The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Setting Up WLANs and WLAN Users
You can create and manage Wireless Local Area Networks (WLANs) through the WLAN Configuration window. Choose Wireless Settings > WLAN Users.
You can associate up to 16 WLANs with the Cisco Mobility Express controller. Cisco recommends a maximum of 4 WLANs. The controller assigns all the configured WLANs to all the connected APs.
Each WLAN has a unique WLAN ID, a unique profile name, and an SSID.
The WLAN name and SSID can have up to 32 characters.
Each connected AP advertises only the WLANs that are in an Enabled state. The APs do not advertise disabled WLANs.
The controller uses different attributes to differentiate between WLANs with the same SSID.
Peer-to-peer blocking does not apply to multicast traffic.
You cannot map a WLAN to VLAN0, and you cannot map VLANs 1002 to 1006.
Dual-stack clients with static IPv4 addresses are not supported.
When creating WLANs with the same SSID, create a unique profile name for each WLAN.
Step 1 | Choose
.
The WLAN Configuration window is displayed. |
Step 2 | To create a new WLAN, click Add New WLAN. The Add New WLAN window is displayed. |
Step 3 | Under the
General tab, set the following parameters:
|
Step 4 | Under the
WLAN
Security tab, set the following parameters:
|
Step 5 | Under the
VLAN
& Firewall tab, in the
Use
VLAN Tagging drop-down list, choose
Yes to enable VLAN tagging of packets. Then, choose
a
VLAN
ID from the drop-down list, to use for the tagging. By default VLAN
Tagging is disabled.
By enabling VLAN Tagging, the chosen VLAN ID is inserted into a packet header in order to identify which VLAN (Virtual Local Area Network) the packet belongs to. This enables the controller to use the VLAN ID to determine which VLAN to send a broadcast packet to, thereby providing traffic separation between VLANs. |
Step 6 | If you have
chosen to enable VLAN Tagging, then you have an option to enable a firewall for
the WLAN based on Access Control Lists (ACLs). An ACL is a set of rules used to
limit access to a particular WLAN to control data traffic to and from wireless
clients or to the controller CPU to control all traffic destined for the CPU.
Note that ACL rules are applied to the VLAN. Multiple WLANs can use the same VLAN, hence inheriting ACL rules, if any.
|
Step 7 | Quality of
service (QoS) refers to the capability of a network to provide better service
to selected network traffic over various technologies. The primary goal of QoS
is to provide priority, including dedicated bandwidth, controlled jitter and
latency (required by some real-time and interactive traffic), and improved loss
characteristics.
|
Step 8 | Application
Visibility classifies applications using the Network-Based
Application Recognition (NBAR2) engine, and provides application-level
visibility in wireless networks. Application Visibility enables the controller
to detect and recognize more than 1000 applications and perform real-time
analysis, and monitor network congestion and network link usage. This feature
contributes to the
Applications By Usage statistic in the
.
To enable Application Visibility, choose Enabled (the default option) from the Application Visibility drop-down list. Otherwise, choose Disabled. |
Step 9 | Click Apply. |
You can proceed to creating or editing user accounts for this WLAN. See Viewing and Managing WLAN Users.
To view and manage WLAN users, choose
.User name—Name of the WLAN user.
Guest user—If this checkbox is selected, then this is a guest user account with a limited validity of only 86400 seconds (or 24 hours) from the time of its creation.
WLAN Profile—The WLANs that this user can connect to.
Password—The password to be used when connecting to a WLAN.
Description—Additional details or comments about the user.
You can view and manage WLAN users only for the WPA2 Enterprise with Local Server setup. To use your Cisco Mobility Express wireless network, a wireless client should connect to a WLAN in the network. To connect to a WLAN, the wireless client will have to use the user credentials set for that WLAN. If this WLAN uses WPA2-Personal as a Security Policy, then the user must provide the appropriate WPA2-PSK set for that WLAN on the Controller AP. If the Security Policy is set to WPA2-Enterprise, the user must provide a valid user identity and the corresponding password set in the RADIUS user database.
User name—Specify a name for WLAN user account.
Guest user—Select this checkbox if this is meant to be a guest WLAN user account. You can also specify the validity of this account from the time of its creation, in seconds, the Lifetime field. The default value is 86400 seconds (that is, 24 hours). You can specify a lifetime value from 60 to 31536000 seconds (that is, 1 minute to 1 year).
WLAN Profile—Select the WLAN that this user can connect to. From the drop-down list, choose a particular WLAN, or choose Any WLAN to apply this account for all WLANs set up on the controller.
This drop-down list is populated with the WLANs which have been configured under Wireless Settings > WLANs.
For information on adding WLANs, see Adding a WLAN.
Password—The password to be used when connecting to a WLAN.
Description—Additional details or comments on the user.
To edit a WLAN user, click the Edit icon adjacent to the WLAN user whose details you want to edit and make the necessary changes.
To delete a WLAN user, click the Delete icon adjacent to the WLAN user you want to delete. and then click Ok in the confirmation dialog box.
Manage—The icons shown below indicate whether the AP is acting as Primary Controller (or Master AP) or a subordinate AP.
Location—Location of the AP.
Name—Name of the AP.
IP Address—IP address of the AP.
AP MAC—The MAC address of the AP.
Up Time—Shows how long the AP has been associated to the controller.
AP Model—The model number of the access point.
Step 1 | Choose
.
The Access Points Administration window is displayed. You can only administer those APs that are associated to the controller. |
Step 2 | Click the Edit icon adjacent to the AP you want to manage. The Edit window with the General tab is displayed. |
Step 3 | Under the
General tab, you can edit the following AP
parameters:
|
Step 4 | (Only for the master AP) Under the Controller tab, you can manually edit the following controller parameters for the integrated Mobility Express wireless LAN controller: |
Step 5 | Under the
802.11 b/g/n tab, you can set the following
parameters:
|
Step 6 | Under
the 802.11 a/n/ac tab, you can set the following
parameters:
|
Step 7 | Click Apply to save your changes and exit. |
Set up a new WLAN or decide on an existing WLAN, to which you will provide access for guest users.
You can also specifically set up a WLAN exclusively for guest access. This is done by setting the WLAN Security as Guest for that WLAN. For more information, see Adding a WLAN.
Set up a guest user account. Go to Wireless Settings > WLAN Users, and set up an account with the Guest User check box selected. For more information, see Viewing and Managing WLAN Users.
Step 1 | Choose
.
The Guest WLAN page is displayed. The number of Guest WLANs currently set up in the network is displayed at the top of the page. |
Step 2 | In the
window that is
displayed, set the following parameters:
|
Step 3 | Click Apply. |