29 Uploading an Image File by Using RCP 20-31 Reloading the Image Using the Web Browser Interface 20-32 Browser HTTP Interface 20-32 Browser TFTP Interface 20-33 Configuring System Message Logging21-1 21-2

Understanding System Message Logging

Configuring System Message Logging 21-2 System Log Message Format 21-2 Default System Message Logging Configuration 21-3 Disabling and Enabling Message Logging 21-4 Setting the Message Display Destination Device 21-5 Enabling and Disabling Timestamps on Log Messages 21-6 Enabling and Disabling Sequence Numbers in Log Messages 21-6 Defining the Message Severity Level 21-7 Limiting Syslog Messages Sent to the History Table and to SNMP 21-8 Setting a Logging Rate Limit 21-9 Configuring UNIX Syslog Servers 21-10 Logging Messages to a UNIX Syslog Daemon 21-10 Configuring the UNIX System Logging Facility 21-10 Displaying the Logging Configuration Troubleshooting22-1 21-12

Checking the Top Panel Indicators 22-2 Indicators on 1130 Series Access Points 22-6 Indicators on 1240 Series Access Points 22-9 Indicators on 1250 Access Points 22-11 Indicators on 1300 Outdoor Access Point/Bridges Normal Mode LED Indications 22-14 Power Injector 22-16 Checking Power22-17

22-14

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

15

Contents

Low Power Condition

22-17

Checking Basic Settings 22-18 SSID 22-18 WEP Keys 22-18 Security Settings 22-18 Resetting to the Default Configuration Using the MODE Button 22-19 Using the Web Browser Interface Using the CLI 22-2022-19

22-20

Reloading the Access Point Image 22-21 Using the MODE button 22-22 Using the Web Browser Interface 22-23 Browser HTTP Interface 22-23 Browser TFTP Interface 22-23 Using the CLI 22-24 Obtaining the Access Point Image File 22-26 Obtaining TFTP Server Software 22-26A

APPENDIX

Protocol Filters Supported MIBs MIB ListB-1

A-1

APPENDIX

B

B-1

Using FTP to Access the MIB FilesC

B-2

APPENDIX

Error and Event Messages ConventionsC-2

C-1

Software Auto Upgrade Messages Association Management Messages Unzip MessagesC-6 C-7

C-3 C-5

802.11 Subsystem Messages Local Authenticator Messages WDS MessagesC-23 C-24

Inter-Access Point Protocol MessagesC-21

C-20

Mini IOS Messages

Access Point/Bridge Messages

C-25 C-25 C-26

Cisco Discovery Protocol Messages

External Radius Server Error Messages

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

16

OL-14209-01

Contents

LWAPP Error Messages Sensor Messages SSH Error MessagesGLOSSARY

C-26

C-27 C-28 C-29

SNMP Error Messages

INDEX

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

17

Contents

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

18

OL-14209-01

PrefaceAudienceThis guide is for the networking professional who installs and manages Cisco Aironet Access Points. To use this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of wireless local area networks. The guide covers two Cisco IOS releases: 12.4(10b)JA and 12.3(8)JEC. Cisco IOS Release 12.4(10b)JA supports the following autonomous 32 Mb platforms:

1130 series access point 1240 series access point 1250 series access point 1300 outdoor access point/bridge

Cisco IOS Release 12.3(8)JEC is a maintenance release and supports the following autonomous 16 Mb platforms:

1100 series access point 1200 series access point 1230 series access point

Note

This guide does not cover lightweight access points. Configuration for these devices can be found in the appropriate installation and configuration guides on cisco.com.

PurposeThis guide provides the information you need to install and configure your access point. This guide provides procedures for using the Cisco IOS software commands that have been created or changed for use with the access point. It does not provide detailed information about these commands. For detailed information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges for this release. For information about the standard Cisco IOS software commands, refer to the Cisco IOS software documentation set available from the Cisco.com home page at Support > Documentation. On the Cisco Support Documentation home page, select Release 12.4 from the Cisco IOS Software drop-down list. Select wireless in the left frame to view the Wireless Support Resources page, then navigate to the access point or bridge for you are using.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

xix

Preface Organization

This guide also includes an overview of the access point web-based interface (APWI), which contains all the functionality of the command-line interface (CLI). This guide does not provide field-level descriptions of the APWI windows nor does it provide the procedures for configuring the access point from the APWI. For all APWI window descriptions and procedures, refer to the access point online help, which is available from the Help buttons on the APWI pages.

OrganizationThis guide is organized into these chapters: Chapter 1, Overview, lists the software and hardware features of the access point and describes the access points role in your network. Chapter 2, Using the Web-Browser Interface, describes how to use the web-browser interface to configure the access point. Chapter 3, Using the Command-Line Interface, describes how to use the command-line interface (CLI) to configure the access point. Chapter 4, Configuring the Access Point for the First Time, describes how to configure basic settings on a new access point. Chapter 5, Administering the Access Point, describes how to perform one-time operations to administer your access point, such as preventing unauthorized access to the access point, setting the system date and time, and setting the system name and prompt. Chapter 6, Configuring Radio Settings, describes how to configure settings for the access point radio such as the role in the radio network, transmit power, channel settings, and others. Chapter 7, Configuring Multiple SSIDs, describes how to configure and manage multiple service set identifiers (SSIDs) and multiple basic SSIDs (BSSIDs) on your access point. You can configure up to 16 SSIDs and up to eight BSSIDs on your access point. Chapter 8, Configuring Spanning Tree Protocol,describes how to configure Spanning Tree Protocol (STP) on your access point, bridge, or access point operating in a bridge mode. STP prevents bridge loops from occurring in your network. Chapter 9, Configuring an Access Point as a Local Authenticator, describes how to configure the access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices. Chapter 10, Configuring Cipher Suites and WEP, describes how to configure the cipher suites required to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation. Chapter 11, Configuring Authentication Types, describes how to configure authentication types on the access point. Client devices use these authentication methods to join your network. Chapter 12, Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services, describes how to configure the access point to participate in WDS, to allow fast reassociation of roaming client services, and to participate in radio management. Chapter 13, Configuring RADIUS and TACACS+ Servers, describes how to enable and configure the RADIUS and Terminal Access Controller Access Control System Plus (TACACS+), which provide detailed accounting information and flexible administrative control over authentication and authorization processes. Chapter 14, Configuring VLANs, describes how to configure your access point to interoperate with the VLANs set up on your wired LAN.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

xx

OL-14209-01

Preface Conventions

Chapter 15, Configuring QoS, describes how to configure and manage MAC address, IP, and Ethertype filters on the access point using the web-browser interface. Chapter 16, Configuring Filters, describes how to configure and manage MAC address, IP, and Ethertype filters on the access point using the web-browser interface. Chapter 17, Configuring CDP, describes how to configure Cisco Discovery Protocol (CDP) on your access point. CDP is a device-discovery protocol that runs on all Cisco network equipment. Chapter 18, Configuring SNMP, describes how to configure the Simple Network Management Protocol (SNMP) on your access point. Chapter 19, Configuring Repeater and Standby Access Points and Workgroup Bridge Mode, describes how to configure your access point as a hot standby unit or as a repeater unit. Chapter 20, Managing Firmware and Configurations, describes how to manipulate the Flash file system, how to copy configuration files, and how to archive (upload and download) software images. Chapter 21, Configuring System Message Logging, describes how to configure system message logging on your access point. Chapter 22, Troubleshooting, provides troubleshooting procedures for basic problems with the access point. Appendix A, Protocol Filters, lists some of the protocols that you can filter on the access point. Appendix B, Supported MIBs, lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the access point supports for this software release. Appendix C, Error and Event Messages, lists the CLI error and event messages and provides an explanation and recommended action for each message.

ConventionsThis publication uses these conventions to convey instructions and information: Command descriptions use these conventions:

Commands and keywords are in boldface text. Arguments for which you supply values are in italic. Square brackets ([ ]) mean optional elements. Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element. Terminal sessions and system displays are in screen font. Information you enter is in boldface screen font. Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Interactive examples use these conventions:

Notes, cautions, and timesavers use these conventions and symbols: Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.

Tip

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

xxi

Preface Conventions

Note

Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Caution

Means reader be careful. In this situation, you might do something that could result equipment damage or loss of data.

Warning

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. (To see translations of the warnings that appear in this publication, refer to the appendix Translated Safety Warnings.) Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risicos en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het aanhangsel Translated Safety Warnings (Vertalingen van veiligheidsvoorschriften) raadplegen.) Tm varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin tyskentelet minkn laitteiston parissa, ota selv shkkytkentihin liittyvist vaaroista ja tavanomaisista onnettomuuksien ehkisykeinoista. (Tss julkaisussa esiintyvien varoitusten knnkset lydt liitteest "Translated Safety Warnings" (knnetyt turvallisuutta koskevat varoitukset).) Ce symbole davertissement indique un danger. Vous vous trouvez dans une situation pouvant entraner des blessures. Avant daccder cet quipement, soyez conscient des dangers poss par les circuits lectriques et familiarisez-vous avec les procdures courantes de prvention des accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez consulter lannexe intitule Translated Safety Warnings (Traduction des avis de scurit). Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Krperverletzung fhren knnte. Bevor Sie mit der Arbeit an irgendeinem Gert beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfllen bewut. (bersetzungen der in dieser Verffentlichung enthaltenen Warnhinweise finden Sie im Anhang mit dem Titel Translated Safety Warnings (bersetzung der Warnhinweise).) Questo simbolo di avvertenza indica un pericolo. Si in una situazione che pu causare infortuni. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nellappendice, Translated Safety Warnings (Traduzione delle avvertenze di sicurezza).

Waarschuwing

Varoitus

Attention

Warnung

Avvertenza

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

xxii

OL-14209-01

Preface Related Publications

Advarsel

Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan fre til personskade. Fr du utfrer arbeid p utstyr, m du vre oppmerksom p de faremomentene som elektriske kretser innebrer, samt gjre deg kjent med vanlig praksis nr det gjelder unng ulykker. (Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler].) Este smbolo de aviso indica perigo. Encontra-se numa situao que lhe poder causar danos fisicos. Antes de comear a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos elctricos, e com quaisquer prticas comuns que possam prevenir possveis acidentes. (Para ver as tradues dos avisos que constam desta publicao, consulte o apndice Translated Safety Warnings - Tradues dos Avisos de Segurana). Este smbolo de aviso significa peligro. Existe riesgo para su integridad fsica. Antes de manipular cualquier equipo, considerar los riesgos que entraa la corriente elctrica y familiarizarse con los procedimientos estndar de prevencin de accidentes. (Para ver traducciones de las advertencias que aparecen en esta publicacin, consultar el apndice titulado Translated Safety Warnings.) Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utfr arbete p ngon utrustning mste du vara medveten om farorna med elkretsar och knna till vanligt frfarande fr att frebygga skador. (Se frklaringar av de varningar som frekommer i denna publikation i appendix "Translated Safety Warnings" [versatta skerhetsvarningar].)

Aviso

Advertencia!

Varning!

Related PublicationsThese documents provide complete information about the access point:

Quick Start Guide: Cisco Aironet 1100 Series Access Points Quick Start Guide: Cisco Aironet 1130AG Series Access Point Quick Start Guide: Cisco Aironet 1200 Series Access Points Quick Start Guide: Cisco Aironet 1240 Series Access Point Quick Start Guide: Cisco Aironet 1250 Series Access Point Quick Start Guide: Cisco Aironet 1300 Series Outdoor Access Point/Bridge Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges Cisco Aironet Access Point Hardware Installation Guide Installation Instructions for Cisco Aironet Power Injectors Installation Instructions for Cisco Aironet 1250 Series Access Point Power Injector Cisco Aironet 802.11g Radio Upgrade Instructions Cisco Aironet 1250 Series Access Point Radio Upgrade Instructions Release Notes for Cisco Aironet 1240 and 1300 Series Access Points for Cisco IOS Release 12.4(10b)JA Release Notes for Cisco Aironet 1100 and 1200 Series Access Points for Cisco IOS Release 12.3(8)JEC

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

xxiii

Preface Obtaining Documentation, Obtaining Support, and Security Guidelines

Obtaining Documentation, Obtaining Support, and Security GuidelinesFor information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

xxiv

OL-14209-01

C H A P T E R

1

OverviewCisco Aironet Access Points (hereafter called access points) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco Aironet access points are Wi-Fi certified, 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, and pre-802.11n-compliant wireless LAN transceivers. The 802.11n standard has not been ratified. Therefore, references to 802.11n throughout this document refer to 802.11n Draft 2.0. An access point serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within radio range of an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the network. You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). Each access point platform contains one or two radios:

Note

The 1100 series access point uses a single, 802.11b, 2.4-GHz mini-PCI radio that can be upgraded to an 802.11g, 2.4-GHz radio. The 1130 series access point has integrated 802.11g and 802.11a radios and antennas. The 1200 series access point can contain two radios: a 2.4-GHz radio in an internal mini-PCI slot and a 5-GHz radio module in an external, modified cardbus slot. The 1200 series access point supports one radio of each type, but it does not support two 2.4-GHz or two 5-GHz radios. The 1230 series access point is pre-configured to include both an 802.11g and an 802.11a radio. It has antenna connectors for externally attached antennas for both radios. The 1240 series access point uses two externally connected antennas for each band instead of built-in antennas. The 1250 series access point uses three externall connected antennas for its pre-802.11n radios operating on the 2.4- or 5-GHz frequency bands. The 1300 series outdoor access point/bridge uses an integrated antenna and can be configured to use external, dual-diversity antennas. Features, page 1-2 Management Options, page 1-2

This chapter provides information on the following topics:

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

1-1

Chapter 1 Features

Overview

Roaming Client Devices, page 1-3 Network Configuration Examples, page 1-3

FeaturesThis section lists features supported on access points running Cisco IOS software. The proxy Mobile-IP feature is not supported in Cisco IOS Releases 12.3(2)JA and later.Note

Note

Cisco IOS Release 12.3(8)JEC is a maintenance release only. No new features are included in this release.

Features Introduced in This ReleaseTable 1-1 lists the new features in Cisco IOS Release 12.4(10b)JA and the supported platforms.Table 1-1 New Cisco IOS Software Features for Cisco IOS Release 12.4(10b)JA

Feature

Cisco Aironet 1100 Series Access Points

Cisco Aironet 1240 Series Access Points x x x

Cisco Aironet 1300 Series Outoor Access Point/Bridge

Cisco Aironet 1400 Series Wireless Bridge

J52 to W52 migration on the RM20 radio x for Japan. Support for Cisco Aironet 1250 Series Access Points

Support for the Cisco 1250 802.11n radio

Management OptionsYou can use the wireless device management system through the following interfaces:

The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode. Most of the examples in this manual are taken from the CLI. Chapter 3, Using the Command-Line Interface, provides a detailed description of the CLI. A web-browser interface, which you use through a Web browser. Chapter 2, Using the Web-Browser Interface, provides a detailed description of the web-browser interface. Simple Network Management Protocol (SNMP). Chapter 18, Configuring SNMP, explains how to configure the wireless device for SNMP management.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

1-2

OL-14209-01

Chapter 1

Overview Roaming Client Devices

Roaming Client DevicesIf you have more than one wireless device in your wireless LAN, wireless client devices can roam seamlessly from one wireless device to another. The roaming functionality is based on signal quality, not proximity. When a clients signal quality drops, it roams to another access point. Wireless LAN users are sometimes concerned when a client device stays associated to a distant access point instead of roaming to a closer access point. However, if a clients signal to a distant access point remains strong and the signal quality is high, the client will not roam to a closer access point. Checking constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput on the wireless LAN. Using CCKM and a device providing WDS, client devices can roam from one access point to another so quickly that there is no perceptible delay in voice or other time-sensitive applications.

Network Configuration ExamplesThis section describes the access points role in common wireless network configurations. The access points default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as repeater access points, bridges, and workgroup bridges. These roles require specific configurations.

Root Access PointAn access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.Figure 1-1 Access Points as Root Units on a Wired LAN

Access point

Access point

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

135445

1-3

Chapter 1 Network Configuration Examples

Overview

Repeater Access PointAn access point can be configured as a stand-alone repeater to extend the range of your infrastructure or to overcome an obstacle that blocks radio communication. The repeater forwards traffic between wireless users and the wired LAN by sending packets to either another repeater or to an access point connected to the wired LAN. The data is sent through the route that provides the best performance for the client. Figure 1-2 shows an access point acting as a repeater. Consult the Configuring a Repeater Access Point section on page 19-3 for instructions on setting up an access point as a repeater. Non-Cisco client devices might have difficulty communicating with repeater access points.Figure 1-2 Access Point as Repeater

Note

Access point

Repeater

BridgesThe 1200, 1240, and 1250 series access points and the 1300 access point/bridge can be configured as root or non-root bridges. In this role, an access point establishes a wireless link with a non-root bridge. Traffic is passed over the link to the wired LAN. Access points in root and non-root bridge roles can be configured to accept associations from clients. Figure 1-3 shows an access point configured as a root bridge with clients. Figure 1-4 shows two access points configured as a root and non-root bridge, both accepting client associations. Consult the Configuring the Role in Radio Network section on page 6-2 for instructions on setting up an access point as a bridge. When wirless bridges are used in a point-to-multipoint configuration the throughput is reduced depending on the number of non-root bridges that associate with the root bridge. The maximum throughput is about 25 Mbps in a point to point link. The addition of three bridges to form a point-to-multipoint network reduces the throughput to about 12.5 Mbps.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

1-4

OL-14209-01

135444

Chapter 1

Overview Network Configuration Examples

Figure 1-3

Access Point as a Root Bridge with Clients

Root bridge

Non-root bridge

Figure 1-4

Access Points as Root and Non-root Bridges with Clients

Root bridge

Non-root bridge

Workgroup BridgeYou can configure access points as workgroup bridges. In workgroup bridge mode, the unit associates to another access point as a client and provides a network connection for the devices connected to its Ethernet port. For example, if you need to provide wireless connectivity for a group of network printers, you can connect the printers to a hub or to a switch, connect the hub or switch to the access point Ethernet port, and configure the access point as a workgroup bridge. The workgroup bridge associates to an access point on your network. If your access point has multiple radios, either radio can function in workgroup bridge mode. When you configure one radio interface as a workgroup bridge, the other radio interface is automatically disabled. Figure 1-5 shows an access point configured as a workgroup bridge. Consult the Understanding Workgroup Bridge Mode section on page 19-13 and the Configuring Workgroup Bridge Mode section on page 19-16 for information on configuring your access point as a workgroup bridge.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

1-5

135446

135447

Chapter 1 Network Configuration Examples

Overview

Figure 1-5

Access Point as a Workgroup Bridge

Workgroup bridge

Central Unit in an All-Wireless NetworkIn an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users. Figure 1-6 shows an access point in an all-wireless network.Figure 1-6 Access Point as Central Unit in All-Wireless Network

Access point

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

1-6

135443

OL-14209-01

135448

Access point

C H A P T E R

2

Using the Web-Browser InterfaceThis chapter describes the web-browser interface that you can use to configure the wireless device. This chapter contains these sections:

Using the Web-Browser Interface for the First Time, page 2-2 Using the Management Pages in the Web-Browser Interface, page 2-2 Enabling HTTPS for Secure Browsing, page 2-4 Using Online Help, page 2-13 Disabling the Web-Browser Interface, page 2-14

The web-browser interface contains management pages that you use to change the wireless device settings, upgrade firmware, and monitor and configure other wireless devices on the network.

Note

The wireless device web-browser interface is fully compatible with Microsoft Internet Explorer version 6.0 on Windows 98, 2000, and XP platforms, and with Netscape version 7.0 on Windows 98, 2000, XP, and Solaris platforms.

Note

Avoid using both the CLI and the web-browser interfaces to configure the wireless device. If you configure the wireless device using the CLI, the web-browser interface might display an inaccurate interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless device is misconfigured.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-1

Chapter 2 Using the Web-Browser Interface for the First Time

Using the Web-Browser Interface

Using the Web-Browser Interface for the First TimeUse the wireless devices IP address to browse to the management system. See the Obtaining and Assigning an IP Address section on page 4-4 for instructions on assigning an IP address to the wireless device. Follow these steps to begin using the web-browser interface:Step 1 Step 2

Start the browser. Enter the wireless devices IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer) and press Enter. The Summary Status page appears.

Using the Management Pages in the Web-Browser InterfaceThe system management pages use consistent techniques to present and save configuration information. A navigation bar is on the left side of the page, and configuration action buttons appear at the bottom. You use the navigation bar to browse to other management pages, and you use the configuration action buttons to save or cancel changes to the configuration. It is important to remember that clicking your web-browsers Back button returns you to the previous page without saving any changes you have made. Clicking Cancel cancels any changes you made on the page and keeps you on that page. Changes are only applied when you click Apply. Figure 2-1 shows the web-browser interface home page.Figure 2-1 Web-Browser Interface Home Page

Note

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-2

OL-14209-01

Chapter 2

Using the Web-Browser Interface Using the Management Pages in the Web-Browser Interface

Using Action ButtonsTable 2-1 lists the page links and buttons that appear on most management pages.Table 2-1 Common Buttons on Management Pages

Button/LinkNavigation Links

Description Displays wireless device status page with information on the number of radio devices associated to the wireless device, the status of the Ethernet and radio interfaces, and a list of recent wireless device activity. Displays the Express Setup page that includes basic settings such as system name, IP address, and role in radio network. Displays the Express Security page that you use to create SSID and assign security settings to them. Displays a list of infrastructure devices on your wireless LAN. Displays a list of all devices on your wireless LAN, listing their system names, network roles, and parent-client relationships. Displays status and statistics for the Ethernet and radio interfaces and provides links to configuration pages for each interface. Displays a summary of security settings and provides links to security configuration pages. Displays status for several wireless device features and links to configuration pages for Telnet/SSH, CDP, domain name server, filters, QoS, SNMP, SNTP, and VLANs. Displays a summary of wireless services used with CCKM and provides links to WDS configuration pages. Displays the version number of the firmware that the wireless device is running and provides links to configuration pages for upgrading and managing firmware. Displays the wireless device event log and provides links to configuration pages where you can select events to be included in traps, set event severity levels, and set notification methods. Saves changes made on the page and remains on the page. Updates status information or statistics displayed on a page. Discards changes to the page and remains on the page. Discards any changes made to the page and returns to the previous page.

Home

Express Setup Express Security Network Map Association Network Interfaces Security Services

Wireless Services System Software

Event Log

Configuration Action Buttons

Apply Refresh Cancel Back

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-3

Chapter 2 Enabling HTTPS for Secure Browsing

Using the Web-Browser Interface

Character Restrictions in Entry FieldsBecause the 1200 series access point uses Cisco IOS software, there are certain characters that you cannot use in the entry fields on the web-browser interface. You cannot use these characters in entry fields: ] + / Tab Trailing space

Enabling HTTPS for Secure BrowsingYou can protect communication with the access point web-browser interface by enabling HTTPS. HTTPS protects HTTP browser sessions by using the Secure Socket Layer (SSL) protocol. When you enable HTTPS, your browser might lose its connection to the access point. If you lose the connection, change the URL in your browsers address line from http://ip_address to https://ip_address and log into the access point again.

Note

Note

When you enable HTTPS, most browsers prompt you for approval each time you browse to a device that does not have a fully qualified domain name (FQDN). To avoid the approval prompts, complete Step 2 through Step 9 in these instructions to create an FQDN for the access point. However, if you do not want to create an FQDN, skip to Step 10. Follow these steps to create an FQDN and enable HTTPS:

Step 1 Step 2

If your browser uses popup-blocking software, disable the popup-blocking feature. Browse to the Express Setup page. Figure 2-2 shows the Express Setup page.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-4

OL-14209-01

Chapter 2

Using the Web-Browser Interface Enabling HTTPS for Secure Browsing

Figure 2-2

Express Setup Page

Step 3 Step 4

Enter a name for the access point in the System Name field and click Apply. Browse to the Services DNS page. Figure 2-3 shows the Services DNS page.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-5

Chapter 2 Enabling HTTPS for Secure Browsing

Using the Web-Browser Interface

Figure 2-3

Services DNS Page

Step 5 Step 6 Step 7 Step 8

Select Enable for Domain Name System. In the Domain Name field, enter your companys domain name. At Cisco Systems, for example, the domain name is cisco.com. Enter at least one IP address for your DNS server in the Name Server IP Addresses entry fields. Click Apply. The access points FQDN is a combination of the system name and the domain name. For example, if your system name is ap1100 and your domain name is company.com, the FQDN is ap1100.company.com. Enter the FQDN on your DNS server. If you do not have a DNS server, you can register the access points FQDN with a dynamic DNS service. Search the Internet for dynamic DNS to find a fee-based DNS service.

Step 9

Tip

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-6

OL-14209-01

Chapter 2

Using the Web-Browser Interface Enabling HTTPS for Secure Browsing

Step 10

Browse to the Services: HTTP Web Server page. Figure 2-4 shows the HTTP Web Server page:Figure 2-4 Services: HTTP Web Server Page

Step 11 Step 12

Select the Enable Secure (HTTPS) Browsing check box and click Apply. Enter a domain name and click Apply. Although you can enable both standard HTTP and HTTPS, Cisco recommends that you enable one or the other.

Note

A warning window appears stating that you will use HTTPS to browse to the access point. The window also instructs you to change the URL that you use to browse to the access point from http to https. Figure 2-5 shows the warning window:Figure 2-5 HTTPS Warning Window

Step 13

Click OK. The address in your browsers address line changes from http://ip-address to https://ip-address.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-7

Chapter 2 Enabling HTTPS for Secure Browsing

Using the Web-Browser Interface

Step 14

Another warning window appears stating that the access points security certificate is valid but is not from a known source. However, you can accept the certificate with confidence because the site in question is your own access point. Figure 2-6 shows the certificate warning window:Figure 2-6 Certificate Warning Window

Step 15

Click View Certificate to accept the certificate before proceeding. (To proceed without accepting the certificate, click Yes, and skip to Step 24 in these instructions.) Figure 2-7 shows the Certificate window.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-8

OL-14209-01

Chapter 2

Using the Web-Browser Interface Enabling HTTPS for Secure Browsing

Figure 2-7

Certificate Window

Step 16

On the Certificate window, click Install Certificate. The Microsoft Windows Certificate Import Wizard appears. Figure 2-8 shows the Certificate Import Wizard window.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-9

Chapter 2 Enabling HTTPS for Secure Browsing

Using the Web-Browser Interface

Figure 2-8

Certificate Import Wizard Window

Step 17

Click Next. The next window asks where you want to store the certificate. Cisco recommends that you use the default storage area on your system. Figure 2-9 shows the window that asks about the certificate storage area.Figure 2-9 Certificate Storage Area Window

Step 18

Click Next to accept the default storage area. A window appears that states that you successfully imported the certificate. Figure 2-10 shows the completion window.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-10

OL-14209-01

Chapter 2

Using the Web-Browser Interface Enabling HTTPS for Secure Browsing

Figure 2-10

Certificate Completion Window

Step 19

Click Finish. Windows displays a final security warning. Figure 2-11 shows the security warning.Figure 2-11 Certificate Security Warning

Step 20

Click Yes. Windows displays another window stating that the installation is successful. Figure 2-12 shows the completion window.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-11

Chapter 2 Enabling HTTPS for Secure Browsing

Using the Web-Browser Interface

Figure 2-12

Import Successful Window

Step 21 Step 22 Step 23 Step 24

Click OK. On the Certificate window shown in Figure 2-7, which is still displayed, click OK. On the Security Alert window shown in Figure 2-6, click Yes. The access point login window appears and you must log into the access point again. The default user name is Cisco (case-sensitive) and the default password is Cisco (case-sensitive).

CLI Configuration ExampleThis example shows the CLI commands that are equivalent to the steps listed in the Enabling HTTPS for Secure Browsing section on page 2-4:AP# configure terminal AP(config)# hostname ap1100 AP(config)# ip domain name company.com AP(config)# ip name-server 10.91.107.18 AP(config)# ip http secure-server AP(config)# end

In this example, the access point system name is ap1100, the domain name is company.com, and the IP address of the DNS server is 10.91.107.18. For complete descriptions of the commands used in this example, consult the Cisco IOS Commands Master List, Release 12.3. Click this link to browse to the master list of commands: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123mindx/index.htm

Deleting an HTTPS CertificateThe access point generates a certificate automatically when you enable HTTPS. However, if you need to change the access points fully qualified domain name (FQDN) or you need to add an FQDN after enabling HTTPS, you might need to delete the certificate. Follow these steps:Step 1 Step 2 Step 3 Step 4

Browse to the Services: HTTP Web Server page. Uncheck the Enable Secure (HTTPS) Browsing check box to disable HTTPS. Click Delete Certificate to delete the certificate. Re-enable HTTPS. The access point generates a new certificate using the new FQDN.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-12

OL-14209-01

Chapter 2

Using the Web-Browser Interface Using Online Help

Using Online HelpClick the help icon at the top of any page in the web-browser interface to display online help. Figure 2-13 shows the help and print icons.Figure 2-13 Help and Print Icons

When a help page appears in a new browser window, use the Select a topic drop-down menu to display the help index or instructions for common configuration tasks, such as configuring VLANs.

Changing the Location of Help FilesCisco maintains up-to-date HTML help files for access points on the Cisco web site. By default, the access point opens a help file on Cisco.com when you click the help button on the access point web-browser interface. However, you can install the help files on your network so your access points can access them there. Follow these steps to install the help files locally:Step 1

Download the help files from the Software Center on Cisco.com. Click this link to browse to the Software Centers Wireless Software page: http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless Select the help files that match the software version on your access point. Unzip the help files on your network in a directory accessible to your access point. When you unzip the help files, the HTML help pages are stored in a folder named according to the help version number and access point model number. Browse to the Services: HTTP Web Server page in the access point web-browser interface. In the Default Help Root URL entry field, enter the complete path to the location where you unzipped the help files. When you click the access point help button, the access point automatically appends the help version number and model number to the path that you enter. Do not add the help version number and device model number to the Default Help Root URL entry. The access point automatically adds the help version and model number to the help root URL. If you unzip the help files on your network file server at //myserver/myhelp, your Default Help Root URL looks like this: http://myserver/myhelp

Step 2

Step 3 Step 4

Note

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

2-13

Chapter 2 Disabling the Web-Browser Interface

Using the Web-Browser Interface

Table 2-2 shows an example help location and Help Root URL for an 1100 series access point.Table 2-2 Example Help Root URL and Help Location

Files Unzipped at This Location Default Help Root URL //myserver/myhelpStep 5

Actual Location of Help Files //myserver/myhelp/123-02.JA/1100

http://myserver/myhelp

Click Apply.

Disabling the Web-Browser InterfaceTo prevent all use of the web-browser interface, select the Disable Web-Based Management check box on the Services: HTTP-Web Server page and click Apply. To re-enable the web-browser interface, enter this global configuration command on the access point CLI:ap(config)# ip http server

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

2-14

OL-14209-01

C H A P T E R

3

Using the Command-Line InterfaceThis chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless device. It contains these sections:

Cisco IOS Command Modes, page 3-2 Getting Help, page 3-3 Abbreviating Commands, page 3-3 Using no and default Forms of Commands, page 3-4 Understanding CLI Messages, page 3-4 Using Command History, page 3-4 Using Editing Features, page 3-6 Searching and Filtering Output of show and more Commands, page 3-8 Accessing the CLI, page 3-9

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3-1

Chapter 3 Cisco IOS Command Modes

Using the Command-Line Interface

Cisco IOS Command ModesThe Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode. When you start a session on the wireless device, you begin in user mode, often called user EXEC mode. A subset of the Cisco IOS commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the wireless device reboots. To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. From this mode, you must enter privileged EXEC mode before you can enter the global configuration mode. Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the wireless device reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode. Table 3-1 describes the main command modes, how to access each one, the prompt you see in that mode, and how to exit the mode. The examples in the table use the host name ap.Table 3-1 Command Mode Summary

Mode User EXEC

Access Method

Prompt

Exit Method Enter logout or quit.

About This Mode Use this mode to:

Begin a session with ap> the wireless device.

Change terminal settings Perform basic tests Display system information

Privileged EXEC

While in user EXEC ap# mode, enter the enable command. While in privileged EXEC mode, enter the configure command.ap(config)#

Enter disable to exit.

Use this mode to verify commands. Use a password to protect access to this mode.

Global configuration

To exit to privileged Use this mode to configure EXEC mode, enter exit or parameters that apply to the end, or press Ctrl-Z. entire wireless device. To exit to global configuration mode, enter exit. To return to privileged EXEC mode, press Ctrl-Z or enter end. Use this mode to configure parameters for the Ethernet and radio interfaces. The 2.4-GHz radio and the 802.11n 2.4-GHz radio is radio 0, The 5-GHz radio and the 802.11n 5-GHz radio radio 1.

Interface configuration

ap(config-if)# While in global configuration mode, enter the interface command (with a specific interface).

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

3-2

OL-14209-01

Chapter 3

Using the Command-Line Interface Getting Help

Getting HelpYou can enter a question mark (?) at the system prompt to display a list of commands available for each command mode. You can also obtain a list of associated keywords and arguments for any command, as shown in Table 3-2.Table 3-2 Help Summary

Command help abbreviated-command-entry?

Purpose Obtains a brief description of the help system in any command mode. Obtains a list of commands that begin with a particular character string. For example:ap# di? dir disable disconnect

abbreviated-command-entry

Completes a partial command name. For example:ap# sh conf ap# show configuration

?

Lists all commands available for a particular command mode. For example:ap> ?

command ?

Lists the associated keywords for a command. For example:ap> show ?

command keyword ?

Lists the associated arguments for a keyword. For example:ap(config)# cdp holdtime ? Length of time (in sec) that receiver must keep this packet

Abbreviating CommandsYou have to enter only enough characters for the wireless device to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command:ap# show conf

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3-3

Chapter 3 Using no and default Forms of Commands

Using the Command-Line Interface

Using no and default Forms of CommandsMost configuration commands also have a no form. In general, use the no form to disable a feature or function or reverse the action of a command. For example, the no shutdown interface configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Configuration commands can also have a default form. The default form of a command returns the command setting to its default. Most commands are disabled by default, so the default form is the same as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values.

Understanding CLI MessagesTable 3-3 lists some error messages that you might encounter while using the CLI to configure the wireless device.Table 3-3 Common CLI Error Messages

Error Message% Ambiguous command: "show con"

Meaning You did not enter enough characters for the wireless device to recognize the command.

How to Get Help Re-enter the command followed by a question mark (?) with a space between the command and the question mark. The possible keywords that you can enter with the command are displayed.

% Incomplete command.

You did not enter all the keywords or Re-enter the command followed by a question mark (?) values required by this command. with a space between the command and the question mark. The possible keywords that you can enter with the command are displayed.

% Invalid input detected at ^ marker.

You entered the command incorrectly. The caret (^) marks the point of the error.

Enter a question mark (?) to display all the commands that are available in this command mode. The possible keywords that you can enter with the command are displayed.

Using Command HistoryThe CLI provides a history or record of commands that you have entered. This feature is particularly useful for recalling long or complex commands or entries, including access lists. You can customize the command history feature to suit your needs as described in these sections:

Changing the Command History Buffer Size, page 3-5 Recalling Commands, page 3-5 Disabling the Command History Feature, page 3-5

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

3-4

OL-14209-01

Chapter 3

Using the Command-Line Interface Using Command History

Changing the Command History Buffer SizeBy default, the wireless device records ten command lines in its history buffer. Beginning in privileged EXEC mode, enter this command to change the number of command lines that the wireless device records during the current terminal session:ap# terminal history [size number-of-lines]

The range is from 0 to 256. Beginning in line configuration mode, enter this command to configure the number of command lines the wireless device records for all sessions on a particular line:ap(config-line)# history

[size number-of-lines]

The range is from 0 to 256.

Recalling CommandsTo recall commands from the history buffer, perform one of the actions listed in Table 3-4:Table 3-4 Recalling Commands

Action1 Press Ctrl-P or the up arrow key. Press Ctrl-N or the down arrow key.

Result Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands. While in privileged EXEC mode, list the last several commands that you just entered. The number of commands that are displayed is determined by the setting of the terminal history global configuration command and history line configuration command.

show history

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Disabling the Command History FeatureThe command history feature is automatically enabled. To disable the feature during the current terminal session, enter the terminal no history privileged EXEC command. To disable command history for the line, enter the no history line configuration command.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3-5

Chapter 3 Using Editing Features

Using the Command-Line Interface

Using Editing FeaturesThis section describes the editing features that can help you manipulate the command line. It contains these sections:

Enabling and Disabling Editing Features, page 3-6 Editing Commands Through Keystrokes, page 3-6 Editing Command Lines that Wrap, page 3-7

Enabling and Disabling Editing FeaturesAlthough enhanced editing mode is automatically enabled, you can disable it. To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode:ap# terminal editing

To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode:ap(config-line)# editing

To globally disable enhanced editing mode, enter this command in line configuration mode:ap(config-line)# no editing

Editing Commands Through KeystrokesTable 3-5 shows the keystrokes that you need to edit command lines.Table 3-5 Editing Commands Through Keystrokes

Capability Move around the command line to make changes or corrections.

Keystroke1 Ctrl-B or the left arrow key Ctrl-F or the right arrow key Ctrl-A Ctrl-E Esc B Esc F Ctrl-T

Purpose Move the cursor back one character. Move the cursor forward one character. Move the cursor to the beginning of the command line. Move the cursor to the end of the command line. Move the cursor back one word. Move the cursor forward one word. Transpose the character to the left of the cursor with the character located at the cursor. Recall the most recent entry in the buffer. Recall the next buffer entry. The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.

Recall commands from the buffer Ctrl-Y and paste them in the command line. Esc Y The wireless device provides a buffer with the last ten items that you deleted.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

3-6

OL-14209-01

Chapter 3

Using the Command-Line Interface Using Editing Features

Table 3-5

Editing Commands Through Keystrokes (continued)

Capability

Keystroke1

Purpose Erase the character to the left of the cursor. Delete the character at the cursor. Delete all characters from the cursor to the end of the command line. Delete all characters from the cursor to the beginning of the command line. Delete the word to the left of the cursor. Delete from the cursor to the end of the word. Capitalize at the cursor. Change the word at the cursor to lowercase. Capitalize letters from the cursor to the end of the word.

Delete entries if you make a mistake Delete or Backspace or change your mind. Ctrl-D Ctrl-K Ctrl-U or Ctrl-X Ctrl-W Esc D Capitalize or lowercase words or capitalize a set of letters. Esc C Esc L Esc U Ctrl-V or Esc Q Designate a particular keystroke as an executable command, perhaps as a shortcut. Scroll down a line or screen on displays that are longer than the terminal screen can display.Note

Return Space

Scroll down one line. Scroll down one screen.

The More prompt appears for output that has more lines than can be displayed on the terminal screen, including show command output. You can use the Return and Space bar keystrokes whenever you see the More prompt. Redisplay the current command line.

Redisplay the current command line Ctrl-L or Ctrl-R if the wireless device suddenly sends a message to your screen.1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Editing Command Lines that WrapYou can use a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Note

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3-7

Chapter 3 Searching and Filtering Output of show and more Commands

Using the Command-Line Interface

In this example, the access-list global configuration command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.ap(config)# ap(config)# ap(config)# ap(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1 $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25 $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been scrolled to the right:ap(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width privileged EXEC command to set the width of your terminal. Use line wrapping with the command history feature to recall and modify previous complex command entries. For information about recalling previous command entries, see the Editing Commands Through Keystrokes section on page 3-6.

Searching and Filtering Output of show and more CommandsYou can search and filter the output for show and more commands. This is useful when you need to sort through large amounts of output or if you want to exclude output that you do not need to see. To use this functionality, enter a show or more command followed by the pipe character (|), one of the keywords begin, include, or exclude, and an expression that you want to search for or filter out: command | {begin | include | exclude} regular-expression Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. This example shows how to include in the output display only lines where the expression protocol appears:ap# show interfaces | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down GigabitEthernet0/1 is up, line protocol is down GigabitEthernet0/2 is up, line protocol is up

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

3-8

OL-14209-01

Chapter 3

Using the Command-Line Interface Accessing the CLI

Accessing the CLIYou can open the wireless devices CLI using Telnet or Secure Shell (SSH).

Opening the CLI with TelnetFollow these steps to open the CLI with Telnet. These steps are for a PC running Microsoft Windows with a Telnet terminal application. Check your PC operating instructions for detailed instructions for your operating system.Step 1

Select Start > Programs > Accessories > Telnet. If Telnet is not listed in your Accessories menu, select Start > Run, type Telnet in the entry field, and press Enter.

Step 2

When the Telnet window appears, click Connect and select Remote System. In Windows 2000, the Telnet window does not contain drop-down menus. To start the Telnet session in Windows 2000, type open followed by the wireless devices IP address.

Note

Step 3 Step 4

In the Host Name field, type the wireless devices IP address and click Connect. At the username and password prompts, enter your administrator username and password. The default username is Cisco, and the default password is Cisco. The default enable password is also Cisco. Usernames and passwords are case-sensitive.

Opening the CLI with Secure ShellSecure Shell Protocol is a protocol that provides a secure, remote connection to networking devices set up to use it. Secure Shell (SSH) is a software package that provides secure login sessions by encrypting the entire session. SSH features strong cryptographic authentication, strong encryption, and integrity protection. For detailed information on SSH, visit the homepage of SSH Communications Security, Ltd. at this URL: http://www.ssh.com/ SSH provides more security for remote connections than Telnet by providing strong encryption when a device is authenticated. SSH versions 1 and 2 are supported in this release. See the Configuring the Access Point for Secure Shell section on page 5-25 for detailed instructions on setting up the wireless device for SSH access.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01

3-9

Chapter 3 Accessing the CLI

Using the Command-Line Interface

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

3-10

OL-14209-01

C H A P T E R

4

Configuring the Access Point for the First TimeThis chapter describes how to configure basic settings on the wi