Step 1 |
Choose
.
The
WLAN
Configuration window is displayed.
|
Step 2 |
To create a new
WLAN, click
Add New
WLAN.
The
Add New
WLAN window is displayed.
|
Step 3 |
Under the
General tab, set the following parameters:
-
WLAN ID—From the
drop-down list, choose an ID number for this WLAN.
-
Profile
Name—Enter up to 32 characters for the profile name to be assigned
to this WLAN. The profile name must be unique.
-
SSID—Enter up to
32 characters for the SSID to be assigned to this WLAN.
-
Admin State—From
the drop-down list, choose
Enabled to enable this WLAN. Otherwise choose
Disabled. The default is Enabled.
-
Radio Policy—The
radio policy allows you to optimize the RF settings for all the APs associated
with a WLAN. The selected radio policy applies to the 802.11 radios. Each radio
policy specifies which part of the spectrum the WLAN is advertised on, whether
it is on 2.4 GHz (the 802.11b or 802.11g modes) or on 5GHz (802.11a mode) or
both.
Set the RF profiles for APs that are associated with the controller. Choose one of the following from the Radio Policy drop-down list:
-
All (default)
-
802.11a only
-
802.11a/g
-
802.11g only
-
802.11b/g
|
Step 4 |
Under the
WLAN
Security tab, set the following parameters:
|
Step 5 |
Under the VLAN & Firewall tab, in the Use VLAN Tagging drop-down list, choose Yes to enable VLAN tagging of packets. Then, choose a VLAN ID from the drop-down list, to use for the tagging. By default, VLAN tagging is disabled.
Note
|
VLAN trunking is also disabled by default in Cisco Mobility Express. To enable VLAN trunking, execute config ap vlan-trunking enable ap-name on the command line interface of the Cisco Mobility Express controller.
|
By enabling VLAN Tagging, the chosen VLAN ID is inserted into a packet header in order to identify which VLAN (Virtual Local
Area Network) the packet belongs to. This enables the controller to use the VLAN ID to determine which VLAN to send a broadcast
packet to, thereby providing traffic separation between VLANs.
|
Step 6 |
If you have
chosen to enable VLAN Tagging, then you have an option to enable a firewall for
the WLAN based on Access Control Lists (ACLs). An ACL is a set of rules used to
limit access to a particular WLAN to control data traffic to and from wireless
clients or to the controller CPU to control all traffic destined for the CPU.
To enable an ACL-based firewall:
-
In the Enable Firewall drop-down list, choose Yes.
-
In the ACL Name field, enter a name for the new ACL. You can enter up to 32 alphanumeric characters. The ACL name must be unique.
-
Click Apply.
-
To set rules for the ACL, click Add Rule.
Note that ACL
rules are applied to the VLAN. Multiple WLANs can use the same VLAN, hence
inheriting ACL rules, if any.
Configure a rule for this ACL as follows:
-
From the Action drop-down list, choose Deny to cause this ACL to block packets or Permit to cause this ACL to allow packets. The default is Permit. The controller can permit or deny only IP packets in an ACL. Other
types of packets (such as ARP packets) cannot be specified.
-
From the Protocol drop-down list, choose the protocol ID of the IP packets to be used for this ACL. These are the protocol options:
-
Any—Any protocol (this is the default value)
-
TCP—Transmission Control Protocol
-
UDP—User Datagram Protocol
-
ICMP—Internet Control Message Protocol
ESP—IP Encapsulating Security Payload
-
AH—Authentication Header
-
GRE—Generic Routing Encapsulation
-
IP in IP—Internet Protocol (IP) in IP (permits or denies IP-in-IP packets)
-
Eth Over IP—Ethernet-over-Internet Protocol
-
OSPF—Open Shortest Path First
-
Other—Any other Internet Assigned Numbers Authority (IANA) protocol. If you choose Other, enter the number of the desired protocol
in the Protocol text box. You can find the list of available protocols in the IANA website.
-
In the Dest. IP/Mask field, enter the IP address and netmask of the specific destination.
-
If you have chosen TCP or UDP, you will need specify a Destination Port. This destination port can be used by applications that send and receive data to and from the networking stack. Some ports
are designated for certain applications such as Telnet, SSH, HTTP, and so on.
-
From the DSCP drop-down list, choose one of these options to specify the differentiated services code point (DSCP) value of this ACL. DSCP
is an IP header text box that can be used to define the quality of service across the Internet. You can choose:
-
Any—Any DSCP (this is the default value)
-
Specific—A specific DSCP from 0 to 63, which you enter in the DSCP edit box
-
Click the Apply icon to commit your changes.
|
Step 7 |
Quality of
service (QoS) refers to the capability of a network to provide better service
to selected network traffic over various technologies. The primary goal of QoS
is to provide priority, including dedicated bandwidth, controlled jitter and
latency (required by some real-time and interactive traffic), and improved loss
characteristics.
The Cisco Mobility Express controller supports the following four QoS levels. Under the QoS tab, from the QoS drop-down list, choose one of the following QoS levels:
-
Platinum (Voice)—Ensures a high quality of service for voice over wireless.
-
Gold (Video)—Supports high-quality video applications.
-
Silver (Best Effort)—Supports normal bandwidth for clients.
-
Bronze (Background)—Provides the lowest bandwidth for guest services.
|
Step 8 |
Application
Visibility classifies applications using the Network-Based
Application Recognition (NBAR2) engine, and provides application-level
visibility in wireless networks. Application Visibility enables the controller
to detect and recognize more than 1000 applications and perform real-time
analysis, and monitor network congestion and network link usage. This feature
contributes to the
Applications By Usage statistic in the
.
To enable
Application Visibility, choose
Enabled (the default option) from the
Application Visibility drop-down list. Otherwise,
choose
Disabled.
|
Step 9 |
Click
Apply.
|