Table Of Contents

Service Module Configuration
(Services > Flows)

Viewing Service Modules and VLAN Connections Using the Services Topology Map

Nonrecommended Service Module Configurations

Service Module Popup Menu

VLAN Connection Popup Menu

Viewing All VLANs and Interfaces Assigned to a Service Module

Adding VLANs/Interfaces

Adding VLAN/Interface Connections Between Service Modules

VLAN Connection Parameters

Viewing and Configuring Virtual Firewalls (Contexts)

Viewing Contexts

Viewing All Contexts and VLANs Assigned to a Service Module

Viewing and Deleting Contexts on Shared VLANs

Adding Interfaces to Virtual Firewalls

Editing Interfaces on Virtual Firewalls

Viewing and Configuring Wireless Networks

Viewing Wireless Networks

Viewing All Networks Assigned to a Wireless Module

Viewing All Access Points Assigned to a Wireless Network

Viewing All Interfaces Assigned to a VRF

Viewing All Mobile Nodes

Viewing All Access Points

Adding a Wireless Network

Editing a Wireless Network

Service Module Configuration
(Services > Flows)

---

This chapter contains the following topics:

•Viewing Service Modules and VLAN Connections Using the Services Topology Map

•Viewing All VLANs and Interfaces Assigned to a Service Module

•Adding VLANs/Interfaces

•Adding VLAN/Interface Connections Between Service Modules

•Viewing and Configuring Virtual Firewalls (Contexts)

•Viewing and Configuring Wireless Networks

Viewing Service Modules and VLAN Connections Using the Services Topology Map

You can view a graphical display of all service modules and the VLANs that span across them by clicking Services at the top of the window and clicking Flows in the left-most pane. The Flows page displays the Services Topology map (see Figure 7-1).

Figure 7-1 Flows Page

---

Note When CVDM-C6500 detects a firewall module that supports virtual firewalls (contexts) and you have provided the correct credentials, you will see a Module View tab and a Virtual Firewall View tab. The Services Topology map is displayed in the Module View tab. For more information on the Virtual Firewall View tab, see Viewing and Configuring Virtual Firewalls (Contexts).

---

From the Services Topology map, you can do the following:

•View a graphical representation of all modules and VLANs that span across them:

–Service modules are labeled and represented by various icons.

–VLANs are labeled and represented by solid lines.

–If there are more than five connecting VLANs, they are represented by one thick, solid line. To view the individual VLAN IDs for an aggregate VLAN, place your mouse over the thick line.

–Service module icons and VLANs can be moved to get a better view of what is on your device.

•Easily identify and fix potential security holes. For example, you might see a VLAN directly connecting an MSFC icon and a CSM icon, thus bypassing a firewall. You can then use one of the service module wizards to fix the security hole. See "Service Module Setup Wizards" for more information on wizards.

•View information and perform tasks using one of the following menus:

–Service Module Popup Menu—Assigns VLAN or starts the service module's device manager.

–VLAN Connection Popup Menu—Edits or deletes the selected VLAN connection.

•View detailed information about ports and VLANs belonging to a selected service module. See Viewing All VLANs and Interfaces Assigned to a Service Module for more information.

•View all VLAN and interface information about the selected VLAN connection or service module in a tabular format (below the topology map). For a description of the provided information, see the relevant service module section in "Service Module Setup."

•Zoom in, zoom out, and print the topology map by clicking on the magnifying glass and print icons.

Nonrecommended Service Module Configurations

When CiscoView Device Manager discovers service module configurations on the switch that are not recognized as CVDM-C6500 recommended configurations, the Non-Recommended Configurations dialog box appears.

---

Step 1 Remove the module configurations that CVDM-C6500 lists in the Non-Recommended Configurations dialog box.

Step 2 Start one of the service module wizards. See "Service Module Setup Wizards" for more information on which wizard you should use.

---

Service Module Popup Menu

The service module popup menu allows you to quickly assign VLANs or start a service module's device manager.

---

Step 1 Click Services at the top of the window and then click Flows in the left-most pane.

Step 2 Right-click a service module icon from the Services Topology Map.

Step 3 Select one of the following options:

Service Module	Menu Option	Description
Firewall	Launch Initial Setup...	Starts the Firewall Blade Configuration Wizard to do basic configuration setup. See Configuring the Firewall Module for more information.
	Assign VLANs...	Allows VLAN assignment to the firewall service module by creating VLAN groups. See VLAN Groups pane - root node selected for more information.
	Launch PDM...	Starts the PIX Device Manager. See the documentation that came with your firewall module for more information.
SSL	Assign VLANs...	Allows VLAN assignment to the SSL Services Module. Check the Assigned check box corresponding to the VLAN that you want to assign to the SSL Services Module.
	Launch CVDM-SSLSM...	Starts CVDM-SSLSM. See the CVDM-SSLSM online help for more information.
CSM	Launch CVDM-CSM...	Starts CVDM-CSM. See the CVDM-CSM online help for more information.
VPN	Configure Crypto Connection...	Allows configuration of crypto connections. See Adding VPN Crypto Connections for more information.
	Launch CVDM-VPNSM...	Starts CVDM-VPNSM. See the CVDM-VPNSM online help for more information.
WLSM	Launch WLSE...	Starts the CiscoWorks Wireless LAN Solution Engine (WLSE) application. See the documentation that came with your wireless module for more information.

---

VLAN Connection Popup Menu

The VLAN connection popup menu allows you to quickly edit or delete a VLAN connection.

---

Step 1 Click Services at the top of the window and then click Flows in the left-most pane.

Step 2 Right-click a VLAN connection from the Services Topology Map or from the Virtual Firewall View tab. See Viewing and Configuring Virtual Firewalls (Contexts) for more information on the Virtual Firewall View.

Step 3 Select Edit... or Delete.... If deleting a VLAN connecting a firewall context, see Delete VLAN Connection Warning Dialog Box.

Step 4 Enter the appropriate information. For parameter descriptions, see VLAN Connection Parameters.

---

Delete VLAN Connection Warning Dialog Box

This dialog box appears if you are deleting a VLAN connecting a firewall context. Select one of the following:

•Delete VLAN link only for selected context—This option removes only this VLAN for the selected context.

•Delete VLAN links for all firewall contexts—This option deletes the selected VLAN link for all contexts.

---

Caution Selecting the second option prevents traffic from flowing to all the contexts that share this VLAN.

---

Viewing All VLANs and Interfaces Assigned to a Service Module

---

Step 1 Click Services at the top of the window and then click Flows in the left-most pane.

Step 2 Double-click a service module icon from the Services Topology Map. A service module topology map appears (see Figure 7-2).

Figure 7-2 Service Module Topology Map Example

Step 3 You can do the following within this topology map:

•Click a ports cloud icon to view all ports associated with a VLAN. The following information is displayed in a table:

Column	Description
Name	Name assigned to a port.
Admin Status	Administrative state of port.
Type	Indicates the port type.

•Click on the magnifying glass or print icons to zoom in, zoom out, and print the topology map.

•Move service module icons and port cloud icons to get a better view of VLANs on your device.

---

Adding VLANs/Interfaces

You can add a VLAN/interface on a service module using the Services Topology Map. See also "Service Module Setup," for more information on creating VLANs/interfaces on service modules.

---

Step 1 Click Services at the top of the window and then click Flows in the left-most pane.

Step 2 Select a service module icon from the Services Topology Map. If you select a firewall module that supports contexts, you can select a context from the selector to view associated interface information. A table showing VLAN and interface information about the selected service module appears.

Step 3 Click Add....

Step 4 Enter the appropriate information.

If creating a VLAN/Interface on...	See the following for field descriptions...
CSM	Configuring the CSM
Firewall	Configuring the Firewall Module
SSL	Adding SSL VLANs
VPN	Adding VPN VLANs

---

Adding VLAN/Interface Connections Between Service Modules

---

Note To add a new VLAN connection between service modules, you can draw a line between two service module icons using the Custom Wizard (see "Service Module Setup Wizards"). Alternatively, see the applicable service module section in "Service Module Setup."

---

Use this procedure if a VLAN connection between modules exists.

---

Step 1 Click Services at the top of the window and then click Flows in the left-most pane.

Step 2 Select an existing VLAN connection from the Services Topology Map. A table showing VLAN information appears.

Step 3 Click Add....

Step 4 Enter the appropriate information. See VLAN Connection Parameters for more information.

---

VLAN Connection Parameters

The VLAN Connection dialog box appears when adding or editing a VLAN connection between service modules.

---

Note•To delete a VLAN connection, select the VLAN and click Delete. You will be warned before deleting the connection. Click Yes to continue.

•When editing or deleting aggregate VLANs, a table of VLANs appears instead. Select the VLAN you want to edit, then click Edit or Delete.

---

GUI Element	Action
Select VLAN list	Click and then select one of the following: •Select VLAN—Opens the VLAN Selector dialog box. •Create VLAN—Opens the Create VLAN dialog box. Note This option is only available when you are adding a VLAN connection.
MSFC: Slot X
Interface field	Enter the name for the interface.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Firewall: Slot X
Context list	Enter the context associated with this interface. Click and then select one of the following: •Select Context—Opens the Select Firewall Context dialog box. See Select Firewall Context for more information. •Create Context—Opens the Create Firewall Context dialog box. See Create Firewall Context for more information. Note the following: •This field is displayed only when Multiple Mode is active. •New contexts can be created only after the Admin context has first been created. For more information, see Security Context Overview.
Interface field	Enter a name for the interface.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Security Level (0-100) field	Indicates the security level currently set for the interface. Higher values indicate higher security levels.
VLAN Group list	Specify the VLAN group associated with the selected VLAN. See Select VLAN Group for more information.
CSM: Slot X
VLAN Type list	Indicates what type of VLAN this is. By default, the value is set to client.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Alias IP Address field	Enter the alias IP address of the VLAN on the interface.
Gateway field	Gateway address of the VLAN.
VPN: Slot X
Inside Port field	Enter the inside port associated with the VPN.
Allowed VLAN field	Enter the valid VLAN values for the VPN.
SSL: Slot X
Admin VLAN check box	Check this option if this is an admin VLAN. The admin VLAN is used for all management traffic. The system adds the default route through the gateway of the admin VLAN.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Gateway field	Gateway address of the VLAN.
Wireless: Slot X
Interface field	Enter the name for the interface.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Gateway field	Enter the gateway address of the VLAN.
VRF: X
Interface field	Enter the name for the interface.
IP Address field	Enter the IP address of the VLAN on the interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.

Viewing and Configuring Virtual Firewalls (Contexts)

You can partition a single firewall module into multiple virtual firewalls, also known as security contexts. Each context is an independent system, with its own configuration and policies. Multiple contexts are equivalent to having multiple standalone firewalls.

When CVDM-C6500 detects a firewall module that supports contexts and you have entered the correct credentials, a Module View tab and a Virtual Firewall View tab are displayed in the Flows page.

The Module View tab serves the same functionality as the Services Topology Map. The difference is its ability to display contexts when a firewall service module icon is selected. For more information on how to navigate the firewall module context selector, see Configuring Firewall Contexts.

The Virtual Firewall View tab lists all contexts within a firewall module and allows you to edit and configure context information. See Viewing Contexts for more information.

---

Note You cannot create virtual firewalls using the Virtual Firewall View. To create virtual firewalls, see Configuring Firewall Contexts.

---

Viewing Contexts

Click Services at the top of the window, click Flows from the left-most pane, and then select the Virtual Firewall View tab to display the Virtual Firewall View.

From the Virtual Firewall View you can do the following:

•Visually trace VLAN connectivity between contexts and other service modules using the context topology map.

•Edit or delete a selected VLAN connection. See VLAN Connection Popup Menu for more information.

•View detailed information about contexts and VLANs belonging to a selected service module. See Viewing All Contexts and VLANs Assigned to a Service Module for more information.

•View all VLAN and interface information about the selected context, service module, or VLAN connection in a tabular format (below the context topology map). For a description of the provided information, see the relevant service module section in "Service Module Setup."

•Edit or add interfaces by clicking a firewall context from the selector or from the context topology map, selecting an interface from the Interfaces table, and clicking Add... or Edit.... For field descriptions, see Configuring Firewall Contexts.

•Move service module icons and VLANs to get a better view of what is on your device.

---

Note VPN Routing and Forwarding (VRF) icons will also be displayed if any VRFs have been configured on the device.

---

•Zoom in, zoom out, or print the topology map by clicking on the magnifying glass and print icons.

Viewing All Contexts and VLANs Assigned to a Service Module

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Virtual Firewall View tab.

---

Note The Virtual Firewall View tab appears only if you have provided the correct credentials and the firewall module supports contexts.

---

Step 2 Click a firewall context from the selector.

Step 3 Double-click a firewall context or service module icon from the context topology map.

Step 4 You can do the following within this context topology map:

•Click an interface cloud icon to view all VLANs associated with a context. The following information is displayed in a table:

Column	Description
Name	Name assigned to the interface.
Admin Status	Administrative state of the interface.
Type	Indicates the interface type.

•Click the magnifying glass or print icons to zoom in, zoom out, or print the topology map.

•Move service module icons and interface cloud icons to get a better view of VLANs on your device.

---

Viewing and Deleting Contexts on Shared VLANs

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Virtual Firewall View tab.

Step 2 Right-click a firewall context icon from the topology map and select View Contexts on Shared VLANs. The List of Contexts on Shared VLAN dialog box appears.

This dialog box displays a table of shared VLANS and a list of contexts belonging to each VLAN.

Step 3 (Optional) To remove a context configuration from a shared VLAN on the firewall interface, select a context and click Delete. To delete multiple contexts, press the Ctrl key as you select each context you want to delete.

---

Adding Interfaces to Virtual Firewalls

You can add interfaces from either the Virtual View tab or the firewall module interface overview page. For more information on how to add a virtual firewall interface from the firewall module interface page, see Adding a Firewall Module Interface.

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Virtual Firewall View tab.

Step 2 Do one of the following:

•Click a firewall context icon from the topology map.

•Click a firewall context from the selector.

Step 3 Click Add below the Interface table. The Add Firewall Interface dialog box appears. For field descriptions, see Adding a Firewall Module Interface.

---

Editing Interfaces on Virtual Firewalls

You can edit interfaces from either the Virtual View tab or the firewall module interface overview page. For more information on how to edit a virtual firewall interface from the firewall module interface page, see Editing a Firewall Module Interface.

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Virtual Firewall View tab.

Step 2 Do one of the following:

•Click a firewall context icon from the topology map.

•Click a firewall context from the selector.

Step 3 Click Edit below the Interface table. The Edit Firewall Interface dialog box appears. For field descriptions, see Editing a Firewall Module Interface.

---

Viewing and Configuring Wireless Networks

When CVDM-C6500 detects a wireless module and you have entered the correct credentials, a Wireless View tab is displayed in the Flows page. The Wireless View tab serves the same functionality as the Services Topology Map. The difference is its ability to display mobile networks and VPN Routing and Forwarding (VRF) instances. For more information on VRF instances, see "VPN Routing and Forwarding Instances Management (Switch > VRFs)."

Viewing Wireless Networks

To access the Wireless View, click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

From the Wireless View you can do the following:

•Move icons (service module, wireless network, and VRF), tunnels, and VLANs to get a better view of what is on your device.

•View detail information for a wireless network, VRF, or tunnel interface selected in the topology map.

•View all VLAN and interface information about the selected VLAN connection or service module in a tabular format (below the topology map). For a description of the provided information, see the relevant service module section in "Service Module Setup."

•Expand the selector to view all configured access points and mobile nodes.

•Double-click a service module, wireless network, or VRF icon to launch a submap.

•Search for access points and mobile nodes by entering the appropriate IP address.

•Zoom in, zoom out, or print the topology map by clicking on the magnifying glass and print icons.

GUI Element	Action/Description
	a. Click to create a new tunnel link by dragging a line between a wireless network and VRF icon in the topology map. b. In the Create Tunnel Link dialog box, click Yes to confirm the operation.
	Click and drag to the topology map to configure a new wireless network. See Adding a Wireless Network for more information.
	Click and drag to the topology map to configure a new VRF. See Adding VRFs for more information.
Mobility Network ID column	Network ID of the wireless network.
Tunnel Interface column	This column has two subcolumns: •Name—Name of the associated tunnel interface. •IP Address/Mask—IP address/mask of the associated tunnel interface.
Source Interface column	This column has two subcolumns: •Name—Name of the associated source interface. •IP Address/Mask—IP address/mask of the associated source interface.
APs column	Number of access points registered with the wireless network.
MNs column	Number of mobile nodes registered with the mobile network.
Search Mobility Networks button	Click to search for an access point or mobile node that is registered with any of the wireless networks configured on the device. 1. Select either the APs or MNs radio button. 2. Enter the appropriate IP address and then click Go.
Add button	Click to launch the Add Wireless Network dialog box. See Adding a Wireless Network for more information.
Edit button	Click to launch the Edit Wireless Network dialog box. See Editing a Wireless Network for more information.
Delete button	Click to delete the selected wireless network.

Viewing All Networks Assigned to a Wireless Module

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 Double-click a wireless module icon from the topology map.

Step 3 You can do the following within this topology map:

•View all networks configured on a wireless module. The following information is displayed in a table:

Column	Description
AP IP Address/Mask	IP address/mask of an access point associated with the selected wireless network.
AP MAC Address	MAC address of an access point associated with the selected wireless network.

•Click the magnifying glass or print icons to zoom in, zoom out, or print the topology map.

---

Viewing All Access Points Assigned to a Wireless Network

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 Double-click a wireless network icon from the topology map.

Step 3 You can do the following within this topology map:

•View all access points configured on a wireless network. The following information is displayed in a table:

Column	Description
MN IP Address/Mask	IP address/mask of a mobile node configured on the selected access point.
MN MAC Address	MAC address of a mobile node configured on the selected access point.

•Click the magnifying glass or print icons to zoom in, zoom out, or print the topology map.

---

Viewing All Interfaces Assigned to a VRF

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 Double-click a VRF icon from the topology map.

Step 3 You can do the following within this topology map:

•View all interfaces associated with a VRF. The following information is displayed in a table:

Column	Description
Name	Name assigned to the interface.
Admin Status	Administrative state of the interface.
Type	Indicates the interface type.

•Click the magnifying glass or print icons to zoom in, zoom out, or print the topology map.

---

Viewing All Mobile Nodes

The All Mobile Nodes page displays the mobile nodes registered with the Wireless LAN Service Module (WLSM). To access this page, click Services at the top of the window, click Flows from the left-most pane, select the Wireless View tab, and then select All Mobile Nodes from the selector.

The following table describes the information provided on this page.

Column	Description
MN IP Address	IP address of the mobile node.
MN MAC Address	MAC address of the mobile node.
AP IP Address	IP address of the access point.
Mobility Network-ID	Network ID of the wireless network the mobile node is registered with.

Viewing All Access Points

The All Access Points page displays the access points registered with the WLSM. To access this page, click Services at the top of the window, click Flows from the left-most pane, select the Wireless View tab, and then select All Access Points from the selector.

The following table describes the information provided on this page.

Column	Description
AP IP Address	IP address of the access point.
AP MAC Address	MAC address of the access point.
Mobility Network-ID	Network ID of the wireless network the access point is registered with.

Viewing Wireless Network Details

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 With the Mobility Networks list expanded in the selector, select a network.

The following table describes the information provided on this page.

GUI Element	Description
Mobility Network ID field	Network ID of the selected wireless network.
Tunnel Name field	Name of the tunnel associated with this wireless network.
Tunnel Source field	Name of the source tunnel interface.
Tunnel IP Address field	IP address of the tunnel interface.
Source IP Address field	IP address of the source interface.
Mobility Options field	Lists the options configured for this network.
Access Points on Mobility Network ID: X pane
AP IP Address/Mask column	IP address/mask of the access point.
AP MAC Address column	MAC address of the access point.

From this page, you can also view all VLAN and interface information about the selected VLAN connection or service module in a tabular format (below the topology map). For a description of the provided information, see the relevant service module section in "Service Module Setup."

---

Viewing Access Point Details

GUI Element	Description
MN IP Address	IP address of a mobile node configured on this access point.
MN MAC Address	MAC address of a mobile node configured on this access point.

Viewing Tunnel Details

GUI Element	Description
Tunnel Name column	Name of the selected tunnel.
IP Address/Mask column	IP address and mask for the selected tunnel.
Encapsulation column	Indicates whether Point-to-Point or Point-to-Multipoint encapsulation is configured for the tunnel.
Source column	Name of the source interface configured for the tunnel.
Destination column	Name of the destination interface configured for the tunnel.
Admin Status column	Current administrative status for the tunnel.
Oper Status column	Current operational status for the tunnel.
Edit button	Click to launch the Edit Tunnel dialog box. See Editing and Restarting Tunnel Interfaces for more information.

Viewing VRF Details

GUI Element	Description
Name column	Name of an interface configured for the selected VRF.
Description column	Description of an interface configured for the selected VRF.
IP Address column	IP address of an interface configured for the selected VRF.
Mask column	Mask of an interface configured for the selected VRF.
Admin Status column	Current administrative status for the tunnel.
Add button	Click to launch the Select Routed Interface dialog box and add an interface to the VRF.
Delete button	Click to delete the selected interface from a VRF.

Adding a Wireless Network

You can add a wireless network from either the Wireless View tab or the Wireless LAN Service Module (WLSM) overview page. For more information on how to add a wireless network from the WLSM overview page, see Adding Wireless Networks.

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 Click Add below the Mobility Networks on Wireless: Slot X table. The Add Wireless Network dialog box appears.

Step 3 Enter the following information:

GUI Element	Action/Description
Tunnel Details section
Network field	Enter the network ID of the new wireless network.
Description field	Enter the description of the new wireless network.
Tunnel ID list	Click and then select one of the following options: •Select Tunnel Interface—Opens a dialog box that displays a list of available tunnel interfaces. Select one from the list and then click OK. •Create Tunnel Interface—Enter the appropriate ID for a tunnel interface and then click OK.
Interface MTU field	Enter the maximum packet size that the new wireless network can handle.
IP Address field	Enter the IP address of the tunnel interface associated with the new wireless network.
Mask field	Either select the appropriate mask from the list or enter a value.
Broadcast Capability check box	Select this check box to enable the transmission of broadcast messages over the tunnel interface specified in the Tunnel ID field.
Tunnel Source Details section
Loopback radio button	With the radio button selected, click and then select one of the following options: •Select Loopback Interface—Select a loopback interface from the list and then click OK. •Create Loopback Interface—Launches the Add Loopback Interface dialog box. See Adding a Loopback Interface for more information.
Ports radio button	With the radio button selected, click to launch the Port Selector. See Port Selector for more information.
SVI radio button	With the radio button selected, click and then select one of the following options: •Select SVI Interface—Select an SVI interface from the list and then click OK. •Create SVI Interface—Launches the Add SVI dialog box. See Adding an SVI for more information.
IP Address radio button	With the radio button selected, enter the appropriate IP address in the IP Address field.
DHCP Options section
Mobility Trust check box	Click to specify if this is a trusted network. A trusted network can use DHCP or static IP addresses. An untrusted network supports only DHCP clients.
DHCP Snooping check box	Click this check box to enable DHCP snooping. Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
Local radio button	Select this radio button to specify the WLSM to use a local pool of IP addresses that the access point assigns in response to DHCP requests. Click and then select one of the following: •Select DHCP Pool—Opens a dialog box that displays a list of available DHCP pools. Select a pool and click OK. •Create DHCP Pool—Opens the Add DHCP Pool dialog box, from which you can create a DHCP pool. See Adding DHCP Pools for more information. •Clear—Clears the DHCP pool that is specified in this field.
External radio button	Select this radio button to specify the WLSM to use an external pool of IP addresses that the access point assigns in response to DHCP requests. See Selecting Helper IP Addresses for more information.

Step 4 Click Deliver at the top of the window. For more information on delivering accumulated CLI commands, see Delivering CLI Commands to the Device.

---

Editing a Wireless Network

You can edit a wireless network from either the Wireless View tab or the Wireless LAN Service Module (WLSM) overview page. For more information on how to edit a wireless network from the WLSM overview page, see Editing Wireless Networks.

---

Step 1 Click Services at the top of the window, click Flows from the left-most pane, and then select the Wireless View tab.

Step 2 Select a network from the Mobility Networks on Wireless: Slot X table.

Step 3 Either double-click the table entry or click Edit. The Edit Wireless Network dialog box appears.

Step 4 Edit the following information:

GUI Element	Action/Description
Tunnel Details section
Network field	Network ID of the selected wireless network.
Description field	Edit the description of the new wireless network.
Tunnel ID field	ID of the tunnel interface.
Interface MTU field	Edit the maximum packet size that the selected wireless network can handle.
IP Address field	Edit the IP address of the tunnel interface associated with the selected wireless network.
Mask field	Either select the appropriate mask from the list or enter a new value.
Broadcast Capability check box	Select this check box to enable the transmission of broadcast messages over the tunnel interface specified in the Tunnel ID field.
Tunnel Source Details section
Loopback radio button	With the radio button selected, click and then select one of the following options: •Select Loopback Interface—Select a loopback interface from the list and then click OK. •Create Loopback Interface—Launches the Add Loopback Interface dialog box. See Adding a Loopback Interface for more information.
Ports radio button	With the radio button selected, click to launch the Port Selector. See Port Selector for more information.
SVI radio button	With the radio button selected, click and then select one of the following options: •Select SVI Interface—Select an SVI interface from the list and then click OK. •Create SVI Interface—Launches the Add SVI dialog box. See Adding an SVI for more information.
IP Address radio button	With the radio button selected, enter the appropriate IP address in the IP Address field.
DHCP Options section
Mobility Trust check box	Click to specify if this is a trusted network. A trusted network can use DHCP or static IP addresses. An untrusted network supports only DHCP clients.
DHCP Snooping check box	Click this check box to enable DHCP snooping. Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
Local radio button	Select this radio button to specify the WLSM to use a local pool of IP addresses that the access point assigns in response to DHCP requests. Click and then select one of the following: •Select DHCP Pool—Opens a dialog box that displays a list of available DHCP pools. Select a pool and click OK. •Create DHCP Pool—Opens the Add DHCP Pool dialog box, from which you can create a DHCP pool. See Adding DHCP Pools for more information. •Clear—Clears the DHCP pool that is specified in this field.
External radio button	Select this radio button to specify the WLSM to use an external pool of IP addresses that the access point assigns in response to DHCP requests. See Selecting Helper IP Addresses for more information.

Step 5 Click Deliver at the top of the window. For more information on delivering accumulated CLI commands, see Delivering CLI Commands to the Device.

---