Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, Cisco IOS Release 12.3(8)JA - Index [Cisco Aironet 1200 Series]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

1130AG series indicators     22-6

1240AG access point support     1-8

1240AG series indicators     22-9

1300 outdoor access point/bridge indicators     22-10

350 series bridge interoperability     8-3

802.11d     6-18

802.11e     15-2

802.11g     6-28

802.11i     6-22

802.1H     6-23

802.1x authentication     9-2

802.1X Supplicant

applying credentials to interface or SSID     2-28

configuring     2-27

creating a credentials profile     2-27

creating and applying EAP method profiles     2-30

A

AAA authentication/authorization cache and profile     1-9

abbreviating commands     4-3

Access point link role flexibility     1-8

access point security settings, matching client devices     11-19

accounting

with RADIUS     13-13

with TACACS+     13-22, 13-27

accounting command     7-5

Address Resolution Protocol (ARP)     6-23

AES-CCMP     1-8, 10-2

Aironet Client Utility (ACU)     22-15

Aironet extensions     6-10, 6-22

antenna

selection     6-20

antenna command     6-21

Apply button     3-4

ARP

caching     5-26

description     1-7

associations, limiting by MAC address     16-6

attributes, RADIUS

sent by the access point     13-19

vendor-proprietary     13-16

vendor-specific     13-15

authentication     4-9

local mode with AAA     5-19

RADIUS

key     13-5

login     5-10, 13-7

SSID     7-2

TACACS+

defined     13-22

key     13-24

login     5-15, 13-25

authentication client command     7-5

authentication server

configuring access point as local server     9-2

described     1-7

EAP     11-4, 13-3

authentication types

Network-EAP     11-4

open     11-2

shared key     11-3

authenticator     9-1

authorization

with RADIUS     5-14, 13-11

with TACACS+     5-17, 13-22, 13-26

B

Back button     3-4

backoff     6-28

backup authenticator, local     9-1

bandwidth     6-11

banners

configuring

login     5-37

message-of-the-day login     5-35

default configuration     5-35

when displayed     5-35

basic settings

checking     22-15

beacon dtim-period command     6-26

beacon period command     6-26

bit-flip attack     6-22

blocking communication between clients     6-24

BR350 interoperability     8-3

bridge-group command     6-25

bridge virtual interface (BVI)     2-26

broadcast-key command     11-15

broadcast key rotation     10-1, 10-3

BSSIDs     7-7

buttons

management pages     3-4

web-browser     3-2

C

caching MAC authentications     11-15

call admission control     1-4

Called-Station-ID

See CSID

Cancel button     3-4

capture frames     12-29

carrier busy test     6-28

Catalyst 6500 Series     12-1

CCKM     11-6

authenticated clients     11-6

described     1-7

CCK modulation     6-9

CDP

disabling for routing device     17-4

enabling and disabling

on an interface     17-4

monitoring     17-4

cdp enable command     17-4

cdp run command     17-3

Cisco Centralized Key Management (CCKM)

See CCKM

Cisco Discovery Protocol (CDP)     17-1

Cisco Key Integrity Protocol (CKIP)     6-22

Cisco TAC     22-1

CiscoWorks 2000     18-4

clear command     4-2

CLI     4-1

abbreviating commands     4-3

command modes     4-2

editing features

enabling and disabling     4-6

keystroke editing     4-6

wrapped lines     4-7

error messages     4-4

filtering command output     4-8

getting help     4-3

history     4-4

changing the buffer size     4-5

described     4-4

disabling     4-5

recalling commands     4-5

no and default forms of commands     4-4

Secure Shell (SSH)     4-9

Telnet     4-9

terminal emulator settings     2-5, 2-6, 2-7

client ARP caching     5-26

client communication, blocking     6-24

client power level, limiting     6-10

command-line interface

See CLI

command modes     4-2

commands

abbreviating     4-3

accounting     7-5

antenna     6-21

authentication client     7-5

beacon dtim-period     6-26

beacon period     6-26

bridge-group     6-25

broadcast-key     11-15

cdp enable     17-4

cdp run     17-3

clear     4-2

countermeasure tkip hold-time     11-17

debug     21-2

default form     4-4

del     22-18

dot11 aaa mac-authen filter-cache     11-15

dot11 extension aironet     6-22

dot11 holdoff-time     11-16

dot11 interface-number carrier busy     6-28

dot1x client-timeout     11-16

dot1x reauth-period     11-17

edit     4-6

encapsulation dot1q     14-6

encryption     10-4

fragment-threshold     6-27

guest-mode     7-5

help     4-3

infrastructure-client     6-24

infrastructure-ssid     7-5

interface dot11radio     1-9, 6-2

ip domain-name     5-34

ip redirect     7-12

no and default     4-4

no shutdown     4-4

packet retries     6-27

payload-encapsulation     6-23

permit tcp-port     7-12

power client     6-10

power local     6-9

recall     4-5

rts retries     6-26

rts threshold     6-26

set     22-22

set BOOT     22-22

setting privilege levels     5-8

show     4-2

show dot11 associations     7-6

show ip interface     2-4

slot-time-short     6-28

sort     4-8

speed     6-7

ssid     7-4, 11-10, 14-6

switchport protected     6-25

terminal history     4-5

terminal width     4-8

tftp_init     22-21

vlan     7-5, 14-6

world-mode     6-19

wpa-psk     11-14

commands station role     6-3

community strings

configuring     18-6

overview     18-4

Complementary Code Keying (CCK)

See CCK

configuration files

creating using a text editor     20-10

deleting a stored configuration     20-18

downloading

preparing     20-10, 20-13, 20-16

reasons for     20-8

using FTP     20-13

using RCP     20-16

using TFTP     20-11

guidelines for creating and using     20-9

invalid combinations when copying     20-5

system contact and location information     18-10

types and location     20-9

uploading

preparing     20-10, 20-13, 20-16

reasons for     20-8

using FTP     20-14

using RCP     20-17

using TFTP     20-11

connections, secure remote     5-25

countermeasure tkip hold-time command     11-17

crypto software image     5-25

CSID format, selecting     13-14

D

Data Beacon Rate     6-26

data rate setting     6-5

data retries     6-27

data volume     2-12

daylight saving time     5-30

debug command     21-2

default commands     4-4

default configuration

banners     5-35

DNS     5-33

password and privilege level     5-4

RADIUS     5-10, 13-4

resetting     22-16

SNMP     18-5

system message logging     21-3

system name and prompt     5-32

TACACS+     5-15, 13-24

default gateway     2-12

default username     2-3

del command     22-18

delivery traffic indication message (DTIM)     6-26

DFS     1-5, 6-15

DHCP server

configuring access point as     5-22

receiving IP settings from     2-11

directories

changing     20-4

creating and removing     20-4

displaying the working     20-4

disable web-based management     3-14

diversity     6-20

DNS

default configuration     5-33

displaying the configuration     5-35

overview     5-33

setting up     5-34

domain names

DNS     5-33

Domain Name System

See DNS

dot11 aaa mac-authen filter-cache command     11-15

dot11 extension aironet command     6-22

dot11 holdoff-time commands     11-16

dot11 interface-number carrier busy command     6-28

dot1x client-timeout command     11-16

dot1x reauth-period command     11-17

downloading

configuration files

preparing     20-10, 20-13, 20-16

reasons for     20-8

using FTP     20-13

using RCP     20-16

using TFTP     20-11

image files

deleting old image     20-22

preparing     20-20, 20-23, 20-27

reasons for     20-18

using FTP     20-24

using RCP     20-29

using TFTP     20-21

DTIM     6-26

duplex, Ethernet port     5-18

Dynamic Frequency Selection     6-15

E

EAP authentication, overview     11-4

EAP-FAST     1-3, 9-1, 9-2

EAP-FAST authentication     11-20

EAP-MD5 authentication

setting on client and access point     11-21

EAP-SIM authentication

setting on client and access point     11-22

EAP-TLS     1-3

applying EAP method profiles to     11-17

EAP-TLS authentication

setting on client and access point     11-21

edit CLI commands     4-6

editing features

enabling and disabling     4-6

keystrokes used     4-6

wrapped lines     4-7

enable password     5-6

enable secret password     5-6

encapsulation dot1q command     14-6

encapsulation method     6-23

encrypted software image     5-25

encryption command     10-4

encryption for passwords     5-6

error and event messages     C-1

error messages

802.11 subsystem messages     C-5

association management messages     C-4

CLI     4-4

during command entry     4-4

explained     C-2

inter-access point protocol messages     C-17

local authenticator messages     C-18

setting the display destination device     21-5

severity levels     21-7

software auto upgrade messages     C-3

system message format     21-2

unzip messages     C-5

Ethernet indicator     22-4

Ethernet speed and duplex settings     5-18

Ethertype filter     16-1

event log     3-4

event messages     C-1

Express Security page     3-4, 2-14

Express Setup page     3-4

F

fallback role     6-3

fast secure roaming     12-1

files

copying     20-5

deleting     20-5

displaying the contents of     20-8

tar

creating     20-6

displaying the contents of     20-6

extracting     20-7

image file format     20-19

file system

displaying available file systems     20-2

displaying file information     20-3

local file system names     20-2

network file system names     20-5

setting the default     20-3

filtering

Ethertype filters     16-11

IP filters     16-8

MAC address filters     16-3

show and more command output     4-8

filter output (CLI commands)     4-8

firmware

upgrade     3-1

version     3-4

Flash     20-1

Flash device, number of     20-2

forward-delay time

STP     8-7

fragmentation threshold     6-27

fragment-threshold command     6-27

frequencies     6-12, 6-13, 6-14

FTP

accessing MIB files     B-2

configuration files

downloading     20-13

overview     20-12

preparing the server     20-13

uploading     20-14

image files

deleting old image     20-26

downloading     20-24

preparing the server     20-23

uploading     20-26

G

gain     6-20

get-bulk-request operation     18-3

get-next-request operation     18-3, 18-4

get-request operation     18-3, 18-4

get-response operation     18-3

global configuration mode     4-2

gratuitous probe response     1-4

Gratuitous Probe Response (GPR)

enabling and disabling     6-21

group key updates     11-14

guest-mode command     7-5

guest SSID     7-2

H

help     3-13

help, for the command line     4-3

history

changing the buffer size     4-5

described     4-4

disabling     4-5

recalling commands     4-5

history (CLI)     4-4

history table, level and number of syslog messages     21-8

Home button     3-4

HTTPS     3-5

HTTP Web Server v1.1     1-8

I

IBNS 802.1x     1-3

IEEE 802.1X local authentication service for EAP-FAST     1-8

image, operating system     22-18

indicators     22-2

infrastructure-client command     6-24

infrastructure device     7-5

infrastructure-ssid command     7-5

inter-client communication, blocking     6-24

interface

CLI     4-1

web-browser     3-1

interface configuration mode     4-2

interface dot11radio command     1-9, 6-2

interfaces     3-4

intrusion detection     12-1

invalid characters in     14-6

IP address, finding and setting     2-25

ip domain-name command     5-34

IP filters     16-8

IP-Redirect     1-8

ip redirect command     7-12

IP redirection     7-11, 7-12

IPSU     2-25

IP subnet mask     2-12

ISO designators for protocols     A-1

J

jitter     15-2

K

key features     1-2

keystrokes (edit CLI commands)     4-6

L

latency     15-2

Layer 3 mobility     12-5

LBS     6-17

LEAP

described     1-6

LEAP authentication

local authentication     9-1

setting on client and access point     11-20

LED indicators

Ethernet     22-4

radio traffic     22-4

status     22-4

Light Extensible Authentication Protocol

See LEAP

limiting client associations by MAC address     16-6

limiting client power level     6-10

line configuration mode     4-2

load balancing     6-22

local authenticator, access point as     9-1

Location-Based Services     6-17

login authentication

with RADIUS     5-10, 13-7

with TACACS+     5-15, 13-25

login banners     5-35

log messages

See system message logging

low power condition     22-14

M

MAC address     2-26

ACLs, blocking association with     16-6

filter     16-1, 16-3

troubleshooting     22-15

MAC authentication caching     11-15

MAC-based authentication     9-1, 9-2

management

CLI     4-1

map,network     3-4

maximum data retries     6-27

Maximum RTS Retries     6-26

Media Access Control (MAC) address     2-4

Message Integrity Check (MIC)     1-6, 6-22, 10-1, 22-15

message-of-the-day (MOTD)     5-35

messages

to users through banners     5-35

metrics

VoWLAN     1-5

MIBs

accessing files with FTP     B-2

location of files     B-2

overview     18-2

SNMP interaction with     18-4

MIC     10-1

Microsoft IAS servers     11-2

Microsoft WPS IE SSIDL     1-8

migration mode, WPA     11-13

mobility groups     1-3

mode (role)     6-3

mode button     22-18

disabling     5-2

enabling     5-2

modes

global configuration     4-2

interface configuration     4-2

line configuration     4-2

privileged EXEC     4-2

user EXEC     4-2

monitoring

CDP     17-4

monitor mode     12-29

move the cursor (CLI)     4-6

multicast

IGMP snooping-based     1-3

multicast messages     6-23

multiple basic SSIDs     7-7

N

names, VLAN     14-7

Network Admission Control (NAC)     1-9

Network-EAP     11-4

network map     3-4

no commands     4-4

non-root     2-12

no shutdown command     4-4

notification     3-4

O

OFDM     6-9

OK button     3-4

optional ARP caching     5-26

Orthogonal Frequency Division Multiplexing (OFDM)

See OFDM

P

packet handling

VoIP     1-4

packet of disconnect (PoD)

configuring     13-12

packet retries command     6-27

packet size (fragment)     6-27

password reset     22-16

passwords

default configuration     5-4

encrypting     5-6

overview     5-3

setting

enable     5-4

enable secret     5-6

with usernames     5-7

payload-encapsulation command     6-23

PEAP authentication

setting on client and access point     11-22

permit tcp-port command     7-12

per-VLAN Spanning Tree (PVST)     8-2

ports, protected     6-25

positioning packets     6-17

power client command     6-10

power level

on client devices     6-10

radio     6-22

power local command     6-9

power-save client device     6-26

preferential treatment of traffic

See QoS

pre-shared key     11-14

preventing unauthorized access     5-3

print     3-13

prioritization     15-2

privileged EXEC mode     4-2

privilege levels

exiting     5-9

logging into     5-9

overview     5-3, 5-8

setting a command with     5-8

protected ports     6-25

protocol filters     16-2

Public Secure Packet Forwarding (PSPF)     6-24

Q

QBSS     15-3

dot11e parameter     15-3

QBSS Basic Service Set     1-8

QoS

configuration guidelines     15-5

described     1-6

dot11e command     15-9

overview     15-2

Qos

QBSS Load IE     15-9

quality of service

See QoS

R

radar     1-5

radio

activity     6-28

congestion     6-11

indicator     22-4

interface     6-2

management     1-7

preamble     6-19

radio management     12-1

RADIUS

attributes

CSID format, selecting     13-14

sent by the access point     13-19

vendor-proprietary     13-16

vendor-specific     13-15

WISPr     13-17

configuring

access point as local server     9-2

accounting     13-13

authentication     5-10, 13-7

authorization     5-14, 13-11

communication, global     13-5, 13-15

communication, per-server     13-5

multiple UDP ports     13-5

default configuration     5-10, 13-4

defining AAA server groups     5-12, 13-9

displaying the configuration     5-15, 13-18

identifying the server     13-5

limiting the services to the user     5-14, 13-11

local authentication     9-2

method list, defined     13-4

operation of     13-3

overview     13-2

SSID     7-2

suggested network environments     13-2

tracking services accessed by user     13-13

RADIUS accounting     1-6

range     2-12

rate limit, logging     21-9

RCP

configuration files

downloading     20-16

overview     20-15

preparing the server     20-16

uploading     20-17

image files

deleting old image     20-31

downloading     20-29

preparing the server     20-27

uploading     20-31

reauthentication requests     11-2

recall commands     4-5

redirection, IP     7-11

regulatory

domains     6-12, 6-13, 6-14

reloading access point image     22-18

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

repeater     1-6

as a LEAP client     19-6

as a WPA client     19-7

chain of access points     19-2

request to send (RTS)     6-26

Resilient Tunnel Recovery     1-3

restricting access

overview     5-3

passwords and privilege levels     5-3

RADIUS     5-10, 13-1

TACACS+     5-15

RFC

1042     6-23

1157, SNMPv1     18-2

1901, SNMPv2C     18-2

1902 to 1907, SNMPv2     18-2

RM21A & RM22A support     1-8

roaming     1-9

fast secure roaming using CCKM     12-1

rogue access point detection     1-7

role (mode)     6-3

role in radio network     6-2

root     2-12

rotation, broadcast key     10-1

rts retries command     6-26

RTS threshold     6-26

rts threshold command     6-26

S

secure remote connections     5-25

Secure Shell

See SSH

security     3-4

troubleshooting     22-15

security features     1-6

synchronizing     11-19

security settings, Express Security page     2-14

self-healing wireless LAN     1-7, 12-5

sequence numbers in log messages     21-6

serial

serial port connector     22-13

service set identifiers (SSIDs)

See SSID

service-type attribute     11-2

set BOOT command     22-22

set command     22-22

set-request operation     18-4

severity levels, defining in system messages     21-7

shared key     11-6

short slot time     6-28

show cdp traffic command     17-5

show command     4-2

show dot11 associations command     7-6

show ip interface command     2-4

Simple Network Management Protocol

See SNMP

Simple Network Time Protocol

See SNTP

slot-time-short command     6-28

SNMP

accessing MIB variables with     18-4

agent

described     18-3

disabling     18-5

community name     2-13

community strings

configuring     18-6

overview     18-4

configuration examples     18-10

default configuration     18-5

limiting system log messages to NMS     21-8

manager functions     18-3

overview     18-2, 18-4

server groups     18-7

shutdown mechanism     18-8

snmp-server view     18-10

status, displaying     18-12

system contact and location     18-10

trap manager, configuring     18-9

traps

described     18-3

enabling     18-8

overview     18-2, 18-4

types of     18-8

versions supported     18-2

SNMP, FTP MIB files     B-2

snmp-server group command     18-7

SNMP versions supported     18-2

SNTP

overview     5-27

software image     22-18

upload and download     20-1

software images

location in Flash     20-19

tar file format, described     20-19

software upgrade

error and event messages     C-3

sort (CLI commands)     4-8

spaces in an SSID     7-6

speed, Ethernet port     5-18

speed command     6-7

SSH     4-9

configuring     5-26

crypto software image     5-25

described     5-25

displaying settings     5-26

SSH Communications Security, Ltd.     4-9

SSID     7-2, 14-6

guest mode     7-2

invalid characters in     7-4, 11-10

multiple SSIDs     7-1

support     1-6

troubleshooting     22-15

using spaces in     7-6

VLAN     7-2

ssid command     7-4, 11-10, 14-6

rules for     11-10

SSL     3-5

standby mode     1-6

static WEP

with open authentication, setting on client and access point     11-19

with shared key authentication, setting on client and access point     11-19

station role command     6-3

statistics

CDP     17-4

SNMP input and output     18-12

status indicators     22-4

status page     3-4

STP

BPDU message exchange     8-3

designated port, defined     8-4

designated switch, defined     8-4

displaying status     8-14

inferior BPDU     8-4

interface states

blocking     8-7

disabled     8-8

forwarding     8-6, 8-8

learning     8-7

listening     8-7

overview     8-5

overview     8-2

root port, defined     8-4

superior BPDU     8-4

timers, described     8-5

summer time     5-30

switchport protected command     6-25

syslog

See system message logging

system clock

configuring

daylight saving time     5-30

manually     5-28

summer time     5-30

time zones     5-29

displaying the time and date     5-29

system management page     3-2

system message logging

default configuration     21-3

defining error message severity levels     21-7

disabling     21-4

displaying the configuration     21-12

enabling     21-4

facility keywords, described     21-11

level keywords, described     21-8

limiting messages     21-8

message format     21-2

overview     21-2

rate limit     21-9

sequence numbers, enabling and disabling     21-6

setting the display destination device     21-5

timestamps, enabling and disabling     21-6

UNIX syslog servers

configuring the daemon     21-10

configuring the logging facility     21-10

facilities supported     21-11

system name

default configuration     5-32

manual configuration     5-32

See also DNS

system prompt

default setting     5-32

T

TAC     22-1

TACACS+

accounting, defined     13-22

authentication, defined     13-22

authorization, defined     13-22

configuring

accounting     13-27

authentication key     13-24

authorization     5-17, 13-26

login authentication     5-15, 13-25

default configuration     5-15, 13-24

described     1-6

displaying the configuration     5-17, 13-28

identifying the server     13-24

limiting the services to the user     5-17, 13-26

operation of     13-23

overview     13-22

tracking services accessed by user     13-27

tar files

creating     20-6

displaying the contents of     20-6

extracting     20-7

image file format     20-19

Telnet     4-9, 2-27

Temporal Key Integrity Protocol (TKIP)     10-1

See TKIP

Terminal Access Controller Access Control System Plus

See TACACS+

terminal emulator     2-5

terminal history command     4-5

terminal width command     4-8

TFTP     22-21

configuration files

downloading     20-11

preparing the server     20-10

uploading     20-11

image files

deleting     20-22

downloading     20-21

preparing the server     20-20

uploading     20-22

password     5-6

tftp_init command     22-21

TFTP server     22-18

throughput     2-12

time

See SNTP and system clock

timestamps in log messages     21-6

time zones     5-29

TKIP     1-7, 6-22, 10-1, 10-2

traps     3-4

configuring managers     18-8

defined     18-3

enabling     18-8

notification types     18-8

overview     18-2, 18-4

Trivial File Transfer Protocol (TFTP)

See TFTP

troubleshooting     22-1, 22-6, 22-9, 22-14

1300 outdoor access point/bridge indicators     22-10

1300 outdoor access point/bridge power injector     22-13

error messages (CLI)     4-4

system message logging     21-2

with CiscoWorks     18-4

U

U-APSD     1-4

unauthorized access     5-3

UNIX syslog servers

daemon configuration     21-10

facilities supported     21-11

message logging configuration     21-10

upgrading software images

See downloading

uploading

configuration files

preparing     20-10, 20-13, 20-16

reasons for     20-8

using FTP     20-14

using RCP     20-17

using TFTP     20-11

image files

preparing     20-20, 20-23, 20-27

reasons for     20-18

using FTP     20-26

using RCP     20-31

using TFTP     20-22

user EXEC mode     4-2

username, default     2-3

username-based authentication     5-7

V

VLAN

local authentication     9-2

names     14-7

SSID     1-6, 7-2

VLAN assignment by name     1-8

vlan command     7-5, 14-6

voice     1-7

W

W52     1-5

WDS     12-1, 12-9

Web-based interface

common buttons     3-4

compatible browsers     3-1

web-browser buttons     3-2

web-browser interface     1-9, 3-1

web site

Cisco Software Center     2-25

WEP

key example     10-5

key hashing     1-6

with EAP     11-4

WEP key     22-15

troubleshooting     22-15

WIDS     12-6

Wi-Fi Multimedia     15-4

Wi-Fi Multimedia (WMM)     1-8

Wi-Fi Protected Access

See WPA

Wi-Fi Protected Access (WPA)     1-7, 2-17

wireless domain services (WDS)     1-7

Wireless Internet Service Provider (WISP)     1-7

wireless intrusion detection services     12-1

Wireless LAN Services Module     12-2

wireless repeater     1-6

WISPr     1-7

WISPr RADIUS attributes     13-17

WLSM

active and standby     1-3

MIB support     1-3

WMM     15-4

workgroup bridge     6-23

maximum number of clients allowed     6-3

world mode     1-6, 6-18, 6-22

world-mode command     6-19

WPA     11-7

WPA migration mode     11-13

wpa-psk command     11-14

wraparound (CLI commands)     4-7

	Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, Cisco IOS Release 12.3(8)JA
	Index
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, Cisco IOS Release 12.3(8)JA Preface Overview Using the Web-Browser Interface Using the Command Line Interface (CLI) Configuring the Access Point for the First Time Administering the Access Point Configuring Radio Settings Configuring SSIDs Configuring Spanning Tree Protocol Configuring an Access Point as a Local Authenticator Configuring Cipher Suites and WEP Configuring Authentication Types Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services Configuring RADIUS and TACACS Servers Configuring VLANs Configuring QoS Configuring Filters Configuring CDP Configuring SNMP Configuring Repeater and Standby Access Points and Workgroup Bridge Mode Managing Firmware and Configurations Configuring System Message Logging Troubleshooting Protocol Filters Supported MIBs Error and Event Messages Glossary Index	Download this chapter Index Download the complete book Full Length Book in PDF Format (PDF - 8 MB) Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Index Numerics 1130AG series indicators 22-6 1240AG access point support 1-8 1240AG series indicators 22-9 1300 outdoor access point/bridge indicators 22-10 350 series bridge interoperability 8-3 802.11d 6-18 802.11e 15-2 802.11g 6-28 802.11i 6-22 802.1H 6-23 802.1x authentication 9-2 802.1X Supplicant applying credentials to interface or SSID 2-28 configuring 2-27 creating a credentials profile 2-27 creating and applying EAP method profiles 2-30 A AAA authentication/authorization cache and profile 1-9 abbreviating commands 4-3 Access point link role flexibility 1-8 access point security settings, matching client devices 11-19 accounting with RADIUS 13-13 with TACACS+ 13-22, 13-27 accounting command 7-5 Address Resolution Protocol (ARP) 6-23 AES-CCMP 1-8, 10-2 Aironet Client Utility (ACU) 22-15 Aironet extensions 6-10, 6-22 antenna selection 6-20 antenna command 6-21 Apply button 3-4 ARP caching 5-26 description 1-7 associations, limiting by MAC address 16-6 attributes, RADIUS sent by the access point 13-19 vendor-proprietary 13-16 vendor-specific 13-15 authentication 4-9 local mode with AAA 5-19 RADIUS key 13-5 login 5-10, 13-7 SSID 7-2 TACACS+ defined 13-22 key 13-24 login 5-15, 13-25 authentication client command 7-5 authentication server configuring access point as local server 9-2 described 1-7 EAP 11-4, 13-3 authentication types Network-EAP 11-4 open 11-2 shared key 11-3 authenticator 9-1 authorization with RADIUS 5-14, 13-11 with TACACS+ 5-17, 13-22, 13-26 B Back button 3-4 backoff 6-28 backup authenticator, local 9-1 bandwidth 6-11 banners configuring login 5-37 message-of-the-day login 5-35 default configuration 5-35 when displayed 5-35 basic settings checking 22-15 beacon dtim-period command 6-26 beacon period command 6-26 bit-flip attack 6-22 blocking communication between clients 6-24 BR350 interoperability 8-3 bridge-group command 6-25 bridge virtual interface (BVI) 2-26 broadcast-key command 11-15 broadcast key rotation 10-1, 10-3 BSSIDs 7-7 buttons management pages 3-4 web-browser 3-2 C caching MAC authentications 11-15 call admission control 1-4 Called-Station-ID See CSID Cancel button 3-4 capture frames 12-29 carrier busy test 6-28 Catalyst 6500 Series 12-1 CCKM 11-6 authenticated clients 11-6 described 1-7 CCK modulation 6-9 CDP disabling for routing device 17-4 enabling and disabling on an interface 17-4 monitoring 17-4 cdp enable command 17-4 cdp run command 17-3 Cisco Centralized Key Management (CCKM) See CCKM Cisco Discovery Protocol (CDP) 17-1 Cisco Key Integrity Protocol (CKIP) 6-22 Cisco TAC 22-1 CiscoWorks 2000 18-4 clear command 4-2 CLI 4-1 abbreviating commands 4-3 command modes 4-2 editing features enabling and disabling 4-6 keystroke editing 4-6 wrapped lines 4-7 error messages 4-4 filtering command output 4-8 getting help 4-3 history 4-4 changing the buffer size 4-5 described 4-4 disabling 4-5 recalling commands 4-5 no and default forms of commands 4-4 Secure Shell (SSH) 4-9 Telnet 4-9 terminal emulator settings 2-5, 2-6, 2-7 client ARP caching 5-26 client communication, blocking 6-24 client power level, limiting 6-10 command-line interface See CLI command modes 4-2 commands abbreviating 4-3 accounting 7-5 antenna 6-21 authentication client 7-5 beacon dtim-period 6-26 beacon period 6-26 bridge-group 6-25 broadcast-key 11-15 cdp enable 17-4 cdp run 17-3 clear 4-2 countermeasure tkip hold-time 11-17 debug 21-2 default form 4-4 del 22-18 dot11 aaa mac-authen filter-cache 11-15 dot11 extension aironet 6-22 dot11 holdoff-time 11-16 dot11 interface-number carrier busy 6-28 dot1x client-timeout 11-16 dot1x reauth-period 11-17 edit 4-6 encapsulation dot1q 14-6 encryption 10-4 fragment-threshold 6-27 guest-mode 7-5 help 4-3 infrastructure-client 6-24 infrastructure-ssid 7-5 interface dot11radio 1-9, 6-2 ip domain-name 5-34 ip redirect 7-12 no and default 4-4 no shutdown 4-4 packet retries 6-27 payload-encapsulation 6-23 permit tcp-port 7-12 power client 6-10 power local 6-9 recall 4-5 rts retries 6-26 rts threshold 6-26 set 22-22 set BOOT 22-22 setting privilege levels 5-8 show 4-2 show dot11 associations 7-6 show ip interface 2-4 slot-time-short 6-28 sort 4-8 speed 6-7 ssid 7-4, 11-10, 14-6 switchport protected 6-25 terminal history 4-5 terminal width 4-8 tftp_init 22-21 vlan 7-5, 14-6 world-mode 6-19 wpa-psk 11-14 commands station role 6-3 community strings configuring 18-6 overview 18-4 Complementary Code Keying (CCK) See CCK configuration files creating using a text editor 20-10 deleting a stored configuration 20-18 downloading preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-13 using RCP 20-16 using TFTP 20-11 guidelines for creating and using 20-9 invalid combinations when copying 20-5 system contact and location information 18-10 types and location 20-9 uploading preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-14 using RCP 20-17 using TFTP 20-11 connections, secure remote 5-25 countermeasure tkip hold-time command 11-17 crypto software image 5-25 CSID format, selecting 13-14 D Data Beacon Rate 6-26 data rate setting 6-5 data retries 6-27 data volume 2-12 daylight saving time 5-30 debug command 21-2 default commands 4-4 default configuration banners 5-35 DNS 5-33 password and privilege level 5-4 RADIUS 5-10, 13-4 resetting 22-16 SNMP 18-5 system message logging 21-3 system name and prompt 5-32 TACACS+ 5-15, 13-24 default gateway 2-12 default username 2-3 del command 22-18 delivery traffic indication message (DTIM) 6-26 DFS 1-5, 6-15 DHCP server configuring access point as 5-22 receiving IP settings from 2-11 directories changing 20-4 creating and removing 20-4 displaying the working 20-4 disable web-based management 3-14 diversity 6-20 DNS default configuration 5-33 displaying the configuration 5-35 overview 5-33 setting up 5-34 domain names DNS 5-33 Domain Name System See DNS dot11 aaa mac-authen filter-cache command 11-15 dot11 extension aironet command 6-22 dot11 holdoff-time commands 11-16 dot11 interface-number carrier busy command 6-28 dot1x client-timeout command 11-16 dot1x reauth-period command 11-17 downloading configuration files preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-13 using RCP 20-16 using TFTP 20-11 image files deleting old image 20-22 preparing 20-20, 20-23, 20-27 reasons for 20-18 using FTP 20-24 using RCP 20-29 using TFTP 20-21 DTIM 6-26 duplex, Ethernet port 5-18 Dynamic Frequency Selection 6-15 E EAP authentication, overview 11-4 EAP-FAST 1-3, 9-1, 9-2 EAP-FAST authentication 11-20 EAP-MD5 authentication setting on client and access point 11-21 EAP-SIM authentication setting on client and access point 11-22 EAP-TLS 1-3 applying EAP method profiles to 11-17 EAP-TLS authentication setting on client and access point 11-21 edit CLI commands 4-6 editing features enabling and disabling 4-6 keystrokes used 4-6 wrapped lines 4-7 enable password 5-6 enable secret password 5-6 encapsulation dot1q command 14-6 encapsulation method 6-23 encrypted software image 5-25 encryption command 10-4 encryption for passwords 5-6 error and event messages C-1 error messages 802.11 subsystem messages C-5 association management messages C-4 CLI 4-4 during command entry 4-4 explained C-2 inter-access point protocol messages C-17 local authenticator messages C-18 setting the display destination device 21-5 severity levels 21-7 software auto upgrade messages C-3 system message format 21-2 unzip messages C-5 Ethernet indicator 22-4 Ethernet speed and duplex settings 5-18 Ethertype filter 16-1 event log 3-4 event messages C-1 Express Security page 3-4, 2-14 Express Setup page 3-4 F fallback role 6-3 fast secure roaming 12-1 files copying 20-5 deleting 20-5 displaying the contents of 20-8 tar creating 20-6 displaying the contents of 20-6 extracting 20-7 image file format 20-19 file system displaying available file systems 20-2 displaying file information 20-3 local file system names 20-2 network file system names 20-5 setting the default 20-3 filtering Ethertype filters 16-11 IP filters 16-8 MAC address filters 16-3 show and more command output 4-8 filter output (CLI commands) 4-8 firmware upgrade 3-1 version 3-4 Flash 20-1 Flash device, number of 20-2 forward-delay time STP 8-7 fragmentation threshold 6-27 fragment-threshold command 6-27 frequencies 6-12, 6-13, 6-14 FTP accessing MIB files B-2 configuration files downloading 20-13 overview 20-12 preparing the server 20-13 uploading 20-14 image files deleting old image 20-26 downloading 20-24 preparing the server 20-23 uploading 20-26 G gain 6-20 get-bulk-request operation 18-3 get-next-request operation 18-3, 18-4 get-request operation 18-3, 18-4 get-response operation 18-3 global configuration mode 4-2 gratuitous probe response 1-4 Gratuitous Probe Response (GPR) enabling and disabling 6-21 group key updates 11-14 guest-mode command 7-5 guest SSID 7-2 H help 3-13 help, for the command line 4-3 history changing the buffer size 4-5 described 4-4 disabling 4-5 recalling commands 4-5 history (CLI) 4-4 history table, level and number of syslog messages 21-8 Home button 3-4 HTTPS 3-5 HTTP Web Server v1.1 1-8 I IBNS 802.1x 1-3 IEEE 802.1X local authentication service for EAP-FAST 1-8 image, operating system 22-18 indicators 22-2 infrastructure-client command 6-24 infrastructure device 7-5 infrastructure-ssid command 7-5 inter-client communication, blocking 6-24 interface CLI 4-1 web-browser 3-1 interface configuration mode 4-2 interface dot11radio command 1-9, 6-2 interfaces 3-4 intrusion detection 12-1 invalid characters in 14-6 IP address, finding and setting 2-25 ip domain-name command 5-34 IP filters 16-8 IP-Redirect 1-8 ip redirect command 7-12 IP redirection 7-11, 7-12 IPSU 2-25 IP subnet mask 2-12 ISO designators for protocols A-1 J jitter 15-2 K key features 1-2 keystrokes (edit CLI commands) 4-6 L latency 15-2 Layer 3 mobility 12-5 LBS 6-17 LEAP described 1-6 LEAP authentication local authentication 9-1 setting on client and access point 11-20 LED indicators Ethernet 22-4 radio traffic 22-4 status 22-4 Light Extensible Authentication Protocol See LEAP limiting client associations by MAC address 16-6 limiting client power level 6-10 line configuration mode 4-2 load balancing 6-22 local authenticator, access point as 9-1 Location-Based Services 6-17 login authentication with RADIUS 5-10, 13-7 with TACACS+ 5-15, 13-25 login banners 5-35 log messages See system message logging low power condition 22-14 M MAC address 2-26 ACLs, blocking association with 16-6 filter 16-1, 16-3 troubleshooting 22-15 MAC authentication caching 11-15 MAC-based authentication 9-1, 9-2 management CLI 4-1 map,network 3-4 maximum data retries 6-27 Maximum RTS Retries 6-26 Media Access Control (MAC) address 2-4 Message Integrity Check (MIC) 1-6, 6-22, 10-1, 22-15 message-of-the-day (MOTD) 5-35 messages to users through banners 5-35 metrics VoWLAN 1-5 MIBs accessing files with FTP B-2 location of files B-2 overview 18-2 SNMP interaction with 18-4 MIC 10-1 Microsoft IAS servers 11-2 Microsoft WPS IE SSIDL 1-8 migration mode, WPA 11-13 mobility groups 1-3 mode (role) 6-3 mode button 22-18 disabling 5-2 enabling 5-2 modes global configuration 4-2 interface configuration 4-2 line configuration 4-2 privileged EXEC 4-2 user EXEC 4-2 monitoring CDP 17-4 monitor mode 12-29 move the cursor (CLI) 4-6 multicast IGMP snooping-based 1-3 multicast messages 6-23 multiple basic SSIDs 7-7 N names, VLAN 14-7 Network Admission Control (NAC) 1-9 Network-EAP 11-4 network map 3-4 no commands 4-4 non-root 2-12 no shutdown command 4-4 notification 3-4 O OFDM 6-9 OK button 3-4 optional ARP caching 5-26 Orthogonal Frequency Division Multiplexing (OFDM) See OFDM P packet handling VoIP 1-4 packet of disconnect (PoD) configuring 13-12 packet retries command 6-27 packet size (fragment) 6-27 password reset 22-16 passwords default configuration 5-4 encrypting 5-6 overview 5-3 setting enable 5-4 enable secret 5-6 with usernames 5-7 payload-encapsulation command 6-23 PEAP authentication setting on client and access point 11-22 permit tcp-port command 7-12 per-VLAN Spanning Tree (PVST) 8-2 ports, protected 6-25 positioning packets 6-17 power client command 6-10 power level on client devices 6-10 radio 6-22 power local command 6-9 power-save client device 6-26 preferential treatment of traffic See QoS pre-shared key 11-14 preventing unauthorized access 5-3 print 3-13 prioritization 15-2 privileged EXEC mode 4-2 privilege levels exiting 5-9 logging into 5-9 overview 5-3, 5-8 setting a command with 5-8 protected ports 6-25 protocol filters 16-2 Public Secure Packet Forwarding (PSPF) 6-24 Q QBSS 15-3 dot11e parameter 15-3 QBSS Basic Service Set 1-8 QoS configuration guidelines 15-5 described 1-6 dot11e command 15-9 overview 15-2 Qos QBSS Load IE 15-9 quality of service See QoS R radar 1-5 radio activity 6-28 congestion 6-11 indicator 22-4 interface 6-2 management 1-7 preamble 6-19 radio management 12-1 RADIUS attributes CSID format, selecting 13-14 sent by the access point 13-19 vendor-proprietary 13-16 vendor-specific 13-15 WISPr 13-17 configuring access point as local server 9-2 accounting 13-13 authentication 5-10, 13-7 authorization 5-14, 13-11 communication, global 13-5, 13-15 communication, per-server 13-5 multiple UDP ports 13-5 default configuration 5-10, 13-4 defining AAA server groups 5-12, 13-9 displaying the configuration 5-15, 13-18 identifying the server 13-5 limiting the services to the user 5-14, 13-11 local authentication 9-2 method list, defined 13-4 operation of 13-3 overview 13-2 SSID 7-2 suggested network environments 13-2 tracking services accessed by user 13-13 RADIUS accounting 1-6 range 2-12 rate limit, logging 21-9 RCP configuration files downloading 20-16 overview 20-15 preparing the server 20-16 uploading 20-17 image files deleting old image 20-31 downloading 20-29 preparing the server 20-27 uploading 20-31 reauthentication requests 11-2 recall commands 4-5 redirection, IP 7-11 regulatory domains 6-12, 6-13, 6-14 reloading access point image 22-18 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP repeater 1-6 as a LEAP client 19-6 as a WPA client 19-7 chain of access points 19-2 request to send (RTS) 6-26 Resilient Tunnel Recovery 1-3 restricting access overview 5-3 passwords and privilege levels 5-3 RADIUS 5-10, 13-1 TACACS+ 5-15 RFC 1042 6-23 1157, SNMPv1 18-2 1901, SNMPv2C 18-2 1902 to 1907, SNMPv2 18-2 RM21A & RM22A support 1-8 roaming 1-9 fast secure roaming using CCKM 12-1 rogue access point detection 1-7 role (mode) 6-3 role in radio network 6-2 root 2-12 rotation, broadcast key 10-1 rts retries command 6-26 RTS threshold 6-26 rts threshold command 6-26 S secure remote connections 5-25 Secure Shell See SSH security 3-4 troubleshooting 22-15 security features 1-6 synchronizing 11-19 security settings, Express Security page 2-14 self-healing wireless LAN 1-7, 12-5 sequence numbers in log messages 21-6 serial serial port connector 22-13 service set identifiers (SSIDs) See SSID service-type attribute 11-2 set BOOT command 22-22 set command 22-22 set-request operation 18-4 severity levels, defining in system messages 21-7 shared key 11-6 short slot time 6-28 show cdp traffic command 17-5 show command 4-2 show dot11 associations command 7-6 show ip interface command 2-4 Simple Network Management Protocol See SNMP Simple Network Time Protocol See SNTP slot-time-short command 6-28 SNMP accessing MIB variables with 18-4 agent described 18-3 disabling 18-5 community name 2-13 community strings configuring 18-6 overview 18-4 configuration examples 18-10 default configuration 18-5 limiting system log messages to NMS 21-8 manager functions 18-3 overview 18-2, 18-4 server groups 18-7 shutdown mechanism 18-8 snmp-server view 18-10 status, displaying 18-12 system contact and location 18-10 trap manager, configuring 18-9 traps described 18-3 enabling 18-8 overview 18-2, 18-4 types of 18-8 versions supported 18-2 SNMP, FTP MIB files B-2 snmp-server group command 18-7 SNMP versions supported 18-2 SNTP overview 5-27 software image 22-18 upload and download 20-1 software images location in Flash 20-19 tar file format, described 20-19 software upgrade error and event messages C-3 sort (CLI commands) 4-8 spaces in an SSID 7-6 speed, Ethernet port 5-18 speed command 6-7 SSH 4-9 configuring 5-26 crypto software image 5-25 described 5-25 displaying settings 5-26 SSH Communications Security, Ltd. 4-9 SSID 7-2, 14-6 guest mode 7-2 invalid characters in 7-4, 11-10 multiple SSIDs 7-1 support 1-6 troubleshooting 22-15 using spaces in 7-6 VLAN 7-2 ssid command 7-4, 11-10, 14-6 rules for 11-10 SSL 3-5 standby mode 1-6 static WEP with open authentication, setting on client and access point 11-19 with shared key authentication, setting on client and access point 11-19 station role command 6-3 statistics CDP 17-4 SNMP input and output 18-12 status indicators 22-4 status page 3-4 STP BPDU message exchange 8-3 designated port, defined 8-4 designated switch, defined 8-4 displaying status 8-14 inferior BPDU 8-4 interface states blocking 8-7 disabled 8-8 forwarding 8-6, 8-8 learning 8-7 listening 8-7 overview 8-5 overview 8-2 root port, defined 8-4 superior BPDU 8-4 timers, described 8-5 summer time 5-30 switchport protected command 6-25 syslog See system message logging system clock configuring daylight saving time 5-30 manually 5-28 summer time 5-30 time zones 5-29 displaying the time and date 5-29 system management page 3-2 system message logging default configuration 21-3 defining error message severity levels 21-7 disabling 21-4 displaying the configuration 21-12 enabling 21-4 facility keywords, described 21-11 level keywords, described 21-8 limiting messages 21-8 message format 21-2 overview 21-2 rate limit 21-9 sequence numbers, enabling and disabling 21-6 setting the display destination device 21-5 timestamps, enabling and disabling 21-6 UNIX syslog servers configuring the daemon 21-10 configuring the logging facility 21-10 facilities supported 21-11 system name default configuration 5-32 manual configuration 5-32 See also DNS system prompt default setting 5-32 T TAC 22-1 TACACS+ accounting, defined 13-22 authentication, defined 13-22 authorization, defined 13-22 configuring accounting 13-27 authentication key 13-24 authorization 5-17, 13-26 login authentication 5-15, 13-25 default configuration 5-15, 13-24 described 1-6 displaying the configuration 5-17, 13-28 identifying the server 13-24 limiting the services to the user 5-17, 13-26 operation of 13-23 overview 13-22 tracking services accessed by user 13-27 tar files creating 20-6 displaying the contents of 20-6 extracting 20-7 image file format 20-19 Telnet 4-9, 2-27 Temporal Key Integrity Protocol (TKIP) 10-1 See TKIP Terminal Access Controller Access Control System Plus See TACACS+ terminal emulator 2-5 terminal history command 4-5 terminal width command 4-8 TFTP 22-21 configuration files downloading 20-11 preparing the server 20-10 uploading 20-11 image files deleting 20-22 downloading 20-21 preparing the server 20-20 uploading 20-22 password 5-6 tftp_init command 22-21 TFTP server 22-18 throughput 2-12 time See SNTP and system clock timestamps in log messages 21-6 time zones 5-29 TKIP 1-7, 6-22, 10-1, 10-2 traps 3-4 configuring managers 18-8 defined 18-3 enabling 18-8 notification types 18-8 overview 18-2, 18-4 Trivial File Transfer Protocol (TFTP) See TFTP troubleshooting 22-1, 22-6, 22-9, 22-14 1300 outdoor access point/bridge indicators 22-10 1300 outdoor access point/bridge power injector 22-13 error messages (CLI) 4-4 system message logging 21-2 with CiscoWorks 18-4 U U-APSD 1-4 unauthorized access 5-3 UNIX syslog servers daemon configuration 21-10 facilities supported 21-11 message logging configuration 21-10 upgrading software images See downloading uploading configuration files preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-14 using RCP 20-17 using TFTP 20-11 image files preparing 20-20, 20-23, 20-27 reasons for 20-18 using FTP 20-26 using RCP 20-31 using TFTP 20-22 user EXEC mode 4-2 username, default 2-3 username-based authentication 5-7 V VLAN local authentication 9-2 names 14-7 SSID 1-6, 7-2 VLAN assignment by name 1-8 vlan command 7-5, 14-6 voice 1-7 W W52 1-5 WDS 12-1, 12-9 Web-based interface common buttons 3-4 compatible browsers 3-1 web-browser buttons 3-2 web-browser interface 1-9, 3-1 web site Cisco Software Center 2-25 WEP key example 10-5 key hashing 1-6 with EAP 11-4 WEP key 22-15 troubleshooting 22-15 WIDS 12-6 Wi-Fi Multimedia 15-4 Wi-Fi Multimedia (WMM) 1-8 Wi-Fi Protected Access See WPA Wi-Fi Protected Access (WPA) 1-7, 2-17 wireless domain services (WDS) 1-7 Wireless Internet Service Provider (WISP) 1-7 wireless intrusion detection services 12-1 Wireless LAN Services Module 12-2 wireless repeater 1-6 WISPr 1-7 WISPr RADIUS attributes 13-17 WLSM active and standby 1-3 MIB support 1-3 WMM 15-4 workgroup bridge 6-23 maximum number of clients allowed 6-3 world mode 1-6, 6-18, 6-22 world-mode command 6-19 WPA 11-7 WPA migration mode 11-13 wpa-psk command 11-14 wraparound (CLI commands) 4-7
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.