Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC - Index [Cisco Aironet 1200 Series]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

1130 series indicators 22-6

1240 series indicators 22-9

1300 outdoor access point/bridge indicators 22-14

350 series bridge interoperability 8-3

802.11d 6-22

802.11e 15-2

802.11g 6-33

802.11i 6-26

802.11n channel width 6-15

802.11n guard interval 6-20

802.1H 6-27

802.1x authentication 9-2

802.1X Supplicant

applying credentials to interface or SSID 4-28

configuring 4-27

creating a credentials profile 4-27

creating and applying EAP method profiles 4-30

A

abbreviating commands 3-3

access point bridge interfaces not supported 7-12

access point security settings, matching client devices 11-20

accounting

with RADIUS 13-13

with TACACS+ 13-23, 13-28

accounting command 7-5

ACL logging 7-12

Address Resolution Protocol (ARP) 6-28

AES-CCMP 10-2

Aironet Client Utility (ACU) 22-19

Aironet extensions 6-14, 6-26

ampdu command 15-5

antenna

selection 6-24

antenna command 6-25

Apply button 2-3

ARP

caching 5-26

associations, limiting by MAC address 16-6

attributes, RADIUS

sent by the access point 13-20

vendor-proprietary 13-17

vendor-specific 13-16

authentication 3-9

local mode with AAA 5-19

RADIUS

key 13-5

login 5-10, 13-7

SSID 7-2

TACACS+

defined 13-23

key 13-25

login 5-15, 13-26

authentication client command 7-5

authentication server

configuring access point as local server 9-2

EAP 11-4, 13-2

authentication types

Network-EAP 11-4

open 11-2

shared key 11-3

authenticator 9-1

authorization

with RADIUS 5-14, 13-11

with TACACS+ 5-17, 13-23, 13-27

B

Back button 2-3

backoff 6-33

backup authenticator, local 9-1

bandwidth 6-15

banners

configuring

login 5-37

message-of-the-day login 5-35

default configuration 5-35

when displayed 5-35

basic settings

checking 22-18

beacon dtim-period command 6-31

beacon period command 6-31

bit-flip attack 6-26

blocking communication between clients 6-29

BR350 interoperability 8-3

bridge-group command 6-29

bridge virtual interface (BVI) 4-26

broadcast-key command 11-15

broadcast key rotation 10-1, 10-3

BSSIDs 7-7

buttons

management pages 2-3

web-browser 2-2

C

caching MAC authentications 11-15

Called-Station-ID

See CSID

Cancel button 2-3

capture frames 12-30

carrier busy test 6-33

Catalyst 6500 Series 12-1

CCKM 11-6

authenticated clients 11-6

CCK modulation 6-13

CDP

disabling for routing device 17-4

enabling and disabling

on an interface 17-4

monitoring 17-4

cdp enable command 17-4

cdp run command 17-3

channel width 6-15

Cisco Discovery Protocol (CDP) 17-1

Cisco Key Integrity Protocol (CKIP) 6-26

Cisco TAC 22-1

CiscoWorks 2000 18-4

clear command 3-2

CLI 3-1

abbreviating commands 3-3

command modes 3-2

editing features

enabling and disabling 3-6

keystroke editing 3-6

wrapped lines 3-7

error messages 3-4

filtering command output 3-8

getting help 3-3

history 3-4

changing the buffer size 3-5

described 3-4

disabling 3-5

recalling commands 3-5

no and default forms of commands 3-4

Secure Shell (SSH) 3-9

Telnet 3-9

terminal emulator settings 4-6

client ARP caching 5-26

client communication, blocking 6-29

Client MFP 12-25, 12-26

client power level, limiting 6-13

command-line interface

See CLI

command modes 3-2

commands

abbreviating 3-3

accounting 7-5

antenna 6-25

authentication client 7-5

beacon dtim-period 6-31

beacon period 6-31

bridge-group 6-29

broadcast-key 11-15

cdp enable 17-4

cdp run 17-3

clear 3-2

countermeasure tkip hold-time 11-17

debug 21-2

default form 3-4

del 22-21

dot11 aaa mac-authen filter-cache 11-15

dot11 extension aironet 6-27

dot11 holdoff-time 11-16

dot11 interface-number carrier busy 6-33

dot1x client-timeout 11-16

dot1x reauth-period 11-17

edit 3-6

encapsulation dot1q 14-6

encryption 10-4

fragment-threshold 6-32

guest-mode 7-5

help 3-3

infrastructure-client 6-28

infrastructure-ssid 7-5

interface dot11radio 1-2, 6-2

ip domain-name 5-34

ip redirect 7-12

no and default 3-4

no shutdown 3-4

packet retries 6-32

payload-encapsulation 6-27

permit tcp-port 7-12

power client 6-14

power local 6-12

recall 3-5

rts retries 6-31

rts threshold 6-31

set 22-25

set BOOT 22-25

setting privilege levels 5-8

show 3-2

show dot11 associations 7-6

show ip interface 4-4

slot-time-short 6-33

sort 3-8

speed 6-9

ssid 7-4, 11-10, 14-6

switchport protected 6-30

terminal history 3-5

terminal width 3-8

tftp_init 22-24

vlan 7-5, 14-6

world-mode 6-23

wpa-psk 11-14

commands station role 6-4

community strings

configuring 18-6

overview 18-4

Complementary Code Keying (CCK)

See CCK

configuration files

creating using a text editor 20-9

deleting a stored configuration 20-18

downloading

preparing 20-10, 20-12, 20-15

reasons for 20-8

using FTP 20-12

using RCP 20-16

using TFTP 20-10

guidelines for creating and using 20-8

invalid combinations when copying 20-4

system contact and location information 18-10

types and location 20-9

uploading

preparing 20-10, 20-12, 20-15

reasons for 20-8

using FTP 20-13

using RCP 20-17

using TFTP 20-11

configuring 6-10

connections, secure remote 5-25

countermeasure tkip hold-time command 11-17

crypto software image 5-25

CSID format, selecting 13-14

D

Data Beacon Rate 6-30

data rate setting 6-7

data retries 6-32

data volume 4-13

daylight saving time 5-30

debug command 21-2

default commands 3-4

default configuration

banners 5-35

DNS 5-33

password and privilege level 5-4

RADIUS 5-10, 13-4

resetting 22-19

SNMP 18-5

system message logging 21-3

system name and prompt 5-32

TACACS+ 5-15, 13-25

default gateway 4-12

default radio settings

description of 4-7

default username 4-2

del command 22-21

delivery traffic indication message (DTIM) 6-30

DFS 6-16

DHCP server

configuring access point as 5-22

receiving IP settings from 4-11

directories

changing 20-3

creating and removing 20-4

displaying the working 20-3

disable web-based management 2-14

diversity 6-24

DNS

default configuration 5-33

displaying the configuration 5-35

overview 5-33

setting up 5-34

domain names

DNS 5-33

Domain Name System

See DNS

dot11 aaa mac-authen filter-cache command 11-15

dot11 extension aironet command 6-27

dot11 extension power native command 4-26

dot11 holdoff-time commands 11-16

dot11 interface-number carrier busy command 6-33

dot1x client-timeout command 11-16

dot1x reauth-period command 11-17

downloading

configuration files

preparing 20-10, 20-12, 20-15

reasons for 20-8

using FTP 20-12

using RCP 20-16

using TFTP 20-10

image files

deleting old image 20-22

preparing 20-19, 20-23, 20-27

reasons for 20-18

using FTP 20-24

using RCP 20-29

using TFTP 20-20

DTIM 6-30

duplex, Ethernet port 5-18

Dynamic Frequency Selection 6-16

blocking channels 6-19

CLI commands 6-18

configuring a channel 6-19

confirming DFS enabled 6-18

E

EAP authentication, overview 11-4

EAP-FAST 9-1, 9-2

EAP-FAST authentication 11-20

EAP-MD5 authentication

setting on client and access point 11-22

EAP-SIM authentication

setting on client and access point 11-22

EAP-TLS

applying EAP method profiles to 11-17

EAP-TLS authentication

setting on client and access point 11-21

edit CLI commands 3-6

editing features

enabling and disabling 3-6

keystrokes used 3-6

wrapped lines 3-7

enable password 5-6

enable secret password 5-6

encapsulation dot1q command 14-6

encapsulation method 6-27

encrypted software image 5-25

encryption command 10-4

encryption for passwords 5-6

error and event messages C-1

error messages

802.11 subsystem messages C-7

access point/bridge messages C-25

association management messages C-5

Cisco discovery protocol messages C-25

CLI 3-4

during command entry 3-4

explained C-2

external radius server error messages C-26

inter-access point protocol messages C-20

local authenticator messages C-21

LWAPP error messages C-26

mini IOS messages C-24

sensor messages C-27

setting the display destination device 21-5

severity levels 21-7

SNMP error messages C-28

software auto upgrade messages C-3

SSH error messages C-29

system message format 21-2

unzip messages C-6

Ethernet indicator 22-4

Ethernet speed and duplex settings 5-18

Ethertype filter 1-xxi, 16-1

event log 2-3

event messages C-1

Express Security page 2-3, 4-15

Express Setup page 2-3

F

fallback role 6-3

fast secure roaming 12-1

files

copying 20-4

deleting 20-5

displaying the contents of 20-7

tar

creating 20-5

displaying the contents of 20-6

extracting 20-7

image file format 20-19

file system

displaying available file systems 20-2

displaying file information 20-3

local file system names 20-1

network file system names 20-4

setting the default 20-3

filtering

Ethertype filters 16-12

IP filters 16-9

MAC address filters 16-3

show and more command output 3-8

filter output (CLI commands) 3-8

firmware

upgrade 2-1

version 2-3

Flash 20-1

Flash device, number of 20-1

forward-delay time

STP 8-7

fragmentation threshold 6-32

fragment-threshold command 6-32

FTP

accessing MIB files B-2

configuration files

downloading 20-12

overview 20-11

preparing the server 20-12

uploading 20-13

image files

deleting old image 20-26

downloading 20-24

preparing the server 20-23

uploading 20-26

G

gain 6-24

get-bulk-request operation 18-3

get-next-request operation 18-3, 18-4

get-request operation 18-3, 18-4

get-response operation 18-3

global configuration mode 3-2

Gratuitous Probe Response (GPR)

enabling and disabling 6-25

group key updates 11-14

guard interval 6-20

guest-mode command 7-5

guest SSID 7-2

H

help 2-13

help, for the command line 3-3

history

changing the buffer size 3-5

described 3-4

disabling 3-5

recalling commands 3-5

history (CLI) 3-4

history table, level and number of syslog messages 21-8

Home button 2-3

HTTPS 2-4

I

image, operating system 22-21

indicators 22-2

infrastructure-client command 6-28

infrastructure-ssid command 7-5

inter-client communication, blocking 6-29

interface

CLI 3-1

web-browser 2-1

interface configuration mode 3-2

interface dot11radio command 1-2, 6-2

interfaces 2-3

intrusion detection 12-1

invalid characters in 14-6

ip domain-name command 5-34

IP filters 16-9

ip redirect command 7-12

IP redirection 7-11, 7-12

IP subnet mask 4-12

ISO designators for protocols A-1

J

Japan upgrade utility

migrating to W52 domain 5-37

verfying the migration 5-39

jitter 15-2

K

key features 1-2

keystrokes (edit CLI commands) 3-6

L

latency 15-2

Layer 3 mobility 12-5

LBS 6-21

LEAP authentication

local authentication 9-1

setting on client and access point 11-20

LED indicators

Ethernet 22-4

radio traffic 22-4

status 22-4

limited channel scanning 19-15

limiting client associations by MAC address 16-6

limiting client power level 6-13

line configuration mode 3-2

load balancing 6-26

local authenticator, access point as 9-1

Location-Based Services 6-21

login authentication

with RADIUS 5-10, 13-7

with TACACS+ 5-15, 13-26

login banners 5-35

log messages

See system message logging

low power condition 22-17

M

MAC address

ACLs, blocking association with 16-6

filter 1-xxi, 16-1, 16-3

troubleshooting 22-19

MAC authentication caching 11-15

MAC-based authentication 9-1, 9-2

management

CLI 3-1

Management Frame Protection 12-24

access points in root mode 12-25

broadcast management frames 12-25

overview 12-25

unicast management frames 12-25

Management Frame Protection 2

configuring 12-26

map,network 2-3

maximum data retries 6-32

Maximum RTS Retries 6-31

MCS rates 6-10, 6-11

Media Access Control (MAC) address 4-4

Message Integrity Check (MIC) 6-26, 10-1, 22-18

message-of-the-day (MOTD) 5-35

messages

to users through banners 5-35

MIBs

accessing files with FTP B-2

location of files B-2

overview 18-2

SNMP interaction with 18-4

MIC 10-1

Microsoft IAS servers 11-2

migration mode, WPA 11-13

mode (role) 6-4

mode button 22-22

disabling 5-2

enabling 5-2

modes

global configuration 3-2

interface configuration 3-2

line configuration 3-2

privileged EXEC 3-2

user EXEC 3-2

monitoring

CDP 17-4

monitor mode 12-30

move the cursor (CLI) 3-6

multicast messages 6-28

multiple basic SSIDs 7-7

multiple VLAN

configuring for non-root bridge 5-39

N

names, VLAN 14-7

Network-EAP 11-4

network map 2-3

no commands 3-4

non-root 4-12

no shutdown command 3-4

notification 2-3

O

OFDM 6-13

OK button 2-3

optional ARP caching 5-26

Orthogonal Frequency Division Multiplexing (OFDM)

See OFDM

P

packet of disconnect (PoD)

configuring 13-12

packet retries command 6-32

packet size (fragment) 6-32

password reset 22-19

passwords

default configuration 5-4

encrypting 5-6

overview 5-3

setting

enable 5-4

enable secret 5-6

with usernames 5-7

payload-encapsulation command 6-27

PEAP authentication

setting on client and access point 11-22

permit tcp-port command 7-12

per-VLAN Spanning Tree (PVST) 8-2

point-to-multipoint bridging

multiple VLAN and rate limiting 5-39

ports, protected 6-30

positioning packets 6-21

power client command 6-14

power level

on client devices 6-13

radio 6-26

power local command 6-12

power-save client device 6-30

preferential treatment of traffic

See QoS

pre-shared key 11-14

preventing unauthorized access 5-3

print 2-13

prioritization 15-2

privileged EXEC mode 3-2

privilege levels

exiting 5-9

logging into 5-9

overview 5-3, 5-8

setting a command with 5-8

protected ports 6-30

protocol filters 16-2

Public Secure Packet Forwarding (PSPF) 6-29

Q

QBSS 15-3

dot11e parameter 15-3

QoS

configuration guidelines 15-5

dot11e command 15-9

overview 15-2

Qos

QBSS Load IE 15-9

quality of service

See QoS

R

radio

activity 6-33

congestion 6-15

indicator 22-4

interface 6-2

preamble 6-23

radio data rates 6-8

high vs low 6-8

radio management 12-1

RADIUS

attributes

CSID format, selecting 13-14

sent by the access point 13-20

vendor-proprietary 13-17

vendor-specific 13-16

WISPr 13-18

configuring

access point as local server 9-2

accounting 13-13

authentication 5-10, 13-7

authorization 5-14, 13-11

communication, global 13-5, 13-15

communication, per-server 13-4, 13-5

multiple UDP ports 13-5

default configuration 5-10, 13-4

defining AAA server groups 5-12, 13-9

displaying the configuration 5-15, 13-19

identifying the server 13-4

limiting the services to the user 5-14, 13-11

local authentication 9-2

method list, defined 13-4

operation of 13-2

overview 13-2

SSID 7-2

suggested network environments 13-2

tracking services accessed by user 13-13

range 4-13

rate limit, logging 21-9

rate limiting

configuring for non-root bridge 5-39

RCP

configuration files

downloading 20-16

overview 20-14

preparing the server 20-15

uploading 20-17

image files

deleting old image 20-31

downloading 20-29

preparing the server 20-27

uploading 20-31

reauthentication requests 11-2

recall commands 3-5

redirection, IP 7-11

reliability problems with 6-8

reloading access point image 22-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

repeater

as a LEAP client 19-7

as a WPA client 19-8

chain of access points 19-2

request to send (RTS) 6-31

restricting access

overview 5-3

passwords and privilege levels 5-3

RADIUS 5-10, 13-1

TACACS+ 5-15

RFC

1042 6-27

1157, SNMPv1 18-2

1901, SNMPv2C 18-2

1902 to 1907, SNMPv2 18-2

roaming 1-3

fast secure roaming using CCKM 12-1

role (mode) 6-4

role in radio network 6-2

root 4-12

rotation, broadcast key 10-1

rts retries command 6-31

RTS threshold 6-31

rts threshold command 6-31

S

sample configuration 6-11

secure remote connections 5-25

Secure Shell

See SSH

security 2-3

troubleshooting 22-18

security features

synchronizing 11-20

security settings, Express Security page 4-15

self-healing wireless LAN 12-5

sequence numbers in log messages 21-6

serial

serial port connector 22-16

service set identifiers (SSIDs)

See SSID

service-type attribute 11-2

set BOOT command 22-25

set command 22-25

set-request operation 18-4

setting 6-20

severity levels, defining in system messages 21-7

shared key 11-6

short slot time 6-33

show cdp traffic command 17-5

show command 3-2

show dot11 associations command 7-6

show ip interface command 4-4

Simple Network Management Protocol

See SNMP

Simple Network Time Protocol

See SNTP

slot-time-short command 6-33

SNMP

accessing MIB variables with 18-4

agent

described 18-4

disabling 18-5

community name 4-12

community strings

configuring 18-6

overview 18-4

configuration examples 18-10

default configuration 18-5

limiting system log messages to NMS 21-8

manager functions 18-3

overview 18-2, 18-4

server groups 18-7

shutdown mechanism 18-8

snmp-server view 18-10

status, displaying 18-12

system contact and location 18-10

trap manager, configuring 18-9

traps

described 18-3

enabling 18-8

overview 18-2, 18-4

types of 18-8

versions supported 18-2

SNMP, FTP MIB files B-2

snmp-server group command 18-7

SNMP versions supported 18-2

SNTP

overview 5-27

software image 22-21

upload and download 20-1

software images

location in Flash 20-18

tar file format, described 20-19

software upgrade

error and event messages C-3

sort (CLI commands) 3-8

spaces in an SSID 7-6

speed command 6-9

SSH 3-9

configuring 5-26

crypto software image 5-25

described 5-25

displaying settings 5-26

SSH Communications Security, Ltd. 3-9

SSID 7-2, 14-6

guest mode 7-2

invalid characters in 7-4, 11-10

multiple SSIDs 7-1

troubleshooting 22-18

using spaces in 7-6

VLAN 7-2

ssid command 7-4, 11-10, 14-6

rules for 11-10

SSL 2-4

static WEP

with open authentication, setting on client and access point 11-20

with shared key authentication, setting on client and access point 11-20

station role command 6-4

statistics

CDP 17-4

SNMP input and output 18-12

status indicators 22-4

status page 2-3

STP

BPDU message exchange 8-3

designated port, defined 8-4

designated switch, defined 8-4

displaying status 8-14

inferior BPDU 8-4

interface states

blocking 8-7

disabled 8-8

forwarding 8-6, 8-8

learning 8-7

listening 8-7

overview 8-5

overview 8-2

root port, defined 8-4

superior BPDU 8-4

timers, described 8-5

summer time 5-30

switchport protected command 6-30

syslog

See system message logging

system clock

configuring

daylight saving time 5-30

manually 5-28

summer time 5-30

time zones 5-29

displaying the time and date 5-29

system management page 2-2

system message logging

default configuration 21-3

defining error message severity levels 21-7

disabling 21-4

displaying the configuration 21-12

enabling 21-4

facility keywords, described 21-11

level keywords, described 21-8

limiting messages 21-8

message format 21-2

overview 21-2

rate limit 21-9

sequence numbers, enabling and disabling 21-6

setting the display destination device 21-5

timestamps, enabling and disabling 21-6

UNIX syslog servers

configuring the daemon 21-10

configuring the logging facility 21-10

facilities supported 21-11

system name

default configuration 5-32

manual configuration 5-32

See also DNS

system prompt

default setting 5-32

T

TAC 22-1

TACACS+

accounting, defined 13-23

authentication, defined 13-23

authorization, defined 13-23

configuring

accounting 13-28

authentication key 13-25

authorization 5-17, 13-27

login authentication 5-15, 13-26

default configuration 5-15, 13-25

displaying the configuration 5-17, 13-29

identifying the server 13-25

limiting the services to the user 5-17, 13-27

operation of 13-24

overview 13-23

tracking services accessed by user 13-28

tar files

creating 20-5

displaying the contents of 20-6

extracting 20-7

image file format 20-19

Telnet 3-9, 4-26

Temporal Key Integrity Protocol (TKIP) 10-1

Terminal Access Controller Access Control System Plus

See TACACS+

terminal history command 3-5

terminal width command 3-8

TFTP 22-24

configuration files

downloading 20-10

preparing the server 20-10

uploading 20-11

image files

deleting 20-22

downloading 20-20

preparing the server 20-19

uploading 20-22

password 5-6

tftp_init command 22-24

TFTP server 22-22

throughput 4-13

time

See SNTP and system clock

timestamps in log messages 21-6

time zones 5-29

TKIP 6-26, 10-1, 10-3

traps 2-3

configuring managers 18-8

defined 18-3

enabling 18-8

notification types 18-8

overview 18-2, 18-4

Trivial File Transfer Protocol (TFTP)

See TFTP

troubleshooting 22-1, 22-6, 22-9, 22-17

1300 outdoor access point/bridge indicators 22-14

1300 outdoor access point/bridge power injector 22-16

error messages (CLI) 3-4

system message logging 21-2

with CiscoWorks 18-4

U

unauthorized access 5-3

universal workgroup bridge 6-2

universal workgroup bridge mode 4-12

UNIX syslog servers

daemon configuration 21-10

facilities supported 21-11

message logging configuration 21-10

upgrading software images

See downloading

uploading

configuration files

preparing 20-10, 20-12, 20-15

reasons for 20-8

using FTP 20-13

using RCP 20-17

using TFTP 20-11

image files

preparing 20-19, 20-23, 20-27

reasons for 20-18

using FTP 20-26

using RCP 20-31

using TFTP 20-22

user EXEC mode 3-2

username, default 4-2

username-based authentication 5-7

V

VLAN

local authentication 9-2

names 14-7

SSID 7-2

vlan command 7-5, 14-6

W

W52 domain

migrating to 5-37

WDS 12-1, 12-9

configuring WDS-only mode 12-19

Web-based interface

common buttons 2-3

compatible browsers 2-1

web-browser buttons 2-2

web-browser interface 1-2, 2-1

WEP

key example 10-5

with EAP 11-4

WEP key 22-18

troubleshooting 22-18

WIDS 12-6

Wi-Fi Multimedia 15-4

Wi-Fi Protected Access

See WPA

Wi-Fi Protected Access (WPA) 4-18

wireless intrusion detection services 12-1

Wireless LAN Services Module 12-2

WISPr RADIUS attributes 13-18

WMM 15-4

Workgroup bridge

configuring limited channel scanning 19-15

configuring the limited channel set 19-15

ignoring the CCX neighbor list 19-16

workgroup bridge 6-28

guidelines for using in lightweight environment 19-18

in lightweight environment 19-18

maximum number of clients allowed 6-4

sample lightweight network configuration 19-20

world mode 6-22, 6-26

always on setting 6-22

world-mode command 6-23

world mode roaming 6-22

WPA 11-7

WPA migration mode 11-13

wpa-psk command 11-14

wraparound (CLI commands) 3-7

	Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC
	Index
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC Preface Overview Chapter 2 - Using the Web-Browser Interface Chapter 3 - Using the Command-line Interface Chapter 4 - Configuring the Access Point for the First Time Chapter 5 - Administering the Access Point Chapter 6 - Configuring Radio Setting Chapter 7 - Configuring Multiple SSIDs Chapter 8 - Configuring Spanning Tree Protocol Chapter 9 - Configuring an Access Point as a Local Authenticator Chapter 10 - Configuring Cipher Suites and WEP Chapter 11 - Configuring Authentication Types Chapter 12 - Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services Chapter 13 - Configuring RADIUS and TACACS+ Servers Chapter 14 - Configuring QoS Chapter 15 - Configuring QoS Chapter 16 - Configuring Filters Chapter 17 - Configuring CDP Chapter 18 - Configuring SNMP Chapter 19 - Configuring Repeater and Standby Access Points and Workgroup Bridge Mode Chapter 20 - Managing Firmware and Configurations Chapter 21 - Configuring System Message Logging Chapter 22 - Troubleshooting Appendix A - Protocol Filters Appendix B - Supported MIBs Appendix C - Error and Event Messages Index Glossary	Download this chapter Index Download the complete book Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC (PDF - 11 MB) Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Index Numerics 1130 series indicators 22-6 1240 series indicators 22-9 1300 outdoor access point/bridge indicators 22-14 350 series bridge interoperability 8-3 802.11d 6-22 802.11e 15-2 802.11g 6-33 802.11i 6-26 802.11n channel width 6-15 802.11n guard interval 6-20 802.1H 6-27 802.1x authentication 9-2 802.1X Supplicant applying credentials to interface or SSID 4-28 configuring 4-27 creating a credentials profile 4-27 creating and applying EAP method profiles 4-30 A abbreviating commands 3-3 access point bridge interfaces not supported 7-12 access point security settings, matching client devices 11-20 accounting with RADIUS 13-13 with TACACS+ 13-23, 13-28 accounting command 7-5 ACL logging 7-12 Address Resolution Protocol (ARP) 6-28 AES-CCMP 10-2 Aironet Client Utility (ACU) 22-19 Aironet extensions 6-14, 6-26 ampdu command 15-5 antenna selection 6-24 antenna command 6-25 Apply button 2-3 ARP caching 5-26 associations, limiting by MAC address 16-6 attributes, RADIUS sent by the access point 13-20 vendor-proprietary 13-17 vendor-specific 13-16 authentication 3-9 local mode with AAA 5-19 RADIUS key 13-5 login 5-10, 13-7 SSID 7-2 TACACS+ defined 13-23 key 13-25 login 5-15, 13-26 authentication client command 7-5 authentication server configuring access point as local server 9-2 EAP 11-4, 13-2 authentication types Network-EAP 11-4 open 11-2 shared key 11-3 authenticator 9-1 authorization with RADIUS 5-14, 13-11 with TACACS+ 5-17, 13-23, 13-27 B Back button 2-3 backoff 6-33 backup authenticator, local 9-1 bandwidth 6-15 banners configuring login 5-37 message-of-the-day login 5-35 default configuration 5-35 when displayed 5-35 basic settings checking 22-18 beacon dtim-period command 6-31 beacon period command 6-31 bit-flip attack 6-26 blocking communication between clients 6-29 BR350 interoperability 8-3 bridge-group command 6-29 bridge virtual interface (BVI) 4-26 broadcast-key command 11-15 broadcast key rotation 10-1, 10-3 BSSIDs 7-7 buttons management pages 2-3 web-browser 2-2 C caching MAC authentications 11-15 Called-Station-ID See CSID Cancel button 2-3 capture frames 12-30 carrier busy test 6-33 Catalyst 6500 Series 12-1 CCKM 11-6 authenticated clients 11-6 CCK modulation 6-13 CDP disabling for routing device 17-4 enabling and disabling on an interface 17-4 monitoring 17-4 cdp enable command 17-4 cdp run command 17-3 channel width 6-15 Cisco Discovery Protocol (CDP) 17-1 Cisco Key Integrity Protocol (CKIP) 6-26 Cisco TAC 22-1 CiscoWorks 2000 18-4 clear command 3-2 CLI 3-1 abbreviating commands 3-3 command modes 3-2 editing features enabling and disabling 3-6 keystroke editing 3-6 wrapped lines 3-7 error messages 3-4 filtering command output 3-8 getting help 3-3 history 3-4 changing the buffer size 3-5 described 3-4 disabling 3-5 recalling commands 3-5 no and default forms of commands 3-4 Secure Shell (SSH) 3-9 Telnet 3-9 terminal emulator settings 4-6 client ARP caching 5-26 client communication, blocking 6-29 Client MFP 12-25, 12-26 client power level, limiting 6-13 command-line interface See CLI command modes 3-2 commands abbreviating 3-3 accounting 7-5 antenna 6-25 authentication client 7-5 beacon dtim-period 6-31 beacon period 6-31 bridge-group 6-29 broadcast-key 11-15 cdp enable 17-4 cdp run 17-3 clear 3-2 countermeasure tkip hold-time 11-17 debug 21-2 default form 3-4 del 22-21 dot11 aaa mac-authen filter-cache 11-15 dot11 extension aironet 6-27 dot11 holdoff-time 11-16 dot11 interface-number carrier busy 6-33 dot1x client-timeout 11-16 dot1x reauth-period 11-17 edit 3-6 encapsulation dot1q 14-6 encryption 10-4 fragment-threshold 6-32 guest-mode 7-5 help 3-3 infrastructure-client 6-28 infrastructure-ssid 7-5 interface dot11radio 1-2, 6-2 ip domain-name 5-34 ip redirect 7-12 no and default 3-4 no shutdown 3-4 packet retries 6-32 payload-encapsulation 6-27 permit tcp-port 7-12 power client 6-14 power local 6-12 recall 3-5 rts retries 6-31 rts threshold 6-31 set 22-25 set BOOT 22-25 setting privilege levels 5-8 show 3-2 show dot11 associations 7-6 show ip interface 4-4 slot-time-short 6-33 sort 3-8 speed 6-9 ssid 7-4, 11-10, 14-6 switchport protected 6-30 terminal history 3-5 terminal width 3-8 tftp_init 22-24 vlan 7-5, 14-6 world-mode 6-23 wpa-psk 11-14 commands station role 6-4 community strings configuring 18-6 overview 18-4 Complementary Code Keying (CCK) See CCK configuration files creating using a text editor 20-9 deleting a stored configuration 20-18 downloading preparing 20-10, 20-12, 20-15 reasons for 20-8 using FTP 20-12 using RCP 20-16 using TFTP 20-10 guidelines for creating and using 20-8 invalid combinations when copying 20-4 system contact and location information 18-10 types and location 20-9 uploading preparing 20-10, 20-12, 20-15 reasons for 20-8 using FTP 20-13 using RCP 20-17 using TFTP 20-11 configuring 6-10 connections, secure remote 5-25 countermeasure tkip hold-time command 11-17 crypto software image 5-25 CSID format, selecting 13-14 D Data Beacon Rate 6-30 data rate setting 6-7 data retries 6-32 data volume 4-13 daylight saving time 5-30 debug command 21-2 default commands 3-4 default configuration banners 5-35 DNS 5-33 password and privilege level 5-4 RADIUS 5-10, 13-4 resetting 22-19 SNMP 18-5 system message logging 21-3 system name and prompt 5-32 TACACS+ 5-15, 13-25 default gateway 4-12 default radio settings description of 4-7 default username 4-2 del command 22-21 delivery traffic indication message (DTIM) 6-30 DFS 6-16 DHCP server configuring access point as 5-22 receiving IP settings from 4-11 directories changing 20-3 creating and removing 20-4 displaying the working 20-3 disable web-based management 2-14 diversity 6-24 DNS default configuration 5-33 displaying the configuration 5-35 overview 5-33 setting up 5-34 domain names DNS 5-33 Domain Name System See DNS dot11 aaa mac-authen filter-cache command 11-15 dot11 extension aironet command 6-27 dot11 extension power native command 4-26 dot11 holdoff-time commands 11-16 dot11 interface-number carrier busy command 6-33 dot1x client-timeout command 11-16 dot1x reauth-period command 11-17 downloading configuration files preparing 20-10, 20-12, 20-15 reasons for 20-8 using FTP 20-12 using RCP 20-16 using TFTP 20-10 image files deleting old image 20-22 preparing 20-19, 20-23, 20-27 reasons for 20-18 using FTP 20-24 using RCP 20-29 using TFTP 20-20 DTIM 6-30 duplex, Ethernet port 5-18 Dynamic Frequency Selection 6-16 blocking channels 6-19 CLI commands 6-18 configuring a channel 6-19 confirming DFS enabled 6-18 E EAP authentication, overview 11-4 EAP-FAST 9-1, 9-2 EAP-FAST authentication 11-20 EAP-MD5 authentication setting on client and access point 11-22 EAP-SIM authentication setting on client and access point 11-22 EAP-TLS applying EAP method profiles to 11-17 EAP-TLS authentication setting on client and access point 11-21 edit CLI commands 3-6 editing features enabling and disabling 3-6 keystrokes used 3-6 wrapped lines 3-7 enable password 5-6 enable secret password 5-6 encapsulation dot1q command 14-6 encapsulation method 6-27 encrypted software image 5-25 encryption command 10-4 encryption for passwords 5-6 error and event messages C-1 error messages 802.11 subsystem messages C-7 access point/bridge messages C-25 association management messages C-5 Cisco discovery protocol messages C-25 CLI 3-4 during command entry 3-4 explained C-2 external radius server error messages C-26 inter-access point protocol messages C-20 local authenticator messages C-21 LWAPP error messages C-26 mini IOS messages C-24 sensor messages C-27 setting the display destination device 21-5 severity levels 21-7 SNMP error messages C-28 software auto upgrade messages C-3 SSH error messages C-29 system message format 21-2 unzip messages C-6 Ethernet indicator 22-4 Ethernet speed and duplex settings 5-18 Ethertype filter 1-xxi, 16-1 event log 2-3 event messages C-1 Express Security page 2-3, 4-15 Express Setup page 2-3 F fallback role 6-3 fast secure roaming 12-1 files copying 20-4 deleting 20-5 displaying the contents of 20-7 tar creating 20-5 displaying the contents of 20-6 extracting 20-7 image file format 20-19 file system displaying available file systems 20-2 displaying file information 20-3 local file system names 20-1 network file system names 20-4 setting the default 20-3 filtering Ethertype filters 16-12 IP filters 16-9 MAC address filters 16-3 show and more command output 3-8 filter output (CLI commands) 3-8 firmware upgrade 2-1 version 2-3 Flash 20-1 Flash device, number of 20-1 forward-delay time STP 8-7 fragmentation threshold 6-32 fragment-threshold command 6-32 FTP accessing MIB files B-2 configuration files downloading 20-12 overview 20-11 preparing the server 20-12 uploading 20-13 image files deleting old image 20-26 downloading 20-24 preparing the server 20-23 uploading 20-26 G gain 6-24 get-bulk-request operation 18-3 get-next-request operation 18-3, 18-4 get-request operation 18-3, 18-4 get-response operation 18-3 global configuration mode 3-2 Gratuitous Probe Response (GPR) enabling and disabling 6-25 group key updates 11-14 guard interval 6-20 guest-mode command 7-5 guest SSID 7-2 H help 2-13 help, for the command line 3-3 history changing the buffer size 3-5 described 3-4 disabling 3-5 recalling commands 3-5 history (CLI) 3-4 history table, level and number of syslog messages 21-8 Home button 2-3 HTTPS 2-4 I image, operating system 22-21 indicators 22-2 infrastructure-client command 6-28 infrastructure-ssid command 7-5 inter-client communication, blocking 6-29 interface CLI 3-1 web-browser 2-1 interface configuration mode 3-2 interface dot11radio command 1-2, 6-2 interfaces 2-3 intrusion detection 12-1 invalid characters in 14-6 ip domain-name command 5-34 IP filters 16-9 ip redirect command 7-12 IP redirection 7-11, 7-12 IP subnet mask 4-12 ISO designators for protocols A-1 J Japan upgrade utility migrating to W52 domain 5-37 verfying the migration 5-39 jitter 15-2 K key features 1-2 keystrokes (edit CLI commands) 3-6 L latency 15-2 Layer 3 mobility 12-5 LBS 6-21 LEAP authentication local authentication 9-1 setting on client and access point 11-20 LED indicators Ethernet 22-4 radio traffic 22-4 status 22-4 limited channel scanning 19-15 limiting client associations by MAC address 16-6 limiting client power level 6-13 line configuration mode 3-2 load balancing 6-26 local authenticator, access point as 9-1 Location-Based Services 6-21 login authentication with RADIUS 5-10, 13-7 with TACACS+ 5-15, 13-26 login banners 5-35 log messages See system message logging low power condition 22-17 M MAC address ACLs, blocking association with 16-6 filter 1-xxi, 16-1, 16-3 troubleshooting 22-19 MAC authentication caching 11-15 MAC-based authentication 9-1, 9-2 management CLI 3-1 Management Frame Protection 12-24 access points in root mode 12-25 broadcast management frames 12-25 overview 12-25 unicast management frames 12-25 Management Frame Protection 2 configuring 12-26 map,network 2-3 maximum data retries 6-32 Maximum RTS Retries 6-31 MCS rates 6-10, 6-11 Media Access Control (MAC) address 4-4 Message Integrity Check (MIC) 6-26, 10-1, 22-18 message-of-the-day (MOTD) 5-35 messages to users through banners 5-35 MIBs accessing files with FTP B-2 location of files B-2 overview 18-2 SNMP interaction with 18-4 MIC 10-1 Microsoft IAS servers 11-2 migration mode, WPA 11-13 mode (role) 6-4 mode button 22-22 disabling 5-2 enabling 5-2 modes global configuration 3-2 interface configuration 3-2 line configuration 3-2 privileged EXEC 3-2 user EXEC 3-2 monitoring CDP 17-4 monitor mode 12-30 move the cursor (CLI) 3-6 multicast messages 6-28 multiple basic SSIDs 7-7 multiple VLAN configuring for non-root bridge 5-39 N names, VLAN 14-7 Network-EAP 11-4 network map 2-3 no commands 3-4 non-root 4-12 no shutdown command 3-4 notification 2-3 O OFDM 6-13 OK button 2-3 optional ARP caching 5-26 Orthogonal Frequency Division Multiplexing (OFDM) See OFDM P packet of disconnect (PoD) configuring 13-12 packet retries command 6-32 packet size (fragment) 6-32 password reset 22-19 passwords default configuration 5-4 encrypting 5-6 overview 5-3 setting enable 5-4 enable secret 5-6 with usernames 5-7 payload-encapsulation command 6-27 PEAP authentication setting on client and access point 11-22 permit tcp-port command 7-12 per-VLAN Spanning Tree (PVST) 8-2 point-to-multipoint bridging multiple VLAN and rate limiting 5-39 ports, protected 6-30 positioning packets 6-21 power client command 6-14 power level on client devices 6-13 radio 6-26 power local command 6-12 power-save client device 6-30 preferential treatment of traffic See QoS pre-shared key 11-14 preventing unauthorized access 5-3 print 2-13 prioritization 15-2 privileged EXEC mode 3-2 privilege levels exiting 5-9 logging into 5-9 overview 5-3, 5-8 setting a command with 5-8 protected ports 6-30 protocol filters 16-2 Public Secure Packet Forwarding (PSPF) 6-29 Q QBSS 15-3 dot11e parameter 15-3 QoS configuration guidelines 15-5 dot11e command 15-9 overview 15-2 Qos QBSS Load IE 15-9 quality of service See QoS R radio activity 6-33 congestion 6-15 indicator 22-4 interface 6-2 preamble 6-23 radio data rates 6-8 high vs low 6-8 radio management 12-1 RADIUS attributes CSID format, selecting 13-14 sent by the access point 13-20 vendor-proprietary 13-17 vendor-specific 13-16 WISPr 13-18 configuring access point as local server 9-2 accounting 13-13 authentication 5-10, 13-7 authorization 5-14, 13-11 communication, global 13-5, 13-15 communication, per-server 13-4, 13-5 multiple UDP ports 13-5 default configuration 5-10, 13-4 defining AAA server groups 5-12, 13-9 displaying the configuration 5-15, 13-19 identifying the server 13-4 limiting the services to the user 5-14, 13-11 local authentication 9-2 method list, defined 13-4 operation of 13-2 overview 13-2 SSID 7-2 suggested network environments 13-2 tracking services accessed by user 13-13 range 4-13 rate limit, logging 21-9 rate limiting configuring for non-root bridge 5-39 RCP configuration files downloading 20-16 overview 20-14 preparing the server 20-15 uploading 20-17 image files deleting old image 20-31 downloading 20-29 preparing the server 20-27 uploading 20-31 reauthentication requests 11-2 recall commands 3-5 redirection, IP 7-11 reliability problems with 6-8 reloading access point image 22-21 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP repeater as a LEAP client 19-7 as a WPA client 19-8 chain of access points 19-2 request to send (RTS) 6-31 restricting access overview 5-3 passwords and privilege levels 5-3 RADIUS 5-10, 13-1 TACACS+ 5-15 RFC 1042 6-27 1157, SNMPv1 18-2 1901, SNMPv2C 18-2 1902 to 1907, SNMPv2 18-2 roaming 1-3 fast secure roaming using CCKM 12-1 role (mode) 6-4 role in radio network 6-2 root 4-12 rotation, broadcast key 10-1 rts retries command 6-31 RTS threshold 6-31 rts threshold command 6-31 S sample configuration 6-11 secure remote connections 5-25 Secure Shell See SSH security 2-3 troubleshooting 22-18 security features synchronizing 11-20 security settings, Express Security page 4-15 self-healing wireless LAN 12-5 sequence numbers in log messages 21-6 serial serial port connector 22-16 service set identifiers (SSIDs) See SSID service-type attribute 11-2 set BOOT command 22-25 set command 22-25 set-request operation 18-4 setting 6-20 severity levels, defining in system messages 21-7 shared key 11-6 short slot time 6-33 show cdp traffic command 17-5 show command 3-2 show dot11 associations command 7-6 show ip interface command 4-4 Simple Network Management Protocol See SNMP Simple Network Time Protocol See SNTP slot-time-short command 6-33 SNMP accessing MIB variables with 18-4 agent described 18-4 disabling 18-5 community name 4-12 community strings configuring 18-6 overview 18-4 configuration examples 18-10 default configuration 18-5 limiting system log messages to NMS 21-8 manager functions 18-3 overview 18-2, 18-4 server groups 18-7 shutdown mechanism 18-8 snmp-server view 18-10 status, displaying 18-12 system contact and location 18-10 trap manager, configuring 18-9 traps described 18-3 enabling 18-8 overview 18-2, 18-4 types of 18-8 versions supported 18-2 SNMP, FTP MIB files B-2 snmp-server group command 18-7 SNMP versions supported 18-2 SNTP overview 5-27 software image 22-21 upload and download 20-1 software images location in Flash 20-18 tar file format, described 20-19 software upgrade error and event messages C-3 sort (CLI commands) 3-8 spaces in an SSID 7-6 speed command 6-9 SSH 3-9 configuring 5-26 crypto software image 5-25 described 5-25 displaying settings 5-26 SSH Communications Security, Ltd. 3-9 SSID 7-2, 14-6 guest mode 7-2 invalid characters in 7-4, 11-10 multiple SSIDs 7-1 troubleshooting 22-18 using spaces in 7-6 VLAN 7-2 ssid command 7-4, 11-10, 14-6 rules for 11-10 SSL 2-4 static WEP with open authentication, setting on client and access point 11-20 with shared key authentication, setting on client and access point 11-20 station role command 6-4 statistics CDP 17-4 SNMP input and output 18-12 status indicators 22-4 status page 2-3 STP BPDU message exchange 8-3 designated port, defined 8-4 designated switch, defined 8-4 displaying status 8-14 inferior BPDU 8-4 interface states blocking 8-7 disabled 8-8 forwarding 8-6, 8-8 learning 8-7 listening 8-7 overview 8-5 overview 8-2 root port, defined 8-4 superior BPDU 8-4 timers, described 8-5 summer time 5-30 switchport protected command 6-30 syslog See system message logging system clock configuring daylight saving time 5-30 manually 5-28 summer time 5-30 time zones 5-29 displaying the time and date 5-29 system management page 2-2 system message logging default configuration 21-3 defining error message severity levels 21-7 disabling 21-4 displaying the configuration 21-12 enabling 21-4 facility keywords, described 21-11 level keywords, described 21-8 limiting messages 21-8 message format 21-2 overview 21-2 rate limit 21-9 sequence numbers, enabling and disabling 21-6 setting the display destination device 21-5 timestamps, enabling and disabling 21-6 UNIX syslog servers configuring the daemon 21-10 configuring the logging facility 21-10 facilities supported 21-11 system name default configuration 5-32 manual configuration 5-32 See also DNS system prompt default setting 5-32 T TAC 22-1 TACACS+ accounting, defined 13-23 authentication, defined 13-23 authorization, defined 13-23 configuring accounting 13-28 authentication key 13-25 authorization 5-17, 13-27 login authentication 5-15, 13-26 default configuration 5-15, 13-25 displaying the configuration 5-17, 13-29 identifying the server 13-25 limiting the services to the user 5-17, 13-27 operation of 13-24 overview 13-23 tracking services accessed by user 13-28 tar files creating 20-5 displaying the contents of 20-6 extracting 20-7 image file format 20-19 Telnet 3-9, 4-26 Temporal Key Integrity Protocol (TKIP) 10-1 Terminal Access Controller Access Control System Plus See TACACS+ terminal history command 3-5 terminal width command 3-8 TFTP 22-24 configuration files downloading 20-10 preparing the server 20-10 uploading 20-11 image files deleting 20-22 downloading 20-20 preparing the server 20-19 uploading 20-22 password 5-6 tftp_init command 22-24 TFTP server 22-22 throughput 4-13 time See SNTP and system clock timestamps in log messages 21-6 time zones 5-29 TKIP 6-26, 10-1, 10-3 traps 2-3 configuring managers 18-8 defined 18-3 enabling 18-8 notification types 18-8 overview 18-2, 18-4 Trivial File Transfer Protocol (TFTP) See TFTP troubleshooting 22-1, 22-6, 22-9, 22-17 1300 outdoor access point/bridge indicators 22-14 1300 outdoor access point/bridge power injector 22-16 error messages (CLI) 3-4 system message logging 21-2 with CiscoWorks 18-4 U unauthorized access 5-3 universal workgroup bridge 6-2 universal workgroup bridge mode 4-12 UNIX syslog servers daemon configuration 21-10 facilities supported 21-11 message logging configuration 21-10 upgrading software images See downloading uploading configuration files preparing 20-10, 20-12, 20-15 reasons for 20-8 using FTP 20-13 using RCP 20-17 using TFTP 20-11 image files preparing 20-19, 20-23, 20-27 reasons for 20-18 using FTP 20-26 using RCP 20-31 using TFTP 20-22 user EXEC mode 3-2 username, default 4-2 username-based authentication 5-7 V VLAN local authentication 9-2 names 14-7 SSID 7-2 vlan command 7-5, 14-6 W W52 domain migrating to 5-37 WDS 12-1, 12-9 configuring WDS-only mode 12-19 Web-based interface common buttons 2-3 compatible browsers 2-1 web-browser buttons 2-2 web-browser interface 1-2, 2-1 WEP key example 10-5 with EAP 11-4 WEP key 22-18 troubleshooting 22-18 WIDS 12-6 Wi-Fi Multimedia 15-4 Wi-Fi Protected Access See WPA Wi-Fi Protected Access (WPA) 4-18 wireless intrusion detection services 12-1 Wireless LAN Services Module 12-2 WISPr RADIUS attributes 13-18 WMM 15-4 Workgroup bridge configuring limited channel scanning 19-15 configuring the limited channel set 19-15 ignoring the CCX neighbor list 19-16 workgroup bridge 6-28 guidelines for using in lightweight environment 19-18 in lightweight environment 19-18 maximum number of clients allowed 6-4 sample lightweight network configuration 19-20 world mode 6-22, 6-26 always on setting 6-22 world-mode command 6-23 world mode roaming 6-22 WPA 11-7 WPA migration mode 11-13 wpa-psk command 11-14 wraparound (CLI commands) 3-7
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.