-
Cisco Wireless LAN Controller Configuration Guide, Release 6.0
-
Preface
-
Chapter 1 - Overview
-
Chapter 2 - Using the Web-Browser and CLI Interfaces
-
Chapter 3 - Configuring Ports and Interfaces
-
Chapter 4 - Configuring Controller Settings
-
Chapter 5 - Configuring Security Solutions
-
Chapter 6 - Configuring WLANs
-
Chapter 7 - Controlling Lightweight Access Points
-
Chapter 8 - Controlling Mesh Access Points
-
Chapter 9 - Managing Controller Software and Configurations
-
Chapter 10 - Managing User Accounts
-
Chapter 11 - Configuring Radio Resource Management
-
Chapter 12 - Configuring Mobility Groups
-
Chapter 13 - Configuring Hybrid REAP
-
Appendix A - Safety Considerations and Translated Safety Warnings
-
Appendix B - Declarations of Conformity and Regulatory Information
-
Appendix C - End User License and Warranty
-
Appendix D - Troubleshooting
-
Appendix E - Logical Connectivity Diagrams
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
Numerics
11n Mode parameter 4-33
1250 series access points
and PoE Status field 7-96
operating modes when using PoE 7-94
transmit power settings when using PoE 7-95
3DES IPSec data encryption 5-9
7920 AP CAC parameter 6-35
7920 Client CAC parameter 6-35
7920 support mode
configuring 6-34
described 6-33
7921 support mode 6-34
802.11a (or 802.11b) > Client Roaming page 4-60
802.11a (or 802.11b) > Video Parameters page 4-74
802.11a (or 802.11b) > Voice Parameters page 4-73
802.11a (or 802.11b/g) > EDCA Parameters page 4-85
802.11a (or 802.11b/g) Global Parameters > Auto RF page 11-9
802.11a (or 802.11b/g) Global Parameters page 4-28, 11-44
802.11a (or 802.11b/g) Network Status parameter 4-29, 4-37, 4-38
802.11a/n (4.9 GHz) > Configure page 8-57
802.11a/n (or 802.11b/g/n) Cisco APs > Configure page 11-29
802.11a/n (or 802.11b/g/n) Radios page 4-78, 11-28, 11-40
802.11a/n Cisco APs > Configure page 11-41
802.11a/n Radios page (from Monitor Menu) 7-11
802.11a/n Radios page (from Wireless Menu) 7-12
802.11a > Pico Cell page 11-49
802.11a > Pico Cell page with pico cell mode V2 parameters 11-49
802.11a > RRM > Coverage page 11-18
802.11a > RRM > DCA page 11-14
802.11a > RRM > Dynamic Channel Assignment (DCA) page 11-14
802.11a > RRM > General page 11-19
802.11a > RRM > Tx Power Control (TPC) page 11-11
802.11a Global Parameters page 11-40
802.11b/g/n Cisco APs > Configure page 7-83, D-48
802.11 bands
configuring using the CLI4-30to 4-32
configuring using the GUI4-28to 4-30
802.11g Support parameter 4-29
802.11h, described 4-37
802.11h Global Parameters page 4-37
802.11h parameters, configuring
using the CLI 4-38
802.11n
clients 7-99
configuring
devices 4-32
802.11n (2.4 GHz) High Throughput page 4-33
802.1Q VLAN trunk port 3-6
802.1X
configuring 6-21
described 6-22
dynamic key settings 6-21
802.1X+CCKM
configuring 6-23
described 6-22
802.1X authentication for access points
configuring
the switch 7-21
described 7-16
802.1x Authentication parameter 7-18
802.3 bridging
configuring using the CLI 4-52
configuring using the GUI4-51to 4-52
802.3 Bridging parameter 4-52
802.3 frames 4-51
802.3X flow control, enabling 4-50
A
AAA override
configuring
using the CLI 5-83
using the GUI 5-83
described 5-81
AC adapter warning for Japan B-7
Access Control List Name parameter 5-59
access control lists (ACLs)
applying to an interface
using the CLI 5-67
using the GUI 5-62
applying to a WLAN
using the CLI 5-67
applying to the controller CPU
using the CLI 5-67
using the GUI 5-63
configuring
configuring for the debug facilityD-42to D-43
counters
configuring using the CLI 5-65
configuring using the GUI 5-58
described 5-57
identity networking 5-79
using with the debug facilityD-41to D-42
Access Control Lists > Edit page 5-61
Access Control Lists > New page 5-58
Access Control Lists > Rules > New page 5-59
Access Control Lists page 5-58
Access Mode parameter 4-43, 4-45
access point core dumps, uploading
using the CLI 7-43
using the GUI 7-42
access point count, approved tiers for 5500 series controllers 4-3
access point event logs, viewing D-15
access point groups
assigning access points to
using the CLI 6-53
creating
default group 6-49
described 6-47
illustrated 6-48
removing
using the CLI 6-52
using the GUI 6-50
access point monitor service, debugging D-51
access point radios, searching for7-11to 7-12
access points
20-MHz channelization 11-29
40-MHz channelization 11-29
assisted roaming 4-59
authorization list 7-31
authorizing
using MICs 7-25
using SSCs 7-25
using the CLI 7-31
using the GUI 7-30
configuring hybrid REAP using the CLI13-14to 13-15
converting to mesh access points 8-53
embedded 7-22
guidelines for operating in Japan B-6, B-7
LEDs
configuring 7-98
interpreting D-2
migrating from the -J regulatory domain to the -U regulatory domain7-77to 7-80
number supported per controller 3-5
priming 7-7
regulatory informationB-2to B-10
rules for operating in TaiwanB-8to B-9
supported for use with hybrid REAP 13-2
supporting oversized images7-46to 7-47
troubleshooting
using Telnet or SSHD-49to D-51
VCI strings 7-32
verifying that they join the controller 7-8
viewing join information
viewing multicast client table 4-58
Accounting Server parameters 6-59
accounting servers, disabling per WLAN 6-58
ACL. See access control lists (ACLs)
ACS server configuration page 6-56
Action parameter 5-61
active exploits 5-126
Add AAA Client page (on CiscoSecure ACS) 5-5, 5-21
Add AP button 13-18
Add New Rule button 5-59
Add Web Server button 10-20
AdHoc Rogue AP parameter 5-88
administrator access 4-40
administrator usernames and passwords, configuring 4-40
Admin Status parameter 3-24, 3-25
Admission Control (ACM) parameter 4-73, 4-74
AES CBS IPSec data encryption 5-9
AES-CCMP 6-22
AES parameter 6-23
Aggregated MAC Protocol Data Unit (A-MPDU) 4-35
Aggregated MAC Service Data Unit (A-MSDU) 4-35
aggregation method, specifying 4-35
aggressive load balancing 4-46
AirMagnet Enterprise Analyzer D-46
Aironet IE parameter 6-25, 6-45
Aironet IEs
configuring using the CLI 6-47
configuring using the GUI 6-45
Airopeek D-46
Alarm Trigger Threshold parameter 11-37
All APs > Access Point Name > Link Details > Neighbor Name page 8-51
All APs > Access Point Name > Mesh Neighbor Stats page 8-51
All APs > Access Point Name > Neighbor Info page 8-50
All APs > Access Point Name > Statistics page 8-45
All APs > Access Point Name > VLAN Mappings page 13-13
All APs > Details (Advanced) page
configuring CDP 4-90
All APs > Details for (Advanced) page 7-4, 7-42, D-50
configuring country codes 7-74
configuring link latency 7-91
configuring PoE 7-95
All APs > Details for (Credentials) page 7-14, 7-18, 7-51
All APs > Details for (General) page 7-45, 7-49, 13-12
All APs > Details for (High Availability) page 7-49, 7-66, 7-70
All APs > Details for (H-REAP) page 7-49, 7-50, 13-12
All APs > Details for (Inventory) page 7-87
All APs > Details for page D-47, D-52
All APs > Details page 8-18, 8-34, 11-37
All APs page 7-9, 8-44, 11-36, 13-12
Allow AAA Override parameter 5-83
anchor controller in inter-subnet roaming 12-4
AnchorTime parameter 11-15
anonymous local authentication bind method 5-36, 5-39
Anonymous Provision parameter 5-46
Antenna Gain parameter 11-31
Antenna parameter 11-30
Antenna Type parameter 11-30
AP > Clients > Traffic Stream Metrics page 4-79
AP > Clients page 4-79
AP801 access point
described 7-22
using with a controller 7-22
AP Authentication Policy page 5-70, 11-37
AP Core Dump parameter 7-42
ap-count evaluation licenses, activating
ap-count license. See licenses
AP Ethernet MAC Addresses parameter 7-27
AP Failover Priority parameter 7-70
AP Group Name parameter 6-50
AP Groups > Edit (APs) page 6-51
AP Groups > Edit (General) page 6-50
AP Groups > Edit (WLANs) page 6-51, 6-65
AP Join Stats Detail page 7-37
AP Join Stats page 7-35
AP-manager interface
and dynamic interfaces 3-10
configuring
creating multiple interfaces
using the CLI 3-44
described 3-8
illustration
of four AP-manager interfaces 3-42
of three AP-manager interfaces 3-41
of two AP-manager interfaces 3-40
AP Mode parameter 7-49, 11-37, 13-12, D-47
AP Name parameter 6-52
AP Policies page 7-30
AP Primary Discovery Timeout parameter 7-65
ASLEAP detection 5-126
Assignment Method parameter 11-29, 11-31
asymmetric tunneling
described 12-26
illustrated 12-26
authenticated local authentication bind method 5-36, 5-39
Authentication Protocol parameter 4-45
Auth Key Mgmt parameter 6-23
Authority ID Information parameter 5-46, 13-21, 13-22
Authority ID parameter 5-46, 13-21
Authorize LSC APs against auth-list parameter 7-30
Authorize MIC APs against auth-list or AAA parameter 7-30
authorizing access points
using the CLI 7-31
using the GUI 7-30
auto-anchor mobility
configuring
guidelines 12-21
auto-immune feature 5-109
AutoInstall
example operation 2-29
obtaining
DHCP addresses for interfaces 2-27
TFTP server information 2-27
overview 2-26
selecting configuration file 2-28
using 2-26
Average Data Rate parameter 4-64, 4-68
Average Real-Time Rate parameter 4-65, 4-68
Avoid Cisco AP Load parameter 11-15
Avoid Foreign AP Interference parameter 11-15, 12-18
Avoid Non-802.11a (802.11b) Noise parameter 11-15
B
Backhaul Client Access parameter 8-57
backup controllers
configuring
described 7-64
Back-up Primary Controller IP Address parameter 7-66
Back-up Primary Controller Name field 7-66
Back-up Secondary Controller IP Address parameter 7-66
Back-up Secondary Controller Name parameter 7-66
band selection 4-48
bandwidth-based CAC
described 4-70
enabling
using the CLI 4-80
using the GUI 4-73
for mesh networks 8-38
base license. See licenses
Base MAC Address parameter 3-30
Beacon Period parameter 4-29
beamforming
configuring
described 11-39
guidelines 11-39
Beamforming parameter 11-40, 11-41
Bind Password parameter 5-36
Bind Username parameter 5-36
Bridge Data Rate parameter 8-34
Bridge Group Name parameter 8-34
bridge protocol data units (BPDUs) 3-27
bridging parameters
configuring using the CLI8-36to 8-37
configuring using the GUI8-34to 8-35
browsers supported 2-16
Buffered Log Level parameter D-10
Burst Data Rate parameter 4-64, 4-68
Burst Real-Time Rate parameter 4-65, 4-68
C
CAC
configuring for 7920 phones 6-34
described 4-70
enabling
using the CLI 4-81
using the GUI 4-74
in mesh networks 8-37
viewing in mesh networks8-40to 8-42
viewing using the CLI 4-82
Canadian compliance statement B-3
CAPWAP
and mesh access points 8-7
cascading 11-6
CA Server URL parameter 7-26
Catalyst 3750G Integrated Wireless LAN Controller Switch
described 1-12
logical connectivity diagram and associated software commandsE-4to E-6
CCA Sensitivity Threshold parameter 11-50
CCKM
configuring 6-23
described 6-22
hybrid-REAP groups 13-16
with mobility 12-7
CCX
configuring Aironet IEs
using the CLI 6-47
using the GUI 6-45
described 6-44
link test 7-87
viewing a client's version
using the CLI 6-47
CCX Layer 2 client roaming
configuring
using the CLI 4-61
debugging using the CLI 4-62
obtaining information using the CLI 4-62
CCX radio management
configuring
using the CLI 11-45
debugging using the CLI 11-47
features 11-43
hybrid-REAP considerations 11-43
obtaining information using the CLI11-46to 11-47
CCXv5 clients
enabling location presence 4-106
CCXv5 Req button D-33
CCX Version parameter 6-46
CDP > AP Neighbors > Detail page 4-93
CDP > AP Neighbors page 4-92
CDP > Global Configuration page 4-89
CDP > Interface Neighbors > Detail page 4-91
CDP > Interface Neighbors page 4-91
CDP > Traffic Metrics page 4-93
CDP Advertisement Version parameter 4-89
CDP AP Neighbors page 4-92
CDP Protocol Status parameter 4-89
CDP State parameter 4-90
Certificate Authority (CA) certificates
downloading
using the GUI 9-22
overview 9-22
using with local EAP 5-42, 5-47
Certificate File Name parameter 10-8
Certificate File Path parameter 10-8
Certificate Issuer parameter 5-45
Certificate Password parameter 9-20, 10-9
Certificate Type parameter 7-31
Change Filter link 7-9, 7-12, 7-35
Change Rules Priority parameter 5-93
Channel Announcement parameter 4-37
Channel Assignment Leader parameter 11-16
Channel Assignment Method parameter 11-14
channel bonding in the 5-GHz band 11-30
Channel Quiet Mode parameter 4-37
channels
statically assigning using the CLI 11-32
statically assigning using the GUI11-28to 11-32
Channel Scan Duration parameter 11-20
Channel Width parameter 11-16, 11-29
Check Against CA Certificates parameter 5-45
Check Certificate Date Validity parameter 5-45
chokepoints for RFID tag tracking 4-97
CIDS Sensor Add page 5-107
CIDS Sensors List page 5-106
CIDS Shun List page 5-110
ciphers
described 6-22
Cisco 2100 Series Wireless LAN Controllers
AutoInstall interfaces 2-27
described 1-8
FCC statement B-10
features not supported 1-8
network connections 1-16
Cisco 28/37/38xx Integrated Services Router
described 1-12
logical connectivity diagram and associated software commands E-3
using 4-112
versions 1-12
Cisco 3200 Series Mobile Access Router (MAR)
described 8-56
operating with mesh access points
using the CLI to configure 8-58
using the GUI to configure 8-57
Cisco 3300 Series Mobility Services Engine (MSE), using with wIPS 5-123
Cisco 4400 Series Wireless LAN Controllers
AutoInstall interfaces 2-27
choosing between link aggregation and multiple AP-manager interfaces3-34to 3-43
described 1-9
FCC statement B-10
network connections1-16to 1-17
Cisco 5500 Series Wireless LAN Controllers
choosing between link aggregation and multiple AP-manager interfaces3-34to 3-43
CPUs D-5
described 1-9
FCC statement B-10
features not supported 1-10
interface configuration example 3-45
licenses. See licenses
models 3-5
multiple AP-manager interfaces3-44to 3-45
network connections 1-17
using the USB console port3-33to 3-34
Cisco 7920 Wireless IP Phones 6-34
Cisco 7921 Wireless IP Phones 6-34
Cisco Adaptive Wireless Path Protocol (AWPP) 8-7
Cisco AV-pairs 6-54, 6-55, 6-56
Cisco Centralized Key Management (CCKM). See CCKM
Cisco Clean Access (CCA) 6-60
Cisco Client Extensions (CCX). See CCX
Cisco Discovery Protocol (CDP)
configuring
debugging using the CLI 4-96
described 4-87
enabling using the GUI4-89to 4-90
sample network 4-88
supported devices 4-87
viewing neighbors
viewing traffic information
using the CLI 4-95
using the GUI 4-93
Cisco Discovery Protocol parameter 4-90
Cisco high-power switches 7-96
Cisco License Manager (CLM)
and the controller license agent 4-25
using to register PAKs 4-5
Cisco Licensing website 4-20
Cisco Logo parameter 10-13
Cisco NAC Appliance 6-60
CiscoSecure Access Control Server (ACS) 5-4
Cisco Unified Wireless Network (UWN) Solution
illustrated 1-3
Cisco Wireless Control System (WCS) 1-2
Cisco WiSM
configuring the Supervisor 7204-110to 4-111
guidelines 4-110
logical connectivity diagram and associated software commandsE-2to E-3
maximum number supported by router chassis 1-11
SSC key-hash 7-24
CKIP
configuring
using the CLI 6-26
described 6-25
Clear Config button 7-56
Clear Filter link 6-7, 7-11, 7-12, 7-36
clearing the controller configuration 9-34
Clear Stats button 12-19
Clear Stats on All APs button 7-35
CLI
basic commands 2-26
enabling wireless connections 2-36
logging out 2-25
navigating 2-25
troubleshooting commandsD-6to D-8
Client Certificate Required parameter 5-45
client exclusion policies, configuring
Client Exclusion Policies page 5-76
ClientLink. See beamforming
client location, using WCS 1-7
client MFP 5-68
Client Protection parameter 5-72
client reporting
configuring using the CLID-35to D-38
configuring using the GUID-32to D-35
described D-26
Client Reporting page D-34
client roaming, configuring4-58to 4-62
clients
connecting to WLANs 13-15
viewing
using the CLI 7-102
viewing CCX version
using the CLI 6-47
Clients > AP > Traffic Stream Metrics page 4-77
Clients > AP page 4-77
Clients > Detail page
configuring client reporting D-33
viewing a client's CCX version 6-46
viewing client details 7-62, 7-101
viewing the status of workgroup bridges 7-61
viewing voice and video settings 4-76
Clients page
performing a link test 7-89
viewing clients 7-99
viewing the status of workgroup bridges 7-61
viewing voice and video settings 4-75
Client Type parameter 7-61, 7-62
Commands > Reset to Factory Defaults page 4-112
comma-separated values (CSV) file, uploading 13-20
Community Name parameter 4-43
conditional web redirect 6-54
configuring
using the CLI 6-57
described 6-54
Conditional Web Redirect parameter 6-57
Configuration File Encryption parameter 9-30
configuration files
downloading
uploading
using the GUI9-27to9-28, ??to9-29, ??to9-30, ??to 9-32
configuration wizard
described 2-2
Configuration Wizard - 802.11 Configuration page 2-11
Configuration Wizard Completed page 2-13
Configuration Wizard - Management Interface Configuration page 2-6
Configuration Wizard - Miscellaneous Configuration page 2-7
Configuration Wizard - Service Interface Configuration page 2-5
Configuration Wizard - Set Time page 2-12
Configuration Wizard - SNMP Summary page 2-4, 2-6
Configuration Wizard - System Information page 2-3
Configuration Wizard - Virtual Interface Configuration page 2-8
Configure option for RRM override 11-28
Confirm Password parameter 13-10
Console Log Level parameter D-10
console port
Control and Provisioning of Wireless Access Points protocol (CAPWAP) 1-6
debugging 7-6
described 7-2
guidelines 7-2
viewing MTU information 7-5
controller failure detection time, reducing 7-64
controller network module
baud rate 3-4
versions 3-5
controllers
configuration
clearing 9-34
erasing 9-34
saving 9-32
connections 1-13
discovery process 7-6
guidelines for operating in JapanB-6to B-7
multiple-controller deployment 1-4
overview 1-7
resetting factory default settings
using the GUI 4-112
single-controller deployment1-3to 1-4
synchronizing with location appliance 4-102
types of memory 1-14
upgrading software
Controller Spanning Tree Configuration page 3-30
Controller Time Source Valid parameter 5-72
Control Path parameter 12-23
core dump files
described D-18
uploading automatically to an FTP server
using the CLI D-20
using the GUI D-19
uploading from a 5500 series controller to a TFTP or FTP serverD-20to D-21
Core Dump page D-19
Country Code parameter 7-74
country codes
commonly used 7-72
configuring
described 7-72
Japanese 7-78
viewing using the CLI 7-76
Country page 7-73
Coverage Exception Level per AP parameter 11-18
coverage hole detection
configuring per controller
using the CLI 11-23
disabling on a WLAN
described 6-59
using the CLI 6-60
coverage hole detection and correction 11-4
Coverage Hole Detection Enabled parameter 6-59
CPU Access Control Lists page 5-63
CPU ACL Mode parameter 5-63
CPUs, 5500 series controllers D-5
crash files
uploading
Current Channel parameter 11-31
Custom Signatures page 5-115
D
data encryption
and OfficeExtend access points 7-53
configuring
described 7-3
for OfficeExtend access points 7-50
Data Encryption parameter 7-4, 7-50
Data Path parameter 12-23
Data Rates parameter 4-30
date
configuring manually 2-30
configuring through NTP server 2-30
setting
using the CLI 2-32
using the GUI 2-30
DCA Channel Sensitivity parameter 11-15
DCA Channels parameter 11-16
debug commands, sending 7-39
debug facility
default enable password 7-13
default-group access point group 6-49
Default Mobility Group parameter 12-11
Default Routers parameter 6-12
Delivery Traffic Indication Map (DTIM). See DTIM period
Deny Counters parameter 5-61
Description parameter 5-34, 8-13, 13-10
Designated Root parameter 3-30
DES IPSec data encryption 5-9
Destination parameter 5-59
Destination Port parameter 5-60
Detect and Report Ad-Hoc Networks parameter 5-88
device certificates
downloading
using the CLI 9-21
overview 9-19
using with local EAP 5-42, 5-47
DHCP
configuring using the CLI 6-10
configuring using the GUI 6-9
debugging 6-11
DHCP Addr. Assignment Required parameter 6-10
DHCP Allocated Lease page 6-13
DHCP option 43, in controller discovery process 7-7
DHCP option 82
configuring
using the GUI 5-56
described 5-55
example 5-55
DHCP Option 82 Remote ID Field Format parameter 5-56
DHCP Parameters page 4-39, 5-56
DHCP proxy
configuring
using the CLI 4-40
using the GUI 4-39
described 4-39
DHCP Scope > Edit page 6-12
DHCP scopes
configuring
described 6-11
DHCP Scopes page 6-11
DHCP server discovery 7-7
DHCP Server IP Addr parameter 6-10
DHCP Server Override parameter 6-10
DHCP servers
internal 6-8
diagnostic channel
configuring
using the GUI D-27
described D-26
Diagnostic Channel parameter D-27
directed roam request 4-60
Direction parameter 5-60
disabled clients, configuring a timeout 6-15
discovery request timer, configuring 7-68
distribution system ports3-4to 3-6
Diversity parameter 11-31
DNS Domain Name parameter 6-12
DNS IP Address parameter 7-45
DNS Servers parameter 6-12
Domain Name parameter 7-45
domain name server (DNS) discovery 7-7
Download button
downloading a CA certificate 9-23
downloading a configuration file 9-30
downloading a customized web authentication login page 10-22
downloading a device certificate 9-20
downloading a signature file 5-115
Download File to Controller page 9-17
downloading a customized web authentication login page 10-21
downloading CA certificates 9-22
downloading configuration files 9-29
downloading device certificates 9-20
downloading IDS signatures 5-114
downloading login banner file 9-16
Download SSL Certificate parameter 10-8
DSCP parameter 5-60
DTIM period, configuring for MAC filtering 6-16
DTLS data encryption. See data encryption
DTPC Support parameter 4-29
dynamic AP management
for dynamic interface 3-21
for the management interface 3-15
Dynamic AP Management parameter 3-10
for dynamic interface 3-20
for management interface 3-13
dynamic AP-manager interface 3-10
dynamic channel assignment (DCA)
20-MHz channelization 11-4, 11-16
40-MHz channelization 11-4, 11-16
configuring
described 11-3
sensitivity thresholds 11-15
dynamic frequency selection7-81to 7-82
dynamic interface
configuring
described 3-9
dynamic interface example 3-45
dynamic transmit power control, configuring 4-29
dynamic WEP, configuring 6-21
Dynamic WEP Key Index parameter 5-43
E
EAP-FAST Method Parameters page 5-46
EAP-FAST parameter 5-44
EAPOL-Key Max Retries parameter 5-43
EAPOL-Key Timeout parameter 5-43
EAP Profile Name parameter 5-47
EAP-TLS parameter 5-44
EDCA Profile parameter 4-85
Edit QoS Profile page 4-64
Edit QoS Role Data Rates page 4-67
Egress Interface parameter 10-30
Email Input parameter 10-31
Enable AP Local Authentication parameter 13-19
Enable Authentication for Listener parameter 4-26
Enable Check for All Standard and Custom Signatures parameter 5-116
Enable Controller Management to be accessible from Wireless Clients parameter 2-37, 5-54
Enable Counters parameter 5-58
Enable Coverage Hole Detection parameter 11-18
Enable CPU ACL parameter 5-63
Enable Default Authentication parameter 4-26
Enable DHCP Proxy parameter 4-39
Enable Dynamic AP Management parameter 3-43
Enable EAP-FAST Authentication parameter 13-21
Enable IGMP Snooping parameter 4-55
Enable LEAP Authentication parameter 13-21
Enable Least Latency Controller Join parameter 7-51
Enable Link Latency parameter 7-51, 7-91, 7-92
Enable Listener parameter 4-26
Enable Low Latency MAC parameter 4-86
Enable LSC on Controller parameter 7-26
Enable NAT Address parameter 3-13
Enable Notification parameter 4-26
Enable OfficeExtend AP parameter 7-50
Enable Password parameter 7-14
Enable Server Status parameter 5-36
Enable Tracking Optimization parameter 7-83
Encryption Key parameter 6-26
end user license agreementC-2to C-4
end-user license agreement (EULA) 4-7, 4-8
enhanced distributed channel access (EDCA) parameters
configuring using the CLI4-86to 4-87
configuring using the GUI4-85to 4-86
enhanced neighbor list
request (E2E) 4-59
Enter Saved Permission Ticket File Name parameter 4-22
erasing the controller configuration 9-34
error codes, for failed VoIP calls6-40to 6-41
Ethernet connection, using remotely2-24to 2-25
Ethernet Multicast Mode parameter 4-55
European declaration of conformityB-4to B-5
evaluation licenses
installed on 5500 series controllers 4-3
event reporting for MFP 5-69
Excessive 802.11 Association Failures parameter 5-76
Excessive 802.11 Authentication Failures parameter 5-76
Excessive 802.1X Authentication Failures parameter 5-76
Excessive Web Authentication Failures parameter 5-76
Expedited Bandwidth parameter 4-74
expedited bandwidth requests
described 4-71
enabling
using the CLI 4-81
using the GUI 4-74
Expiration Timeout for Rogue AP and Rogue Client Entries parameter 5-88
Extensible Authentication Protocol (EAP)
configuring 6-21
setting local timers 5-48
timeout and failure counters
per access point 5-51
per client 5-51
extension channel 11-31
F
factory default settings
resetting using the GUI 4-112
failover priority for access points
configuring
using the CLI 7-71
described 7-69
viewing using the CLI 7-71
failover protection 1-15
fake access point detection 5-126
Fallback Mode parameter 5-10
Fast Ethernet port 3-5
fast heartbeat timer
configuring
using the CLI 7-67
using the GUI 7-65
described 7-64
fast SSID changing
configuring using the CLI 4-50
configuring using the GUI 4-50
FCC declaration of conformityB-2to B-3
FCC statement
2100 series controllers B-10
4400 series controllers B-10
5500 series controllers B-10
Federal Information Processing Standards (FIPS) 5-12
File Compression parameter 7-42
File Name to Save Credentials parameter 4-20
file transfers 1-14
File Type parameter
downloading a CA certificate 9-23
downloading a configuration file 9-30
downloading a customized web authentication login page 10-21
downloading a device certificate 9-20
Login Banner 9-17
upgrading controller software 9-8
uploading a configuration file 9-28
uploading packet capture files D-23
uploading PACs 9-25
filter, using to view clients 7-100
Fingerprint parameter 5-108
flashing LEDs, configuring 7-98
foreign controller in inter-subnet roaming 12-4
Forward Delay parameter 3-31, 3-32
forwarding plane architecture 4-51
Fragmentation Threshold parameter 4-29
fragmented pings 3-7
Friendly Rogue > Create page 5-93
FTP server guidelines 9-2
G
General (controller) page
configuring 802.3 bridging 4-52
configuring an RF group 11-7
enabling link aggregation 3-38
General (security) page 5-31
General page 5-43
Generate Password parameter 10-5
Generate Rehost Ticket button 4-22
gigabit Ethernet port 3-5
Global AP Failover Priority parameter 7-70
Global Configuration page
configuring authentication for access points 7-18
configuring backup controllers 7-65
configuring failover priority for access points 7-69
configuring global credentials for access points 7-14
global credentials for access points
configuring
described 7-13
overriding
using the CLI 7-15
using the GUI 7-14
Group Mode parameter 11-9, 12-17
Group Name parameter 12-12, 13-17
Group Setup page (on CiscoSecure ACS) 5-23
Guest LAN parameter 10-29
guest N+1 redundancy 12-20
guest tunneling 12-10
guest user accounts
creating as a lobby ambassador10-4to 10-6
viewing
using the CLI 10-7
using the GUI 10-6
Guest User parameter 5-33, 13-10
Guest User Role parameter 5-33, 13-10
guest WLAN, creating 10-5
GUI
browsers supported 2-16
enabling wireless connections 2-36
guidelines 2-16
logging into 2-17
logging out of 2-17
using 2-16
H
Headline parameter 10-13
Hello Time parameter 3-31
help, obtaining 2-17
hex2pcap sample output D-44
high-density network
benefits 11-48
example 11-48
overview 11-47
Honeypot access point detection 5-126
HREAP Group Name parameter 13-13
HREAP Groups > Edit (Local Authentication > Local Users) page 13-20
HREAP Groups > Edit (Local Authentication > Protocols) page 13-21
HREAP Groups > Edit page 13-18
HREAP Groups page 13-17
H-REAP Local Switching parameter 13-8
H-REAP Mode AP Fast Heartbeat Timeout parameter 7-65
H-REAP Mode AP Fast Heartbeat Timer State parameter 7-65
H-REAP parameter 7-49
HTTP Access parameter 2-18
HTTP Configuration page 2-18
HTTPS Access parameter 2-18
hybrid REAP
access points supported 13-2
authentication process13-2to 13-4
bandwidth restriction 13-2
configuring
access points using the CLI13-14to 13-15
access points using the GUI13-11to 13-14
controller using the GUI13-6to 13-10
guidelines 13-4
illustrated 13-2
number of access points supported 13-2
overview 13-2
hybrid-REAP
hybrid-REAP groups
backup RADIUS server 13-16
CCKM 13-16
configuring
using the CLI 13-22
described 13-15
example 13-16
local authentication 13-17
Hysteresis parameter 4-61
I
identity networking
Identity Request Max Retries parameter 5-43
Identity Request Timeout parameter 5-43
IDS 5-106
IDS sensors
configuring
described 5-106
IDS signature events
viewing using the CLI5-121to 5-122
viewing using the GUI5-118to 5-119
IDS signatures
configuring
described 5-111
frequency 5-117
measurement interval 5-117
pattern 5-117
tracking method 5-117
uploading or downloading using the GUI5-113to 5-115
viewing
IGMP Timeout parameter 4-55
IKE Diffie Hellman Group parameter 5-10
IKE Phase 1 parameter 5-10
Index parameter for IDS 5-107
indoor access points
converting to mesh access points 8-53
infrastructure MFP
components 5-69
described 5-68
Infrastructure MFP Protection parameter 5-71
Infrastructure Protection parameter 5-72
Infrastructure Validation parameter 5-72
Ingress Interface parameter 10-30
Injector Switch MAC Address parameter 7-96
inline power 7-94
Install License button 4-7
intelligent power management (IPM) 7-96
inter-controller roaming
described 4-58
example 12-3
Interface Name parameter 6-51, 6-62, 6-65, 8-13
Interface parameter 6-10
interfaces
and identity networking 5-79
assigning WLANs 6-15
configuring
Interfaces > Edit page
applying an ACL to an interface 5-62
configuring dynamic interfaces 3-19
configuring NAC out-of-band integration 6-63
configuring wired guest access 10-29
creating multiple AP-manager interfaces 3-43
Interfaces > New page 3-19, 3-42
Interfaces page 3-12
interference 11-3
Interference threshold parameter 11-19
Internet Group Management Protocol (IGMP)
configuring
using the CLI 4-57
using the GUI 4-55
snooping 4-53
inter-release mobility 12-10
inter-subnet mobility 12-7
inter-subnet roaming
described 4-59
Interval parameter 11-15, 11-44
intra-controller roaming
described 4-58
illustrated 12-2
Inventory page 7-86
Invoke Channel Update Now button 11-14
Invoke Power Update Now button 11-12
IP address-to-MAC address binding
described 4-62
IP Mask parameter 4-43
IPSec parameter 5-9
IP Theft or IP Reuse parameter 5-76
IPv6 bridging
configuring
using the CLI 6-44
described 6-42
guidelines 6-42
IPv6 bridging and IPv4 web authentication example 6-43
IPv6 Enable parameter 6-44
J
Japanese country codes 7-78
Japanese regulations for migrating access points from the -J to the -U regulatory domain7-77to 7-80
K
Keep Alive Count parameter 12-22
Keep Alive Interval parameter 12-22
Key Encryption Key (KEK) parameter 5-8
Key Format parameter 6-26
Key Index parameter 6-26
key permutation
described 6-25
Key Permutation parameter 6-26
Key Size parameter 6-26
Key Wrap Format parameter 5-8
Key Wrap parameter 5-8
L
LAG. See link aggregation (LAG)
LAG Mode on Next Reboot parameter 3-38
Last Auto Channel Assignment parameter 11-16
Last Power Level Assignment parameter 11-12
Layer 1 security 5-2
Layer 2
operation 1-6
security
described 5-2
Layer 2 Security parameter 6-23, 6-26, 6-56
Layer 3
operation 1-6
security
described 5-3
Layer 3 Security parameter
for VPN passthrough 6-29
for web authentication 6-30
for web redirect 6-57
for wired guest access 10-31
LDAP
choosing server priority order 5-37
configuring
local EAP methods supported 5-35, 5-41
LDAP server
choosing local authentication bind method
using the CLI 5-39
using the GUI 5-36
LDAP Servers > New page 5-35
LDAP Servers page 5-35
LDAP Servers parameter 5-47
LEAP parameter 5-44
Learn Client IP Address parameter 13-9
Lease Time parameter 6-12
LEDs
configuring 7-98
interpreting D-2
license agent
configuring
described 4-25
License Agent Configuration page 4-26
License Commands (Rehost) page 4-20
License Commands page 4-6
license level, changing
using the CLI 4-15
using the GUI 4-14
License Level page 4-13
licenses
activating ap-count evaluation licenses
choosing feature set
using the CLI 4-15
installing
messages in controller trap log 4-2
rehosting
described 4-19
removing
using the CLI 4-7
using the GUI 4-9
required for OfficeExtend access points 7-48
saving
using the CLI 4-8
using the GUI 4-7
SKUs 4-4
transferring to a replacement controller after an RMA4-24to 4-25
types 4-2
viewing
licensing portal, using to register PAKs 4-5
Lifetime parameter 5-33, 10-5, 13-10
Lightweight Access Point Protocol (LWAPP) 1-6, 7-2
lightweight mode, reverting to autonomous mode 7-24
link aggregation (LAG)
configuring neighboring devices 3-39
enabling
using the CLI 3-39
using the GUI 3-38
example 3-35
guidelines 3-37
illustrated 3-36
verifying settings using the CLI 3-39
link latency
and OfficeExtend access points 7-51, 7-53
configuring
described 7-90
Link Status parameter 3-24
Link Test
button 7-89
page 7-89
link test
described 7-87
performing
using the CLI 7-90
using the GUI7-88to7-89, 8-50to 8-51
types of packets 7-87
Link Trap parameter 3-24, 3-25
Listener Message Processing URL parameter 4-26
load balancing 4-46
Load-based AC parameter 4-73
load-based CAC
described 4-71
enabling
using the CLI 4-80
using the GUI 4-73
lobby ambassador account
creating using the CLI 10-3
creating using the GUI10-2to 10-3
Lobby Ambassador Guest Management > Guest Users List > New page 10-4
Lobby Ambassador Guest Management > Guest Users List page 10-4, 10-6
Local Auth Active Timeout parameter 5-43
local EAP
configuring
debugging 5-52
example 5-41
viewing information using the CLI 5-50
Local EAP Authentication parameter 5-47
Local EAP Profiles > Edit page 5-44
Local EAP Profiles page 5-44
Local Management Users > New page 10-3
Local Management Users page 10-2
Local Mode AP Fast Heartbeat Timeout parameter 7-65
Local Mode AP Fast Heartbeat Timer parameter 7-65
Local Net Users > New page 5-33, 13-9
Local Net Users page 5-32, 10-6
local network users
configuring using the CLI 5-34
configuring using the GUI5-32to 5-34
local significant certificate (LSC)
configuring
described 7-26
Local Significant Certificates (LSC) - AP Provisioning page 7-27
Local Significant Certificates (LSC) - General page 7-26
local user database, capacity 10-2
location
calibration 11-44
configuring settings using the CLI4-102to 4-104
viewing settings using the CLI4-104to 4-106
location appliance
installing certificate4-101to 4-102
synchronizing with controller 4-102
location-based services 11-43
location presence 4-106
logical connectivity diagram
Catalyst 3750G Integrated Wireless LAN Controller Switch E-4
Cisco 28/37/38xx Integrated Services Router E-3
Cisco WiSM E-2
login banner file
clearing 9-19
described 9-15
downloading
Login Banner page 9-19
logs
uploading
long preambles
described 5-52
enabling on SpectraLink NetLink phones
using the CLI 5-53
using the GUI 5-52
LWAPP-enabled access points
debug commands 7-39
disabling the reset button 7-44
guidelines 7-23
MAC addresses displayed on controller GUI 7-43
radio core dumps
described 7-39
receiving debug commands from controller 7-39
retrieving radio core dumps 7-40
reverting to autonomous mode7-24to 7-25
sending crash information to controller 7-39
uploading
access point core dumps7-42to 7-43
M
MAC address of access point
adding to controller filter list
using the GUI 8-37
displayed on controller GUI 7-43
MAC Address parameter 8-13
MAC filtering
configuring on WLANs6-14to 6-15
DTIM period 6-16
MAC filtering, for mesh access points8-12to 8-13
MAC Filtering page 8-12
MAC Filters > New page 8-12
management frame protection (MFP)
configuring
debugging 5-75
guidelines 5-69
types 5-68
Management Frame Protection parameter 5-72
Management Frame Protection Settings page 5-72
management frame validation 5-69
management interface
configuring
using the CLI 3-15
described 3-7
Management IP Address parameter 7-49
management over wireless
described 5-54
enabling
using the CLI 5-54
using the GUI 5-54
Master Controller Configuration page 7-8
Master Controller Mode parameter 7-8
Max Age parameter 3-30
Max HTTP Message Size parameter 4-26
Maximum Age parameter 3-31
maximum local database entries
configuring using the CLI 5-31
configuring using the GUI 5-31
Maximum Local Database Entries parameter 5-31
Maximum Number of Sessions parameter 4-26
Maximum RF Usage Per AP parameter 4-65
Max-Login Ignore Identity Response parameter 5-43
Max RF Bandwidth parameter 4-73, 4-74
MCS data rates 4-33
Member MAC Address parameter 12-12
memory
types 1-14
memory leaks, monitoringD-24to D-25
mesh
network example 8-40
parameters
configuring using the CLI 8-26, 8-29
configuring using the GUI8-22to 8-26
statistics
viewing for an access point using the CLI8-40to8-43, 8-48to 8-49
viewing for an access point using the GUI8-44to 8-48
Mesh > LinkTest Results page 8-50
mesh access points
adding MAC address to controller filter list
using the CLI 8-13
adding to mesh networks 8-11
and CAPWAP 8-7
converting to non-mesh access points 8-55
deployment modes 8-4
license requirements 8-2
models 8-2
network access 8-4
operating with Cisco 3200 Series Mobile Access Routers
configuration guidelines 8-56
described 8-56
using the CLI to configure 8-58
using the GUI to configure 8-57
roles 8-3
selecting 8-34
supported by controller model 8-10
mesh backhaul data rates 8-9
mesh backhaul deployment example 8-5
mesh constraints 8-8
mesh deployment example 8-5
mesh minimum required LinkSNR 8-9
mesh neighbors, parents, and children 8-7
mesh network hierarchy 8-3
mesh node security statistics8-47to 8-48
mesh node statistics 8-46
mesh point-to-multipoint wireless bridging example 8-6
mesh point-to-point wireless bridging example 8-5
mesh routing 8-7
Message Authentication Code Key (MACK) parameter 5-8, 5-12
message logs
configuring
using the GUI D-8
viewing
using the CLI D-14
See also system logging
Message Logs page D-11
Message parameter for web authentication 10-14
Metrics Collection parameter 4-74
MFP Client Protection parameter 5-71
MFP Frame Validation parameter 5-71
migrating access points from the -J to the -U regulatory domain7-77to 7-80
Min Failed Client Count per AP parameter 11-18
Minimum RSSI parameter 4-61
mirror mode. See port mirroring, configuring
MMH MIC
described 6-25
MMH Mode parameter 6-26
Mobile Announce messages 12-7
mobility
failover 12-20
overview 12-2
Mobility Anchor Config page 12-22, 12-27
Mobility Anchor Create button 12-23
mobility anchors. See auto-anchor mobility
Mobility Anchors option 12-22
Mobility Anchors page 12-22
Mobility Group Member > New page 12-11
Mobility Group Members > Edit All page 12-13
mobility groups
configuring
using the CLI 12-14
with one NAT device 12-8
with two NAT devices 12-9
determining when to include controllers 12-7
difference from RF groups 11-5
examples 12-7
illustrated 12-5
messaging among 12-7
number of access points supported 12-5, 12-6
number of controllers supported 12-5
using with NAT devices12-8to 12-9
mobility group statistics
types 12-16
viewing
using the CLI 12-19
mobility list
described 12-6
detecting failed members 12-20
number of controllers supported 12-7
ping requests to members 12-20
Mobility Multicast Messaging > Edit page 12-14
Mobility Multicast Messaging page 12-13
mobility ping tests, running 12-28
Mobility Statistics page 12-17
MODE access point button 7-24, 7-44
monitor intervals, configuring using the GUI 11-20
Multicast Appliance Mode parameter 3-25
multicast client table, viewing 4-58
multicast groups
viewing using the CLI 4-57
viewing using the GUI 4-56
Multicast Groups page 4-56
multicast mode
configuring
using the CLI 4-56
Multicast page 4-55
multiple AP-manager interfaces
5500 series controller example3-44to 3-45
multiple country codes
configuration guidelines 7-72
configuring
using the CLI 7-75
N
NAC in-band mode 6-60
NAC out-of-band integration
and hybrid REAP 13-5
configuring
diagram 6-61
NAC out-of-band support
configuring for a specific access point group
using the CLI 6-66
using the GUI 6-64
NAC State parameter 6-51, 6-64, 6-65
NAT address
for dynamic interface 3-20, 3-21
for management interface 3-13, 3-16
NAT devices in mobility groups12-8to 12-9
Native VLAN ID parameter 13-13
neighbor information
viewing for an access point using the CLI 8-52
viewing for an access point using the GUI8-49to 8-52
Neighbor Information option 8-49
Neighbor Packet Frequency parameter 11-20
neighbor statistics
viewing for an access point using the CLI 8-52
viewing for an access point using the GUI8-49to 8-52
Netbios Name Servers parameter 6-12
Netmask parameter 6-12
network analyzer supported software
AirMagnet D-46
Airopeek D-46
Omnipeek D-46
Wireshark D-46
Network Mobility Services Protocol (NMSP) 4-97
modifying the notification interval for clients, RFID tags, and rogues4-106to 4-107
Network parameter 6-12
NTP server
configuring to obtain time and date 2-30
Number of Attempts to LSC parameter 7-27
Number of Hits parameter 5-61
O
OfficeExtend Access Point Configuration page 7-55
OfficeExtend Access Point Home page 7-54
OfficeExtend Access Points
LEDs D-52
positioning D-52
OfficeExtend access points
and NAT 7-48
configuring
described 7-47
firewall requirements 7-48
implementing security for 7-48
licensing requirements 7-48
supported access point models 7-48
trap logs 7-48
typical setup 7-47
OfficeExtend AP parameter 7-51
online help, using 2-17
open source terms C-8
OpenSSL license issuesC-7to C-8
operating system
security 1-5
software 1-4
Order Used for Authentication parameter 5-11, 5-26
Override Global Config parameter 10-24, 10-31
Over-ride Global Credentials parameter 7-15, 7-19, 7-51
Override Interface ACL parameter 5-64
oversized access point images 7-47
over-the-air provisioning (OTAP) 7-7
P
P2P Blocking parameter 6-19
packet capture files
described D-21
sample output in Wireshark D-22
uploading
using the GUI D-23
Params parameter 7-27
password
restoring 4-41
password guidelines 7-18
Password parameter
for access point authentication 7-18
for access points 7-14
for local net users 5-33, 13-10
for PACs 9-25
passwords
viewing in clear text D-7
path loss measurement (S60), CLI command 4-102
PEAP parameter 5-44
peer-to-peer blocking
configuring
using the CLI 6-20
described 6-18
examples 6-18
permanent licenses, installed on 5500 series controllers 4-3
Personal SSID parameter 7-55
Physical Mode parameter 3-24, 3-25
Physical Status parameter 3-24
pico cell mode
configuring
debugging using the CLI 11-51
guidelines 11-48
versions 11-49
Pico Cell Mode parameter 11-49
ping link test 7-87
ping tests 12-28
pinning 11-6
PMK cache lifetime timer 6-24
PMKID caching 6-24
PoE Status parameter 7-96
Pool End Address parameter 6-12
Pool Start Address parameter 6-12
Port > Configure page 3-23
port mirroring, configuring3-26to 3-27
Port Number parameter
for controller 3-24
for LDAP server 5-36
for RADIUS server 5-8
for TACACS+ server 5-25
for wired guest access 10-29
Port parameter for IDS 5-107
ports
on 2100 series controllers 3-2, 3-4
on 4400 series controllers 3-2, 3-4
on 5500 series controllers 3-3, 3-5
on Catalyst 3750G Integrated Wireless LAN Controller Switch 3-3, 3-4, 3-5
on Cisco 28/37/38xx Series Integrated Services Router3-4to 3-5, 4-112, 7-33
Ports page 3-22
Power Assignment Leader parameter 11-12
power cable warning for Japan B-7
Power Injector Selection parameter 7-96
Power Injector State parameter 7-96
Power Neighbor Count parameter 11-12
Power over Ethernet (PoE)
configuring
using the CLI 7-97
Power Over Ethernet (PoE) parameter 3-24
Power Threshold parameter 11-12
preauthentication access control list (ACL)
applying to a WLAN
using the CLI 5-67
for external web server 10-19, 13-9
Preauthentication ACL parameter 5-65, 6-57
Pre-Standard State parameter 7-96
Primary Controller Name parameter 7-49
Primary Controller parameters 7-49, 7-66
Primary RADIUS Server parameter 13-18
priming access points 7-7
Priority Order > Local-Auth page 5-37, 5-42
Priority Order > Management User page 5-11, 5-26
Priority parameter 3-31
Privacy Protocol parameter 4-45
probe request forwarding, configuring 7-85
probe requests, described 7-85
product authorization key (PAK)
obtaining for license upgrade 4-3
registering 4-5
product ID for controller, finding 4-23
product ID of controller, finding 4-21
Product License Registration page 4-21
Profile Details page D-35
Profile Name parameter 6-5, 8-13, 10-30, 13-7
protected access credentials (PACs)
overview 9-24
uploading
using the GUI 9-25
using with local EAP 5-42, 13-21
Protection Type parameter 5-70, 11-37
Protocol parameter 5-60
Protocol Type parameter 4-65
PSK
configuring 6-23
described 6-22
with mesh 8-24
PSK Format parameter 6-23
public key cryptography (PKC), with mobility 12-7
Q
QBSS
configuring
using the CLI 6-36
using the GUI 6-35
described 6-33
guidelines 6-34
QoS
identity networking 5-78
translation values 6-32
with CAC 4-70
QoS profiles
assigning to a WLAN
using the CLI 6-33
configuring
QoS roles
assigning for use with hybrid REAP 13-10
configuring
QoS Roles for Guest Users page 4-67
Quality of Service (QoS) parameter 6-32
quarantined VLAN
using 13-8
with hybrid REAP 13-4
with NAC out-of-band integration 6-63
Quarantine parameter
for dynamic interface 3-19
for management interface 3-13
NAC out-of-band integration 6-63
Query Interval parameter 5-108
Queue Depth parameter 4-65
queue statistics 8-46
R
Radio > Statistics page 6-38
radio core dumps
described 7-39
retrieving 7-40
uploading
using the CLI 7-41
radio measurement requests
configuring
on the CLI 11-45
on the GUI 11-44
overview 11-43
viewing status using the CLI 11-46
radio preamble 5-52
radio resource management (RRM)
benefits 11-5
CCX features. See CCX radio management
configuring
monitor intervals using the GUI 11-20
coverage hole detection
configuring per controller using the CLI 11-23
configuring per controller using the GUI11-17to 11-19
described 11-4
debugging 11-26
disabling dynamic channel and power assignment
using the GUI 11-35
overview 11-2
specifying channels11-13to 11-16
statically assigning channel and transmit power settings
using the CLI 11-32
Wireless > 802.11a/n (or 802.11b/g/n) > RRM > TPC parameter 11-11
radio resource management (RRM) settings
viewing using the CLI11-24to 11-26
radio resource monitoring 11-2
RADIUS
accounting 5-3
authentication 5-3
choosing authentication priority order 5-11
configuring
configuring on ACS 5-4
described 5-3
FIPS standard 5-12
KEK parameter 5-12
MACK parameter 5-12
server fallback behavior 5-10, 5-13
using with hybrid REAP 13-16
RADIUS > Fallback Parameters page 5-10
RADIUS accounting attributes5-18to 5-19
RADIUS authentication attributes5-16to 5-18
Range (RootAP to MeshAP) parameter 8-23
Redirect URL After Login parameter 10-13
Refresh-time Interval parameter 4-89
Regenerate Certificate button 10-8
regulatory information
for 2100 series controllers B-10
for 4400 series controllers B-10
for lightweight access pointsB-2to B-10
rehosting a license. See licenses
Rehost Ticket File Name parameter 4-22
Remote Authentication Dial-In User Service. See RADIUS
Request Max Retries parameter 5-43
Request Timeout parameter 5-43
Reserved Roaming Bandwidth parameter 4-73, 4-75
Reset Link Latency button 7-92
Reset Personal SSID parameter 7-50
resetting the controller 9-34
restoring passwords 4-41
Re-sync button 5-110
reverse path filtering (RPF) 12-26
RF Channel Assignment parameter 11-35
RF domain. See RF groups
RF exposure declaration of conformity B-5
RF group leader
described 11-6
viewing 11-9
RF group name
described 11-7
entering 11-8
RF groups
cascading 11-6
configuring
using the CLI 11-8
using the GUI 11-7
difference from mobility groups 11-5
pinning 11-6
viewing status
using the CLI 11-10
using the GUI 11-9
RFID tags
described 4-96
formats supported 4-96
number supported per controller 4-97
tracking
configuring using the CLI 4-98
debugging using the CLI 4-100
viewing information using the CLI4-99to 4-100
RFID tracking on access points, optimizing
using the CLI 7-84
RF-Network Name parameter 11-8
RLDP. See Rogue Location Discovery Protocol (RLDP)
roaming and real-time diagnostics
configuring using the CLID-38to D-41
described D-26
logs
described D-26
roam reason report 4-60
roam reason report, described 8-31
rogue access points
alarm 11-37
automatically containing
using the CLI 5-89
using the GUI 5-88
classification mapping table 5-85
classifying 5-84
detecting
using the CLI 11-38
managing 5-83
rule-based classification support 5-84
tagging, location, and containment 5-84
viewing and classifying
WCS support for rule-based classification 5-87
Rogue AP Detail page 5-97
Rogue AP Ignore-List page 5-101
rogue classification rules
configuring using the CLI5-94to 5-96
configuring using the GUI5-90to 5-94
Rogue Client Detail page 5-99
and OfficeExtend access points 7-50, 7-53
Rogue Detection parameter 5-87, 7-50
Rogue Location Discovery Protocol (RLDP)
configuring
defined 5-84
Rogue Location Discovery Protocol parameter 5-88
Rogue on Wire parameter 5-88
Rogue Policies page 5-87
Rogue Rule > Edit page 5-92
Rogue Rules > Priority page 5-93
Role Name parameter 4-67
root access points (RAPs)
selecting 8-34
root bridge 3-27
Root Cost parameter 3-30
Root Port parameter 3-30
RRM. See radio resource management (RRM)
RSNA logs
described D-26
Rx Sensitivity Threshold parameter 11-50
S
Save and Reboot button 9-21, 9-23
Save Licenses button 4-7
saving configuration settings 9-32
Scan Threshold parameter 4-61
Scope Name parameter 6-11
Search AP window 7-10, 7-12, 7-35
Search Clients page 7-100
Search WLANs window 6-7, 7-9, 7-12
Secondary Controller parameters 7-66
Secondary RADIUS Server parameter 13-18
secure web mode
described 2-18
enabling
using the CLI 2-19
using the GUI 2-18
security
overview 5-2
Security Policy Completed parameter 6-43
security settings
local and external authentication 8-22
Select APs from Current Controller parameter 13-19
self-signed certificate (SSC)
used to authorize access points 7-25
Sequence parameter 5-59
serial number for controller, finding 4-23
serial number of controller, finding 4-21
serial port
baud rate setting 2-24
timeout 2-24
Server Address parameter 5-107
Server Index (Priority) parameter 5-8, 5-25, 5-36
Server IP Address parameter
for LDAP server 5-36
for RADIUS server 5-8
for TACACS+ server 5-25
for wireless sniffer D-48
Server Key parameter 5-46, 13-21
Server Status parameter 5-9, 5-25
Server Timeout parameter 5-9, 5-26, 5-37
service port 3-6
service-port interface
configuring
using the CLI 3-18
described 3-9
session timeout
configuring
using the CLI 6-28
using the GUI 6-27
described 6-27
Set Priority button 4-17
Set to Factory Default button 11-21
Severity Level Filtering parameter D-9
Shared Secret Format parameter 5-8, 5-25
Shared Secret parameter 5-8, 5-25
Short Preamble Enabled parameter 5-52
short preambles 5-52
Show Wired Clients option 7-61
shunned clients
described 5-110
viewing
using the CLI 5-111
using the GUI 5-110
Signature Events Detail page 5-118
Signature Events Summary page 5-118
Signature Events Track Detail page 5-119
Simple Bind parameter 5-36
sniffing. See wireless sniffing D-46
Sniff parameter D-48
SNMP community string
changing default values using the CLI4-43to 4-44
changing default values using the GUI4-42to 4-43
SNMP v1 / v2c Community > New page 4-43
SNMP v1 / v2c Community page 4-42
SNMP v3 users
changing default values using the CLI 4-45
changing default values using the GUI4-44to 4-45
SNMP V3 Users > New page 4-45
SNMP V3 Users page 4-44
software, upgrading
software, upgrading in mesh networks
Source parameter for ACLs 5-59
Source Port parameter 5-60
Spanning Tree Algorithm parameter 3-31
Spanning Tree Protocol (STP)
configuring
described 3-27
spanning-tree root 3-27
Spanning Tree Specification parameter 3-30
SpectraLink NetLink phones
enabling long preambles
using the CLI 5-53
using the GUI 5-52
overview 5-52
Spectralink Voice Priority parameter 4-85
splash page web redirect 6-55
Splash Page Web Redirect parameter 6-57
SSC key-hash on Cisco WiSM 7-24
SSH
and OfficeExtend access points 7-50, 7-53
configuring
troubleshooting access points
SSH parameter D-50
SSID
configuring
using the CLI 6-6
using the GUI 6-5
described 6-3
SSL certificate
generating
using the CLI 2-20
using the GUI 2-19
loading
SSL protocol 2-18
SSLv2, configuring for web administration 2-19
SSLv2 for web authentication, disabling 10-12
Standard Signature > Detail page 5-117
Standard Signatures page 5-115
stateful DHCPv6 IP addressing 6-42
static IP address
configuring
described 7-44
Static IP parameter 7-45
Static Mobility Group Members page 12-11
Statistics option 8-45
Status parameter
for DHCP scopes 6-12
for guest LANs 10-30
for SNMP community 4-43
for WLANs 6-5
STP Mode parameter 3-29
STP Port Designated Bridge parameter 3-28
STP Port Designated Cost parameter 3-28
STP Port Designated Port parameter 3-28
STP Port Designated Root parameter 3-28
STP Port Forward Transitions Count parameter 3-28
STP Port ID parameter 3-28
STP Port Path Cost Mode parameter 3-29
STP Port Path Cost parameter 3-29
STP Port Priority parameter 3-29
STP State parameter 3-28
strong passwords 7-18
Summary page 2-35
Supervisor 720
described 4-110
switch, configuring at the remote site13-5to 13-6
Switch IP Address (Anchor) parameter 12-23
SX/LC/T small form-factor plug-in (SFP) modules 3-5
symmetric mobility tunneling
illustrated 12-27
verifying status
using the CLI 12-28
using the GUI 12-27
Symmetric Mobility Tunneling Mode parameter 12-27
syslog
described D-27
levels D-10
Syslog Configuration page D-8
Syslog Facility parameter D-9
syslog server
number supported by controller D-8
removing from controller D-8
severity level filtering D-9
Syslog Server IP Address parameter D-8
system logging
configuring
setting severity level D-10
system logs, viewing using the CLI D-14
System Resource Information page D-5
system resources
viewing using the CLI D-6
viewing using the GUI D-5
T
TACACS+
accounting 5-20
authentication 5-19
authorization 5-19
choosing authentication priority order 5-26
configuring
viewing administration server logs5-29to 5-30
TACACS+ (Authentication, Authorization, or Accounting) Servers > New page 5-25
TACACS+ (Authentication, Authorization, or Accounting) Servers page 5-24
TACACS+ (Cisco) page (on CiscoSecure ACS) 5-22
TACACS+ Administration .csv page (on CiscoSecure ACS) 5-29, 5-30
TCP MSS
described 7-93
telemetry 4-96
Telnet
and OfficeExtend access points 7-50, 7-53
troubleshooting access points
Telnet parameter D-50
Telnet sessions
configuring
Telnet-SSH Configuration page 2-34
Tertiary Controller parameters 7-67
text2pcap sample output D-44
TFTP server guidelines 9-2
time, configuring
using the CLI 2-32
using the GUI 2-30
using the NTP server 2-30
time-length-values (TLVs), supported for CDP4-87to 4-88
timeout, configuring for disabled clients 6-15
Time Since Topology Changed parameter 3-30
timestamps, enabling or disabling in log and debug messages D-14
Time to Live for the PAC parameter 5-46, 13-21
time zone
configuring using the CLI 2-32
configuring using the GUI 2-31
TKIP
described 6-22
parameter 6-23
Topology Change Count parameter 3-30
traffic specifications (TSPEC) request
described 4-71
examples 4-71
traffic stream metrics (TSM)
configuring
using the CLI 4-81
using the GUI 4-74
described 4-72
viewing statistics
Transfer Mode parameter
downloading a CA certificate 9-23
downloading a configuration file 9-30
downloading a customized web authentication login page 10-21
downloading a device certificate 9-20
upgrading controller software 9-8
uploading a configuration file 9-28
uploading a PAC 9-25
uploading packet capture files D-23
Transition Time parameter 4-61
transmit power
statically assigning using the CLI 11-32
statically assigning using the GUI11-28to 11-32
transmit power levels 11-31
Transmit Power parameter 11-50
transmit power threshold, decreasing 11-21
trap logs
for OfficeExtend access points 7-48
troubleshooting
access point join process7-32to 7-39
tunnel attributes and identity networking5-80to 5-81
Tx Power Level Assignment parameter 11-35
Type parameter 6-5, 10-30, 13-7
U
U-APSD
described 4-72
viewing status
using the CLI 4-83
using the GUI 4-76
UDP, use in RADIUS 5-4
unicast mode 4-53
unique device identifier (UDI)
described 7-86
retrieving
using the CLI 7-87
Upload button 5-115, 7-41, 9-26, D-17, D-23
Upload CSV File parameter 13-20
Upload File from Controller page 7-40, 9-25, 9-27, D-17, D-23
URL parameter 10-20
URL to Send the Notifications parameter 4-26
USB console port, using on a 5500 series controller3-33to 3-34
Use AES Key Wrap parameter 5-7
User Access Mode parameter 10-3
user accounts, managing10-1to 10-23
User Attribute parameter 5-36
User Base DN parameter 5-36
User Credentials parameter 5-37
User Name parameter 5-33, 13-10
Username parameter 7-14, 7-18, 7-19
User Object Type parameter 5-36
User parameter 9-25
User Profile Name parameter 4-45
Using Our SSID parameter 5-88
V
Validate Rogue Clients Against AAA parameter 5-88
Valid Client on Rogue AP parameter 5-88
Validity parameter 9-25
VCCI warnings for controllers B-7
VCI strings 7-32
Verify Certificate CN Identity parameter 5-45
video information, viewing for mesh networks using the CLI8-40to 8-42
video settings
configuring
using the CLI 4-81
viewing
virtual interface
configuring
using the CLI 3-17
VLAN Identifier parameter
for AP-manager interface 3-14
for dynamic interface 3-19, 3-20
VLAN interface. See dynamic interface
VLAN Mappings
button 13-13
page 13-13
VLANs
described 3-9
guidelines 3-12
VLAN Support parameter 13-13
VLAN tag, and identity networking 5-79
Voice & Video Optimized parameter 4-85
voice information, viewing for mesh networks using the CLI8-40to 8-42
Voice Optimized parameter 4-85
voice-over-IP (VoIP) telephone roaming 4-59
Voice RSSI parameter 11-18
voice settings
configuring
viewing
VoIP calls, error codes6-40to 6-41
VoIP snooping
configuring
VoIP Snooping and Reporting parameter 6-37
VPN Gateway Address parameter 6-29
VPN passthrough
configuring using the CLI 6-29
configuring using the GUI 6-29
described 6-28
W
warnings
webauth.tar files 10-24
webauth bundle 10-20
web authentication
certificate
obtaining using the CLI10-9to 10-10
obtaining using the GUI10-7to 10-9
configuring a WLAN for
using the CLI 6-30
using the GUI 6-29
described 10-10
successful login page 10-12
Web Authentication Certificate page 10-8
web authentication login page
assigning per WLAN
using the CLI 10-25
using the GUI 10-24
choosing the default
customized example 10-23
customizing from an external web server
using the CLI 10-20
default 10-11
downloading a customized login page
guidelines 10-20
using the CLI 10-22
modified default example 10-16
verifying settings using the CLI 10-23
Web Authentication option 10-31
Web Authentication Type parameter 10-13, 10-20, 10-22
Web Auth Type parameter 10-24, 10-31
web-browser security alert 10-10
web mode
configuring
using the CLI 2-19
using the GUI 2-18
described 2-18
Web Passthrough option 10-31
Web Policy parameter 5-65, 6-30, 6-57
web redirect 6-54
Web Server IP Address parameter 10-20
Web Session Timeout parameter 2-18
WEP keys, configuring 6-20
WGB parameter 7-61
WGB Wired Clients page 7-61
wired guest access
configuration overview 10-28
configuring
guidelines 10-28
one-controller example 10-27
two-controller example 10-27
wireless intrusion prevention system (wIPS)
configuring on an access point5-123to 5-124
described 5-123
viewing information5-124to 5-125
wireless sniffing
configuring
using the CLI D-48
prerequisites D-46
supported software D-46
WLAN ID parameter 6-5
WLAN mobility security values 12-25
WLAN override 9-2
WLAN Profile parameter 5-34, 13-10
WLANs
assigning web login, login failure, and logout pages
using the CLI 10-25
using the GUI 10-24
checking security settings 6-21
configuring
conditional web redirect6-55to 6-58
static and dynamic WEP 6-21
connecting clients to 13-15
creating
using the CLI 6-6
deleting
using the CLI 6-7
using the GUI 6-4
described1-13, 3-10to 3-12, 6-3
enabling or disabling
using the CLI 6-6
using the GUI 6-5
searching 6-7
session timeout
configuring 6-27
described 6-27
splash page web redirect 6-55
wired security solution 1-5
WLANs > Edit (Advanced) page 6-37, 6-59
applying an ACL to a WLAN 5-64
configuring AAA override 5-83
configuring infrastructure MFP for a WLAN 5-71
configuring IPv6 bridging 6-44
configuring NAC out-of-band integration 6-64
configuring the diagnostic channel D-27
WLANs > Edit (QoS) page 6-35
WLANs > Edit (Security > AAA Servers) page
assigning LDAP servers to a WLAN 5-38
choosing RADIUS or LDAP servers for external authentication 10-24
disabling accounting servers on a WLAN 6-58
enabling local EAP on a WLAN 5-47
WLANs > Edit (Security > Layer 2) page 6-23, 6-26
WLANs > Edit (Security > Layer 3) page
applying a preauthentication ACL to a WLAN 5-64
configuring a WLAN for VPN Passthrough 6-29
configuring web redirect 6-57
configuring wired guest access 10-31
WLANs > Edit page 6-5, 10-30, 13-7
WLANs > New page 6-4, 8-31, 8-32, 8-51, 8-52, 10-29, 13-7
WLAN SSID parameter
configuring for guest user 10-5
creating a centrally switched WLAN 13-7
creating WLANs 6-5
identifying the guest LAN 10-30
mapping an access point group to a WLAN 6-51, 6-65
WMM
described 6-33
with CAC 4-70
WMM Policy parameter 6-35
workgroup bridges (WGBs)
debugging 7-63
described 7-57
guidelines 7-58
illustrated 7-47, 7-50, 7-54, 7-55, 7-57
sample configuration 7-60
viewing status
using the CLI 7-63
WPA1+WPA2
configuring
using the CLI 6-24
using the GUI 6-23
described 6-22
WPA2 Policy parameter 6-23
WPA Policy parameter 6-23
wplus license. See licenses
wplus software set, included features 4-2