Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, Cisco IOS Release 12.3(8)JA
Index
Downloads: This chapterpdf (PDF - 787.0KB) The complete bookPDF (PDF - 7.92MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

1130AG series indicators 22-6

1240AG access point support 1-8

1240AG series indicators 22-9

1300 outdoor access point/bridge indicators 22-10

350 series bridge interoperability 8-3

802.11d 6-18

802.11e 15-2

802.11g 6-28

802.11i 6-22

802.1H 6-23

802.1x authentication 9-2

802.1X Supplicant

applying credentials to interface or SSID 2-28

configuring 2-27

creating a credentials profile 2-27

creating and applying EAP method profiles 2-30

A

AAA authentication/authorization cache and profile 1-9

abbreviating commands 4-3

Access point link role flexibility 1-8

access point security settings, matching client devices 11-19

accounting

with RADIUS 13-13

with TACACS+ 13-22, 13-28

accounting command 7-5

Address Resolution Protocol (ARP) 6-23

AES-CCMP 1-8, 10-2

Aironet Client Utility (ACU) 22-15

Aironet extensions 6-10, 6-22

antenna

selection 6-20

antenna command 6-21

Apply button 3-4

ARP

caching 5-26

description 1-7

associations, limiting by MAC address 16-6

attributes, RADIUS

sent by the access point 13-19

vendor-proprietary 13-16

vendor-specific 13-15

authentication 4-9

local mode with AAA 5-19

RADIUS

key 13-5

login 5-10, 13-7

SSID 7-2

TACACS+

defined 13-22

key 13-24

login 5-15, 13-25

authentication client command 7-5

authentication server

configuring access point as local server 9-2

described 1-7

EAP 11-4, 13-3

authentication types

Network-EAP 11-4

open 11-2

shared key 11-3

authenticator 9-1

authorization

with RADIUS 5-14, 13-11

with TACACS+ 5-17, 13-22, 13-26

B

Back button 3-4

backoff 6-28

backup authenticator, local 9-1

bandwidth 6-11

banners

configuring

login 5-37

message-of-the-day login 5-35

default configuration 5-35

when displayed 5-35

basic settings

checking 22-15

beacon dtim-period command 6-26

beacon period command 6-26

bit-flip attack 6-22

blocking communication between clients 6-24

BR350 interoperability 8-3

bridge-group command 6-25

bridge virtual interface (BVI) 2-26

broadcast-key command 11-15

broadcast key rotation 10-1, 10-3

BSSIDs 7-8

buttons

management pages 3-4

web-browser 3-2

C

caching MAC authentications 11-15

call admission control 1-4

Called-Station-ID

See CSID

Cancel button 3-4

capture frames 12-29

carrier busy test 6-28

Catalyst 6500 Series 12-1

CCKM 11-6

authenticated clients 11-6

described 1-7

CCK modulation 6-9

CDP

disabling for routing device 17-4

enabling and disabling

on an interface 17-4

monitoring 17-4

cdp enable command 17-4

cdp run command 17-3

Cisco Centralized Key Management (CCKM)

See CCKM

Cisco Discovery Protocol (CDP) 17-1

Cisco Key Integrity Protocol (CKIP) 6-22

Cisco TAC 22-1

CiscoWorks 2000 18-4

clear command 4-2

CLI 4-1

abbreviating commands 4-3

command modes 4-2

editing features

enabling and disabling 4-6

keystroke editing 4-6

wrapped lines 4-7

error messages 4-4

filtering command output 4-8

getting help 4-3

history 4-4

changing the buffer size 4-5

described 4-4

disabling 4-5

recalling commands 4-5

no and default forms of commands 4-4

Secure Shell (SSH) 4-9

Telnet 4-9

terminal emulator settings 2-5, 2-6, 2-7

client ARP caching 5-26

client communication, blocking 6-24

client power level, limiting 6-10

command-line interface

See CLI

command modes 4-2

commands

abbreviating 4-3

accounting 7-5

antenna 6-21

authentication client 7-5

beacon dtim-period 6-26

beacon period 6-26

bridge-group 6-25

broadcast-key 11-15

cdp enable 17-4

cdp run 17-3

clear 4-2

countermeasure tkip hold-time 11-17

debug 21-2

default form 4-4

del 22-18

dot11 aaa mac-authen filter-cache 11-15

dot11 extension aironet 6-22

dot11 holdoff-time 11-16

dot11 interface-number carrier busy 6-28

dot1x client-timeout 11-16

dot1x reauth-period 11-17

edit 4-6

encapsulation dot1q 14-6

encryption 10-4

fragment-threshold 6-27

guest-mode 7-5

help 4-3

infrastructure-client 6-24

infrastructure-ssid 7-5

interface dot11radio 1-9, 6-2

ip domain-name 5-34

ip redirect 7-13

no and default 4-4

no shutdown 4-4

packet retries 6-27

payload-encapsulation 6-23

permit tcp-port 7-13

power client 6-10

power local 6-9

recall 4-5

rts retries 6-26

rts threshold 6-26

set 22-22

set BOOT 22-22

setting privilege levels 5-8

show 4-2

show dot11 associations 7-7

show ip interface 2-4

slot-time-short 6-28

sort 4-8

speed 6-7

ssid 7-5, 11-10, 14-6

switchport protected 6-25

terminal history 4-5

terminal width 4-8

tftp_init 22-21

vlan 7-5, 14-6

world-mode 6-19

wpa-psk 11-14

commands station role 6-3

community strings

configuring 18-6

overview 18-4

Complementary Code Keying (CCK)

See CCK

configuration files

creating using a text editor 20-10

deleting a stored configuration 20-18

downloading

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-13

using RCP 20-16

using TFTP 20-11

guidelines for creating and using 20-9

invalid combinations when copying 20-5

system contact and location information 18-10

types and location 20-9

uploading

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-14

using RCP 20-17

using TFTP 20-11

connections, secure remote 5-25

countermeasure tkip hold-time command 11-17

crypto software image 5-25

CSID format, selecting 13-14

D

Data Beacon Rate 6-26

data rate setting 6-5

data retries 6-27

data volume 2-12

daylight saving time 5-30

debug command 21-2

default commands 4-4

default configuration

banners 5-35

DNS 5-33

password and privilege level 5-4

RADIUS 5-10, 13-4

resetting 22-16

SNMP 18-5

system message logging 21-3

system name and prompt 5-32

TACACS+ 5-15, 13-24

default gateway 2-12

default username 2-3

del command 22-18

delivery traffic indication message (DTIM) 6-26

DFS 1-5, 6-15

DHCP server

configuring access point as 5-22

receiving IP settings from 2-11

directories

changing 20-4

creating and removing 20-4

displaying the working 20-4

disable web-based management 3-14

diversity 6-20

DNS

default configuration 5-33

displaying the configuration 5-35

overview 5-33

setting up 5-34

domain names

DNS 5-33

Domain Name System

See DNS

dot11 aaa mac-authen filter-cache command 11-15

dot11 extension aironet command 6-22

dot11 holdoff-time commands 11-16

dot11 interface-number carrier busy command 6-28

dot1x client-timeout command 11-16

dot1x reauth-period command 11-17

downloading

configuration files

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-13

using RCP 20-16

using TFTP 20-11

image files

deleting old image 20-22

preparing 20-20, 20-23, 20-27

reasons for 20-18

using FTP 20-24

using RCP 20-29

using TFTP 20-21

DTIM 6-26

duplex, Ethernet port 5-18

Dynamic Frequency Selection 6-15

E

EAP authentication, overview 11-4

EAP-FAST 1-4, 9-1, 9-2

EAP-FAST authentication 11-20

EAP-SIM authentication

setting on client and access point 11-22

EAP-TLS 1-4

applying EAP method profiles to 11-17

EAP-TLS authentication

setting on client and access point 11-21

edit CLI commands 4-6

editing features

enabling and disabling 4-6

keystrokes used 4-6

wrapped lines 4-7

enable password 5-6

enable secret password 5-6

encapsulation dot1q command 14-6

encapsulation method 6-23

encrypted software image 5-25

encryption command 10-4

encryption for passwords 5-6

error and event messages C-1

error messages

802.11 subsystem messages C-5

association management messages C-4

CLI 4-4

during command entry 4-4

explained C-2

inter-access point protocol messages C-17

local authenticator messages C-18

setting the display destination device 21-5

severity levels 21-7

software auto upgrade messages C-3

system message format 21-2

unzip messages C-5

Ethernet indicator 22-4

Ethernet speed and duplex settings 5-18

Ethertype filter 16-1

event log 3-4

event messages C-1

Express Security page 3-4, 2-14

Express Setup page 3-4

F

fallback role 6-3

fast secure roaming 12-1

files

copying 20-5

deleting 20-5

displaying the contents of 20-8

tar

creating 20-6

displaying the contents of 20-6

extracting 20-7

image file format 20-19

file system

displaying available file systems 20-2

displaying file information 20-3

local file system names 20-2

network file system names 20-5

setting the default 20-3

filtering

Ethertype filters 16-11

IP filters 16-8

MAC address filters 16-3

show and more command output 4-8

filter output (CLI commands) 4-8

firmware

upgrade 3-1

version 3-4

Flash 20-1

Flash device, number of 20-2

forward-delay time

STP 8-7

fragmentation threshold 6-27

fragment-threshold command 6-27

frequencies 6-12, 6-13, 6-14

FTP

accessing MIB files B-2

configuration files

downloading 20-13

overview 20-12

preparing the server 20-13

uploading 20-14

image files

deleting old image 20-26

downloading 20-24

preparing the server 20-23

uploading 20-26

G

gain 6-20

get-bulk-request operation 18-3

get-next-request operation 18-3, 18-4

get-request operation 18-3, 18-4

get-response operation 18-3

global configuration mode 4-2

gratuitous probe response 1-4

Gratuitous Probe Response (GPR)

enabling and disabling 6-21

group key updates 11-14

guest-mode command 7-5

guest SSID 7-2

H

help 3-13

help, for the command line 4-3

history

changing the buffer size 4-5

described 4-4

disabling 4-5

recalling commands 4-5

history (CLI) 4-4

history table, level and number of syslog messages 21-8

Home button 3-4

HTTPS 3-5

HTTP Web Server v1.1 1-8

I

IBNS 802.1x 1-4

IEEE 802.1X local authentication service for EAP-FAST 1-8

image, operating system 22-18

indicators 22-2

infrastructure-client command 6-24

infrastructure device 7-5

infrastructure-ssid command 7-5

inter-client communication, blocking 6-24

interface

CLI 4-1

web-browser 3-1

interface configuration mode 4-2

interface dot11radio command 1-9, 6-2

interfaces 3-4

intrusion detection 12-1

invalid characters in 14-6

IP address, finding and setting 2-25

ip domain-name command 5-34

IP filters 16-8

IP-Redirect 1-8

ip redirect command 7-13

IP redirection 7-11, 7-12

IPSU 2-25

IP subnet mask 2-12

ISO designators for protocols A-1

J

jitter 15-2

K

key features 1-2

keystrokes (edit CLI commands) 4-6

L

latency 15-2

Layer 3 mobility 12-5

LBS 6-17

LEAP

described 1-7

LEAP authentication

local authentication 9-1

setting on client and access point 11-20

LED indicators

Ethernet 22-4

radio traffic 22-4

status 22-4

Light Extensible Authentication Protocol

See LEAP

limiting client associations by MAC address 16-6

limiting client power level 6-10

line configuration mode 4-2

load balancing 6-22

local authenticator, access point as 9-1

Location-Based Services 6-17

login authentication

with RADIUS 5-10, 13-7

with TACACS+ 5-15, 13-25

login banners 5-35

log messages

See system message logging

low power condition 22-14

M

MAC address 2-26

ACLs, blocking association with 16-6

filter 16-1, 16-3

troubleshooting 22-15

MAC authentication caching 11-15

MAC-based authentication 9-1, 9-2

management

CLI 4-1

map,network 3-4

maximum data retries 6-27

Maximum RTS Retries 6-26

Media Access Control (MAC) address 2-4

Message Integrity Check (MIC) 1-6, 6-22, 10-1, 22-15

message-of-the-day (MOTD) 5-35

messages

to users through banners 5-35

metrics

VoWLAN 1-5

MIBs

accessing files with FTP B-2

location of files B-2

overview 18-2

SNMP interaction with 18-4

MIC 10-1

Microsoft IAS servers 11-2

Microsoft WPS IE SSIDL 1-8

migration mode, WPA 11-13

mobility groups 1-3

mode (role) 6-3

mode button 22-18

disabling 5-2

enabling 5-2

modes

global configuration 4-2

interface configuration 4-2

line configuration 4-2

privileged EXEC 4-2

user EXEC 4-2

monitoring

CDP 17-4

monitor mode 12-29

move the cursor (CLI) 4-6

multicast

IGMP snooping-based 1-3

multicast messages 6-23

multiple basic SSIDs 7-8

N

names, VLAN 14-7

Network Admission Control (NAC) 1-9

Network-EAP 11-4

network map 3-4

no commands 4-4

non-root 2-12

no shutdown command 4-4

notification 3-4

O

OFDM 6-9

OK button 3-4

optional ARP caching 5-26

Orthogonal Frequency Division Multiplexing (OFDM)

See OFDM

P

packet handling

VoIP 1-5

packet of disconnect (PoD)

configuring 13-12

packet retries command 6-27

packet size (fragment) 6-27

password reset 22-16

passwords

default configuration 5-4

encrypting 5-6

overview 5-3

setting

enable 5-4

enable secret 5-6

with usernames 5-7

payload-encapsulation command 6-23

PEAP authentication

setting on client and access point 11-21

permit tcp-port command 7-13

per-VLAN Spanning Tree (PVST) 8-2

ports, protected 6-25

positioning packets 6-17

power client command 6-10

power level

on client devices 6-10

radio 6-22

power local command 6-9

power-save client device 6-26

preferential treatment of traffic

See QoS

pre-shared key 11-14

preventing unauthorized access 5-3

print 3-13

prioritization 15-2

privileged EXEC mode 4-2

privilege levels

exiting 5-9

logging into 5-9

overview 5-3, 5-8

setting a command with 5-8

protected ports 6-25

protocol filters 16-2

Public Secure Packet Forwarding (PSPF) 6-24

Q

QBSS 15-3

dot11e parameter 15-3

QBSS Basic Service Set 1-9

QoS

configuration guidelines 15-5

described 1-6

dot11e command 15-9

overview 15-2

Qos

QBSS Load IE 15-9

quality of service

See QoS

R

radar 1-5

radio

activity 6-28

congestion 6-11

indicator 22-4

interface 6-2

management 1-7

preamble 6-19

radio management 12-1

RADIUS

attributes

CSID format, selecting 13-14

sent by the access point 13-19

vendor-proprietary 13-16

vendor-specific 13-15

WISPr 13-17

configuring

access point as local server 9-2

accounting 13-13

authentication 5-10, 13-7

authorization 5-14, 13-11

communication, global 13-5, 13-15

communication, per-server 13-5

multiple UDP ports 13-5

default configuration 5-10, 13-4

defining AAA server groups 5-12, 13-9

displaying the configuration 5-15, 13-18

identifying the server 13-5

limiting the services to the user 5-14, 13-11

local authentication 9-2

method list, defined 13-4

operation of 13-3

overview 13-2

SSID 7-2

suggested network environments 13-2

tracking services accessed by user 13-13

RADIUS accounting 1-6

range 2-12

rate limit, logging 21-9

RCP

configuration files

downloading 20-16

overview 20-15

preparing the server 20-16

uploading 20-17

image files

deleting old image 20-31

downloading 20-29

preparing the server 20-27

uploading 20-31

reauthentication requests 11-2

recall commands 4-5

redirection, IP 7-11

regulatory

domains 6-12, 6-13, 6-14

reloading access point image 22-18

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

repeater 1-6

as a LEAP client 19-6

as a WPA client 19-7

chain of access points 19-2

request to send (RTS) 6-26

Resilient Tunnel Recovery 1-3

restricting access

overview 5-3

passwords and privilege levels 5-3

RADIUS 5-10, 13-1

TACACS+ 5-15

RFC

1042 6-23

1157, SNMPv1 18-2

1901, SNMPv2C 18-2

1902 to 1907, SNMPv2 18-2

RM21A & RM22A support 1-8

roaming 1-9

fast secure roaming using CCKM 12-1

rogue access point detection 1-7

role (mode) 6-3

role in radio network 6-2

root 2-12

rotation, broadcast key 10-1

rts retries command 6-26

RTS threshold 6-26

rts threshold command 6-26

S

secure remote connections 5-25

Secure Shell

See SSH

security 3-4

troubleshooting 22-15

security features 1-6

synchronizing 11-19

security settings, Express Security page 2-14

self-healing wireless LAN 1-7, 12-5

sequence numbers in log messages 21-6

serial

serial port connector 22-13

service set identifiers (SSIDs)

See SSID

service-type attribute 11-2

set BOOT command 22-22

set command 22-22

set-request operation 18-4

severity levels, defining in system messages 21-7

shared key 11-6

short slot time 6-28

show cdp traffic command 17-5

show command 4-2

show dot11 associations command 7-7

show ip interface command 2-4

Simple Network Management Protocol

See SNMP

Simple Network Time Protocol

See SNTP

slot-time-short command 6-28

SNMP

accessing MIB variables with 18-4

agent

described 18-3

disabling 18-5

community name 2-13

community strings

configuring 18-6

overview 18-4

configuration examples 18-10

default configuration 18-5

limiting system log messages to NMS 21-8

manager functions 18-3

overview 18-2, 18-4

server groups 18-7

shutdown mechanism 18-8

snmp-server view 18-10

status, displaying 18-12

system contact and location 18-10

trap manager, configuring 18-9

traps

described 18-3

enabling 18-8

overview 18-2, 18-4

types of 18-8

versions supported 18-2

SNMP, FTP MIB files B-2

snmp-server group command 18-7

SNMP versions supported 18-2

SNTP

overview 5-27

software image 22-18

upload and download 20-1

software images

location in Flash 20-19

tar file format, described 20-19

software upgrade

error and event messages C-3

sort (CLI commands) 4-8

spaces in an SSID 7-6

speed, Ethernet port 5-18

speed command 6-7

SSH 4-9

configuring 5-26

crypto software image 5-25

described 5-25

displaying settings 5-26

SSH Communications Security, Ltd. 4-9

SSID 7-2, 14-6

guest mode 7-2

invalid characters in 7-5, 11-10

multiple SSIDs 7-1

support 1-6

troubleshooting 22-15

using spaces in 7-6

VLAN 7-2

ssid command 7-5, 11-10, 14-6

rules for 11-10

SSL 3-5

standby mode 1-6

static WEP

with open authentication, setting on client and access point 11-19

with shared key authentication, setting on client and access point 11-19

station role command 6-3

statistics

CDP 17-4

SNMP input and output 18-12

status indicators 22-4

status page 3-4

STP

BPDU message exchange 8-3

designated port, defined 8-4

designated switch, defined 8-4

displaying status 8-14

inferior BPDU 8-4

interface states

blocking 8-7

disabled 8-8

forwarding 8-6, 8-8

learning 8-7

listening 8-7

overview 8-5

overview 8-2

root port, defined 8-4

superior BPDU 8-4

timers, described 8-5

summer time 5-30

switchport protected command 6-25

syslog

See system message logging

system clock

configuring

daylight saving time 5-30

manually 5-28

summer time 5-30

time zones 5-29

displaying the time and date 5-29

system management page 3-2

system message logging

default configuration 21-3

defining error message severity levels 21-7

disabling 21-4

displaying the configuration 21-12

enabling 21-4

facility keywords, described 21-11

level keywords, described 21-8

limiting messages 21-8

message format 21-2

overview 21-2

rate limit 21-9

sequence numbers, enabling and disabling 21-6

setting the display destination device 21-5

timestamps, enabling and disabling 21-6

UNIX syslog servers

configuring the daemon 21-10

configuring the logging facility 21-10

facilities supported 21-11

system name

default configuration 5-32

manual configuration 5-32

See also DNS

system prompt

default setting 5-32

T

TAC 22-1

TACACS+

accounting, defined 13-22

authentication, defined 13-22

authorization, defined 13-22

configuring

accounting 13-28

authentication key 13-24

authorization 5-17, 13-26

login authentication 5-15, 13-25

default configuration 5-15, 13-24

described 1-6

displaying the configuration 5-17, 13-29

identifying the server 13-24

limiting the services to the user 5-17, 13-26

operation of 13-23

overview 13-22

tracking services accessed by user 13-28

tar files

creating 20-6

displaying the contents of 20-6

extracting 20-7

image file format 20-19

Telnet 4-9, 2-27

Temporal Key Integrity Protocol (TKIP) 10-1

See TKIP

Terminal Access Controller Access Control System Plus

See TACACS+

terminal emulator 2-5

terminal history command 4-5

terminal width command 4-8

TFTP 22-21

configuration files

downloading 20-11

preparing the server 20-10

uploading 20-11

image files

deleting 20-22

downloading 20-21

preparing the server 20-20

uploading 20-22

password 5-6

tftp_init command 22-21

TFTP server 22-18

throughput 2-12

time

See SNTP and system clock

timestamps in log messages 21-6

time zones 5-29

TKIP 1-7, 6-22, 10-1, 10-3

traps 3-4

configuring managers 18-8

defined 18-3

enabling 18-8

notification types 18-8

overview 18-2, 18-4

Trivial File Transfer Protocol (TFTP)

See TFTP

troubleshooting 22-1, 22-6, 22-9, 22-14

1300 outdoor access point/bridge indicators 22-10

1300 outdoor access point/bridge power injector 22-13

error messages (CLI) 4-4

system message logging 21-2

with CiscoWorks 18-4

U

U-APSD 1-4

unauthorized access 5-3

UNIX syslog servers

daemon configuration 21-10

facilities supported 21-11

message logging configuration 21-10

upgrading software images

See downloading

uploading

configuration files

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-14

using RCP 20-17

using TFTP 20-11

image files

preparing 20-20, 20-23, 20-27

reasons for 20-18

using FTP 20-26

using RCP 20-31

using TFTP 20-22

user EXEC mode 4-2

username, default 2-3

username-based authentication 5-7

V

VLAN

local authentication 9-2

names 14-7

SSID 1-6, 7-2

VLAN assignment by name 1-8

vlan command 7-5, 14-6

voice 1-7

W

W52 1-5

WDS 12-1, 12-9

Web-based interface

common buttons 3-4

compatible browsers 3-1

web-browser buttons 3-2

web-browser interface 1-9, 3-1

WEP

key example 10-5

key hashing 1-6

with EAP 11-4

WEP key 22-15

troubleshooting 22-15

WIDS 12-6

Wi-Fi Multimedia 15-4

Wi-Fi Multimedia (WMM) 1-8

Wi-Fi Protected Access

See WPA

Wi-Fi Protected Access (WPA) 1-7, 2-17

wireless domain services (WDS) 1-7

Wireless Internet Service Provider (WISP) 1-7

wireless intrusion detection services 12-1

Wireless LAN Services Module 12-2

wireless repeater 1-6

WISPr 1-7

WISPr RADIUS attributes 13-17

WLSM

active and standby 1-3

MIB support 1-3

WMM 15-4

workgroup bridge 6-23

maximum number of clients allowed 6-3

world mode 1-6, 6-18, 6-22

world-mode command 6-19

WPA 11-7

WPA migration mode 11-13

wpa-psk command 11-14

wraparound (CLI commands) 4-7