Cisco Aironet 350 Series Bridge Software Configuration Guide
Configuring the Radio and Basic Settings
Downloads: This chapterpdf (PDF - 1.06MB) The complete bookPDF (PDF - 4.85MB) | Feedback

Configuring the Radio and Basic Settings

Table Of Contents

Configuring the Radio and Basic Settings

Basic Settings

Entering Basic Settings

System Name

Configuration Server Protocol

Default IP Address

Default IP Subnet Mask

Default Gateway

Radio Service Set ID (SSID)

Role in Radio Network

Radio Network Optimization (Optimize Radio Network For)

Radio Network Compatibility (Ensure Compatibility With)

Security Setup Link

SNMP Admin. Community

Radio Configuration

Entering Identity Information

Settings on the Root Radio Identification Page

Entering Radio Hardware Information

Settings on the Root Radio Hardware Page

Entering Advanced Configuration Information

Settings on the Root Radio Advanced Page

Ethernet Configuration

Entering Identity Information

Settings on the Ethernet Identification Page

Entering Ethernet Hardware Information

Settings on the Ethernet Hardware Page

Entering Advanced Configuration Information

Settings on the Ethernet Advanced Page


Configuring the Radio and Basic Settings


This chapter describes how to use the pages in the bridge management system to configure the bridge. The main Setup page provides links to all the pages containing bridge settings.

This chapter contains the following sections:

Basic Settings

Radio Configuration

Ethernet Configuration

See "Security Setup," for information on setting up the bridge's security features.

Basic Settings

This section describes the basic settings on the Express Setup page. If you need to set up an bridge quickly with a simple configuration, or change or update a basic setting, you can enter all the bridge's essential settings for basic operation on the Express Setup page. Figure 3-1 shows the Express Setup page.

Figure 3-1 The Express Setup Page

Follow this link path to reach the Express Setup page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Express Setup.

Entering Basic Settings

The Express Setup page contains the following configurable settings:

System Name

Configuration Server Protocol

Default IP Address

Default IP Subnet Mask

Default Gateway

Radio Service Set ID (SSID)

Role in Radio Network

Radio Network Optimization (Optimize Radio Network For)

Radio Network Compatibility (Ensure Compatibility With)

Security Setup Link

SNMP Admin. Community

System Name

The system name appears in the titles of the management system pages and in the bridge's Association Table page. The system name is not an essential setting, but it helps identify the bridge on your network.

The bridge's Media Access Control (MAC) address appears under the system name. The MAC address is a unique serial number permanently assigned to the bridge's Ethernet controller. You cannot change the bridge's MAC address.

Configuration Server Protocol

Set the Configuration Server Protocol to match the network's method of IP address assignment. Click the Configuration Server link to jump to the Boot Server Setup page, which contains detailed settings for configuring the bridge to work with your network's BOOTP or DHCP servers for automatic assignment of IP addresses.

The Configuration Server Protocol drop-down menu contains the following options:

None—Your network does not have an automatic system for IP address assignment.

BOOTP—With Bootstrap Protocol, IP addresses are hard-coded based on MAC addresses.

DHCP—With Dynamic Host Configuration Protocol, IP addresses are "leased" for predetermined periods of time.

Click Configuration Server to access the Boot Server Setup page.

Default IP Address

Use this setting to assign or change the bridge's IP address. If DHCP or BOOTP is not enabled for your network, the IP address you enter in this field is the bridge's IP address. If DHCP or BOOTP is enabled, this field provides the IP address only if no server responds with an IP address for the bridge.

Default IP Subnet Mask

Enter an IP subnet mask to identify the subnetwork so the IP address can be recognized on the LAN. If DHCP or BOOTP is not enabled, this field is the subnet mask. If DHCP or BOOTP is enabled, this field provides the subnet mask only if no server responds to the bridge's DHCP or BOOTP request.

Default Gateway

Enter the IP address of your default internet gateway here. The entry 255.255.255.255 indicates no gateway. Clicking the Gateway link takes you to the Routing Setup page, which contains detailed settings for configuring the bridge to communicate with the IP network routing system.

Click Gateway to access the Routing Setup page where you can configure a new default gateway network route. You can also remove an old routing configuration.

Radio Service Set ID (SSID)

An SSID is a unique identifier that client devices use to associate with the bridge or a VLAN supported by the bridge. The SSID helps client devices distinguish between multiple wireless networks and VLANs in the same vicinity and provides access to VLANs by wireless client devices. Several bridges on a network or sub-network can share an SSID. You can configure up to 16 SSIDs on a bridge. An SSID can be any alphanumeric, case-sensitive entry from 2 to 32 characters long.

Click more to go to the Root Radio Service Sets page where you can create additional SSIDs. From this page you can also edit an existing SSID or remove one from the system.

Role in Radio Network

Use this drop-down menu to select the role of the bridge on your network. The menu contains the following options:

Root bridge—One bridge in each group of bridges must be set as the root bridge. A root bridge can only communicate with non-root bridges and other client devices and cannot associate with another root bridge. Figure 3-2 shows a root bridge communicating with non-root bridges.


Note Use the Bridge Spacing setting to enter the distance between the root bridge and the non-root bridges with which it communicates.


Figure 3-2 Root Bridge Communicating with Non-root Bridges

Non-Root Bridge w/Clients—Use this setting for non-root bridges that will accept associations from client devices, and for bridges acting as repeaters. Non-root bridges can communicate with other non-root bridges, root bridges, and client devices. Figure 3-3 shows an bridge operating as a repeater not connected to a LAN segment.


Note Non-Cisco client devices might have difficulty communicating with non-root bridges that accept client associations.


Figure 3-3 Repeater Bridge


Note You can set up non-root bridges to authenticate to your network using LEAP so that they derive and use dynamic WEP keys for all data transmissions. See the "Setting Up a Non-Root Bridge as a LEAP Client" section for instructions on setting up a non-root bridge to use LEAP. However, if you do not use EAP authentication on your network, non-root bridges use static WEP keys configured in their management systems for data communications with other bridges.


Non-Root Bridge w/o Clients—Use this setting for non-root bridges that should not accept associations from client devices. A bridge set to Non-Root Bridge w/o Clients will only associate with a root or non-root bridge.

Root Access Point—Use this setting to set up the bridge as a rugged access point connected to the wired LAN. When you select Access Point, the bridge's Spanning Tree Protocol (STP) function is disabled. Figure 3-4 shows a bridge set up as a rugged access point.

Figure 3-4 Bridge as a Rugged Access Point

Repeater Access Point—Use this setting to set up the bridge as a rugged repeater access point. A repeater access point is not connected to the wired LAN; it is placed within radio range of an access point connected to the wired LAN to extend the range of your infrastructure or to overcome an obstacle that blocks radio communication. When you select Repeater Access Point, the bridge's STP function is disabled. shows the bridge set up as a rugged repeater access point.

Figure 3-5 Bridge as a Rugged Repeater Access Point

Site Survey Client—Use this setting when performing a site survey for a repeater access point. When you select this setting, clients are not allowed to associate and the bridge's STP function is disabled.

Radio Network Optimization (Optimize Radio Network For)

You use this setting to select either pre configured settings for the bridge radio or customized settings for the bridge radio.

Throughput—Maximizes the data volume handled by the bridge but might reduce the bridge's range.

Range—Maximizes the bridge's range but might reduce throughput.

Custom—The bridge uses the settings you enter on the Root Radio Hardware page. Click Custom to go to the Root Radio Hardware page.

Radio Network Compatibility (Ensure Compatibility With)

You use this setting to automatically configure the bridge to be compatible with other devices on your wireless LAN.

2Mb/sec clients—Select this setting if your network contains Cisco Aironet devices that operate at a maximum speed of 2 Mbps.

non-Aironet 802.11—Select this setting if there are non-Cisco Aironet devices on your wireless LAN.

Security Setup Link

Clicking on this link takes you to the Security Setup page from which you can manage security issues on the access point. Settings on this page are covered in the "Setting Up Administrator Authorization" section.

SNMP Admin. Community

To use Simplified Network Management Protocol (SNMP), enter a community name here. This name automatically appears in the list of users authorized to view and make changes to the bridge's management system, and SNMP is enabled.

Click SNMP to go to the SNMP Setup page, where you can edit other SNMP settings.

You can define other SNMP communities on the Administrator Authorization pages. See the "Setting Up Administrator Authorization" section for instructions on using the Administrator Authorization pages.

Radio Configuration

This section describes how to configure the bridge's radio. You use the Root Radio pages in the management system to set the radio configuration. The radio pages include:

Root Radio Identification—Contains the basic locating and identity information for the bridge Radio port. See the "Entering Identity Information" section for instructions on using the Root Radio Identification page.

Root Radio Hardware—Contains settings for the bridge's SSID, data rates, transmit power, antennas, radio channel, and operating thresholds. See the "Entering Radio Hardware Information" section for instructions on using the Root Radio Hardware page.

Root Radio Advanced—Contains settings for the operational status of the bridge's radio port. You can also use this page to make temporary changes in port status to help with troubleshooting network problems. See the "Entering Advanced Configuration Information" section for instructions on using the Root Radio Advanced page.

Root Radio Port—Lists key information on the bridge's radio port.

Entering Identity Information

You use the Root Radio Identification page to enter basic locating and identity information for the bridge radio. Figure 3-6 shows the Root Radio Identification page.

Figure 3-6 The Root Radio Identification Page

Follow this link path to reach the Root Radio Identification page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Identification in the Root Radio row under Network Ports.

Settings on the Root Radio Identification Page

The Root Radio Identification page contains the following settings:

Primary Port Settings

Default IP Address

Default IP Subnet Mask

Service Set ID (SSID)

LEAP User Name

LEAP Password

The page also displays the bridge's MAC address, its current IP address, its current IP subnet mask, its maximum packet data length, its firmware version, and its boot block version.

Primary Port Settings

Two options allow you to designate the bridge's radio port as the Primary Port and select whether the radio port adopts or assumes the identity of the primary port.

Primary Port?—The primary port determines the bridge's MAC and IP addresses. Ordinarily, the bridge's primary port is the Ethernet port, which is connected to the wired LAN, so this setting is usually set to no. Select no to set the Ethernet port as the primary port. Select yes to set the radio port as the primary port.

Adopt Primary Port Identity?—Select yes to adopt the primary port settings (MAC and IP addresses) for the radio port. Select no to use different MAC and IP addresses for the radio port.

bridges acting as root units adopt the primary port settings for the radio port. When you put an bridge in standby mode, however, you select no for this setting. Some advanced wireless bridge configurations also require different identity settings for the radio port.

Default IP Address

Use this setting to assign an IP address for the radio port that is different from the bridge's Ethernet IP address. During normal operation the radio port adopts the identity of the Ethernet port. When you put an bridge in standby mode, however, you assign a different IP address to the radio port. Some advanced wireless bridge configurations also require a different IP address for the radio port.

Default IP Subnet Mask

Enter an IP subnet mask to identify the subnetwork so that the IP address can be recognized on the LAN. If DHCP or BOOTP is not enabled, this field is the subnet mask. If DHCP or BOOTP is enabled, this field provides the subnet mask only if no server responds to the bridge's request.

The current IP subnet mask displayed under the setting shows the IP subnet mask currently assigned to the bridge. This is the same subnet mask as the default subnet mask unless DHCP or BOOTP is enabled. If DHCP or BOOTP is enabled, this is the subnet mask used by the DHCP or BOOTP server.

You can also enter this setting on the Express Setup page.

Service Set ID (SSID)

An SSID is a unique identifier that client devices use to associate with the bridge. SSIDs help client devices distinguish between multiple wireless networks in the same vicinity and provide access to VLANs by wireless client devices. Several bridges on a network or sub-network can share an SSID. You can configure up to 16 SSIDs on an bridge. An SSID can be any alphanumeric, case-sensitive entry from 2 to 32 characters long.

Click more to go to the Root Radio Service Sets page where you can create additional SSIDs. From this page you can also edit an existing SSID or remove one from the system.

You can also enter this setting on the Express Setup page.

LEAP User Name

Use this field if the radio is set up as a repeater and authenticates to the network using LEAP. When the radio authenticates using LEAP, the bridge sends this user name to the authentication server.

Follow the steps in the "Setting Up a Non-Root Bridge as a LEAP Client" section to set up the radio as a LEAP client.

LEAP Password

Use this field if the radio is set up as a repeater and authenticates to the network using LEAP. When the radio authenticates using LEAP, the bridge uses this password for authentication.

Follow the steps in the "Setting Up a Non-Root Bridge as a LEAP Client" section to set up the radio as a LEAP client.

Entering Radio Hardware Information

You use the Root Radio Hardware page to assign settings related to the bridge's radio hardware. Figure 3-7 shows the Root Radio Hardware page.

Figure 3-7 The Root Radio Hardware Page

Follow this link path to reach the Root Radio Hardware page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Hardware in the Root Radio row under Network Ports.

Settings on the Root Radio Hardware Page

The Root Radio Hardware page contains the following settings:

Service Set (SSID)

Allow Broadcast SSID to Associate?

Enable World Mode

Data Rates

Transmit Power

Frag. Threshold

RTS Threshold

Max. RTS Retries

Max. Data Retries

Beacon Period

Data Beacon Rate (DTIM)

Default Radio Channel

Search for Less-Congested Radio Channel

Restrict Searched Channels

Receive Antenna and Transmit Antenna

The Root Radio Hardware page also contains links to the Root Radio Data Encryption page and VLAN Setup page. The Root Radio Data Encryption page allows you to enter Wired Equivalent Privacy (WEP) settings if you are not using VLANs. The VLAN Setup page is used to configure WEP settings if you are using VLANs.

Service Set (SSID)

An SSID is a unique identifier that client devices use to associate with the bridge. The SSID helps client devices distinguish between multiple wireless networks in the same vicinity and provides access to VLANs by wireless client devices. Several bridges on a network or sub-network can share an SSID. You can configure up to 16 separate SSIDs. The SSID can be any alphanumeric, case-sensitive entry from 2 to 32 characters long.

Click more to go to the Root Radio Service Sets page where you can create additional SSIDs. From this page you can also edit an existing SSID or remove one from the system.

You can also enter this setting on the Express Setup and Root Radio Identification pages.

Allow Broadcast SSID to Associate?

You use this setting to choose whether devices that do not specify an SSID (devices that are "broadcasting" in search of an bridge to associate with) are allowed to associate with the bridge.

Yes—This is the default setting; it allows devices that do not specify an SSID (devices that are broadcasting in search of an bridge to associate with) to associate with the bridge.

No—Devices that do not specify an SSID (devices that are broadcasting in search of an bridge to associate with) are not allowed to associate with the bridge. With no selected, the SSID used by the client device must match exactly the bridge's SSID.

Enable World Mode

When you select yes from the world-mode drop-down menu, the bridge adds channel carrier set information to its beacon. Client devices with world-mode enabled receive the carrier set information and adjust their settings automatically.

Data Rates

You use the data rate settings to choose the data rates the bridge uses for data transmission. The rates are expressed in megabits per second.

The bridge always attempts to transmit at the highest data rate set to Basic. If there are obstacles or interference, the bridge steps down to the highest rate that allows data transmission. For each of four rates (1, 2, 5.5, and 11 megabits per second), a drop-down menu lists three options:

Basic (default)—Allows transmission at this rate for all packets, both unicast and multicast. At least one of the bridge's data rates must be set to Basic.

Yes—The bridge transmits only unicast packets at this rate; multicast packets are sent at one of the data rates set to Basic.

No—The bridge does not transmit data at this rate.

You can use the Data Rate settings to set up an bridge to serve client devices operating at specific data rates. For example, to set up the bridge for 11 megabits per second (Mbps) service only, select Basic for 11 and select Yes for the other data rates. Figure 3-8 shows the Data Rates set up for 11-Mbps service only.

Figure 3-8 Data Rate Settings for 11 Mbps Service Only

To set up the bridge to serve only client devices operating at 1 and 2 Mbps, select Basic for 1 and 2 and set the rest of the data rates to Yes. Figure 3-9 shows the Data Rates set up for 1- and 2-Mbps service only.

Figure 3-9 Data Rate Settings for 1- and 2-Mbps Service Only

The Optimize Radio Network For setting on the Express Setup page selects the data rate settings automatically. When you select Optimize Radio Network For Throughput on the Express Setup page, all four data rates are set to basic. When you select Optimize Radio Network For Range on the Express Setup page, the 1.0 data rate is set to basic, and the other data rates are set to Yes.

Transmit Power

This setting determines the power level of radio transmission.


Note Government regulations define the highest allowable power level for radio devices. This setting must conform to established standards for the country in which you use the bridge.


To reduce interference or to conserve power, select a lower power setting. The settings in the drop-down menu on 350 series bridges include 1, 5, 20, 50, and 100 milliwatts. The settings in the drop-down menu on 340 series bridges include 1, 5, and 30 milliwatts.


Note The power settings available on your bridge depend on the regulatory domain for which the bridge is configured. Your power settings might be different from the settings listed here.


Frag. Threshold

This setting determines the size at which packets are fragmented (sent as several pieces instead of as one block). Enter a setting ranging from 256 to 2338 bytes. Use a low setting in areas where communication is poor or where there is a great deal of radio interference.

RTS Threshold

This setting determines the packet size at which the bridge issues a request to send (RTS) before sending the packet. A low RTS Threshold setting can be useful in areas where many client devices are associating with the bridge, or in areas where the clients are far apart and can detect only the bridge and not each other. Enter a setting ranging from 0 to 2339 bytes.

Max. RTS Retries

The maximum number of times the bridge issues an RTS before stopping the attempt to send the packet through the radio. Enter a value from 1 to 128.

Max. Data Retries

The maximum number of attempts the bridge makes to send a packet before giving up and dropping the packet.

Beacon Period

The amount of time between beacons in Kilomicroseconds. One Kmsec equals 1,024 microseconds.

Data Beacon Rate (DTIM)

This setting, always a multiple of the beacon period, determines how often the beacon contains a delivery traffic indication message (DTIM). The DTIM tells power-save client devices that a packet is waiting for them.

If the beacon period is set at 100, its default setting, and the data beacon rate is set at 2, its default setting, then the bridge sends a beacon containing a DTIM every 200 Kmsecs. One Kmsec equals 1,024 microseconds.

Default Radio Channel

The factory setting for Cisco wireless LAN systems is Radio Channel 6 transmitting at 2437 MHz. To overcome an interference problem, other channel settings are available from the drop-down menu of 11 channels ranging from 2412 to 2462 MHz.

Each channel covers 22 MHz. The bandwidth for channels 1, 6, and 11 does not overlap, so you can set up multiple bridges in the same vicinity without causing interference.


Note Too many bridges in the same vicinity creates radio congestion that can reduce throughput. A careful site survey can determine the best placement of bridges for maximum radio coverage and throughput.


Search for Less-Congested Radio Channel

When you select yes from the Search for less-congested radio channel drop-down menu, the bridge scans for the radio channel that is least busy and selects that channel for use. The bridge scans at power-up and when the radio settings are changed.


Note If you need to keep the bridge assigned to a specific channel to keep from interfering with other bridges, you should leave this setting at no.


Restrict Searched Channels

Click Restrict Searched Channels to limit the channels that the bridge scans when Search for less-congested radio channel is enabled. The Root Radio Restrict Searched Channels page appears when you click Restrict Searched Channels. Figure 3-10 shows the Root Radio Restrict Searched Channels page.

Figure 3-10 Root Radio Restrict Searched Channels Page

The page lists all the channels in the bridge's regulatory domain. Click the Search check boxes beside the channels to include or exclude channels in the scan for less-congested channels. All the channels are included in the scan by default.

Receive Antenna and Transmit Antenna

Drop-down menus for the receive and transmit antennas offer three options:

Diversity—This default setting tells the bridge to use the antenna that receives the best signal. If your bridge has two fixed (non-removable) antennas, you should use this setting for both receive and transmit.

Right—If your bridge has removable antennas and you install a high-gain antenna on the bridge's right connector, you should use this setting for both receive and transmit. When you look at the bridge's back panel, the right antenna is on the right.

Left—If your bridge has removable antennas and you install a high-gain antenna on the bridge's left connector, you should use this setting for both receive and transmit. When you look at the bridge's back panel, the left antenna is on the left.


Note The bridge receives and transmits using one antenna at a time, so you cannot increase range by installing high-gain antennas on both connectors and pointing one north and one south. When the bridge used the north-pointing antenna, it would ignore client devices to the south.


Entering Advanced Configuration Information

Use the Root Radio Advanced page to assign special configuration settings for the bridge's radio. Figure 3-11 shows the Root Radio Advanced page.

Figure 3-11 Root Radio Advanced Page

Follow this link path to reach the Root Radio Advanced page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Advanced in the Root Radio row under Network Ports.

Settings on the Root Radio Advanced Page

The Root Radio Advanced page contains the following settings:

Requested Status

Current Status

Packet Forwarding

Forwarding State

Default Multicast Address Filters

Maximum Multicast Packets/Second

Radio Cell Role

SSID for use by Infrastructure Stations (such as Repeaters)

Disallow Infrastructure Stations on any other SSID

Use Aironet Extensions

Classify Workgroup Bridges as Network Infrastructure

Require Use of Radio Firmware x.xx

Ethernet Encapsulation Transform

Bridge Spacing

Quality of Service Setup Link

VLAN Setup Link

Enhanced MIC verification for WEP

Temporal Key Integrity Protocol

Broadcast WEP Key rotation interval (sec)

Advanced Primary SSID Setup

Specified bridges

Radio Modulation

Radio Preamble

Non-Root Mobility

Requested Status

This setting is useful for troubleshooting problems on your network. Up, the default setting, turns the radio on for normal operation. Down turns the bridge's radio off.

Current Status

The Current Status line under the setting displays the current status of the radio port. This field can also display Error, meaning the port is operating but is in an error condition.

Packet Forwarding

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio.

Forwarding State

The Forwarding State line under the setting displays the current forwarding state. For normal bridge operation, the forwarding state is Forwarding. Four other states are possible:

Unknown—The state cannot be determined.

Disabled—Forwarding capabilities are disabled.

Blocking—The port is blocking transmission. This is the state when no stations are associated.

Broken—This state reports radio failure.

Default Multicast Address Filters

MAC address filters allow or disallow the forwarding of multicast packets sent to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. Read the Creating a MAC Address Filter for complete instructions on setting up MAC address filters.

The drop-down menus for multicast address filters contain two options:

Allowed—The bridge forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.

Disallowed—The bridge discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page.


Note If you plan to discard traffic to all MAC addresses except those you specify (the Disallowed setting), be sure to enter your own MAC address as allowed on the Address Filters page.


Maximum Multicast Packets/Second

Use this setting to control the number of multicast packets that can pass through the radio port each second. If you enter 0, the bridge passes an unlimited number of multicast packets. If you enter a number other than 0, the device passes only that number of multicast packets per second.

Radio Cell Role

Use this drop-down menu to select the function of the bridge's radio within its radio coverage area (cell). This setting determines how the bridge's radio interacts with other wireless devices. The menu contains the following options:

Root—A wireless LAN transceiver that connects an Ethernet network with wireless client stations or with another Ethernet network. Use this setting if the bridge is connected to the wired LAN.

Repeater/Non-Root—A wireless LAN transceiver that transfers data between a client and another bridge. Use this setting for bridges not connected to the wired LAN.

Client/Non-root—A station with a wireless connection to an bridge. Use this setting for diagnostics or site surveys, such as when you need to test the bridge by having it communicate with another bridge or bridge without accepting associations from client devices.

SSID for use by Infrastructure Stations (such as Repeaters)

Identifies the SSID to be used by repeaters and workgroup bridges to associate to the bridge. It is also the SSID used by a non-root bridge to associate to a root bridge. This SSID should be mapped to the native VLAN ID in order to facilitate communications between infrastructure devices and a non-root bridge or bridge.

Disallow Infrastructure Stations on any other SSID

Prevents repeaters or workgroup bridges from associating to SSIDs other than the infrastructure SSID. The default setting is No, so to invoke this condition, you must change the setting to Yes.

Use Aironet Extensions

Select yes or no to use Cisco Aironet 802.11 extensions. This setting must be set to yes (the default setting) to enable these features:

Load balancing—The bridge uses Aironet extensions to direct client devices to an bridge that provides the best connection to the network based on factors such as number of users, bit error rates, and signal strength.

Message Integrity Check (MIC)—MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the bridge and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof.

Temporal Key Integrity Protocol (TKIP)—TKIP, also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key.

The extensions also improve the bridge's ability to understand the capabilities of Cisco Aironet client devices associated with the bridge.

Classify Workgroup Bridges as Network Infrastructure

Select no to allow more than 20 Cisco Aironet Workgroup Bridges to associate to the bridge. The default setting, yes, limits the number of workgroup bridges that can associate to the bridge to 20.

The Reliable multicast messages from the access point to workgroup bridges setting limits reliable delivery of multicast messages to approximately 20 Cisco Aironet Workgroup Bridges that are associated to the access point. The default setting, disabled, reduces the reliability of multicast delivery to allow more workgroup bridges to associate to the bridge.

Access points and bridges normally treat workgroup bridges not as client devices but as infrastructure devices, like access points or bridges. Treating a workgroup bridge as an infrastructure device means that the bridge reliably delivers multicast packets, including Address Resolution Protocol (ARP) packets, to the workgroup bridge.

The performance cost of reliable multicast delivery—duplication of each multicast packet sent to each workgroup bridge—limits the number of infrastructure devices, including workgroup bridges, that can associate to the access point. To increase beyond 20 the number of workgroup bridges that can maintain a radio link to the bridge, the bridge must reduce the delivery reliability of multicast packets to workgroup bridges. With reduced reliability, the bridge cannot confirm whether multicast packets reach the intended workgroup bridge, so workgroup bridges at the edge of the bridge's coverage area might lose IP connectivity. When you treat workgroup bridges as client devices, you increase performance but reduce reliability.


Note This feature is best suited for use with stationary workgroup bridges. Mobile workgroup bridges might encounter spots in the access point's coverage area where they do not receive multicast packets and lose communication with the access point even though they are still associated to it.


A Cisco Aironet Workgroup Bridge provides a wireless LAN connection for up to eight Ethernet-enabled devices. Refer to the Cisco Aironet Workgroup Bridge Software Configuration Guide for a description of workgroup bridges.

Require Use of Radio Firmware x.xx

This setting affects the firmware upgrade process when you load new firmware for the bridge. Select yes to force the radio firmware to be upgraded to a firmware version compatible with the current version of the management system. Select no to exempt the current radio firmware from firmware upgrades.

Ethernet Encapsulation Transform

Choose 802.1H or RFC1042 to set the Ethernet encapsulation type. Data packets that are not 802.2 packets must be formatted to 802.2 using 802.1H or RFC1042. Cisco Aironet equipment uses 802.1H because it provides optimum interoperability.

802.1H—This default setting provides optimum performance for Cisco Aironet wireless products.

RFC1042—Use this setting to ensure interoperability with non-Cisco Aironet wireless equipment. RFC1042 does not provide the interoperability advantages of 802.1H but is used by other manufacturers of wireless equipment.

Bridge Spacing

Use this setting to specify the distance from a root bridge to non-root bridges with which it communicates. You do not need to adjust this setting on non-root bridges.

The Bridge Spacing setting adjusts the bridge's timeout values to account for the time required for radio signals to travel from bridge to bridge. If more than one non-root bridge communicates with the root bridge, enter the distance from the root bridge to the non-root bridge that is farthest away. Enter a value from 0 to 40 kilometers.

Figure 3-12 shows a root bridge communicating with two non-root bridges. In this example, you would use the Bridge Spacing setting on the root bridge to enter the distance between the root bridge on LAN segment A and the non-root bridge on LAN segment C.

Figure 3-12 Distance Between Root and Non-root Bridges

Quality of Service Setup Link

Clicking on the Quality of Service (QoS) Setup link accesses the Root Radio Quality of Service page. Use this page to configure the radio's QoS setup and priorities. Read the "Quality of Service Support" section for a description of QoS. See the "QoS Configuration" section to set up QoS.

VLAN Setup Link

Clicking the VLAN Setup link accesses the VLAN Setup page. Use this page to configure, add, edit, and remove VLANs associated with your bridge. Read the "VLAN Support" section for a description of VLANs. Go to "Configuring VLANs" to set up VLANs.

Enhanced MIC verification for WEP

This setting enables Message Integrity Check (MIC), a security feature that protects your WEP keys by preventing attacks on encrypted packets called bit-flip attacks. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC, implemented on both the bridge and all associated client devices, adds a few bytes to each packet to make the packets tamper-proof. Select MMH from the drop-down menu and click Apply to enable MIC.


Note MIC takes effect only when the Use Aironet Extensions setting on the Root Radio Advanced page is set to yes and WEP is enabled and set to full encryption.



Note When you enable MIC, only MIC-capable client devices can communicate with the bridge.


Temporal Key Integrity Protocol

This setting enables the temporal key integrity protocol (TKIP, or WEP key hashing), which defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs. Select Cisco from the drop-down menu and click Apply to enable TKIP.


Note To use TKIP, the Use Aironet Extensions setting on the Root Radio Advanced page must be set to yes (the default setting).



Note When you enable TKIP, all WEP-enabled client devices associated to the bridge must support WEP key hashing. WEP-enabled devices that do not support key hashing cannot communicate with the bridge.


Broadcast WEP Key rotation interval (sec)

This option enables broadcast key rotation by setting a key rotation interval. With broadcast, or multicast, WEP key rotation enabled, the bridge provides a dynamic broadcast WEP key and changes it at the interval you select. Broadcast key rotation is an excellent alternative to TKIP if your wireless LAN supports wireless client devices that are not Cisco devices or that cannot be upgraded to the latest firmware for Cisco client devices.

To enable broadcast key rotation, enter the rotation interval in seconds in the Broadcast WEP Key rotation interval entry field. If you enter 900, for example, the bridge sends a new broadcast WEP key to all associated client devices every 15 minutes. To disable broadcast WEP key rotation, enter 0.


Note When you enable broadcast key rotation, only wireless client devices using LEAP, EAP-TLS, or PEAP authentication can use the bridge. Client devices using static WEP (with open, shared key, or EAP-MD5 authentication) cannot use the bridge when you enable broadcast key rotation.


Advanced Primary SSID Setup

Go to this link to configure 802.11 authentication, EAP, Unicast address filters, and the maximum number of associations for the radio's primary SSID.

The more link takes you to the Root Radio Service Sets Setup page.

Specified bridges

You use these fields to set up a chain of repeater bridges (bridges without an Ethernet connection; see Figure 3-3). Repeater bridges function best when they associate with specific bridges connected to the wired LAN. You use these fields to specify the bridges that provide the most efficient data transmission link for the repeater.

If this bridge is a repeater, type the MAC address of one or more root-unit bridges with which you want this bridge to associate. With MAC addresses in these fields, the repeater bridge always tries to associate with the specified bridges instead of with other less-efficient bridges.

For complete instructions on setting up repeater bridges, see the "Setting up a Rugged Access Point" section.

Radio Modulation

Select Standard or MOK for the radio modulation the bridge uses.

Standard—This default setting is the modulation type specified in IEEE 802.11, the wireless standard published by the Institute of Electrical and Electronics Engineers (IEEE) Standards Association.

MOK—This modulation was used before the IEEE finished the high-speed 802.11 standard and may still be in use in older wireless networks.

Radio Preamble

The radio preamble is a section of data at the head of a packet that contains information the bridge and client devices need when sending and receiving packets. The drop-down menu allows you to select a long or short radio preamble:

Long—A long preamble ensures compatibility between the bridge and all early models of Cisco Aironet Wireless LAN Adapters (PC4800 and PC4800A).

Short—A short preamble improves throughput performance. Cisco Aironet's Wireless LAN Adapter supports short preambles. Early models of Cisco Aironet's Wireless LAN Adapter (PC4800 and PC4800A) require long preambles.

Non-Root Mobility

This setting applies mainly to non-root bridges that you intend to use in a roaming environment. The drop-down menu allows you to select either stationary or mobile settings:

Stationary—The radio firmware does not aggressively scan for a better root association, which makes the bridge link more stable.

Mobile—The radio firmware aggressively scans for a better root association, which allows the bridge to roam throughout the wireless network.

Ethernet Configuration

This section describes how to configure the bridge's Ethernet port. Use the Ethernet pages in the management system to set the Ethernet port configuration. The Ethernet pages include:

Ethernet Identification—Contains the basic locating and identity information for the Ethernet port.

Ethernet Hardware—Contains the setting for the bridge's Ethernet port connection speed.

Ethernet Advanced—Contains settings for the operational status of the bridge's Ethernet port. You can also use this page to make temporary changes in port status to help with troubleshooting network problems.

Ethernet Port—Lists key information on the bridge's Ethernet port.

Entering Identity Information

You use the Ethernet Identification page to enter basic locating and identity information for the bridge's Ethernet port. Figure 3-13 shows the Ethernet Identification page.

Figure 3-13 The Ethernet Identification Page

Follow this link path to reach the Ethernet Identification page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Identification in the Ethernet row under Network Ports.

Settings on the Ethernet Identification Page

The Ethernet Identification page contains the following settings:

Primary Port Settings

Default IP Address

Default IP Subnet Mask

The page also displays the bridge's MAC address, its current IP address, and current IP subnet mask, and maximum packet data length.

Primary Port Settings

Two options allow you to designate the bridge's Ethernet port as the Primary Port and select whether the Ethernet port adopts or assumes the identity of the primary port.

Primary Port?—The primary port determines the bridge's MAC and IP addresses. Ordinarily, the bridge's primary port is the Ethernet port, so this setting is usually set to yes. Select yes to set the Ethernet port as the primary port. Select no to set the radio port as the primary port.

Adopt Primary Port Identity?—Select yes to adopt the primary port settings (MAC and IP addresses) for the Ethernet port. Select no to use different MAC and IP addresses for the Ethernet port.

Some advanced bridge configurations require different settings for the Ethernet and radio ports.

Default IP Address

Use this setting to assign or change the bridge's IP address. If DHCP or BOOTP is not enabled for your network, the IP address you enter in this field is the bridge's IP address. If DHCP or BOOTP is enabled, this field provides the IP address only if no server responds with an IP address for the bridge.

The current IP address displayed under the Default IP Address setting shows the IP address currently assigned to the bridge. This is the same address as the default IP address unless DHCP or BOOTP is enabled. If DHCP or BOOTP is enabled, this field displays the IP address that has been dynamically assigned to the device for the duration of its session on the network, and it might be different than the default IP address.

You can also enter this setting on the Express Setup and Root Radio Identification pages.

Default IP Subnet Mask

Enter an IP subnet mask to identify the subnetwork so the IP address can be recognized on the LAN. If DHCP or BOOTP is not enabled, this field is the subnet mask. If DHCP or BOOTP is enabled, this field provides the subnet mask only if no server responds to the bridge's request.

The current IP subnet mask displayed under the setting shows the IP subnet mask currently assigned to the bridge. This is the same subnet mask as the default subnet mask unless DHCP or BOOTP is enabled. If DHCP or BOOTP is enabled, this is the subnet mask used by the server.

You can also enter this setting on the Express Setup and Root Radio Identification pages.

Entering Ethernet Hardware Information

You use the Ethernet Hardware page to select the connector type, connection speed, and duplex setting used by the bridge's Ethernet port. Figure 3-14 shows the Ethernet Hardware page.

Figure 3-14 The Ethernet Hardware Page

Follow this link path to reach the Ethernet Hardware page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Hardware in the Ethernet row under Network Ports.

Settings on the Ethernet Hardware Page

The Ethernet Hardware page contains the following settings:

Speed

Loss of Backbone Connectivity # of Secs (1-10000)

Loss of Backbone Connectivity Action

Loss of Backbone Connectivity SSID

The page also displays CAM size and contains a note indicating the bridge supports Ethernet inline power from powered switches.

Speed

The Speed drop-down menu lists five options for the type of connector, connection speed, and duplex setting used by the port. The option you select must match the actual connector type, speed, and duplex settings used to link the port with the wired network.

The default setting, Auto, is best for most networks because the best connection speed and duplex setting are automatically negotiated between the wired LAN and the bridge. If you use a setting other than Auto, make sure the hub, switch, or router to which the bridge is connected supports your selection.

Auto—This is the default and the recommended setting. The connection speed and duplex setting are automatically negotiated between the bridge and the hub, switch, or router to which the bridge is connected.


Note Some switches with inline power do not fully support Ethernet speed auto-negotiation. If your 350 series bridge is powered by a switch with inline power, the Auto speed setting is applied only after you reboot the bridge.


10-Base-T / Half Duplex—Ethernet network connector for 10-Mbps transmission speed over twisted-pair wire and operating in half-duplex mode.

10-Base-T / Full Duplex—Ethernet network connector for 10-Mbps transmission speed over twisted-pair wire and operating in full-duplex mode.

100-Base-T / Half Duplex—Ethernet network connector for 100-Mbps transmission speed over twisted-pair wire and operating in half-duplex mode.

100-Base-T / Full Duplex—Ethernet network connector for 100-Mbps transmission speed over twisted-pair wire and operating in full-duplex mode.

Loss of Backbone Connectivity # of Secs (1-10000)

This setting specifies the amount of time the bridge has before taking action when it detects a loss of backbone connectivity (such as a loss of Ethernet link and no active trunks available on its radio). The action the bridge takes is specified in the Loss of Backbone Connectivity Action setting, described in the next section.

Loss of Backbone Connectivity Action

This setting determines what action the bridge takes when a loss of backbone connectivity occurs after the time specified in the previous setting. The following actions can be taken:

No action—nothing is done.

Switch to repeater mode—the bridge disassociates all its current clients and becomes a repeater during the period when its backbone connectivity is lost. The bridge attempts to communicate with another root bridge using the same SSIDs. If it establishes a connection, clients can associate with the root bridge through this repeater to maintain connectivity to the backbone LAN. If an appropriate root bridge is found, no clients can associate to this bridge.

Shut the radio off—the bridge effectively removes itself from the infrastructure by disassociating its current clients and not allowing further associations until backbone connectivity is restored.

Restrict to SSID—the bridge disassociates all its current clients and switches to use the SSID configured in the Loss of Backbone Connectivity: SSID setting. After this action is taken, only a client using the specified SSID can associate with the bridge, allowing an administrator to perform failure recovery or diagnostic procedures.

Loss of Backbone Connectivity SSID

This setting specifies the SSID used by the bridge if the Loss of Backbone Connectivity Action setting is set as Restrict to SSID and backbone connectivity is lost for longer than the time specified in the Loss of Backbone Connectivity: Number of Seconds setting.

The setting also defines an administrator-only SSID an administrator uses to communicate with the bridge for diagnostic and failure-recovery purposes.

If VLANs are active on the bridge, the VLAN names are displayed in the Loss of Backbone Connectivity SSID field.


Note When backbone connectivity is restored, the bridge restores itself to the settings established during normal operation.


Entering Advanced Configuration Information

You use the Ethernet Advanced page to assign special configuration settings for the bridge's Ethernet port. Figure 3-15 shows the Ethernet Advanced page.

Figure 3-15 The Ethernet Advanced Page

Follow this link path to reach the Ethernet Advanced page:

1. On the Summary Status page, click Setup.

2. On the Setup page, click Advanced in the Ethernet row under Network Ports.

Settings on the Ethernet Advanced Page

The Ethernet Advanced page contains the following settings:

Requested Status

Packet Forwarding

Default Unicast and Multicast Address Filter

Maximum Multicast Packets/Second

Always Unblock Ethernet When STP is Disabled

Optimize Ethernet for

The page also displays the current status of the Ethernet link and its forwarding status.

Requested Status

This setting is useful for troubleshooting problems on your network. Up, the default setting, enables the Ethernet port for normal operation. Down disables the bridge's Ethernet port.

The Current Status line under the setting displays the current status of the Ethernet port. This field can also display Error, meaning the port is in an error condition.

Packet Forwarding

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio.

The Forwarding State line under the setting displays the current forwarding state. The state for normal operation is Forwarding. Four other settings are possible:

Unknown—The state cannot be determined.

Disabled—Forwarding capabilities are disabled.

Blocking—The port is blocking transmission.

Broken—This state reports an Ethernet port failure.

Default Unicast and Multicast Address Filter

MAC address filters allow or disallow the forwarding of unicast and multicast packets sent to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. Read the "MAC Address Filtering" section for complete instructions on setting up MAC address filters.

Unicast packets are addressed to just one device on the network. Multicast packets are addressed to multiple devices on the network.

The drop-down menus for unicast and multicast address filters contain two options:

Allowed—The bridge forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.

Disallowed—The bridge discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page.


Note For most configurations, you should leave Default Multicast Address Filter set to Allowed. If you intend to set it to Disallowed, add the broadcast MAC address (ffffffffffff) to the list of allowed addresses on the Address Filters page before changing the setting.



Note If you plan to discard traffic to all MAC addresses except those you specify (the Disallowed setting), be sure to enter your own MAC address as allowed on the Address Filters page.


Maximum Multicast Packets/Second

Use this setting to control the number of multicast packets that can pass through the Ethernet port each second. If you enter 0, the bridge passes an unlimited number of multicast packets. If you enter a number other than 0, the device passes only that number of multicast packets per second.

Always Unblock Ethernet When STP is Disabled

Use this setting to maintain a bridge link when Spanning Tree Protocol (STP) is disabled. If STP is enabled, select no.

Optimize Ethernet for

Use this setting to specify how you want the Ethernet link to perform. You have two choices: performance and statistics collection. Selecting either results in a compromise. However, on a well-designed network, this compromise is virtually unnoticed.