Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.4(3g)JA & 12.3(8)JEB - Index [Cisco Aironet 1200 Series]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

1130 series indicators 22-6

1240 series indicators 22-9

1300 outdoor access point/bridge indicators 22-10

350 series bridge interoperability 8-3

802.11d 6-22

802.11e 15-2

802.11g 6-32

802.11i 6-26

802.1H 6-27

802.1x authentication 9-2

802.1X Supplicant

applying credentials to interface or SSID 1-52

configuring 1-50

creating a credentials profile 1-51

creating and applying EAP method profiles 1-53

A

abbreviating commands 1-17

access point security settings, matching client devices 11-19

accounting

with RADIUS 13-13

with TACACS+ 13-23, 13-28

accounting command 7-5

Address Resolution Protocol (ARP) 6-27

AES-CCMP 10-2

Aironet Client Utility (ACU) 22-15

Aironet extensions 6-12, 6-26

antenna

selection 6-24

antenna command 6-25

Apply button 2-3

ARP

caching 5-26

associations, limiting by MAC address 16-6

attributes, RADIUS

sent by the access point 13-20

vendor-proprietary 13-17

vendor-specific 13-16

authentication 1-23

local mode with AAA 5-19

RADIUS

key 13-5

login 5-10, 13-7

SSID 7-2

TACACS+

defined 13-23

key 13-25

login 5-15, 13-26

authentication client command 7-5

authentication server

configuring access point as local server 9-2

EAP 11-4, 13-3

authentication types

Network-EAP 11-4

open 11-2

shared key 11-3

authenticator 9-1

authorization

with RADIUS 5-14, 13-11

with TACACS+ 5-17, 13-23, 13-27

B

Back button 2-3

backoff 6-32

backup authenticator, local 9-1

bandwidth 6-13

banners

configuring

login 5-37

message-of-the-day login 5-35

default configuration 5-35

when displayed 5-35

basic settings

checking 22-15

beacon dtim-period command 6-30

beacon period command 6-30

bit-flip attack 6-26

blocking communication between clients 6-28

BR350 interoperability 8-3

bridge-group command 6-29

bridge virtual interface (BVI) 1-50

broadcast-key command 11-15

broadcast key rotation 10-1, 10-3

BSSIDs 7-7

buttons

management pages 2-3

web-browser 2-2

C

caching MAC authentications 11-15

Called-Station-ID

See CSID

Cancel button 2-3

capture frames 12-31

carrier busy test 6-32

Catalyst 6500 Series 12-1

CCKM 11-6

authenticated clients 11-6

CCK modulation 6-11

CDP

disabling for routing device 17-4

enabling and disabling

on an interface 17-4

monitoring 17-4

cdp enable command 17-4

cdp run command 17-3

Cisco Discovery Protocol (CDP) 17-1

Cisco Key Integrity Protocol (CKIP) 6-26

Cisco TAC 22-1

CiscoWorks 2000 18-4

clear command 1-16

CLI 1-15

abbreviating commands 1-17

command modes 1-16

editing features

enabling and disabling 1-20

keystroke editing 1-20

wrapped lines 1-21

error messages 1-18

filtering command output 1-22

getting help 1-17

history 1-18

changing the buffer size 1-19

described 1-18

disabling 1-19

recalling commands 1-19

no and default forms of commands 1-18

Secure Shell (SSH) 1-23

Telnet 1-23

terminal emulator settings 1-30

client ARP caching 5-26

client communication, blocking 6-28

Client MFP 12-26, 12-27

client power level, limiting 6-12

command-line interface

See CLI

command modes 1-16

commands

abbreviating 1-17

accounting 7-5

antenna 6-25

authentication client 7-5

beacon dtim-period 6-30

beacon period 6-30

bridge-group 6-29

broadcast-key 11-15

cdp enable 17-4

cdp run 17-3

clear 1-16

countermeasure tkip hold-time 11-17

debug 21-2

default form 1-18

del 22-18

dot11 aaa mac-authen filter-cache 11-15

dot11 extension aironet 6-26

dot11 holdoff-time 11-16

dot11 interface-number carrier busy 6-32

dot1x client-timeout 11-16

dot1x reauth-period 11-17

edit 1-20

encapsulation dot1q 14-6

encryption 10-4

fragment-threshold 6-31

guest-mode 7-5

help 1-17

infrastructure-client 6-28

infrastructure-ssid 7-5

interface dot11radio 1-4, 6-2

ip domain-name 5-34

ip redirect 7-12

no and default 1-18

no shutdown 1-18

packet retries 6-31

payload-encapsulation 6-27

permit tcp-port 7-12

power client 6-12

power local 6-11

recall 1-19

rts retries 6-30

rts threshold 6-30

set 22-22

set BOOT 22-22

setting privilege levels 5-8

show 1-16

show dot11 associations 7-6

show ip interface 1-28

slot-time-short 6-32

sort 1-22

speed 6-9

ssid 7-4, 11-10, 14-6

switchport protected 6-29

terminal history 1-19

terminal width 1-22

tftp_init 22-21

vlan 7-5, 14-6

world-mode 6-23

wpa-psk 11-14

commands station role 6-4

community strings

configuring 18-6

overview 18-4

Complementary Code Keying (CCK)

See CCK

configuration files

creating using a text editor 20-10

deleting a stored configuration 20-18

downloading

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-13

using RCP 20-16

using TFTP 20-11

guidelines for creating and using 20-9

invalid combinations when copying 20-5

system contact and location information 18-10

types and location 20-9

uploading

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-14

using RCP 20-17

using TFTP 20-11

connections, secure remote 5-25

countermeasure tkip hold-time command 11-17

crypto software image 5-25

CSID format, selecting 13-14

D

Data Beacon Rate 6-30

data rate setting 6-7

data retries 6-31

data volume 1-35

daylight saving time 5-30

debug command 21-2

default commands 1-18

default configuration

banners 5-35

DNS 5-33

password and privilege level 5-4

RADIUS 5-10, 13-4

resetting 22-16

SNMP 18-5

system message logging 21-3

system name and prompt 5-32

TACACS+ 5-15, 13-25

default gateway 1-35

default radio settings

description of 1-31

default username 1-26

del command 22-18

delivery traffic indication message (DTIM) 6-30

DFS 6-17

DHCP server

configuring access point as 5-22

receiving IP settings from 1-34

directories

changing 20-4

creating and removing 20-4

displaying the working 20-4

disable web-based management 2-14

diversity 6-24

DNS

default configuration 5-33

displaying the configuration 5-35

overview 5-33

setting up 5-34

domain names

DNS 5-33

Domain Name System

See DNS

dot11 aaa mac-authen filter-cache command 11-15

dot11 extension aironet command 6-26

dot11 extension power native command 1-48

dot11 holdoff-time commands 11-16

dot11 interface-number carrier busy command 6-32

dot1x client-timeout command 11-16

dot1x reauth-period command 11-17

downloading

configuration files

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-13

using RCP 20-16

using TFTP 20-11

image files

deleting old image 20-22

preparing 20-20, 20-23, 20-27

reasons for 20-19

using FTP 20-24

using RCP 20-29

using TFTP 20-21

DTIM 6-30

duplex, Ethernet port 5-18

Dynamic Frequency Selection 6-17

blocking channels 6-20

CLI commands 6-18

configuring a channel 6-19

confirming DFS enabled 6-18

simulating radar detection 6-20

E

EAP authentication, overview 11-4

EAP-FAST 9-1, 9-2

EAP-FAST authentication 11-20

EAP-MD5 authentication

setting on client and access point 11-21

EAP-SIM authentication

setting on client and access point 11-22

EAP-TLS

applying EAP method profiles to 11-17

EAP-TLS authentication

setting on client and access point 11-21

edit CLI commands 1-20

editing features

enabling and disabling 1-20

keystrokes used 1-20

wrapped lines 1-21

enable password 5-6

enable secret password 5-6

encapsulation dot1q command 14-6

encapsulation method 6-27

encrypted software image 5-25

encryption command 10-4

encryption for passwords 5-6

error and event messages C-1

error messages

802.11 subsystem messages C-5

association management messages C-4

CLI 1-18

during command entry 1-18

explained C-2

inter-access point protocol messages C-19

local authenticator messages C-20

setting the display destination device 21-5

severity levels 21-7

software auto upgrade messages C-3

system message format 21-2

unzip messages C-5

Ethernet indicator 22-4

Ethernet speed and duplex settings 5-18

Ethertype filter 16-1

event log 2-3

event messages C-1

Express Security page 2-3, 1-37

Express Setup page 2-3

F

fallback role 6-3

fast secure roaming 12-1

files

copying 20-5

deleting 20-5

displaying the contents of 20-8

tar

creating 20-6

displaying the contents of 20-6

extracting 20-7

image file format 20-19

file system

displaying available file systems 20-2

displaying file information 20-3

local file system names 20-2

network file system names 20-5

setting the default 20-3

filtering

Ethertype filters 16-11

IP filters 16-8

MAC address filters 16-3

show and more command output 1-22

filter output (CLI commands) 1-22

firmware

upgrade 2-1

version 2-3

Flash 20-1

Flash device, number of 20-2

forward-delay time

STP 8-7

fragmentation threshold 6-31

fragment-threshold command 6-31

frequencies 6-14, 6-15, 6-16

FTP

accessing MIB files B-2

configuration files

downloading 20-13

overview 20-12

preparing the server 20-13

uploading 20-14

image files

deleting old image 20-26

downloading 20-24

preparing the server 20-23

uploading 20-26

G

gain 6-24

get-bulk-request operation 18-3

get-next-request operation 18-3, 18-4

get-request operation 18-3, 18-4

get-response operation 18-3

global configuration mode 1-16

Gratuitous Probe Response (GPR)

enabling and disabling 6-25

group key updates 11-14

guest-mode command 7-5

guest SSID 7-2

H

help 2-13

help, for the command line 1-17

history

changing the buffer size 1-19

described 1-18

disabling 1-19

recalling commands 1-19

history (CLI) 1-18

history table, level and number of syslog messages 21-8

Home button 2-3

HTTPS 2-4

I

image, operating system 22-18

indicators 22-2

infrastructure-client command 6-28

infrastructure-ssid command 7-5

inter-client communication, blocking 6-28

interface

CLI 1-15

web-browser 2-1

interface configuration mode 1-16

interface dot11radio command 1-4, 6-2

interfaces 2-3

intrusion detection 12-1

invalid characters in 14-6

IP address, finding and setting 1-49

ip domain-name command 5-34

IP filters 16-8

ip redirect command 7-12

IP redirection 7-11, 7-12

IPSU 1-48

IP subnet mask 1-35

ISO designators for protocols A-1

J

Japan upgrade utility 1-2

frequency set 1-2

migrating to W52 domain 5-37

verfying the migration 5-39

jitter 15-2

K

key features 1-2

keystrokes (edit CLI commands) 1-20

L

latency 15-2

Layer 3 mobility 12-5

LBS 6-21

LEAP authentication

local authentication 9-1

setting on client and access point 11-20

LED indicators

Ethernet 22-4

radio traffic 22-4

status 22-4

limited channel scanning 19-15

limiting client associations by MAC address 16-6

limiting client power level 6-12

line configuration mode 1-16

load balancing 6-26

local authenticator, access point as 9-1

Location-Based Services 6-21

login authentication

with RADIUS 5-10, 13-7

with TACACS+ 5-15, 13-26

login banners 5-35

log messages

See system message logging

low power condition 22-14

M

MAC address 1-49

ACLs, blocking association with 16-6

filter 16-1, 16-3

troubleshooting 22-15

MAC authentication caching 11-15

MAC-based authentication 9-1, 9-2

management

CLI 1-15

Management Frame Protection 12-25

access points in root mode 12-26

broadcast management frames 12-26

overview 12-26

unicast management frames 12-26

Management Frame Protection 2

configuring 12-27

map,network 2-3

maximum data retries 6-31

Maximum RTS Retries 6-30

Media Access Control (MAC) address 1-28

Message Integrity Check (MIC) 6-26, 10-1, 22-15

message-of-the-day (MOTD) 5-35

messages

to users through banners 5-35

MIBs

accessing files with FTP B-2

location of files B-2

overview 18-2

SNMP interaction with 18-4

MIC 10-1

Microsoft IAS servers 11-2

migration mode, WPA 11-13

mode (role) 6-4

mode button 22-18

disabling 5-2

enabling 5-2

modes

global configuration 1-16

interface configuration 1-16

line configuration 1-16

privileged EXEC 1-16

user EXEC 1-16

monitoring

CDP 17-4

monitor mode 12-31

move the cursor (CLI) 1-20

multicast messages 6-27

multiple basic SSIDs 7-7

multiple VLAN

configuring for non-root bridge 5-39

N

names, VLAN 14-7

Network-EAP 11-4

network map 2-3

no commands 1-18

non-root 1-35

no shutdown command 1-18

notification 2-3

O

OFDM 6-11

OK button 2-3

optional ARP caching 5-26

Orthogonal Frequency Division Multiplexing (OFDM)

See OFDM

P

packet of disconnect (PoD)

configuring 13-12

packet retries command 6-31

packet size (fragment) 6-31

password reset 22-16

passwords

default configuration 5-4

encrypting 5-6

overview 5-3

setting

enable 5-4

enable secret 5-6

with usernames 5-7

payload-encapsulation command 6-27

PEAP authentication

setting on client and access point 11-22

permit tcp-port command 7-12

per-VLAN Spanning Tree (PVST) 8-2

point-to-multipoint bridging

multiple VLAN and rate limiting 5-39

ports, protected 6-29

positioning packets 6-21

power client command 6-12

power level

on client devices 6-12

radio 6-26

power local command 6-11

power-save client device 6-30

preferential treatment of traffic

See QoS

pre-shared key 11-14

preventing unauthorized access 5-3

print 2-13

prioritization 15-2

privileged EXEC mode 1-16

privilege levels

exiting 5-9

logging into 5-9

overview 5-3, 5-8

setting a command with 5-8

protected ports 6-29

protocol filters 16-2

Public Secure Packet Forwarding (PSPF) 6-28

Q

QBSS 15-3

dot11e parameter 15-3

QoS

configuration guidelines 15-5

dot11e command 15-9

overview 15-2

Qos

QBSS Load IE 15-9

quality of service

See QoS

R

radio

activity 6-32

congestion 6-13

indicator 22-4

interface 6-2

preamble 6-23

radio management 12-1

RADIUS

attributes

CSID format, selecting 13-14

sent by the access point 13-20

vendor-proprietary 13-17

vendor-specific 13-16

WISPr 13-18

configuring

access point as local server 9-2

accounting 13-13

authentication 5-10, 13-7

authorization 5-14, 13-11

communication, global 13-5, 13-15

communication, per-server 13-5

multiple UDP ports 13-5

default configuration 5-10, 13-4

defining AAA server groups 5-12, 13-9

displaying the configuration 5-15, 13-19

identifying the server 13-5

limiting the services to the user 5-14, 13-11

local authentication 9-2

method list, defined 13-4

operation of 13-3

overview 13-2

SSID 7-2

suggested network environments 13-2

tracking services accessed by user 13-13

range 1-35

rate limit, logging 21-9

rate limiting

configuring for non-root bridge 5-39

RCP

configuration files

downloading 20-16

overview 20-15

preparing the server 20-16

uploading 20-17

image files

deleting old image 20-31

downloading 20-29

preparing the server 20-27

uploading 20-31

reauthentication requests 11-2

recall commands 1-19

redirection, IP 7-11

regulatory

domains 6-14, 6-15, 6-16

reloading access point image 22-18

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

repeater

as a LEAP client 19-7

as a WPA client 19-8

chain of access points 19-2

request to send (RTS) 6-30

restricting access

overview 5-3

passwords and privilege levels 5-3

RADIUS 5-10, 13-1

TACACS+ 5-15

RFC

1042 6-27

1157, SNMPv1 18-2

1901, SNMPv2C 18-2

1902 to 1907, SNMPv2 18-2

roaming 1-4

fast secure roaming using CCKM 12-1

role (mode) 6-4

role in radio network 6-2

root 1-35

rotation, broadcast key 10-1

rts retries command 6-30

RTS threshold 6-30

rts threshold command 6-30

S

secure remote connections 5-25

Secure Shell

See SSH

security 2-3

troubleshooting 22-15

security features

synchronizing 11-19

security settings, Express Security page 1-37

self-healing wireless LAN 12-5

sequence numbers in log messages 21-6

serial

serial port connector 22-13

service set identifiers (SSIDs)

See SSID

service-type attribute 11-2

set BOOT command 22-22

set command 22-22

set-request operation 18-4

severity levels, defining in system messages 21-7

shared key 11-6

short slot time 6-32

show cdp traffic command 17-5

show command 1-16

show dot11 associations command 7-6

show ip interface command 1-28

Simple Network Management Protocol

See SNMP

Simple Network Time Protocol

See SNTP

slot-time-short command 6-32

SNMP

accessing MIB variables with 18-4

agent

described 18-4

disabling 18-5

community name 1-36

community strings

configuring 18-6

overview 18-4

configuration examples 18-10

default configuration 18-5

limiting system log messages to NMS 21-8

manager functions 18-3

overview 18-2, 18-4

server groups 18-7

shutdown mechanism 18-8

snmp-server view 18-10

status, displaying 18-12

system contact and location 18-10

trap manager, configuring 18-9

traps

described 18-3

enabling 18-8

overview 18-2, 18-4

types of 18-8

versions supported 18-2

SNMP, FTP MIB files B-2

snmp-server group command 18-7

SNMP versions supported 18-2

SNTP

overview 5-27

software image 22-18

upload and download 20-1

software images

location in Flash 20-19

tar file format, described 20-19

software upgrade

error and event messages C-3

sort (CLI commands) 1-22

spaces in an SSID 7-6

speed command 6-9

SSH 1-23

configuring 5-26

crypto software image 5-25

described 5-25

displaying settings 5-26

SSH Communications Security, Ltd. 1-23

SSID 7-2, 14-6

guest mode 7-2

invalid characters in 7-4, 11-10

multiple SSIDs 7-1

troubleshooting 22-15

using spaces in 7-6

VLAN 7-2

ssid command 7-4, 11-10, 14-6

rules for 11-10

SSL 2-4

static WEP

with open authentication, setting on client and access point 11-19

with shared key authentication, setting on client and access point 11-19

station role command 6-4

statistics

CDP 17-4

SNMP input and output 18-12

status indicators 22-4

status page 2-3

STP

BPDU message exchange 8-3

designated port, defined 8-4

designated switch, defined 8-4

displaying status 8-14

inferior BPDU 8-4

interface states

blocking 8-7

disabled 8-8

forwarding 8-6, 8-8

learning 8-7

listening 8-7

overview 8-5

overview 8-2

root port, defined 8-4

superior BPDU 8-4

timers, described 8-5

summer time 5-30

switchport protected command 6-29

syslog

See system message logging

system clock

configuring

daylight saving time 5-30

manually 5-28

summer time 5-30

time zones 5-29

displaying the time and date 5-29

system management page 2-2

system message logging

default configuration 21-3

defining error message severity levels 21-7

disabling 21-4

displaying the configuration 21-12

enabling 21-4

facility keywords, described 21-11

level keywords, described 21-8

limiting messages 21-8

message format 21-2

overview 21-2

rate limit 21-9

sequence numbers, enabling and disabling 21-6

setting the display destination device 21-5

timestamps, enabling and disabling 21-6

UNIX syslog servers

configuring the daemon 21-10

configuring the logging facility 21-10

facilities supported 21-11

system name

default configuration 5-32

manual configuration 5-32

See also DNS

system prompt

default setting 5-32

T

TAC 22-1

TACACS+

accounting, defined 13-23

authentication, defined 13-23

authorization, defined 13-23

configuring

accounting 13-28

authentication key 13-25

authorization 5-17, 13-27

login authentication 5-15, 13-26

default configuration 5-15, 13-25

displaying the configuration 5-17, 13-29

identifying the server 13-25

limiting the services to the user 5-17, 13-27

operation of 13-24

overview 13-23

tracking services accessed by user 13-28

tar files

creating 20-6

displaying the contents of 20-6

extracting 20-7

image file format 20-19

Telnet 1-23, 1-50

Temporal Key Integrity Protocol (TKIP) 10-1

Terminal Access Controller Access Control System Plus

See TACACS+

terminal history command 1-19

terminal width command 1-22

TFTP 22-21

configuration files

downloading 20-11

preparing the server 20-10

uploading 20-11

image files

deleting 20-22

downloading 20-21

preparing the server 20-20

uploading 20-22

password 5-6

tftp_init command 22-21

TFTP server 22-18

throughput 1-35

time

See SNTP and system clock

timestamps in log messages 21-6

time zones 5-29

TKIP 6-26, 10-1, 10-3

traps 2-3

configuring managers 18-8

defined 18-3

enabling 18-8

notification types 18-8

overview 18-2, 18-4

Trivial File Transfer Protocol (TFTP)

See TFTP

troubleshooting 22-1, 22-6, 22-9, 22-14

1300 outdoor access point/bridge indicators 22-10

1300 outdoor access point/bridge power injector 22-13

error messages (CLI) 1-18

system message logging 21-2

with CiscoWorks 18-4

U

unauthorized access 5-3

universal workgroup bridge 6-2

universal workgroup bridge mode 1-35

UNIX syslog servers

daemon configuration 21-10

facilities supported 21-11

message logging configuration 21-10

upgrading software images

See downloading

uploading

configuration files

preparing 20-10, 20-13, 20-16

reasons for 20-8

using FTP 20-14

using RCP 20-17

using TFTP 20-11

image files

preparing 20-20, 20-23, 20-27

reasons for 20-19

using FTP 20-26

using RCP 20-31

using TFTP 20-22

user EXEC mode 1-16

username, default 1-26

username-based authentication 5-7

V

VLAN

local authentication 9-2

names 14-7

SSID 7-2

vlan command 7-5, 14-6

W

W52 domain

migrating to 5-37

WDS 12-1, 12-9

configuring WDS-only mode 12-20

Web-based interface

common buttons 2-3

compatible browsers 2-1

web-browser buttons 2-2

web-browser interface 1-4, 2-1

web site

Cisco Software Center 1-48

WEP

key example 10-5

with EAP 11-4

WEP key 22-15

troubleshooting 22-15

WIDS 12-6

Wi-Fi Multimedia 15-4

Wi-Fi Protected Access

See WPA

Wi-Fi Protected Access (WPA) 1-40

wireless intrusion detection services 12-1

Wireless LAN Services Module 12-2

WISPr RADIUS attributes 13-18

WMM 15-4

Workgroup bridge

configuring limited channel scanning 19-15

configuring the limited channel set 19-15

ignoring the CCX neighbor list 19-16

workgroup bridge 6-27

guidelines for using in lightweight environment 19-18

in lightweight environment 19-18

maximum number of clients allowed 6-4

sample lightweight network configuration 19-20

world mode 6-22, 6-26

always on setting 6-22

world-mode command 6-23

world mode roaming 6-22

WPA 11-7

WPA migration mode 11-13

wpa-psk command 11-14

wraparound (CLI commands) 1-21

	Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.4(3g)JA & 12.3(8)JEB
	Index
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.4(3g)JA & 12.3(8)JEB Preface Chapter 1 - Overview Chapter 2 - Using the Web-Browser Interface Chapter 3 - Using the Command-Line Interface Chapter 4 - Configuring the Access Point for the First Time Chapter 5 - Administering the Access Point Chapter 6 - Configuring Radio Settings Chapter 7 - Configuring Multiple SSIDs Chapter 8 - Configuring Spanning Tree Protocol Chapter 9 - Configuring an Access Point as a Local Authenticator Chapter 10 - Configuring Cipher Suites and WEP Chapter 11 - Configuring Authentication Types Chapter 12 - Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services Chapter 13 - Configuring RADIUS and TACACS+ Servers Chapter 14 - Configuring VLANs Chapter 15 - Configuring QoS Chapter 16 - Configuring Filters Chapter 17 - Configuring CDP Chapter 18 - Configuring SNMP Chapter 19 - Configuring Repeater and Standby Access Points and Workgroup Bridge Mode Chapter 20 - Managing Firmware and Configurations Chapter 21 - Configuring System Message Logging Chapter 22 - Troubleshooting Appendix A - Protocol Filters Appendix B - Supported MIBs Appendix C - Error and Event Messages Glossary Index	Download this chapter Index Download the complete book Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.4(3g)JA & 12.3(8)JEB (Full length PDF Book) (PDF - 17 MB) Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Index Numerics 1130 series indicators 22-6 1240 series indicators 22-9 1300 outdoor access point/bridge indicators 22-10 350 series bridge interoperability 8-3 802.11d 6-22 802.11e 15-2 802.11g 6-32 802.11i 6-26 802.1H 6-27 802.1x authentication 9-2 802.1X Supplicant applying credentials to interface or SSID 1-52 configuring 1-50 creating a credentials profile 1-51 creating and applying EAP method profiles 1-53 A abbreviating commands 1-17 access point security settings, matching client devices 11-19 accounting with RADIUS 13-13 with TACACS+ 13-23, 13-28 accounting command 7-5 Address Resolution Protocol (ARP) 6-27 AES-CCMP 10-2 Aironet Client Utility (ACU) 22-15 Aironet extensions 6-12, 6-26 antenna selection 6-24 antenna command 6-25 Apply button 2-3 ARP caching 5-26 associations, limiting by MAC address 16-6 attributes, RADIUS sent by the access point 13-20 vendor-proprietary 13-17 vendor-specific 13-16 authentication 1-23 local mode with AAA 5-19 RADIUS key 13-5 login 5-10, 13-7 SSID 7-2 TACACS+ defined 13-23 key 13-25 login 5-15, 13-26 authentication client command 7-5 authentication server configuring access point as local server 9-2 EAP 11-4, 13-3 authentication types Network-EAP 11-4 open 11-2 shared key 11-3 authenticator 9-1 authorization with RADIUS 5-14, 13-11 with TACACS+ 5-17, 13-23, 13-27 B Back button 2-3 backoff 6-32 backup authenticator, local 9-1 bandwidth 6-13 banners configuring login 5-37 message-of-the-day login 5-35 default configuration 5-35 when displayed 5-35 basic settings checking 22-15 beacon dtim-period command 6-30 beacon period command 6-30 bit-flip attack 6-26 blocking communication between clients 6-28 BR350 interoperability 8-3 bridge-group command 6-29 bridge virtual interface (BVI) 1-50 broadcast-key command 11-15 broadcast key rotation 10-1, 10-3 BSSIDs 7-7 buttons management pages 2-3 web-browser 2-2 C caching MAC authentications 11-15 Called-Station-ID See CSID Cancel button 2-3 capture frames 12-31 carrier busy test 6-32 Catalyst 6500 Series 12-1 CCKM 11-6 authenticated clients 11-6 CCK modulation 6-11 CDP disabling for routing device 17-4 enabling and disabling on an interface 17-4 monitoring 17-4 cdp enable command 17-4 cdp run command 17-3 Cisco Discovery Protocol (CDP) 17-1 Cisco Key Integrity Protocol (CKIP) 6-26 Cisco TAC 22-1 CiscoWorks 2000 18-4 clear command 1-16 CLI 1-15 abbreviating commands 1-17 command modes 1-16 editing features enabling and disabling 1-20 keystroke editing 1-20 wrapped lines 1-21 error messages 1-18 filtering command output 1-22 getting help 1-17 history 1-18 changing the buffer size 1-19 described 1-18 disabling 1-19 recalling commands 1-19 no and default forms of commands 1-18 Secure Shell (SSH) 1-23 Telnet 1-23 terminal emulator settings 1-30 client ARP caching 5-26 client communication, blocking 6-28 Client MFP 12-26, 12-27 client power level, limiting 6-12 command-line interface See CLI command modes 1-16 commands abbreviating 1-17 accounting 7-5 antenna 6-25 authentication client 7-5 beacon dtim-period 6-30 beacon period 6-30 bridge-group 6-29 broadcast-key 11-15 cdp enable 17-4 cdp run 17-3 clear 1-16 countermeasure tkip hold-time 11-17 debug 21-2 default form 1-18 del 22-18 dot11 aaa mac-authen filter-cache 11-15 dot11 extension aironet 6-26 dot11 holdoff-time 11-16 dot11 interface-number carrier busy 6-32 dot1x client-timeout 11-16 dot1x reauth-period 11-17 edit 1-20 encapsulation dot1q 14-6 encryption 10-4 fragment-threshold 6-31 guest-mode 7-5 help 1-17 infrastructure-client 6-28 infrastructure-ssid 7-5 interface dot11radio 1-4, 6-2 ip domain-name 5-34 ip redirect 7-12 no and default 1-18 no shutdown 1-18 packet retries 6-31 payload-encapsulation 6-27 permit tcp-port 7-12 power client 6-12 power local 6-11 recall 1-19 rts retries 6-30 rts threshold 6-30 set 22-22 set BOOT 22-22 setting privilege levels 5-8 show 1-16 show dot11 associations 7-6 show ip interface 1-28 slot-time-short 6-32 sort 1-22 speed 6-9 ssid 7-4, 11-10, 14-6 switchport protected 6-29 terminal history 1-19 terminal width 1-22 tftp_init 22-21 vlan 7-5, 14-6 world-mode 6-23 wpa-psk 11-14 commands station role 6-4 community strings configuring 18-6 overview 18-4 Complementary Code Keying (CCK) See CCK configuration files creating using a text editor 20-10 deleting a stored configuration 20-18 downloading preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-13 using RCP 20-16 using TFTP 20-11 guidelines for creating and using 20-9 invalid combinations when copying 20-5 system contact and location information 18-10 types and location 20-9 uploading preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-14 using RCP 20-17 using TFTP 20-11 connections, secure remote 5-25 countermeasure tkip hold-time command 11-17 crypto software image 5-25 CSID format, selecting 13-14 D Data Beacon Rate 6-30 data rate setting 6-7 data retries 6-31 data volume 1-35 daylight saving time 5-30 debug command 21-2 default commands 1-18 default configuration banners 5-35 DNS 5-33 password and privilege level 5-4 RADIUS 5-10, 13-4 resetting 22-16 SNMP 18-5 system message logging 21-3 system name and prompt 5-32 TACACS+ 5-15, 13-25 default gateway 1-35 default radio settings description of 1-31 default username 1-26 del command 22-18 delivery traffic indication message (DTIM) 6-30 DFS 6-17 DHCP server configuring access point as 5-22 receiving IP settings from 1-34 directories changing 20-4 creating and removing 20-4 displaying the working 20-4 disable web-based management 2-14 diversity 6-24 DNS default configuration 5-33 displaying the configuration 5-35 overview 5-33 setting up 5-34 domain names DNS 5-33 Domain Name System See DNS dot11 aaa mac-authen filter-cache command 11-15 dot11 extension aironet command 6-26 dot11 extension power native command 1-48 dot11 holdoff-time commands 11-16 dot11 interface-number carrier busy command 6-32 dot1x client-timeout command 11-16 dot1x reauth-period command 11-17 downloading configuration files preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-13 using RCP 20-16 using TFTP 20-11 image files deleting old image 20-22 preparing 20-20, 20-23, 20-27 reasons for 20-19 using FTP 20-24 using RCP 20-29 using TFTP 20-21 DTIM 6-30 duplex, Ethernet port 5-18 Dynamic Frequency Selection 6-17 blocking channels 6-20 CLI commands 6-18 configuring a channel 6-19 confirming DFS enabled 6-18 simulating radar detection 6-20 E EAP authentication, overview 11-4 EAP-FAST 9-1, 9-2 EAP-FAST authentication 11-20 EAP-MD5 authentication setting on client and access point 11-21 EAP-SIM authentication setting on client and access point 11-22 EAP-TLS applying EAP method profiles to 11-17 EAP-TLS authentication setting on client and access point 11-21 edit CLI commands 1-20 editing features enabling and disabling 1-20 keystrokes used 1-20 wrapped lines 1-21 enable password 5-6 enable secret password 5-6 encapsulation dot1q command 14-6 encapsulation method 6-27 encrypted software image 5-25 encryption command 10-4 encryption for passwords 5-6 error and event messages C-1 error messages 802.11 subsystem messages C-5 association management messages C-4 CLI 1-18 during command entry 1-18 explained C-2 inter-access point protocol messages C-19 local authenticator messages C-20 setting the display destination device 21-5 severity levels 21-7 software auto upgrade messages C-3 system message format 21-2 unzip messages C-5 Ethernet indicator 22-4 Ethernet speed and duplex settings 5-18 Ethertype filter 16-1 event log 2-3 event messages C-1 Express Security page 2-3, 1-37 Express Setup page 2-3 F fallback role 6-3 fast secure roaming 12-1 files copying 20-5 deleting 20-5 displaying the contents of 20-8 tar creating 20-6 displaying the contents of 20-6 extracting 20-7 image file format 20-19 file system displaying available file systems 20-2 displaying file information 20-3 local file system names 20-2 network file system names 20-5 setting the default 20-3 filtering Ethertype filters 16-11 IP filters 16-8 MAC address filters 16-3 show and more command output 1-22 filter output (CLI commands) 1-22 firmware upgrade 2-1 version 2-3 Flash 20-1 Flash device, number of 20-2 forward-delay time STP 8-7 fragmentation threshold 6-31 fragment-threshold command 6-31 frequencies 6-14, 6-15, 6-16 FTP accessing MIB files B-2 configuration files downloading 20-13 overview 20-12 preparing the server 20-13 uploading 20-14 image files deleting old image 20-26 downloading 20-24 preparing the server 20-23 uploading 20-26 G gain 6-24 get-bulk-request operation 18-3 get-next-request operation 18-3, 18-4 get-request operation 18-3, 18-4 get-response operation 18-3 global configuration mode 1-16 Gratuitous Probe Response (GPR) enabling and disabling 6-25 group key updates 11-14 guest-mode command 7-5 guest SSID 7-2 H help 2-13 help, for the command line 1-17 history changing the buffer size 1-19 described 1-18 disabling 1-19 recalling commands 1-19 history (CLI) 1-18 history table, level and number of syslog messages 21-8 Home button 2-3 HTTPS 2-4 I image, operating system 22-18 indicators 22-2 infrastructure-client command 6-28 infrastructure-ssid command 7-5 inter-client communication, blocking 6-28 interface CLI 1-15 web-browser 2-1 interface configuration mode 1-16 interface dot11radio command 1-4, 6-2 interfaces 2-3 intrusion detection 12-1 invalid characters in 14-6 IP address, finding and setting 1-49 ip domain-name command 5-34 IP filters 16-8 ip redirect command 7-12 IP redirection 7-11, 7-12 IPSU 1-48 IP subnet mask 1-35 ISO designators for protocols A-1 J Japan upgrade utility 1-2 frequency set 1-2 migrating to W52 domain 5-37 verfying the migration 5-39 jitter 15-2 K key features 1-2 keystrokes (edit CLI commands) 1-20 L latency 15-2 Layer 3 mobility 12-5 LBS 6-21 LEAP authentication local authentication 9-1 setting on client and access point 11-20 LED indicators Ethernet 22-4 radio traffic 22-4 status 22-4 limited channel scanning 19-15 limiting client associations by MAC address 16-6 limiting client power level 6-12 line configuration mode 1-16 load balancing 6-26 local authenticator, access point as 9-1 Location-Based Services 6-21 login authentication with RADIUS 5-10, 13-7 with TACACS+ 5-15, 13-26 login banners 5-35 log messages See system message logging low power condition 22-14 M MAC address 1-49 ACLs, blocking association with 16-6 filter 16-1, 16-3 troubleshooting 22-15 MAC authentication caching 11-15 MAC-based authentication 9-1, 9-2 management CLI 1-15 Management Frame Protection 12-25 access points in root mode 12-26 broadcast management frames 12-26 overview 12-26 unicast management frames 12-26 Management Frame Protection 2 configuring 12-27 map,network 2-3 maximum data retries 6-31 Maximum RTS Retries 6-30 Media Access Control (MAC) address 1-28 Message Integrity Check (MIC) 6-26, 10-1, 22-15 message-of-the-day (MOTD) 5-35 messages to users through banners 5-35 MIBs accessing files with FTP B-2 location of files B-2 overview 18-2 SNMP interaction with 18-4 MIC 10-1 Microsoft IAS servers 11-2 migration mode, WPA 11-13 mode (role) 6-4 mode button 22-18 disabling 5-2 enabling 5-2 modes global configuration 1-16 interface configuration 1-16 line configuration 1-16 privileged EXEC 1-16 user EXEC 1-16 monitoring CDP 17-4 monitor mode 12-31 move the cursor (CLI) 1-20 multicast messages 6-27 multiple basic SSIDs 7-7 multiple VLAN configuring for non-root bridge 5-39 N names, VLAN 14-7 Network-EAP 11-4 network map 2-3 no commands 1-18 non-root 1-35 no shutdown command 1-18 notification 2-3 O OFDM 6-11 OK button 2-3 optional ARP caching 5-26 Orthogonal Frequency Division Multiplexing (OFDM) See OFDM P packet of disconnect (PoD) configuring 13-12 packet retries command 6-31 packet size (fragment) 6-31 password reset 22-16 passwords default configuration 5-4 encrypting 5-6 overview 5-3 setting enable 5-4 enable secret 5-6 with usernames 5-7 payload-encapsulation command 6-27 PEAP authentication setting on client and access point 11-22 permit tcp-port command 7-12 per-VLAN Spanning Tree (PVST) 8-2 point-to-multipoint bridging multiple VLAN and rate limiting 5-39 ports, protected 6-29 positioning packets 6-21 power client command 6-12 power level on client devices 6-12 radio 6-26 power local command 6-11 power-save client device 6-30 preferential treatment of traffic See QoS pre-shared key 11-14 preventing unauthorized access 5-3 print 2-13 prioritization 15-2 privileged EXEC mode 1-16 privilege levels exiting 5-9 logging into 5-9 overview 5-3, 5-8 setting a command with 5-8 protected ports 6-29 protocol filters 16-2 Public Secure Packet Forwarding (PSPF) 6-28 Q QBSS 15-3 dot11e parameter 15-3 QoS configuration guidelines 15-5 dot11e command 15-9 overview 15-2 Qos QBSS Load IE 15-9 quality of service See QoS R radio activity 6-32 congestion 6-13 indicator 22-4 interface 6-2 preamble 6-23 radio management 12-1 RADIUS attributes CSID format, selecting 13-14 sent by the access point 13-20 vendor-proprietary 13-17 vendor-specific 13-16 WISPr 13-18 configuring access point as local server 9-2 accounting 13-13 authentication 5-10, 13-7 authorization 5-14, 13-11 communication, global 13-5, 13-15 communication, per-server 13-5 multiple UDP ports 13-5 default configuration 5-10, 13-4 defining AAA server groups 5-12, 13-9 displaying the configuration 5-15, 13-19 identifying the server 13-5 limiting the services to the user 5-14, 13-11 local authentication 9-2 method list, defined 13-4 operation of 13-3 overview 13-2 SSID 7-2 suggested network environments 13-2 tracking services accessed by user 13-13 range 1-35 rate limit, logging 21-9 rate limiting configuring for non-root bridge 5-39 RCP configuration files downloading 20-16 overview 20-15 preparing the server 20-16 uploading 20-17 image files deleting old image 20-31 downloading 20-29 preparing the server 20-27 uploading 20-31 reauthentication requests 11-2 recall commands 1-19 redirection, IP 7-11 regulatory domains 6-14, 6-15, 6-16 reloading access point image 22-18 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP repeater as a LEAP client 19-7 as a WPA client 19-8 chain of access points 19-2 request to send (RTS) 6-30 restricting access overview 5-3 passwords and privilege levels 5-3 RADIUS 5-10, 13-1 TACACS+ 5-15 RFC 1042 6-27 1157, SNMPv1 18-2 1901, SNMPv2C 18-2 1902 to 1907, SNMPv2 18-2 roaming 1-4 fast secure roaming using CCKM 12-1 role (mode) 6-4 role in radio network 6-2 root 1-35 rotation, broadcast key 10-1 rts retries command 6-30 RTS threshold 6-30 rts threshold command 6-30 S secure remote connections 5-25 Secure Shell See SSH security 2-3 troubleshooting 22-15 security features synchronizing 11-19 security settings, Express Security page 1-37 self-healing wireless LAN 12-5 sequence numbers in log messages 21-6 serial serial port connector 22-13 service set identifiers (SSIDs) See SSID service-type attribute 11-2 set BOOT command 22-22 set command 22-22 set-request operation 18-4 severity levels, defining in system messages 21-7 shared key 11-6 short slot time 6-32 show cdp traffic command 17-5 show command 1-16 show dot11 associations command 7-6 show ip interface command 1-28 Simple Network Management Protocol See SNMP Simple Network Time Protocol See SNTP slot-time-short command 6-32 SNMP accessing MIB variables with 18-4 agent described 18-4 disabling 18-5 community name 1-36 community strings configuring 18-6 overview 18-4 configuration examples 18-10 default configuration 18-5 limiting system log messages to NMS 21-8 manager functions 18-3 overview 18-2, 18-4 server groups 18-7 shutdown mechanism 18-8 snmp-server view 18-10 status, displaying 18-12 system contact and location 18-10 trap manager, configuring 18-9 traps described 18-3 enabling 18-8 overview 18-2, 18-4 types of 18-8 versions supported 18-2 SNMP, FTP MIB files B-2 snmp-server group command 18-7 SNMP versions supported 18-2 SNTP overview 5-27 software image 22-18 upload and download 20-1 software images location in Flash 20-19 tar file format, described 20-19 software upgrade error and event messages C-3 sort (CLI commands) 1-22 spaces in an SSID 7-6 speed command 6-9 SSH 1-23 configuring 5-26 crypto software image 5-25 described 5-25 displaying settings 5-26 SSH Communications Security, Ltd. 1-23 SSID 7-2, 14-6 guest mode 7-2 invalid characters in 7-4, 11-10 multiple SSIDs 7-1 troubleshooting 22-15 using spaces in 7-6 VLAN 7-2 ssid command 7-4, 11-10, 14-6 rules for 11-10 SSL 2-4 static WEP with open authentication, setting on client and access point 11-19 with shared key authentication, setting on client and access point 11-19 station role command 6-4 statistics CDP 17-4 SNMP input and output 18-12 status indicators 22-4 status page 2-3 STP BPDU message exchange 8-3 designated port, defined 8-4 designated switch, defined 8-4 displaying status 8-14 inferior BPDU 8-4 interface states blocking 8-7 disabled 8-8 forwarding 8-6, 8-8 learning 8-7 listening 8-7 overview 8-5 overview 8-2 root port, defined 8-4 superior BPDU 8-4 timers, described 8-5 summer time 5-30 switchport protected command 6-29 syslog See system message logging system clock configuring daylight saving time 5-30 manually 5-28 summer time 5-30 time zones 5-29 displaying the time and date 5-29 system management page 2-2 system message logging default configuration 21-3 defining error message severity levels 21-7 disabling 21-4 displaying the configuration 21-12 enabling 21-4 facility keywords, described 21-11 level keywords, described 21-8 limiting messages 21-8 message format 21-2 overview 21-2 rate limit 21-9 sequence numbers, enabling and disabling 21-6 setting the display destination device 21-5 timestamps, enabling and disabling 21-6 UNIX syslog servers configuring the daemon 21-10 configuring the logging facility 21-10 facilities supported 21-11 system name default configuration 5-32 manual configuration 5-32 See also DNS system prompt default setting 5-32 T TAC 22-1 TACACS+ accounting, defined 13-23 authentication, defined 13-23 authorization, defined 13-23 configuring accounting 13-28 authentication key 13-25 authorization 5-17, 13-27 login authentication 5-15, 13-26 default configuration 5-15, 13-25 displaying the configuration 5-17, 13-29 identifying the server 13-25 limiting the services to the user 5-17, 13-27 operation of 13-24 overview 13-23 tracking services accessed by user 13-28 tar files creating 20-6 displaying the contents of 20-6 extracting 20-7 image file format 20-19 Telnet 1-23, 1-50 Temporal Key Integrity Protocol (TKIP) 10-1 Terminal Access Controller Access Control System Plus See TACACS+ terminal history command 1-19 terminal width command 1-22 TFTP 22-21 configuration files downloading 20-11 preparing the server 20-10 uploading 20-11 image files deleting 20-22 downloading 20-21 preparing the server 20-20 uploading 20-22 password 5-6 tftp_init command 22-21 TFTP server 22-18 throughput 1-35 time See SNTP and system clock timestamps in log messages 21-6 time zones 5-29 TKIP 6-26, 10-1, 10-3 traps 2-3 configuring managers 18-8 defined 18-3 enabling 18-8 notification types 18-8 overview 18-2, 18-4 Trivial File Transfer Protocol (TFTP) See TFTP troubleshooting 22-1, 22-6, 22-9, 22-14 1300 outdoor access point/bridge indicators 22-10 1300 outdoor access point/bridge power injector 22-13 error messages (CLI) 1-18 system message logging 21-2 with CiscoWorks 18-4 U unauthorized access 5-3 universal workgroup bridge 6-2 universal workgroup bridge mode 1-35 UNIX syslog servers daemon configuration 21-10 facilities supported 21-11 message logging configuration 21-10 upgrading software images See downloading uploading configuration files preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-14 using RCP 20-17 using TFTP 20-11 image files preparing 20-20, 20-23, 20-27 reasons for 20-19 using FTP 20-26 using RCP 20-31 using TFTP 20-22 user EXEC mode 1-16 username, default 1-26 username-based authentication 5-7 V VLAN local authentication 9-2 names 14-7 SSID 7-2 vlan command 7-5, 14-6 W W52 domain migrating to 5-37 WDS 12-1, 12-9 configuring WDS-only mode 12-20 Web-based interface common buttons 2-3 compatible browsers 2-1 web-browser buttons 2-2 web-browser interface 1-4, 2-1 web site Cisco Software Center 1-48 WEP key example 10-5 with EAP 11-4 WEP key 22-15 troubleshooting 22-15 WIDS 12-6 Wi-Fi Multimedia 15-4 Wi-Fi Protected Access See WPA Wi-Fi Protected Access (WPA) 1-40 wireless intrusion detection services 12-1 Wireless LAN Services Module 12-2 WISPr RADIUS attributes 13-18 WMM 15-4 Workgroup bridge configuring limited channel scanning 19-15 configuring the limited channel set 19-15 ignoring the CCX neighbor list 19-16 workgroup bridge 6-27 guidelines for using in lightweight environment 19-18 in lightweight environment 19-18 maximum number of clients allowed 6-4 sample lightweight network configuration 19-20 world mode 6-22, 6-26 always on setting 6-22 world-mode command 6-23 world mode roaming 6-22 WPA 11-7 WPA migration mode 11-13 wpa-psk command 11-14 wraparound (CLI commands) 1-21
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.