Table Of Contents
Configuring Devices
Using the Templates
Template Choices
Naming the Template
Using Express Template
Setting Up Association
Configuring the Ethernet Port
Configuring the 11b Radio
Configuring the 11a Radio
Defining the Security Settings
Configuring Services
Configuring Events
Configuring Custom Values
Previewing the Template
Finishing the Template
Creating a Template
Copying a Template
Editing a Template
Deleting a Template
Importing a Template
Exporting a Template
Managing Configuration Jobs
Job Choices
Naming the Job
Selecting Devices
Selecting a Template
Scheduling a Job
Finishing the Job
Creating a Configuration Job
Viewing Configuration Job Status
Viewing the Job
Filtering a Job
Editing a Job
Deleting a Job
Copying a Job
Viewing Job Run Details
Automating Configurations
Assigning a Startup Configuration
Creating a Startup Configuration Template
Assigning an Auto-Managed Configuration
Assigning Auto-Managed Configurations
Using Auto-Managed Options
Configuring Devices
The Configure tab allows you to view, create, copy, edit, and delete configuration templates and apply them to large numbers of devices at a time.It also allows you to schedule a configuration job and to check on the job's status.
Following are the subtabs under Configure:
Note 
Some of the subtabs may not be visible to some users.
•Templates—See Using the Templates.
•Jobs—See Managing Configuration Jobs.
•Auto Update—See Automating Configurations.
Using the Templates
This is window allows you to create, modify, and delete configuration templates.
The topics covered in this section are:
•Creating a Template
•Copying a Template
•Editing a Template
•Deleting a Template
•Importing a Template
•Exporting a Template
Related Topic
Managing Configuration Jobs
Template Choices
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
When you create or edit a configuration template, the following choices appear in the left pane of the Templates window:
1. Template Name—See Naming the Template.
2. Template Categories
Note Any or all of the template categories can be completed in any order.
–Express Template—See Using Express Template.
–Association—See Setting Up Association.
–Ethernet—See Configuring the Ethernet Port.
–11b Radio—See Configuring the 11b Radio.
–11a Radio—See Configuring the 11a Radio.
–Security—See Defining the Security Settings.
–Services—See Configuring Services.
–Events—See Configuring Events.
–Custom Values—See Configuring Custom Values.
3. Preview—See Previewing the Template.
4. Finish—See Finishing the Template.
Naming the Template
This option enables to you to name the template.
Procedure
Note Clicking Clear removes all the entries you have made.
Step 1 Select Template Name. The Template Name dialog box appears:
Step 2 Select a template category. (For additional information, see Template Categories.)
Using Express Template
Use this option if you need to set up an access point quickly with a simple configuration. This will allow you to enter all the access point's essential settings for basic operation.
Procedure
Step 1 Select Express Template. The Express dialog box displays in the right pane:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-1 Express Template Settings
Field
|
Description
|
Reboot Device
|
From the list, select Yes if you want to allow device reboots.
|
SysName
|
Enter a system name.
The system name appears in the titles of the management system pages and in the access point's Association Table page.
This is not an essential setting, but it helps identify the access point on your network.
|
SysLocation
|
Enter the system's location.
This is not an essential setting, but it helps identify the access point on your network.
|
SysContact
|
Enter a contact name.
This is not an essential setting but it helps identify the person responsible for the access point on your network.
|
Configuration Server Protocol
|
Set this entry to match the network's method of IP address assignment.
From the list, select one of the following options:
•None-Static IP—Use this if your network does not have an automatic system for IP address assignment.
•BOOTP—Use this if your network uses Bootstrap Protocol, in which IP addresses are hard-coded based on MAC addresses.
•DHCP—Use this if your network uses Dynamic Host Configuration Protocol, in which IP addresses are "leased" for predetermined periods of time.
|
Default Subnet Mask
|
Enter an IP subnet mask to identify the subnetwork so the IP address can be recognized on the LAN.
If DHCP or BOOTP is not enabled, this field is the subnet mask.
If DHCP or BOOTP is enabled, this field provides the subnet mask only if no server responds to the access point's DHCP or BOOTP request.
|
Default Gateway
|
Enter the IP address of your default Internet gateway.
The entry 255.255.255.255 indicates no gateway.
|
Radio Service Set ID (SSID)
|
Enter any alphanumeric, case-sensitive string, from 2 to 32 characters long.
The SSID is a unique identifier that client devices use to associate with the access point. The SSID helps client devices distinguish between multiple wireless networks in the same vicinity and provides access to VLANs by wireless client devices.
Several access points on a network or subnetwork can share an SSID.
|
Role in Network
|
From the list, select one of the following:
•Access Point—Use this setting if the access point is connected to the wired LAN.
•Repeater—Use this setting for access points not connected to the wired LAN.
•Survey Client—Use this setting when performing a site survey for a repeater access point. When you select this setting, clients are not allowed to associate and the bridge's STP function is disabled.
•Root Bridge—Use this setting to set a bridge as the root bridge. (One bridge in each group of bridges must be set as the root bridge). The root bridge cannot associate with another root bridge.
•Non-Root Bridge w/ Client—Use this setting for non-root bridges that accept associations from client devices and for bridges acting as repeaters. A non-root bridge will only associate to another bridge (root or non-root).
•Non-Root Bridge w/o Client—Use this setting for non-root bridges that should not accept associations from client devices. A non-root bridge (without clients) can connect to a wired LAN and only associates to another bridge (root or non-root).
|
Ensure Compatibility with Cisco
|
From the list, select one of the following:
•Enable—Use this setting to automatically configure the device to be compatible with other Cisco devices on your wireless LAN.
•Disable—Use this setting to not automatically configure the device to be compatible with other Cisco devices on your wireless LAN.
|
Ensure Compatibility with 2MB/sec Clients
|
From the list, select one of the following:
•Enable— Use this setting to operate at a maximum speed of two megabits per second.
•Disable—Use this setting if you do not want devices to operate at a maximum speed of two megabits per second.
|
Step 2 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Up Association
Use this option to set up spanning tree protocol (STP) on bridges and to set up filtering to control the flow of data through the access point.
Procedure
Step 1 Select Association. The menu expands and the Association dialog box displays in the right pane.
Step 2 Select one of the following from the Association menu:
•Spanning Tree—See Defining Spanning Tree Protocol.
•Address Filters—See Defining Address Filters.
•Ethertype Filters—See Defining Ethertype Filters.
•IP Protocol Filters—See Defining IP Protocol Filters.
•IP Port Filters—See Defining IP Port Filters.
•Policy Groups—See Configuring Policy Groups.
•VLANs—See Configuring VLANs.
•Quality of Service—See Configuring Quality of Service.
•Service Sets—See Configuring Service Sets.
•Advanced—See Defining Advanced Associations.
•Port Assignments—See Configuring Port Assignments.
•DSCP to CoS—See Configuring DSCP to CoS.
Defining Spanning Tree Protocol
This option is used for only bridges.
Procedure
Step 1 Select Association > Spanning Tree. The Association: Spanning Tree Protocol dialog box appears.
Step 2 Click see details for information on which bridges this configuration is valid.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-2 Spanning Tree Protocol Settings
Field
|
Description
|
Spanning Tree Protocol (STP)
|
From the list, select one of the following:
•Enable—Use this setting to enable STP on the bridge.
•Disable—If you do not want STP enabled the bridge.
|
Always Unblock Ethernet when STP is disabled
|
From the list, select one of the following:
•Yes—Use this setting to maintain a bridge link when STP is disabled
•No—Use this setting to not maintain a bridge link when STP is disabled.
Click see details to see which versions this setting is valid for.
|
Root Configuration
|
Priority (0-65535)
|
Enter a number to influence which bridge is designated the root bridge in the spanning tree.
When bridges have the same priority setting, STP uses the MAC addresses as a tiebreaker.
The bridge with the lowest priority setting is likely to be designated the root bridge in the tree.
|
Max Age (6-40 Seconds)
|
Enter the number of seconds to define how long the bridge waits before deciding the network has changed and the spanning tree needs to be rebuilt.
For example, with Max Age set to 20, the bridge attempts to rebuild the spanning tree if it does not receive a hello BDPU from the root bridge in the spanning tree within 20 seconds.
|
Hello Time (1-10 Seconds)
|
Enter the number of seconds to define how often the root bridge in the spanning tree sends out a hello BPDU telling the other bridges that the network topology has not changed and that the spanning tree should remain the same.
|
Forward Delay (4-30 Seconds)
|
Enter the number of seconds to define how long the bridge's ports should stay in the listening and learning transition states if there is a change in the spanning tree.
|
Port Configuration
|
Path Cost (1-65535)
|
Enter a number to indicates the relative efficiency of a port's network link.
A port with a high path cost is less likely to become a bridge's root port.
|
Priority (0-255)
|
Enter a number to influence whether STP designates a port as a bridge's root port.
A port with a low priority setting is more likely to become a bridge's root port.
|
Enable
|
From the list, select one of the following for each port configured:
•Enable—Use this setting to indicate whether the port participates in STP. (This determines whether the port blocks or forwards traffic.)
•Disable—Use this setting to indicate that the port does not participate in STP.
|
Step 4 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining Address Filters
Using this option, you can:
•Create a MAC address filter
•Remove a MAC address filter
Procedure
Step 1 Select Association > Address Filters. The Association: Address Filters dialog box appears.
Step 2 To add a new MAC address filter complete the following fields:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Field
|
Description
|
Lookup MAC address on Authentication Server if not in an Existing Filter List?
|
Click one of the following:
•Yes—Use this setting to allow looking up a MAC address on the authentication server.
•No—Use this setting to disallow looking up a MAC address.
|
Is MAC Authentication alone sufficient for a client to be fully authenticated?
|
From the list, select one of the following:
•Yes—Use this setting to specify that client devices that associate to the access point using 802.11 open authentication, first attempt MAC authentication.
•No—Use this setting to specify that MAC authentication alone is not sufficient.
Click see details to see which versions this setting is valid for.
|
New Destination MAC Address
|
Enter a destination MAC address by entering the address in one of the following ways:
•With colons separating the character pairs (00:40:96:12:34:56, for example)
•Without any intervening characters (004096123456, for example)
|
Allowed
|
Click to pass traffic to the MAC address.
|
Disallowed
|
Click to discard traffic to the MAC address.
|
Step 3 Click Add to add the MAC address to the Current MAC Address Filters list.
Step 4 To remove a MAC Address, select it from the Current MAC Address Filters list, then click Remove.
Step 5 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining Ethertype Filters
Procedure
Step 1 Select Association > Ethertype Filters. The Association: Ethertype Filters dialog box appears.
Step 2 Using this option:
•Create new filters—See Creating New Ethertype Filters.
•Delete the Filters—See Deleting Ethertype Filters.
Using this option you can also:
•Create Special Cases—See Creating Special Cases.
•Delete Special Cases—See Deleting Special Cases.
Creating New Ethertype Filters
Procedure
Step 1 To create and enable protocol filters for the access point's Ethernet port, enter the following:
Note Refer to the following URL for a list of Ethertype protocols: /en/US/docs/wireless/access_point/350/configuration/guide/ap350axb.html#85314
Table 3-3 Creating New Ethertype Filters Settings
Field
|
Description
|
Add New Ethertype Filter
|
Set ID
|
Enter an identification number for the filter set.
|
Set Name
|
Enter a descriptive filter set name.
See Naming Guidelines.
|
Default Disposition
|
From the list, select one of the following:
•Forward—Use this setting to forward protocol traffic.
•Block—Use this setting to block protocol traffic.
|
Default Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the access point's buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the access point's buffer before they are discarded.
|
Step 2 Click Add. The new name is added to the Ethertype Filters list.
Step 3 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Ethertype Filters
Procedure
Step 1 To delete protocol filters for the access point's Ethernet port, select the set name from the Current Ethertype Filters list, then click Delete.
Step 2 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-4 Ethertype Filter Special Cases Settings
Field
|
Description
|
Special Cases
|
Ethertype
|
Enter the Ethertype filter name.
|
Disposition
|
From the list, select one of the following:
•Default—Use the disposition you set for the Ethertype filter.
•Forward—Use this setting to forward protocol traffic.
•Block—Use this setting to block protocol traffic.
|
Priority
|
From the list, select one of the following:
•Default—This setting is the same as best effort, which applies to normal LAN traffic.
•Background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications.
•Excellent Effort—Use this setting for a network's most important users.
•Controlled Load—Use this setting for important business applications that are subject to some form of admission control.
•Interactive Video—Use this setting for traffic with less than 100 ms delay.
•Interactive Voice—Use this setting for traffic with less than 10 ms delay.
•Network Control—Use this setting for traffic that must get through to maintain and support the network infrastructure.
|
Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the access point's buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the access point's buffer before they are discarded.
|
Alert
|
From the list, select one of the following:
•yes—Use this setting to send an alert to the event log when a user transmits or receives the protocol through the access point.
•no—Use this setting to not send an alert to the event log.
|
Step 3 Click Add. The new name is added to the list box.
Step 4 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Special Cases
Procedure
Step 1 To delete special cases for the access point's Ethernet port, select the Ethertype name from the list box, then click Delete.
Step 2 Select one of the following:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining IP Protocol Filters
Procedure
Step 1 Select Association > IP Protocol Filters. The Association: IP Protocol Filters dialog box appears.
Step 2 With this option you can:
•Create new filters—See Creating New IP Protocol Filters.
•Delete the filters—See Deleting IP Protocol Filters.
Using this option you can also:
•Create Special Cases —See Creating Special Cases.
•Delete Special Cases—See Deleting Special Cases.
Creating New IP Protocol Filters
Procedure
Step 1 To create and enable IP protocol filters, enter the following:
Note Refer to the following URL for a list of IP protocols: /en/US/docs/wireless/access_point/350/configuration/guide/ap350axb.html#85314
Field
|
Description
|
Add New Protocol Filter
|
Set ID
|
Enter an identification number for the filter set.
|
Set Name
|
Enter a descriptive filter set name.
See Naming Guidelines.
|
Default Disposition
|
From the list, select one of the following:
•Forward—Use this setting to forward protocol traffic.
•Block—Use this setting to block protocol traffic.
|
Default Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the access point's buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the access point's buffer before they are discarded.
|
Step 2 Click Add. The new name is added to the Current Protocol Filters list.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting IP Protocol Filters
Procedure
Step 1 To delete an IP protocol filter, select the name from the Current Protocol Filters list, then click Delete.
Step 2 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-5 IP Protocol Filters Special Cases Settings
Field
|
Description
|
Special Cases
|
Protocol
|
Enter the IP protocol name.
|
Disposition
|
From the list, select one of the following:
•Default—Use the disposition you set for the protocol filter.
•Forward—Use this setting to forward traffic.
•Block—Use this setting to block traffic.
|
Priority
|
From the list, select one of the following:
•Default—This setting is the same as best effort, which applies to normal LAN traffic.
•Background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications.
•Excellent Effort—Use this setting for a network's most important users.
•Controlled Load—Use this setting for important business applications that are subject to some form of admission control.
•Interactive Video—Use this setting for traffic with less than 100 ms delay.
•Interactive Voice—Use this setting for traffic with less than 10 ms delay.
•Network Control—Use this setting for traffic that must get through to maintain and support the network infrastructure.
|
Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the access point's buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the access point's buffer before they are discarded.
|
Alert
|
From the list, select one of the following:
•yes—Use this setting to send an alert to the event log when a user transmits or receives the protocol through the access point.
•no—Use this setting to not send an alert to the event log.
|
Step 3 Click Add. The new name is added to the list box.
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Special Cases
Procedure
Step 1 To delete special cases, select the protocol name from the list box, then click Delete.
Step 2 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining IP Port Filters
Procedure
Step 1 Select Association > IP Port Filters. The Association: IP Port Filters dialog box appears.
Step 2 With this option you can:
•Create new filters—See Creating New Port Filters.
•Delete the filters—See Deleting Port Filters.
Using this option you can also:
•Create Special Cases —See Creating Special Cases.
•Delete Special Cases—See Deleting Special Cases.
Creating New Port Filters
Procedure
Step 1 To create and enable port filters, enter the following:
Note Refer to the following URL for a list of IP port protocols: /en/US/docs/wireless/access_point/350/configuration/guide/ap350axb.html#85314
Field
|
Description
|
Add New Protocol Filter
|
Set ID
|
Enter an identification number for the filter set.
|
Set Name
|
Enter a descriptive filter set name.
See Naming Guidelines.
|
Default Disposition
|
From the list, select one of the following:
•Forward—Use this setting to forward traffic.
•Block—Use this setting to block traffic.
|
Default Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the access point's buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the access point's buffer before they are discarded.
|
Step 2 Click Add. The new name is added to the Current Port Filters list.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Port Filters
Procedure
Step 1 To delete a protocol filter, select the name from the Current Port Filters list, then click Delete.
Step 2 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Creating Special Cases
Procedure
Step 1 Select the default filter for which you want to define a special case.
Step 2 Enter the following:
Table 3-6 IP Port Filters Special Cases Settings
Field
|
Description
|
Special Cases
|
Port
|
Enter the IP Port filter name.
|
Disposition
|
From the list, select one of the following:
•Default—Use the disposition you set for the port filter.
•Forward—Use this setting to forward protocol traffic.
•Block—Use this setting to block protocol traffic.
|
Priority
|
From the list, select one of the following:
•Default—This setting is the same as best effort, which applies to normal LAN traffic.
•Background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications.
•Excellent Effort—Use this setting for a network's most important users.
•Controlled Load—Use this setting for important business applications that are subject to some form of admission control.
•Interactive Video—Use this setting for traffic with less than 100 ms delay.
•Interactive Voice—Use this setting for traffic with less than 10 ms delay.
•Network Control—Use this setting for traffic that must get through to maintain and support the network infrastructure.
|
Time to Live (msec)
|
unicast
|
Enter the number of milliseconds unicast packets should stay in the buffer before they are discarded.
|
multicast
|
Enter the number of milliseconds multicast packets should stay in the buffer before they are discarded.
|
Alert
|
From the list, select one of the following:
•yes—Use this setting to send an alert to the event log when a user transmits or receives the protocol through the access point.
•no—Use this setting to not send an alert to the event log.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Special Cases
Procedure
Step 1 To delete special cases, select the port name from the list box, then click Delete.
Step 2 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Policy Groups
Policy groups are used to configure access parameters to a logical group of stations in a consistent manner from a single place. For example, protocol filters can be applied to frames for a selected group of stations.
Procedure
Step 1 Select Association > Policy Group. The Association: Policy Group dialog box appears.
Step 2 Click see details to see which versions this option is valid for.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 3 Using this option you can:
•Add and delete a policy group—See Adding or Deleting a New Policy Group.
•Delete an exiting Policy Group From a Device—See Deleting an Existing Policy Group from a Device.
Adding or Deleting a New Policy Group
Step 1 To add a new policy group, enter the following:
Field
|
Description
|
GroupID
|
Enter an identification number for the policy group.
|
Group Name
|
Enter a name for the policy group.
|
Ethertype
|
Receive
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
Transmit
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
IP Protocol
|
Receive
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
Transmit
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
IP Port
|
Receive
|
Enter the ID of a defined IP port filter, or select one of the filters you created using Association > IP Port Filters.
|
Transmit
|
Enter the ID of a defined IP port filter, or select one of the filters you created using Association > IP Port Filters.
|
Step 2 Click Add to add the group to the Policy Groups to Add list.
Step 3 To delete a group from the Policy Groups to Add list, select the group name, then click Delete.
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting an Existing Policy Group from a Device
Step 1 Enter the group identification number in the Group ID text box, then click Add to add it to the Policy Groups to Delete list.
Step 2 To delete an identification number from the Policy Groups to Delete list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring VLANs
Access points and bridges in a VLAN network, which are running specific software versions, can provide a wireless VLAN trunk link between two wired segments of the network.
Using this option, you can configure VLANs on the access point.
Procedure
Step 1 Select Association > VLANs. The Association: VLAN dialog box appears.
Step 2 Click see details to see which versions this option is valid for.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 3 Enter the following information:
Field
|
Description
|
VLAN (802.1Q) Tagging
|
From the list, select one of the following:
•Enabled—Use this setting to allow IEEE 802.1Q protocol tagging on VLAN packets.
The IEEE 802.1Q protocol is used to interconnect multiple switches and routers, and for defining VLAN topologies.
•Disabled—Use this setting to not allow tagging.
|
Native VLAN ID
|
Enter identification number of the access point's native VLAN.
Note This setting must agree with the native VLAN ID setting on the switch.
|
Single VLAN ID which allows unencrypted packets
|
Enter an identification number to allow unencrypted packets. An entry with a value of 0 (zero) requires the use of encryption.
|
Optionally allow Point-to-point Packet Encryption
|
From the list, select one of the following:
•Yes—Use this setting to allow point-to-point encryption.
•No—Use this setting to not allow point-to-point encryption.
|
Step 4 Using this option you can:
•Add a new VLAN—See Adding a New VLAN.
•Delete an exiting VLAN from a Device—See Deleting an Existing VLAN.
Adding a New VLAN
Step 1 To add a new VLAN, enter the following:
Table 3-7 Adding a New VLAN Settings
Field
|
Description
|
VLAN ID
|
Enter the identification number of the VLAN.
Note This setting must match the setting on the switch.
|
VLAN Name
|
Enter the a unique name for the VLAN configured on the access point.
|
VLAN Enable
|
From the list, select one of the following:
•Enabled—Use this setting to enable the VLAN.
•Disabled—Use this setting to disable the VLAN.
|
Default Priority
|
From the list, select one of the following:
•Background—Use this setting for bulk transfers and other activities that are allowed on the network but should not impact network use by other users and applications.
•Default—Use this setting for normal LAN traffic.
•Excellent Effort—Use this setting for the network's most important users.
•Controlled Load—Use this setting for important business applications that are subject to some form of admission control.
•Interactive Video—Use this setting for traffic with less than 100 ms delay.
•Interactive Voice—Use this setting for traffic with less than 10ms delay.
•Network Control—Use this setting for traffic that must get through to maintain and support the network infrastructure.
|
Default Policy Group
|
Enter the default policy group number, or select one you created using Association > Policy Groups.
|
Enhanced MIC verify WEP
|
From the list, select one of the following:
•None—Use this setting if you do not want Message Integrity Check (MIC) enabled.
•MMH—Use this setting if you want MIC enabled to protect WEP keys.
Note When you enable MIC, only MIC-capable client devices can communicate with the access point.
|
Temp Key Integrity Protocol
|
From the list, select one of the following:
•None—Use this setting if you do not want to enable the temporal key integrity protocol (TKIP, or WEP key hashing.)
•Cisco—Use this setting to enable TKIP.
Note When TKIP is enabled, all WEP-enabled client devices associated to the access point must support WEP key hashing, or they will not be able to communicate with the access point.
|
WEP Key Rotation Interval
|
Use this setting to enable or disable broadcast key rotation.
•To enable it, enter the rotation interval in seconds.
If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes.
Note When you enable broadcast key rotation, only wireless client devices using LEAP or EAP-TLS authentication can use the access point. Client devices using static WEP (with open, shared key, or EAP-MD5) cannot use the access point when you enable broadcast key rotation.
•To disable it, enter 0 (zero).
|
Alert
|
From the list, select one of the following:
•Yes—Use this setting if you are not adding an encrypted VLAN.
•No—Use this setting if you are adding an encrypted VLAN.
|
WEP Keys 1 through 4
|
Enter the encryption keys used: 40 bit or 128 bit hexadecimal digits.
|
Size
|
For each WEP key, select one of the following: Not set, 40 bit, or 128 bit.
|
Step 2 Click Add to add the VLAN to the VLANs to Add list.
Step 3 To delete a group from the VLANs to Add list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting an Existing VLAN
Procedure
Step 1 Enter the VLAN identification number in the VLAN ID text box, then click Add to add it to the VLANs to Delete list.
Step 2 To delete an identification number from the VLANs to Delete list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Quality of Service
This option is used to configure the access point's Quality of Service feature.
Procedure
Step 1 Select Association > Quality of Service. The Association: Quality of Service dialog box appears.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Enter the following information:
Table 3-8 Quality of Service Settings
Field
|
Description
|
Generate QBBS Element
|
From the list, select one of the following:
•Yes—Use this setting to enable support for basic 802.11 Quality of Service.
•No—Use this setting to disable support for basic 802.11 Quality of Service.
|
User Symbol Extensions
|
From the list, select one of the following:
•Yes—Use this setting enables support for Symbol Voice over IP (VoIP) phones.
•No—Use this setting to disable support for Symbol VoIP phones.
|
Send IGMP General Query
|
From the list, select one of the following:
•Yes—Use this setting to allow the access point to send an IGMP General Query to all associated stations when they complete all required high-level authentication.
•No—Use this setting to not allow the access point to send an IGMP General Query.
|
Background
|
From the CWmin and CWmax lists, select the minimum and maximum contention window values for each traffic category.
|
|
(spare)
|
Best Effort (default)
|
Excellent Effort
|
Controlled Load
|
Interactive Video
|
Interactive Voice
|
Network Control
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Service Sets
This option allows you to define service sets.
Procedure
Step 1 Select Association > Service Sets. The Association: Service Sets dialog box appears.
Step 2 Click see details to see which versions this option is valid for.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 3 Using this option you can:
•Add a new Service Set—See Adding a New Service Set.
•Delete an exiting Service Set from a device—See Deleting an Existing Service Set.
Adding a New Service Set
Procedure
Step 1 To add a new Service set, enter the following:
Table 3-9 New Service Set Settings
Field
|
Description
|
Service Set ID (1-24)
|
Enter an identification number for the SSID.
|
Service Set Name
|
Enter the SSID.
|
Maximum Number of Associations
|
Enter a number to limit the maximum number of wireless clients per SSID.
|
Proxy Mobile IP Enabled
|
From the list, select one of the following:
•Yes—This setting allows proxy mobile IP use by all stations associated to this access point.
•No—This setting does not allow proxy mobile IP use.
|
Default VLAN ID
|
Enter the identification number for a defined VLAN, or select one of the VLAN IDs you created using Association >VLANs.
|
Default Policy Group
|
Enter the identification number of a defined policy group, or select one of the policy groups you created using Association > Policy Groups.
|
Accept Authentication Type
|
Open
|
From the list, select one of the following:
•Yes—Allows any device, regardless of its WEP keys, to authenticate and attempt to associate. This is the recommended setting.
•No—Does not allow any device, regardless of its WEP keys, to authenticate and attempt to associate.
|
Shared
|
From the list, select one of the following:
•Yes—Tells the access point to send a plain-text, shared key query to any device attempting to associate with the access point. This query can leave the access point open to a known-text attack from intruders. This is not as secure as the Open setting.
•No—Does not allow the access point to send a plain-text, shared key query to any device attempting to associate with the access point.
|
Network-EAP
|
From the list, select one of the following:
•Yes—Allows EAP-enabled client devices to authenticate through the access point.
•No—Does not allow EAP-enabled client devices to authenticate through the access point.
|
Require EAP
|
Open
|
From the list, select one of the following:
•Yes—Use this option if you use open and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use open and EAP authentication.
|
Shared
|
From the list, select one of the following:
•Yes—Use this option if you use shared and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use shared and EAP authentication.
|
Default Unicast Address Filter
|
Open
|
From the list, select one of the following:
•Allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed with the Address Filters.
•Disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed with the Address Filters or on your authentication server.
Select Disallowed for each authentication type that also uses MAC-based authentication.
|
Shared
|
Network-EAP
|
Step 2 Click Add to add the Service Set to the Service Sets to Add list.
Step 3 To delete a group from the list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting an Existing Service Set
Procedure
Step 1 Enter the Service Set number in the Service Set ID text box, then click Add to add it to the Service Sets to Delete list.
Step 2 To delete an identification number from the list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining Advanced Associations
Use this option to control the total number of devices an access point can list in the Association Table and the amount of time the access point continues to track each device class when a device is inactive.
Procedure
Step 1 Select Association > Advanced. The Association: Advanced dialog box appears.
Step 2 To define advanced associations, enter the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-10 Advanced Association Settings
Field
|
Description
|
Alert Severity Level
|
From the list select one of the following:
•systemFatal—Indicates an event that prevents operation of the port or device.
•protocolFatal—Indicates an event that prevents operation of the port or device
•portFatal—Indicates an event that prevents operation of the port or device
•systemAlert—Indicates that you need to take action to correct the condition.
•protocolAlert—Indicates that you need to take action to correct the condition.
•portAlert—Indicates that you need to take action to correct the condition.
•externalAlert—Indicates that you need to take action to correct the condition.
|
|
| |
•systemWarning—Indicates that an error or failure may have occurred.
•protocolWarning—Indicates that an error or failure may have occurred.
•portWarning—Indicates that an error or failure may have occurred.
•externalWarning—Indicates that an error or failure may have occurred.
•systemInfo—Notification that some sort of event has occurred.
•protocolInfo—Notification that some sort of event has ocurred.
•portInfo—Notification that some sort of event has ocurred.
•externalInfo—Notification that some sort of event has ocurred.
|
|
Max Bytes Stored Per Alert Packet
|
Enter the maximum number of bytes the access point stores for each Station Alert packet when packet tracing is enabled.
If you use 0, the access point does not store bytes for Station Alert packets; it only logs the event.
|
Max Fwd Table Entries
|
From the list, select one of the following to designate the maximum number of devices that can appear in the Association Table:
1024, 2048, 4096, 8192, 16384, 32768, 65536.
|
Enable Extended Stats in MIB
|
From the list, select one of the following:
•Enable—Use this setting to enable the storage of detailed statistics in the device's memory.
•Disable—Use this setting to disable the storage of detailed statistics in the device's memory.
When you disable extended statistics you conserve memory, and the device can include more devices in the Association Table.
|
Enable PSPF
|
From the list, select one of the following:
•Enable—Use this setting to enable Publicly Secure Packet Forwarding, which ensures that client devices cannot communicate with other client devices on the wireless network. This feature is useful for public wireless networks like those installed in airports or on college campuses.
•Disable—Use this setting to disable Publicly Secure Packet Forwarding.
Click see details to see which versions this setting is valid for.
|
Unknown Class Timeout
|
Enter the number of seconds the access point continues to track an inactive device depending on its class.
A setting of zero tells the access point to track a device indefinitely no matter how long it is inactive.
A setting of 300 equals 5 minutes; 1800 equals 30 minutes; 28800 equals 8 hours.
|
Multicast Addresses Timeout
|
Infrastructure Hosts Timeout
|
Client Stations Timeout
|
Repeaters Timeout
|
Access Points Timeout
|
Across Bridge Hosts Timeout
|
Non-Root Bridges Timeout
|
Root Bridges Timeout
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Port Assignments
When you assign specific ports, your network topology remains constant even when devices reboot.
Procedure
Step 1 Select Association > Port Assignments. The Association: Port Assignments dialog box appears.
Step 2 To define port assignments, enter the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-11 Port Assignments Settings
Field
|
Description
|
ifIndex
|
Lists the port's designator in the Standard MIB-II (RFC1213-MIB.my) interface index.
|
dot1dBasePort
|
Lists the port's designator in the Bridge MIB (RFC1493; BRIDGE-MIB.my) interface index.
|
AID
|
Lists the port's 802.11 radio drivers association identifier.
|
Station
|
Enter the MAC address of the device to which you want to assign the port.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring DSCP to CoS
This option is use to statically map Differentiated Services Code-Point (DSCP) values to corresponding Class of Service (CoS) values.
Procedure
Step 1 Select Association > DSCP to CoS. The Association: DSCP to CoS Conversion dialog box appears.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 2 Click see details to see which versions this option is valid for.
Step 3 For each DSCP, enter the CoS conversion. Select one of the following:
•No Change
•Background
•Spare
•Best Effort
•Excellent Effort
•Controlled Load
•Interactive Video
•Interactive Voice
•Network Control
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring the Ethernet Port
Use this option to configure the device's Ethernet port.
Procedure
Step 1 Select Ethernet. The menu expands and the Ethernet dialog box displays in the right pane.
Step 2 Select one of the following from the Ethernet menu:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
•Identification—See Identifying the Ethernet Port.
•Filters—See Setting Up Ethernet Filters.
•Hardware—See Setting Up Hardware.
•Advanced—See Defining the Ethernet Advanced Settings.
Identifying the Ethernet Port
Use this option to define basic identity information for the Ethernet port.
Procedure
Step 1 Select Ethernet > Identification. The Ethernet: Identification dialog box displays in the right pane.
Step 2 Enter the following information to identify the port:
Table 3-12 Ethernet Port Settings
Field
|
Description
|
Primary Port?
|
From the list, select one of the following:
•Ethernet—Sets the Ethernet port for all access points other than AP1200's as the primary port.
•Ethernet AP 1200—Sets the Ethernet port for AP1200 access points as the primary port.
•Radio 11b—Sets the 11b radio port as the primary port.
•Radio 11a—Sets the 11a radio port as the primary port.
|
Adopt Primary Port Identity?
|
From the list, select one of the following:
•yes—This adopts the primary port settings (MAC and IP addresses) for the Ethernet port.
•no—This uses different MAC and IP addresses for the Ethernet port.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Up Ethernet Filters
Use this option to define filters for the Ethernet port, the IP Protocol, and the IP Port.
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select Ethernet > Filters. The Ethernet: Filters dialog box displays in the right pane.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-13 Ethernet Filters Settings
Field
|
Description
|
Ethertype
|
Receive
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
Transmit
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
IP Protocol
|
Receive
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
Transmit
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
IP Port
|
Receive
|
Enter the ID of a defined IP port filter, or select one of the filters you created using Association > IP Port Filters.
|
Transmit
|
Enter the ID of a defined IP port filter, or select one of the filters you created using Association > IP Port Filters.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Up Hardware
This option allows you to select the hardware settings used by the access point's Ethernet port.
Procedure
Step 1 Select Ethernet > Hardware. The Ethernet: Hardware dialog box displays in the right pane.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Table 3-14 Ethernet Hardware Settings
Field
|
Description
|
Loss of Backbone Connectivity # of Secs (1-1000)
|
Enter the number of seconds the system must detect loss of backbone connectivity (i.e. loss of Ethernet link and no active trunk available on any of the radios) before taking the specified by Loss of Backbone Connectivity Action.
|
Loss of Backbone Connectivity Action
|
From the list, select one of the following:
•No action
•Switch to repeater mode
•Shut the radio off
•Restrict to SSID
|
Loss of Backbone Connectivity SSID
|
Enter an SSID index required if the Loss of Backbone Connectivity Action is set to Restrict to SSID, or select the SSID from the list.
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the Ethernet Advanced Settings
Use this option to define the settings and operational status of the Ethernet port.
Procedure
Step 1 Select Ethernet > Advanced. The Ethernet: Advanced dialog box displays in the right pane.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-15 Ethernet Advanced Settings
Field
|
Description
|
Status
|
From the list, select one of the following:
•up— Enables the Ethernet port for normal operation.
•down—Disables the device's Ethernet port.
|
Packet Forwarding
|
From the list, select one of the following:
•enabled—Allows normal operation.
•disabled—Prevents data from moving between the Ethernet and the radio, which is useful in troubleshooting.
|
Default Multicast Address Filter
|
From the list, select one of the following:
•allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed under Association > Address Filters.
•disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed under Association > Address Filters.
|
Maximum Multicast Packets/Second
|
Use this setting to control the number of multicast packets that can pass through the Ethernet port each second.
If you enter 0, the access point passes an unlimited number of multicast packets.
If you enter a number other than 0, the device passes only that number of multicast packets per second.
|
Default Unicast Address Filter
|
From the list, select one of the following:
•allowed—The access point forwards all traffic except packets sent to MAC addresses that have been set as disallowed under Association > Address Filters.
•disallowed—The access point discards all traffic except packets sent to the MAC addresses that have been set as allowed under Association > Address Filters.
|
Always Unblock Ethernet when STP is disabled
|
From the list, select one of the following:
From the list, select one of the following:
•Yes—Use this setting to maintain a bridge link when STP is disabled
•No—Use this setting to not maintain a bridge link when STP is disabled.
Click see details to see which versions this setting is valid for.
|
Optimize Ethernet for
|
From the list, select one of the following:
•Performance—Allows faster packet forwarding.
•Statistics Collection—Allows better statistics collection.
Click see details to see which versions this setting is valid for.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring the 11b Radio
Use this option to configure the device's 11b radio.
Procedure
Step 1 Select 11b Radio. The menu expands and the Radio dialog box displays in the right pane.
Step 2 Select one of the following from the Radio menu:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
•Identification—See Identifying the 11b Radio Port.
•Filters—See Setting Up 11b Radio Filters.
•Hardware—See Defining the 11b Radio Hardware Settings.
•Advanced—See Defining the 11b Radio Advanced Settings.
•Searched Channels—See Defining the 11b Radio Searched Channels Settings.
Identifying the 11b Radio Port
Use this option to define basic identity information for the port.
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select 11b Radio > Identification. The 11b Radio: Identification dialog box displays in the right pane.
Step 2 Enter the following information to identify the port:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-16 11b Radio Identification Settings
Field
|
Description
|
Primary Port?
|
From the list, select one of the following:
Note If the primary port was set using Ethernet > Identification, the selected value is displayed.
•Ethernet—Sets the Ethernet port for all access points other than AP1200's as the primary port.
•Ethernet AP 1200—Sets the Ethernet port for AP1200 access points as the primary port.
•Radio 11b—Sets the 11b radio port as the primary port.
•Radio 11a—Sets the 11a radio port as the primary port.
|
Adopt Primary Port Identity?
|
From the list, select one of the following:
•yes—This adopts the primary port settings (MAC and IP addresses) for the Ethernet port.
•no—This uses different MAC and IP addresses for the Ethernet port.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Up 11b Radio Filters
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select 11b Radio > Filters. The 11b Radio Filters dialog box displays in the right pane.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-17 11b Radio Filters Settings
Field
|
Description
|
Ethertype
|
Receive
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
Transmit
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
IP Protocol
|
Receive
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
Transmit
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
IP Port
|
Receive
|
Enter the ID of a defined IP port protocol filter, or select one of the filters you created using Association > IP Port Filters.
|
Transmit
|
Enter the ID of a defined IP port protocol filter, or select one of the filters you created using Association > IP Port Filters.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11b Radio Hardware Settings
Procedure
Step 1 Select 11b Radio > Hardware. The 11b Radio: Hardware dialog box displays in the right pane.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-18 11b Radio Hardware Settings
Field
|
Description
|
Service SetID (SSID)
|
Enter a unique identifier client devices use to associate with the access point. It can be any alphanumeric, case-sensitive string, from 2 to 32 characters long.
Several access points on a network or sub-network can share an SSID.
|
Allow "Broadcast" SSID to Associate
|
From the list, select one of the following:
•yes—Allows devices that do not specify an SSID (devices that are "broadcasting" in search of an access point to associate with) to associate with the access point.
•no—Does not allow devices that do not specify an SSID (devices that are "broadcasting" in search of an access point to associate with) to associate with the access point.
With no selected, the SSID used by the client device must match exactly the access point's SSID.
|
Enable "World Mode" multi-domain operation?
|
From the list, select one of the following:
•yes—Allows the access point to add channel carrier set information to its beacon.
Client devices with world-mode enabled receive the carrier set information and adjust their settings automatically.
•no—Does not allow the access point to add channel carrier set information to its beacon.
|
Data Rates (Mb/sec)
|
1.0
|
From the list, select one of the following for each of the four rates in megabits per second:
•basic—Allows transmission at this rate for all packets, both unicast and multicast. At least one data rate must be set to basic.
•yes—Allows transmission at this rate for unicast packets only.
•no—Does not allow transmission at this rate.
|
2.0
|
5.5
|
11.0
|
Transmit Power
|
From the list, select one of the following milliwatt settings: 1, 5, 20, 30, 50, 100.
To reduce interference or to conserve power, select a lower power setting.
Click see details to see which versions this setting is valid for.
|
Fragmentation Threshold (256-2338)
|
Enter a setting to determine the size at which packets are fragmented (sent as several pieces instead of as one block).
Use a low setting in areas where communication is poor or where there is a great deal of radio interference.
|
RTS Threshold (0-2339)
|
Enter a setting to determine the packet size at which the access point issues a request to send (RTS) before sending the packet.
A low RTS Threshold setting can be useful in areas where many client devices are associating with the access point, or in areas where the clients are far apart and can detect only the access point and not each other.
|
Maximum RTS Retries (1-128)
|
Enter the maximum number of times the access point issues an RTS before stopping the attempt to send the packet through the radio.
|
Max. Data Retires (1-128)
|
Enter the maximum number of attempts the access point makes to send a packet before giving up and dropping the packet.
|
Beacon Period (Kusec)
|
Enter the amount of time between beacons in kilomicroseconds. (One kilomicrosecond equals 1,024 microseconds.)
|
Data Beacon Rate (DTIM)
|
Enter the amount of time, always a multiple of the beacon period, to determine how often the beacon contains a delivery traffic indication message (DTIM).
The DTIM tells power-save client devices that a packet is waiting for them.
If the beacon period is set at 100, its default setting, and the data beacon rate is set at 2, its default setting, then the access point sends a beacon containing a DTIM every 200 kilomicrosecond.
|
Default Radio Channel
|
From the list, select the radio channel you want for a default. Each channel covers 22 MHz.
The factory setting for Cisco wireless LAN systems is Radio Channel 6 transmitting at 2437 MHz.
|
Search for less-congested Radio Channel?
|
From the list, select one of the following:
•yes—Allows the access point to scan for the radio channel that is least busy and selects that channel for use.
•no—Will not allow the access point to scan for a radio channel that is least busy.
|
Receive Antenna
|
From the list, select one of the following:
•Right—Use this setting if your access point has removable antennas and you install a high-gain antenna on the access point's right connector. (When you look at the access point's back panel, the right antenna is on the right.)
Use this setting for both receive and transmit.
•Left—Use this setting if your access point has removable antennas and you install a high-gain antenna on the access point's left connector. (When you look at the access point's back panel, the left antenna is on the left.)
Use this setting for both receive and transmit.
•Diversity—Use this setting if your access point has two fixed (non-removable) antennas; it tells the access point to use the antenna that receives the best signal.
Use this setting for both receive and transmit.
|
Transmit Antenna
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11b Radio Advanced Settings
Use this option to define the settings and operational status of the Ethernet port.
Procedure
Step 1 Select 11b Radio > Advanced. The 11b Radio: Advanced dialog box displays in the right pane.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-19 11b Radio Advance Settings
Field
|
Description
|
Status
|
From the list, select one of the following:
•up— Enables the Radio port for normal operation.
•down—Disables the device's Radio port.
|
Packet Forwarding
|
From the list, select one of the following:
•enabled—Allows normal operation.
•disabled—Prevents data from moving between the Ethernet and the radio, which is useful in troubleshooting.
|
Default Multicast Address Filter
|
From the list, select one of the following:
•Allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed under Association > Address Filters.
•Disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed under Association > Address Filters.
|
Maximum Multicast Packets/Second
|
Use this setting to control the number of multicast packets that can pass through the Ethernet port each second.
If you enter 0, the access point passes an unlimited number of multicast packets.
If you enter a number other than 0, the device passes only that number of multicast packets per second.
|
Maximum Number of Associations
|
Enter the maximum number of wireless networking devices that are allowed to associate to the access point.
If you enter 0 it means that the maximum possible number of associations is allowed.
Click see details to see which versions this setting is valid for.
|
Use Aironet Extensions
|
From the list, select one of the following:
•yes—Enable load balancing, Message Integrity Check (MIC), and WEP key hashing.
•no—Does no enable the features listed above.
|
Classify Workgroup Bridges as network infrastructure
|
From the list, select one of the following:
•yes—Use this setting to limit the number of workgroup bridges that can associate to the access point to 20 or less.
•no—Use this setting to allow more than 20 workgroup bridges to associate to the access point.
Click see details to see which versions this setting is valid for.
|
User Symbol Extensions
|
From the list, select one of the following:
•yes—Use this setting to enable the following features: load balancing, message integrity check (MIC), temporal key integrity protocol (TKIP).
•no—Use this setting to disable use of Cisco Aironet 802.11 extensions.
Click see details to see which versions this setting is valid for.
|
Ethernet encapsulation transform
|
From the list, select one of the following:
•802.1H—Provides optimum performance for Cisco Aironet wireless products.
•RFC1042—Ensures interoperability with non-Cisco Aironet wireless equipment.
|
Enhanced MIC verification for WEP
|
From the list, select one of the following:
•None—Does not enable MIC.
•NMH—Enables MIC (Message Integrity Check), a security feature that protects your WEP keys by preventing attacks on encrypted packets called bit-flip attacks.
Click see details to see for which versions this setting is valid.
|
Temporal Key Integrity Protocol
|
From the list, select the following:
•None—Does not enable WEP key hashing.
•Cisco—Enables WEP key hashing that defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key.
Click see details to see which versions this setting is valid for.
|
Broadcast WEP Key rotation interval (sec)
|
Enter a rotation interval in seconds.
•If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes.
•If you enter 0, you disable broadcast WEP key rotation.
Click see details to see which versions this setting is valid for.
|
Default Unicast Address Filter
|
Open
|
From the list, select one of the following:
•Allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed with the Address Filters.
•Disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed with the Address Filters or on your authentication server.
Select Disallowed for each authentication type that also uses MAC-based authentication.
|
Shared
|
Network-EAP
|
Specified Access Point 1
|
If this access point is a repeater, enter the MAC address of one or more root-unit access points with which you want this access point to associate.
With MAC addresses in these fields, the repeater access point always tries to associate with the specified access points instead of with other less-efficient access points.
|
Specified Access Point 2
|
Specified Access Point 3
|
Specified Access Point 4
|
Radio Modulation
|
From the list, select one of the following:
•Standard—This setting is the modulation type specified in IEEE 802.11, the wireless standard published by the Institute of Electrical and Electronics Engineers (IEEE) Standards Association.
•MOK—This modulation was used before the IEEE finished the high-speed 802.11 standard and may still be in use in older wireless networks.
|
Radio Preamble
|
From the list, select one of the following:
•Long—Ensures compatibility between the access point and all early models of Cisco Aironet Wireless LAN Adapters (PC4800 and PC4800A).
•Short—Cisco Aironet's Wireless LAN Adapter supports short preambles; it improves throughput performance.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11b Radio Searched Channels Settings
Use this option to limit the channels that the access point scans when Search for less-congested radio channel is enabled.
The access point uses this setting to scan for the radio channel that is least busy and selects that channel for use.
Procedure
Step 1 Select 11b Radio > Searched Channels. The 11b Radio: Searched Channels dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-20 11b Radio Searched Channels Settings
Field
|
Description
|
Channel Number
|
Lists the available channels by number.
|
Frequency (mHz)
|
Lists the channel frequency.
|
Search?
|
From the list, select one of the following:
•Yes—Use this option to include the channel in the scan for less-congested channels.
•No—Use this option to exclude the channel in the scan for less-congested channels
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring the 11a Radio
Use this option to configure the device's 11a radio.
Procedure
Step 1 Select 11a Radio. The menu expands and the 11a Radio dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Select one of the following from the Radio menu:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
•Identification—See Identifying the 11a Radio Port.
•Filters—See Setting Up 11a Radio Filters.
•Hardware—See Defining the 11a Radio Hardware Settings.
•Advanced—See Defining the 11a Radio Advanced Settings.
•Searched Channels—See Defining the 11a Radio Searched Channels Settings.
•Data Encryption—See Defining the 11a Radio Data Encryption Settings.
Identifying the 11a Radio Port
Use this option to define basic identity information for the Ethernet port.
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select 11a Radio > Identification. The 11a Radio: Identification dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Enter the following information to identify the port:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-21 11a Radio Identification Settings
Field
|
Description
|
Primary Port?
|
From the list, select one of the following:
Note If the primary port was set using Ethernet > Identification, the selected value is displayed.
•Ethernet—Sets the Ethernet port for all access points other than AP1200's as the primary port.
•Ethernet AP 1200—Sets the Ethernet port for AP1200 access points as the primary port.
•Radio 11b—Sets the 11b radio port as the primary port.
•Radio 11a—Sets the 11a radio port as the primary port.
|
Adopt Primary Port Identity?
|
From the list, select one of the following:
•yes—This adopts the primary port settings (MAC and IP addresses) for the Ethernet port.
•no—This uses different MAC and IP addresses for the Ethernet port.
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Up 11a Radio Filters
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select 11a Radio > Filters. The 11a Radio Filters dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-22 11a Radio Filters Settings
Field
|
Description
|
Ethertype
|
Receive
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
Transmit
|
Enter the ID of a defined Ethertype filter, or select one of the filters you created using Association > Ethertype Filters.
|
IP Protocol
|
Receive
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
Transmit
|
Enter the ID of a defined IP protocol filter, or select one of the filters you created using Association > IP Protocol Filters.
|
IP Port
|
Receive
|
Enter the ID of a defined IP port protocol filter, or select one of the filters you created using Association > IP Port Filters.
|
Transmit
|
Enter the ID of a defined IP port protocol filter, or select one of the filters you created using Association > IP Port Filters.
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11a Radio Hardware Settings
Procedure
Step 1 Select 11a Radio > Hardware. The 11a Radio: Hardware dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-23 11a Radio Hardware Settings
Field
|
Description
|
Service SetID (SSID)
|
Enter a unique identifier client devices use to associate with the access point. It can be any alphanumeric, case-sensitive string, from 2 to 32 characters long.
Several access points on a network or sub-network can share an SSID.
|
Allow "Broadcast" SSID to Associate
|
From the list, select one of the following:
•yes—Allows devices that do not specify an SSID (devices that are "broadcasting" in search of an access point to associate with) to associate with the access point.
•no—Does not allow devices that do not specify an SSID (devices that are "broadcasting" in search of an access point to associate with) to associate with the access point.
With no selected, the SSID used by the client device must match exactly the access point's SSID.
|
Data Rates (Mb/sec)
|
6.0
|
From the list, select one of the following for each of the four rates in megabits per second:
•basic—Allows transmission at this rate for all packets, both unicast and multicast. At least one data rate must be set to basic.
•yes—Allows transmission at this rate for unicast packets only.
•no—Does not allow transmission at this rate.
|
9.0
|
12.0
|
18.0
|
24.0
|
36.0
|
48.0
|
54.0
|
Transmit Power
|
From the list, select one of the following milliwatt settings: 5, 10, 20, 40.
To reduce interference or to conserve power, select a lower power setting.
Click see details to see which versions this setting is valid for.
|
Fragmentation Threshold (256-2338)
|
Enter a setting to determine the size at which packets are fragmented (sent as several pieces instead of as one block).
Use a low setting in areas where communication is poor or where there is a great deal of radio interference.
|
RTS Threshold (0-2339)
|
Enter a setting to determine the packet size at which the access point issues a request to send (RTS) before sending the packet.
A low RTS Threshold setting can be useful in areas where many client devices are associating with the access point, or in areas where the clients are far apart and can detect only the access point and not each other.
|
Maximum RTS Retries (1-128)
|
Enter the maximum number of times the access point issues an RTS before stopping the attempt to send the packet through the radio.
|
Max. Data Retires (1-128)
|
Enter the maximum number of attempts the access point makes to send a packet before giving up and dropping the packet.
|
Beacon Period (Kusec)
|
Enter the amount of time between beacons in kilomicroseconds. (One kilomicrosecond equals 1,024 microseconds.)
|
Data Beacon Rate (DTIM)
|
Enter the amount of time, always a multiple of the beacon period, to determine how often the beacon contains a delivery traffic indication message (DTIM).
The DTIM tells power-save client devices that a packet is waiting for them.
If the beacon period is set at 100, its default setting, and the data beacon rate is set at 2, its default setting, then the access point sends a beacon containing a DTIM every 200 Kmsecs. (One Kmsec equals 1,024 microseconds.)
|
Default Radio Channel
|
From the list, select the radio channel you want for a default.
|
Search for less-congested Radio Channel?
|
From the list, select one of the following:
•yes—Allows the access point to scan for the radio channel that is least busy and selects that channel for use.
•no—Will not allow the access point to scan for a radio channel that is least busy.
|
Receive Antenna
|
From the list, select one of the following:
•Right—Use this setting if your access point has removable antennas and you install a high-gain antenna on the access point's right connector. (When you look at the access point's back panel, the right antenna is on the right.)
Use this setting for both receive and transmit.
•Left—Use this setting if your access point has removable antennas and you install a high-gain antenna on the access point's left connector. (When you look at the access point's back panel, the left antenna is on the left.)
Use this setting for both receive and transmit.
•Diversity—Use this setting if your access point has two fixed (non-removable) antennas; it tells the access point to use the antenna that receives the best signal.
Use this setting for both receive and transmit.
|
Transmit Antenna
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11a Radio Advanced Settings
Use this option to define the settings and operational status of the Ethernet port.
Procedure
Step 1 Select 11a Radio > Advanced. The 11a Radio: Advanced dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-24 11a Radio Advanced Settings
Field
|
Description
|
Status
|
From the list, select one of the following:
•up—Enables the Radio port for normal operation.
•down—Disables the device's Radio port.
|
Packet Forwarding
|
From the list, select one of the following:
•enabled—Allows normal operation.
•disabled—Prevents data from moving between the Ethernet and the radio, which is useful in troubleshooting.
|
Default Multicast Address Filter
|
From the list, select one of the following:
•Allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed under Association > Address Filters.
•Disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed under Association > Address Filters.
|
Maximum Multicast Packets/Second
|
Use this setting to control the number of multicast packets that can pass through the Ethernet port each second.
If you enter 0, the access point passes an unlimited number of multicast packets.
If you enter a number other than 0, the device passes only that number of multicast packets per second.
|
Radio Cell Role
|
From the list, enter one of the following:
•Client/Non-Root—use this setting for diagnostics or site surveys, such as when you need to test and access point by having it communicate with another access point or bridge without accepting associations from client devices.
•Repeater/Non-Root—Use this setting for access points that are not connected to a wired LAN and which transfer data between another access point or repeater.
•Access Point/Root—Use this setting if the access point is connected to a wired LAN.
|
Maximum Number of Associations
|
Enter the maximum number of wireless networking devices that are allowed to associate to the access point.
If you enter 0 it means that the maximum possible number of associations is allowed.
Click see details to see which versions this setting is valid for.
|
Use Aironet Extensions
|
From the list, select one of the following:
•yes—Enable load balancing, Message Integrity Check (MIC), and WEP key hashing.
•no—Does no enable the features listed above.
|
Classify Workgroup Bridges as network infrastructure
|
From the list, select one of the following:
•yes—Use this setting to limit the number of workgroup bridges that can associate to the access point to 20 or less.
•no—Use this setting to allow more than 20 workgroup bridges to associate to the access point.
|
Ethernet encapsulation transform
|
From the list, select one of the following:
•802.1H—Provides optimum performance for Cisco Aironet wireless products.
•RFC1042—Ensures interoperability with non-Cisco Aironet wireless equipment.
|
Enhanced MIC verification for WEP
|
From the list, select one of the following:
•None—Does not enable MIC.
•NMH—Enables MIC (Message Integrity Check), a security feature that protects your WEP keys by preventing attacks on encrypted packets called bit-flip attacks.
|
Temporal Key Integrity Protocol
|
From the list, select the following:
•None—Does not enable WEP key hashing.
•Cisco—Enables WEP key hashing that defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key.
|
Broadcast WEP Key rotation interval (sec)
|
Enter a rotation interval in seconds.
•If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes.
•If you enter 0, you disable broadcast WEP key rotation.
|
Accept Authentication Type
|
Open
|
From the list, select one of the following:
•Yes—Allows any device, regardless of its WEP keys, to authenticate and attempt to associate. This is the recommended setting.
•No—Does not allow any device, regardless of its WEP keys, to authenticate and attempt to associate.
|
Shared
|
From the list, select one of the following:
•Yes—Tells the access point to send a plain-text, shared key query to any device attempting to associate with the access point. This query can leave the access point open to a known-text attack from intruders. This is not as secure as the Open setting.
•No—Does not allow the access point to send a plain-text, shared key query to any device attempting to associate with the access point.
|
Network-EAP
|
From the list, select one of the following:
•Yes—Allows EAP-enabled client devices to authenticate through the access point.
•No—Does not allow EAP-enabled client devices to authenticate through the access point.
|
Require EAP
|
Open
|
From the list, select one of the following:
•Yes—Use this option if you use open and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use open and EAP authentication.
|
Shared
|
From the list, select one of the following:
•Yes—Use this option if you use shared and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use shared and EAP authentication.
|
Default Unicast Address Filter
|
Open
|
From the list, select one of the following:
•Allowed—The access point forwards all traffic except packets sent to the MAC addresses set as disallowed with the Address Filters.
•Disallowed—The access point discards all traffic except packets sent to the MAC addresses set as allowed with the Address Filters or on your authentication server.
Select Disallowed for each authentication type that also uses MAC-based authentication.
|
Shared
|
Network-EAP
|
Specified Access Point 1
|
If this access point is a repeater, enter the MAC address of one or more root-unit access points with which you want this access point to associate.
With MAC addresses in these fields, the repeater access point always tries to associate with the specified access points instead of with other less-efficient access points.
|
Specified Access Point 2
|
Specified Access Point 3
|
Specified Access Point 4
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11a Radio Searched Channels Settings
Use this option to limit the channels that the access point scans when Search for less-congested radio channel is enabled.
The access point uses this setting to scan for the radio channel that is least busy and selects that channel for use.
Procedure
Step 1 Select 11a Radio > Searched Channels. The 11a Radio: Searched Channels dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-25 11a Radio Searched Channels Settings
Field
|
Description
|
Channel Number
|
Lists the available channels by number.
|
Frequency (mHz)
|
Lists the channel frequency.
|
Search?
|
From the list, select one of the following:
•Yes—Use this option to include the channel in the scan for less-congested channels.
•No—Use this option to exclude the channel in the scan for less-congested channels
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Defining the 11a Radio Data Encryption Settings
Use this option to limit the channels that the access point scans when Search for less-congested radio channel is enabled.
The access point uses this setting to scan for the radio channel that is least busy and selects that channel for use.
Procedure
Step 1 Select 11a Radio > Data Encryption. The 11a Radio: Data Encryption dialog box displays in the right pane.
Step 2 Click see details to see which versions this option is valid for.
Step 3 Complete the following:
Table 3-26 11a Radio Data Encryption Settings
Field
|
Description
|
Data Encryption by Stations
|
From the list, select the encryption type:
•No Encryption—Requires clients to communicate with the Access Point without any data encryption. This setting is not recommended.
•Optional—Allows clients to communicate with the Access Point either with or without data encryption. Typically, this option is used when you have client devices that cannot make a WEP connection, such as non-Cisco clients in a 128-bit WEP environment.
•Full Encryption—Requires clients to use data encryption when communicating with the Access Point. Clients not using data encryption are allowed to communicate. This option is recommended if you want to maximize the security of your Wireless LAN.
|
Authentication Type
|
Open
|
From the list, select one of the following:
•Yes—Allows any device, regardless of its WEP keys, to authenticate and attempt to associate. This is the recommended setting.
•No—Does not allow any device, regardless of its WEP keys, to authenticate and attempt to associate.
|
Shared Key
|
From the list, select one of the following:
•Yes—Tells the access point to send a plain-text, shared key query to any device attempting to associate with the access point. This query can leave the access point open to a known-text attack from intruders. This is not as secure as the Open setting.
•No—Does not allow the access point to send a plain-text, shared key query to any device attempting to associate with the access point.
|
Require EAP
|
Open
|
From the list, select one of the following:
•Yes—Use this option if you use open and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use open and EAP authentication.
|
Shared
|
From the list, select one of the following:
•Yes—Use this option if you use shared and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use shared and EAP authentication.
|
Encryption Keys 1 through 4
|
|
|
Transmit Key
|
Click to indicate this is the key you want to use to transmit packets. Only one key can be selected at a time.
|
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)Another template category to configure more options. (See Template Categories.)
Defining the Security Settings
Use this option to configure the device's security settings.
Procedure
Step 1 Select Security. The menu expands and the Security dialog box displays in the right pane.
Step 2 Select one of the following from the Security menu:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
•Local Admin Access—See Setting Local Admin Access.
•Local AP/Client Security—See Setting Local AP/Client Security.
•Server-Based Security—See Setting Server-Based Security.
Setting Local Admin Access
Use this option to enable or disable local admin access.
Procedure
Step 1 Select Security > Local Admin Access. The Security: Local Admin Access dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-27 Local Admin Access Settings
Field
|
Description
|
Local Admin Authentication
|
Select Enable to enable local admin authentication, or Disable to disable it.
|
Allow read-only browsing without login
|
Select Yes to allow it, or No to disallow it.
|
Step 3 Using this option you can:
•Add Users—See Adding Users.
•Delete Users—See Deleting Users.
Adding Users
Procedure
Step 1 To add a new user, enter the following:
Field
|
Description
|
User ID
|
Enter an identification number for the user.
Tip If you want to set the same user name on all access points and do not know which user ID's may already be in use, enter a very high value (2000).
|
User name
|
Enter the name for the user.
|
User password
|
Enter a password for the user.
|
Capabilities
|
Select the capabilities you want to allow the user.
|
Step 2 Click Add to add the users to the Users to Add list.
Step 3 To delete a user from the list, select the name, then click Delete.
Step 4 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Deleting Users
Click see detail to see which versions this option is valid for.
Procedure
Step 1 Enter the user's identification number in the User ID text box, then click Add to add it to the Users to Delete list.
Step 2 To delete an identification number from the list, select it, then click Delete.
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Local AP/Client Security
Use this option to set up the local access point and client security.
Procedure
Step 1 Select Security > Local AP/Client Security. The Security: Local AP/Client Security dialog box appears:
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-28 Local AP /Client Security Settings
Field
|
Description
|
Data Encryption by Stations
|
From the list, select the encryption type:
•No Encryption—Requires clients to communicate with the Access Point without any data encryption. This setting is not recommended.
•Optional—Allows clients to communicate with the Access Point either with or without data encryption. Typically, this option is used when you have client devices that cannot make a WEP connection, such as non-Cisco clients in a 128-bit WEP environment.
•Full Encryption—Requires clients to use data encryption when communicating with the Access Point. Clients not using data encryption are allowed to communicate. This option is recommended if you want to maximize the security of your Wireless LAN.
|
Authentication Type
|
Open
|
From the list, select one of the following:
•Yes—Allows any device, regardless of its WEP keys, to authenticate and attempt to associate. This is the recommended setting.
•No—Does not allow any device, regardless of its WEP keys, to authenticate and attempt to associate.
|
Shared Key
|
From the list, select one of the following:
•Yes—Tells the access point to send a plain-text, shared key query to any device attempting to associate with the access point. This query can leave the access point open to a known-text attack from intruders. This is not as secure as the Open setting.
•No—Does not allow the access point to send a plain-text, shared key query to any device attempting to associate with the access point.
|
Network-EAP
|
From the list, select one of the following:
•Yes—Allows EAP-enabled client devices to authenticate through the access point.
•No—Does not allow EAP-enabled client devices to authenticate through the access point.
|
Require EAP
|
Open
|
From the list, select one of the following:
•Yes—Use this option if you use open and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use open and EAP authentication.
|
Shared
|
From the list, select one of the following:
•Yes—Use this option if you use shared and EAP authentication to block client devices that are not using EAP from authenticating through the access point.
•No—Use this option if you do not use shared and EAP authentication.
|
Encryption Keys 1 through 4
|
|
|
Transmit Key
|
Click to indicate this is the key you want to use to transmit packets. Only one key can be selected at a time.
|
Encryption Key
|
Enter the type of encryption key used:
•For 40-bit WEP keys, enter as 10 hexadecimal digits (0-9, a-f, or A-F).
•For 128-bit WEP keys, enter as 26 hexadecimal digits (0-9, a-f, or A-F).
|
Key Size
|
From the list, select one of the following:
•Not set
•40 bit
•128 bit
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Setting Server-Based Security
Use this option to set up server-based security.
Note Changing this setting may cause the access point to reboot.
Procedure
Step 1 Select Security > Server-Based Security. The Security: Server-Based dialog box appears:
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-29 Server-Based Security Settings
Field
|
Description
|
802.1X Protocol Version (For EAP Authentication)
|
Note This setting may cause the device to reboot.
From the list, select one of the following:
•Draft 7—No radio firmware versions compliant with Draft 7 have LEAP capability, so you should not need to select this setting.
•Draft 8—Select this option if LEAP-enabled client devices that associate with this access point use radio firmware versions 4.13, 4.16, or 4.23, or if workgroup bridges associating with this access point use firmware version 8.58 or earlier.
•Draft 10—Select this option if client devices that associate with this access point or bridge use Microsoft Windows XP EAP authentication, if LEAP-enabled client devices that associate with this bridge use radio firmware version 4.25 or later, or if workgroup bridges associating with this access point use firmware version 8.65 or later.
Click * (asterisk) for information on which version this setting is valid
|
Primary Server Reattempt Period (Min)
|
Enter the amount of time a before another attempt is made if the server is not responding.
Click * (asterisk) for information on which version this setting is valid.
|
Server Name/IP
|
Enter the name or IP address of the server.
|
Server Type
|
Enter the type of server.
Click * (asterisk) for information on which version this setting is valid
|
Port
|
Enter the port number your server uses for authentication.
|
Shared Secret
|
Enter the shared secret used by your server. It must match the shared secret on the RADIUS server.
|
Retran Int (sec)
|
Enter the number of seconds the access point should wait before retransmitting.
Click * (asterisk) for information on which version this setting is valid.
|
Time Out (sec's)
|
Enter the number of seconds the access point should wait before authentication fails.
If the server does not respond within this time, the access point tries to contact the next defined authentication server.
|
EAP Auth
|
From the list, select one of the following:
•Yes—Use this server for EAP authentication.
In this type of authentication, the access point relays authentication messages between the server and the authenticating client device.
•No—Do not use this server for EAP authentication.
Click * (asterisk) for information on which version this setting is valid.
|
MAC Auth
|
From the list, select one of the following:
•Yes—Use this server for MAC-based authentication.
This allows only client devices with specified MAC addresses to associate and pass data through the access point. Client devices with MAC addresses not in a list of allowed MAC addresses are not allowed to associate with the access point.
•No—Do not use this server for MAC-based authentication.
Click * (asterisk) for information on which version this setting is valid.
|
User Auth
|
From the list, select one of the following:
•Yes—Use this setting to allow user authentication.
•No—Use this setting to disallow user authentication.
Click * (asterisk) for information on which version this setting is valid.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Services
Use this option to configure various system features and support services on the device.
Procedure
Step 1 Select Services. The menu expands and the Services dialog box displays in the right pane.
Step 2 Select one of the following from the Services menu:
•Start-Up—See Configuring Start-Up Settings.
•Console/Telnet—See Configuring Console/Telnet Settings.
•Hot Standby—See Configuring Hot Standby Settings.
•Routing—See Configuring Routing Settings.
•CDP—See Configuring CDP Settings.
•DNS—See Configuring DNS Settings.
•FTP—See Configuring FTP Settings.
•HTTP—See Configuring HTTP Settings.
•SNMP—See Configuring SNMP Settings.
•SNTP—See Configuring SNTP Settings.
•Accounting—See Configuring Accounting Settings.
Configuring Start-Up Settings
Use this option to configure the access point for your network's BOOTP or DHCP servers for automatic assignment of IP addresses.
Procedure
Step 1 Select Services > Start-Up. The Services: Start-Up dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-30 Start-Up Settings
Field
|
Description
|
Configuration Server Protocol
|
From the list, select one of the following:
•None—Use this setting if your network does not have an automatic system for IP address assignment.
•BOOTP—Use this setting if IP addresses are hard-coded based on MAC addresses.
•DHCP—Use this setting if IP addresses are "leased" for predetermined periods of time.
|
Use prior Config Server settings if no server responds?
|
From the list, select one of the following:
•yes—Use this setting to have the access point save the boot server's most recent response.
•no—Use this setting to not use the most recent response.
|
Read ".ini" file from file server?
|
From the list, select one of the following:
•always—Use this setting for the access point to always load configuration settings from an.ini file on the server.
•never—Use this setting for the access point to never load configuration settings from an.ini file on the server.
•if specified by server—Use this setting for the access point to load configuration settings from an.ini file on the server if the server's DHCP or BOOTP response specifies that an.ini file is available.
|
BOOTP Server Timeout (sec's)
|
Enter the length of time the access point waits to receive a response from a single BOOTP server.
|
DHCP Multiple-Offer Timeout (sec's)
|
Enter the length of time the access point waits to receive a response when there are multiple DHCP servers.
|
DHCP Requested Lease Duration (min's)
|
Enter the length of time the access point requests for an IP address lease from your DHCP server.
|
DHCP Minimum Lease Duration (min's)
|
Enter the shortest amount of time the access point accepts for an IP address lease. The access point ignores leases shorter than this period.
|
DHCP Client Identifier Type
|
From the list, select one of the following:
•Ethernet (10Mb)
•Experimental Ethernet (3Mb)
•Amateur Radio AX.25
•Proteon ProNET Token Ring
•Chaos
•IEEE 802 Networks
•ARCNET
•Hyperchannel
•Lanstar
•AutoNet Short Address
•LocalTalk
•LocalNet
•Other-Non Hardware
Click see details to see which versions this setting is valid for.
|
DHCP Client Identifier Value
|
Use this setting to include a unique identifier in the access point's DHCP request packet.
•If you select Other-Non Hardware from the DHCP Client Identifier Type list, you can enter up to 255 alphanumeric characters.
•If you select any other option from the DHCP Client Identifier Type list, you can enter up to 12 hexadecimal characters (numbers 0 through 9, and the letters A through F).
Click see details to see which versions this setting is valid for.
|
DHCP Class Identifier
|
Enter the access point's group name.
The DHCP server uses the group name to determine the response to send to the access point.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Console/Telnet Settings
Use this option to configure the access point to work with a terminal emulator or through Telnet.
Procedure
Step 1 Select Services > Console/Telnet. The Services: Console/Telnet dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-31 Console/Telnet Settings
Field
|
Description
|
Baud Rate
|
Enter a rate from 110 to 115,200, expressed in bits per second.
The rate you enter is dependent on the capability of the computer you use to open the access point management system.
|
Parity
|
From the list, select one of the following:
•None—Use this setting to use no parity bit.
•Even—Use this setting to make the total number of bits even.
•Odd—Use this setting to make the total number of bits odd.
|
Data Bits
|
From the list, select one of the data bit settings.
|
Stop Bits
|
From the list, select one of the stop bit settings.
|
Flow Control
|
From the list, select one of the following:
•None—Use this setting to indicate no flow control is used.
•SW Xonn/Xoff—Use this setting to indicate the method information is sent between pieces of equipment to prevent loss of data when too much information arrives at the same time on one device.
|
Terminal Type
|
From the list, select one of the following:
•teletype—Use this setting if your terminal emulator does not support ANSI.
•ANSI—Use this setting to offer graphic features such as reverse video buttons and underlined links.
|
Columns (64-132)
|
Enter a number to define the width of the terminal emulator display within the range of 64 characters to 132 characters.
|
Lines (16-50)
|
Enter a number to define the height of the terminal emulator display within the range of 16 characters to 50 characters.
|
Telnet
|
From the list, select one of the following:
•Enable—Use this setting to enable Telnet access to the management system.
•Disable—Use this setting to prevent Telnet access to the management system.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Hot Standby Settings
Use this option to configure a standby access point as a client device associated to a monitored access point.
Procedure
Step 1 Select Services > Hot Standby. The Services: Hot Standby dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-32 Hot Standby Settings
Field
|
Description
|
Hot Standby Mode
|
From the list, select one of the following:
•Enable—Use this setting to allow hot standby mode.
•Disable—Use this setting to disable hot standby mode.
|
Service Set ID (SSID)
|
Enter the monitored access point's SSID.
|
MAC Address for the Monitored AP
|
Enter the monitored access point's MAC address.
|
Polling Frequency (1-30)
|
Enter the number of seconds between each query the standby access point sends to the monitored access point.
|
Timeout for Each Polling (1-600)
|
Enter the number of seconds the standby access point should wait for a response from the monitored access point before it assumes that the monitored access point has malfunctioned.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Routing Settings
Use this option to configure the access point to communicate with the IP network routing system.
Procedure
Step 1 Select Services > Routing. The Services: Routing dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-33 Routing Settings
Field
|
Description
|
Default Gateway
|
Enter the IP address of your network's default gateway in this entry field.
The entry 255.255.255.255 indicates no gateway.
|
New Network Route
|
Destination Network
|
Enter the IP address of the destination network.
|
Gateway
|
Enter the IP address of the gateway used to reach the destination network.
|
Subnet Mask
|
Enter the subnet mask associated with the destination network.
|
Step 3 Click Add to add an additional network route for the access point.
Step 4 To remove a network route, select it from the list, then click Remove.
Step 5 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring CDP Settings
Use this option to enable, disable, or adjust the access point's CDP settings.
Procedure
Step 1 Select Services > CDP. The Services: CDP dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-34 CDP Settings
Field
|
Description
|
Cisco Discovery Protocol (CDP)
|
From the list, select one of the following:
•Enable—Use this setting to enable CDP.
•Disable—Use this setting to disable CDP.
|
Packet Hold Time
|
Enter the number of seconds other CDP-enabled devices should consider the access point's CDP information valid.
|
Packet Sent Every
|
Enter the number of seconds between each CDP packet the access point sends.
This value should always be less than the packet hold time.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring DNS Settings
Use this option to configure the access point to work with your network's Domain Name System (DNS) server.
Procedure
Step 1 Select Services > DNS. The Services: DNS dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-35 DNS Settings
Field
|
Description
|
Domain Name System (DNS)
|
From the list, select one of the following:
•Enable—Use this option if your network DNS.
•Disable—Use this option if you network does not use DNS.
|
Default Domain
|
Enter the name of your network's IP domain. Your entry might look like this: mycompany.com
|
Domain Name Servers
|
Enter the IP addresses of up to three domain name servers on your network.
|
Domain Suffix
|
Enter the portion of the full domain name that you would like omitted from access point displays.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring FTP Settings
Use this option to configure File Transfer Protocol settings for the access point. All non-browser file transfers are governed by these settings.
Procedure
Step 1 Select Services > FTP. The Services: FTP dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-36 FTP Settings
Field
|
Description
|
File Transfer Protocol (FTP)
|
From the list select one of the following:
•TFTP
•FTP
|
Default File Server
|
Enter the IP address or DNS name of the file server where the access point should look for FTP files.
|
FTP Directory
|
Enter the file server directory that contains the firmware image files.
|
FTP User Name
|
Enter the username assigned to your FTP server.
You do not need to enter a name in this field if you selected TFTP.
|
FTP User Password
|
Enter the password associated with the file server's username.
You do not need to enter a password in this field if you selected TFTP.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring HTTP Settings
Use this option to configure HTTP settings for the access point.
Procedure
Step 1 Select Services > HTTP The Services: HTTP dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-37 HTTP Settings
Field
|
Description
|
Allow Non-Console Browsing
|
From the list, select one of the following:
•Enable—Use this setting to allow browsing to the management system.
•Disable—Use this setting to make the management system accessible only through the console and Telnet interfaces.
|
HTTP Port
|
Enter the port through which the access point provides web access.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring SNMP Settings
Use this option to configure settings for notifications to be sent to an SNMP server.
Procedure
Step 1 Select Services > SNMP. The Services: SNMP dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-38 SNMP Settings
Field
|
Description
|
Simple Network Management Protocol (SNMP)
|
From the list, select one of the following:
•Enable—Use this setting to allow event notifications to be sent to an SNMP server.
•Disable—Use this setting to not allow event notifications to be sent to an SNMP server.
|
SNMP Trap Destination
|
Enter the IP address or the host name of the server running the SNMP Management software.
|
SNMP Trap Community
|
Enter the SNMP community name.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring SNTP Settings
Use this option to configure time server settings.
Procedure
Step 1 Select Services > SNTP. The Services: SNTP dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-39 SNTP Settings
Field
|
Description
|
Simple Network Time Protocol (SNTP)
|
From the list, select one of the following:
•Enable—Use this setting if your network uses Simple Network Time Protocol.
•Disable—Use this setting if your network does not use Simple Network Time Protocol.
|
Default Time Server
|
Enter enter the server's IP address.
|
GMT Offset (hr.)
|
From the list, select the time zone in which the access point operates.
|
Use Daylight Savings Time
|
From the list, select one of the following:
•Enable—Use this setting to have the access point automatically adjust to Daylight Savings Time.
•Disable—Use this setting to not have the access point automatically adjust to Daylight Savings Time.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Accounting Settings
Use this option to configure settings that enable you to send network accounting information about wireless client devices to a RADIUS server on your network.
Procedure
Step 1 Select Services > Accounting. The Services: Accounting dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-40 Accounting Settings
Field
|
Description
|
Enable accounting
|
From the list, select one of the following:
•enable—Use this setting to turn on accounting for your wireless network.
•disable—Use this setting to turn off accounting for your wireless network
|
Enable delaying to report STOP
|
•enable—Use this setting to delay sending a stop report to the server when a client device disassociates from the access point.
The delay reduces accounting activity for client devices that disassociate from the access point and then quickly reassociate.
•disable—Use this setting to not delay sending a stop report to the server when a client device disassociates from the access point.
|
Minimum delay time to report STOP (sec)
|
Enter the number of seconds the access point waits before sending a stop report to the server when a client device disassociates from the access point.
|
Server Name/IP
|
Enter the name or IP address of the server to which the access point sends accounting data.
|
Server Type
|
Select RADIUS from the list.
(Additional types may be added in future software releases.)
|
Port
|
Enter the communication port setting used by the access point and the server.
The default setting, 1813, is the correct setting for Cisco Aironet access points and Cisco secure ACS.
|
Shared Secret
|
Enter the shared secret used by your server. It must match the shared secret on the RADIUS server.
|
Retran (sec)
|
Enter the amount of time to wait before retransmitting.
|
Max Retran
|
Enter the maximum number of times to attempt retransmissions.
Click * (asterisk) for information on which version this setting is valid.
|
Enable Update
|
From the list, select one of the following:
•enable—Use this setting to allow accounting update messages for wireless clients.
With updates enabled, the access point sends an accounting start message when a wireless client associates to the access point, sends updates at regular intervals while the wireless client is associated to the access point, and sends an accounting stop message when the client disassociates from the access point.
•disable—Use this setting to not allow accounting update messages.
With updates disabled, the access point sends only accounting start and accounting stop messages to the server.
|
Update Delay (sec's)
|
Enter the update interval in seconds.
If you use 360, the access point sends an accounting update message for each associated client device every 6 minutes.
|
EAP Auth.
|
From the list, select one of the following:
•Yes—Use this server for EAP authentication.
In this type of authentication, the access point relays authentication messages between the server and the authenticating client device.
•No—Do not use this server for EAP authentication.
|
Non-EAP Auth.
|
From the list, select one of the following:
•Yes—Use this server for non-EAP authentication.
•No—Do not use this server for non-EAP authentication.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Events
This option enables to you to customize the display of access point events (alerts, warnings, and normal activity).
Procedure
Step 1 Select Events. The menu expands and the Events dialog box displays in the right pane.
Step 2 Select one of the following from the Events menu:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
•Event Handling—See Configuring Event Handling.
•Event Notifications—See Configuring Event Notification.
Configuring Event Handling
The event settings control how events are handled by the access point: counted, displayed in the log, recorded, or announced in a notification. The settings are color coded: red for fatal errors, magenta for alerts, blue for warnings, and green for information.
Procedure
Step 1 Select Events > Event Handling. The Events: Event Handling dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-41 Event Handling Settings
Field
|
Description
|
System Fatal
|
From the list, select one of the following:
•Count—Use this option to tally the total events occurring in this category without any form of notification or display.
•Display Console—Use this option to provide a read-only display of the event but not record it.
•Record—Use this option to make a record of the event in the log and provide a read-only display of the event.
•Notify—Use this option to makes a record of the event in the log, display the event, and tell the access point to notify someone of the occurrence.
|
Protocol Fatal
|
Network Port Fatal
|
System Alert
|
Protocol Alert
|
Network Port Alert
|
External Alert
|
System Warning
|
Protocol Warning
|
Network Port Warning
|
External Warning
|
System Information
|
Protocol Information
|
Network Port Information
|
External Information
|
Handle Alerts as Severity Level
|
From the list, select one of the following:
•systemFatal—Indicates an event that prevents operation of the device as a whole.
•protocolFatal—Indicates an event that prevents operation of a specific communications protocol in use, such as HTTP or IP.
•portFatal—Indicates an event that prevents operation of the Ethernet or radio network interface.
•systemAlert—Indicates that you need to take action to correct a condition on the device as a whole.
•protocolAlert—Indicates that you need to take action to correct a condition on a specific communications protocol in use, such as HTTP or IP.
•portAlert—Indicates that you need to take action to correct the condition on the Ethernet or radio network interface.
•externalAlert—Indicates that you need to take action to correct the condition on a device on the network.
|
|
| |
•systemWarning—Indicates that an error or failure may have occurred on the device as a whole.
•protocolWarning—Indicates that an error or failure may have occurred on a specific communications protocol in use, such as HTTP or IP.
•portWarning—Indicates that an error or failure may have occurred on an Ethernet or radio network interface.
•externalWarning—Indicates that an error or failure may have occurred on a device.
•systemInfo—Notification that some sort of event has occurred on a device.
•protocolInfo—Notification that some sort of event has ocurred on a communications protocol in use, such as HTTP or IP.
•portInfo—Notification that some sort of event has ocurred on an Ethernet or radio network interface.
•externalInfo—Notification that some sort of event has ocurred on a device.
|
|
Maximum Number of Bytes Stored per Alert Packet
(0- 2312)
|
Enter the maximum number of bytes the access point stores for each Station Alert packet when packet tracing is enabled.
If you use 0, the access point does not store bytes for Station Alert packets; it only logs the event.
Note Changing this setting may cause the access point to reboot.
|
Maximum Memory Reserved for Detailed Event Trace Buffer (bytes) (0-8388608)
|
Enter the number of bytes reserved for the Detailed Event Trace Buffer.
The Detailed Event Trace Buffer is a tool for tracing the contents of packets between specified stations on your network.
Note Changing this setting may cause the access point to reboot.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Event Notification
Use this option to enable and configure notification of fatal, alert, warning, and information events to destinations external to the access point, such as an SNMP server or a Syslog system.
Procedure
Step 1 Select Events > Event Notification. The Events: Event Notification dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Table 3-42 Events > Event Notification Settings
Field
|
Description
|
Should Notify-Disposition Events generate SNMP Traps?
|
From the list, select one of the of the following:
•Yes—Use this option to send event notifications to an SNMP server.
•No—Use this option if you do not want to send notifications to an SNMP server.
|
SNMP Trap Destination
|
Enter the IP address or the host name of the server running the SNMP Management software.
|
SNMP Trap Community
|
Enter the SNMP community name.
|
Should Notify-Disposition Events generate Syslog Messages?
|
From the list, select one of the of the following:
•Yes—Use this option to send event notifications to a Syslog server.
•No—Use this option if you do not want to send notifications to a Syslog server.
|
Syslog Destination Address
|
Enter the IP address or the host name of the server running Syslog.
|
Syslog Facility Number
|
Enter the Syslog Facility number for the notifications.
|
Step 3 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Configuring Custom Values
This option enables to you to enter custom values that might not be available in the Template Menu. It also allows you to quickly enter a value, if you know the exact value you want to change, instead of going through the menu.
Note This option should be used only by advanced users who have a good understanding of the MIB variables they are setting.
Templates with custom key values are not validated.
Procedure
Step 1 Select Configure > Templates > Custom Values. The Custom Values dialog box appears.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Template windows up until that point.
Step 2 Complete the following:
Note You must enter the exact syntax for the setting to work properly.
Field
|
Description
|
Key
|
Enter a valid MIB key.
|
Value
|
Enter a valid MIB value.
|
Step 3 Click Add to add the custom value to the list.
Note If the custom value you enter is the same as an existing one in the Template Menu, the custom value will override the value in the menu.
Step 4 To remove a custom value, select it from the list, then click Remove.
Step 5 Select one of the following in the left pane:
•Preview to see your changes before you apply them. (See Previewing the Template.)
•Finish to save the template. (See Finishing the Template.)
•Another template category to configure more options. (See Template Categories.)
Previewing the Template
Procedure
Step 1 Click Preview. A window displays the configuration choices you have made to the template.
Step 2 Click Finish. (See Finishing the Template.)
Finishing the Template
Procedure
Step 1 Click Finish in the left pane to complete creating a template. The Finish dialog box appears in the right pane.
Note It is recommended that you always validate the template before saving it.
Step 2 Click Validate if you want to check the template configuration. A window displays a message indicating for which devices and versions the configuration template you just created is valid.
Note Templates containing custom key values are not validated.
Step 3 Check Enable Version Checking if you want the system to make sure you apply the templates only to devices with valid versions.
If you do not enable the version check, templates will be applied to devices even when the configuration is not valid for the device version.
Step 4 Click Save to create the template. The screen refreshes and the template name appears in the Existing Templates listbox.
Creating a Template
Use this option to create a configuration template.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Enter a unique name. (See Naming Guidelines for details.)
Step 3 Click Create New. The window refreshes with Template Creation menu in the left pane and the Template Name dialog box in the right pane.
Step 4 Select the choices in the left pane to create a configuration template. For a description, see Template Choices.
Copying a Template
Use this option to copy a configuration template that you can use as a base for another template.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Select the template you want to copy from the Existing Templates box, then click Create Copy. A dialog box appears asking you to enter a name for the copy.
Step 3 Enter a unique name. (See Naming Guidelines for details.)
Step 4 Click OK. The Templates window refreshes and the new name appears in the Existing Templates list.
Step 5 Click Edit. (See Editing a Template.)
Editing a Template
Use this option to edit a configuration template.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Select the template you want to edit from the Existing Templates box, then click Edit. The window refreshes with Template Creation menu in the left pane and the Template Name dialog box in the right pane.
Step 3 Select the choices in the Template Menu to create a configuration template. For a description, see Template Choices.
Deleting a Template
Use this option to delete a configuration template.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Select the template you want to delete from the Existing Templates box, then click Delete. A window appears asking if you want to delete the template.
Note You cannot delete a template if it used in a scheduled job.
Step 3 Click OK to delete it.
Importing a Template
Use this option to import a configuration to the WLSE, either from a file or from a device. You can import files from devices that are not managed by the WLSE.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Click Import. The Import Template window appears.
Step 3 Complete the following:
Field
|
Description
|
Template Name
|
Enter a name for the template.
|
Description
|
Enter a description for the template
|
From file
|
Enter the template filename or browse to find the file, then click Import.
|
From device (IP Address)
|
Enter a device name or IP address, then click Import.
|
Non-IP-Identity
|
Select this option if you do not want to download identity parameters, such as IP address, from the access point.
Some parameters are ignored using this type of import. The downloaded configuration parameters are not a full representation of the access point's configuration but an optimal representation.
|
Full
|
Select this option to import a full configuration from the access point.
This type of import includes the access point's identity parameters, such as sysname, IP address, etc.
Note When using this option, it is recommended you delete all the custom key values from the imported template before applying the template to any device.
|
Device Credentials
|
User Name
|
If the device is not managed by the WLSE, or if the device is managed but the credentials have not been set, enter the username on the access point.
|
User Password
|
If the device is not managed by the WLSE, enter the user password on the access point.
|
Step 4 To import another template, click Back and repeat Step 3.
Step 5 When you are finished, click Done.
Step 6 View the template you imported by selecting Configure > Templates and selecting it in the Existing Templates list.
Note Any configuration options in the imported file, which cannot be configured using the WLSE, will appear in Custom Values. It is recommended that you delete the custom values.
Exporting a Template
Use this option to export a configuration template to your local drive.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Templates. The Templates dialog box appears.
Step 2 Select a template name from Existing Templates, then click Export. The Export Template window appears.
Step 3 From the list, select the template you want to export, then click Export. You will be prompted for a location to export the.ini file.
Step 4 Click Done.
Managing Configuration Jobs
This is window allows you view a list of all the jobs in their various states. It also allows you to create, edit, and filter, and undo configuration jobs.
The topics covered in this section are:
•Creating a Configuration Job
•Viewing Configuration Job Status
–Filtering a Job
–Editing a Job
–Deleting a Job
–Copying a Job
–Viewing Job Run Details
Related Topic
Using the Templates.
Job Choices
When you create or edit a configuration job, the following choices appear in the left pane of the Jobs window:
Note All these steps, except Schedule Job, must be completed but do not have to be done in order. You schedule a job later.
1. Job Name—See Naming the Job.
2. Select Devices—See Selecting Devices.
3. Select Template—See Selecting a Template.
4. Schedule Job—See Scheduling a Job.
5. Finish—See Finishing the Job.
Caution Clicking on another Configure subtab before you have saved your entries in this window will cause the window to reset and you will lose all the information you entered.
Naming the Job
Procedure
Step 1 Click Job Name. The Job Name dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Job windows up until that point.
Table 3-43 Job Name
Field
|
Description
|
Job Name
|
Enter a name for the job.
See Naming Guidelines.
|
Description
|
Enter a description of the job.
See Naming Guidelines.
|
Protocol
|
Select the type of protocol used: HTTP or SNMP.
|
Step 3 From the menu in the left pane, go to the next step, Select Devices. (For additional information, see Selecting Devices.)
Selecting Devices
Procedure
Step 1 Click Select Devices. The Select window appears.
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Job windows up until that point.
Step 2 From the device selector, click the folder from which you want to build a device list.
•Clicking the folder displays the folder's contents in the Available Devices list box.
•Repeat this step as many times as necessary to select devices from the folder in which they reside.
Step 3 From the Available Devices list, select folders or individual devices, then click Add. The devices appear in the Selected Devices list box.
Note If you select a folder, the template will be applied to all of the devices in that folder. If a device is subsequently added to the folder, the template is applied to that device.
Step 4 To remove devices, select them from the Devices in Group list, then click Remove.
Step 5 From the menu in the left pane, go to the next step, Select Template. (For additional information, see Selecting a Template.)
Selecting a Template
Procedure
Step 1 Click Select Template. The Select Template window appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Job windows up until that point.
Table 3-44 Select Template
Field
|
Description
|
Configuration Template
|
From the list, select the template which you want to apply to the devices.
|
Details
|
Name
|
Displays the name of the selected template.
|
Device Types
|
Displays the device types that are valid for the selected template.
|
Device Versions
|
Displays the device versions for the device types listed in the Device Type field.
Each device type's valid versions are displayed in sequence and grouped using parentheses.
|
Description
|
Displays the template description.
|
Version Check Enabled
|
Indicates whether the version check is enabled.
(The check is enabled using the Finish step in the Template Menu.)
|
Step 3 From the menu in the left pane, go to the next step, Schedule Job. (For additional information, see Scheduling a Job.)
Scheduling a Job
Procedure
Step 1 Click Schedule Job. The Schedule Job dialog box appears.
Step 2 Complete the following:
Note Clicking Clear removes all the current entries in the window and any entries you have made in other Job windows up until that point.
Table 3-45 Schedule Job
Field
|
Description
|
Run Now
|
Click to run the job.
Note This option ignores any dates you have entered in Start Date and Start Time.
|
Start Date
|
From the lists, select the month, day, and year you want your job to run.
|
Start Time
|
From the list, select the hour and minutes of the day you want your job to run.
|
Repeat
|
Enable
|
Check to run the job repeatedly.
|
Every
|
Indicate how often you want the job to repeat by entering a numerical value, then selecting an interval of time: Hours, Days, Months, or Years.
|
Step 3 From the menu in the left pane, go to the next step, Finish. (For additional information, see Finishing the Job.)
Tip You can stop a running job by clicking Stop Job.
Finishing the Job
Procedure
Step 1 Click Finish in the left pane to complete creating a job. The Finish dialog box appears in the right pane.
Step 2 If you want email notification of job completion, use the Email settings section:
Field
|
Description
|
On completion, email to
|
Enter a comma-separated list of email addresses to be notified when the job completes.
|
Email only if job fails
|
Select this checkbox if you want recipients to be notified only if the job fails.
|
Tip If email notification is not working, you may need to configure the mailroute by selecting Administration > Appliance > Configure Mailroute.
Step 3 Click Validate if you want to check the job.
Note Jobs with templates containing custom key values are not validated.
A window displays a confirmation message if the job is successful, and an informational message if the selected template in the job is not valid for the selected devices.
Note It is recommended that you always validate a job before saving it, and to eliminate any errors before saving it. If a job is saved with errors, the devices associated with the errors are ignored when the job runs.
Step 4 Click Save to create the job. The screen refreshes and
–The job name appears in the Scheduled Jobs list.
–A confirmation window appears with the job summary.
Creating a Configuration Job
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Configure > Jobs. The Jobs window appears.
Step 2 Enter a name for the job. See Naming Guidelines.
Step 3 Click Create Job. The window refreshes with Job Creation menu in the left pane and the Job Name dialog box in the right pane.
Step 4 Select the numbered choices in the left pane to create a job. For a description, see Job Choices.
Viewing Configuration Job Status
This is window allows you to view job status. It also allows you to filter a job, edit a job, view details about the job and undo a job.
Device data is polled is every 15 minutes by default, and the duration that job data is retained is 30 days. To change either default, see Managing System Parameters.
The topics covered in this section are:
•Viewing the Job
•Filtering a Job
•Editing a Job
•Deleting a Job
•Copying a Job
•Viewing Job Run Details
Note Your login determines whether you can use this option.
Related Topic
Using the Templates
Viewing the Job
Procedure
Step 1 Select the status of the job you want to view from the Job State list.
Step 2 Select the type of job you want to view from the Job Type list.
Step 3 Click Apply. The window refreshes and the jobs are displayed.
The tables vary depending on the type of Job State and Job Type you selected: Scheduled and Unscheduled, Running, or All.
•Scheduled and Unscheduled
Field
|
Description
|
Job Name
|
The job name.
|
Recurring
|
Whether the job recurs.
|
Next Schedule
|
For scheduled jobs, this indicates the next time the job will run. For completed jobs, this is last time the job ran.
|
Last Run Status
|
The status of the last run.
Note Jobs that cause an access point to reboot are listed as Unverified.
|
•Running
Tip You can stop a running job by clicking Stop Job.
Field
|
Description
|
Job Name
|
The job name.
|
Recurring
|
Whether the job recurs.
|
Job Start Time
|
The time the job started.
|
Percent Complete
|
The percent of the job that has completed running.
|
Next Schedule
|
The next time the job is scheduled to run.
|
•All
Field
|
Description
|
Job Name
|
The job name.
|
Recurring
|
Whether the job recurs.
|
Job State
|
The state of the job.
Note A job in a DidNotStart state must be rescheduled.
|
Next Schedule
|
For scheduled jobs, this indicates the next time the job will run. For completed jobs, this is last time the job ran.
|
Last Run Status
|
The status of the job the last time it run.
Note Jobs that cause an access point to reboot are listed as Unverified.
|
Step 4 To sort table data, click on the column heading by which you want to sort the data:
•A triangle indicates ascending order.
•An upside-down triangle indicates descending order.
•No triangle indicates that the data is not sorted.
Step 5 You can do the following:
Note If the option is not available for the job type, the buttons are grayed.
a. Filter the job—See Filtering a Job.
b. Edit the job—See Editing a Job.
c. Delete the job—See Deleting a Job,
d. Copy a job—See Copying a Job.
e. View the run details—See Viewing Job Run Details.
f. Refresh the screen—Click Refresh.
Filtering a Job
Use this option to filter jobs from the displayed list. Filtering this way allows you to display a limited set of jobs, making it easier to search for a particular job if you know the name.
Procedure
Step 1 Click Filter Job. The Filter Job dialog box appears.
Step 2 Enter the name, or part of the a name, on which to filter. (Use % as a wildcard to filter jobs. For example, entering %name% will filter all the jobs that contain "name.")
Step 3 Click Apply filter. The Job window refreshes and the matching jobs are displayed on the Jobs list.
Note The filter is only applied until the page is refreshed.
Editing a Job
Use this option to edit jobs from the displayed list of jobs.
Procedure
Step 1 Select the job from the list which you would like to edit.
Step 2 Click Edit Job. The Job Name dialog box appears.
Step 3 Select the choices in the Template Menu to create a configuration template. For a description, see Job Choices.
Deleting a Job
Use this option to delete jobs from the displayed list of jobs. Jobs that are scheduled, unscheduled, completed and did not start can be deleted. Jobs that are running cannot be deleted; they can be stopped.
Procedure
Step 1 Select the job from the list which you would like to edit.
Step 2 Click Delete Job.
Copying a Job
Use this option to copy unscheduled jobs from the displayed list of jobs, which can be run later on demand.
Procedure
Step 1 Select the job from the list which you would like to copy.
Step 2 Click Copy Job. A dialog box appears.
Step 3 Enter a name for the job, then click OK. The screen refreshes and the job is listed.
Viewing Job Run Details
Use this option to view details about a job, or to undo a job from the displayed list of jobs.
Procedure
Step 1 From the table displayed in Configure > Jobs window, select a job for which you would like to see details, then click Job Run Detail.
Step 2 The details window appears with the Job Runs table:
Field
|
Description
|
Select Run
|
Used to select a job for which you want to see more details.
|
Job Start Time
|
The time the job started.
|
Job End Time
|
The time the job ended.
|
Job Status
|
The status of the job.
|
Percent Complete
|
The percent of the job that completed.
|
Step 3 Do any of the following:
•To view details for a particular job run or to undo a job, select the job, then click Show Run Details. The Job Run details table displays the information. (See Viewing the Job Run Details Table.)
•To view the job run log, click Job Run Log. A window displays all the details for the selected job number.
•To refresh the table, click Refresh.
Viewing the Job Run Details Table
The Job Runs Details table displays the following information:
Field
|
Description
|
Device Name
|
The name of the device.
|
Start Time
|
The time the job started.
|
End Time
|
The time the job ended.
|
Status
|
The status of the job.
|
•To sort table data, click on the column heading by which you want to sort the data:
–A triangle indicates ascending order.
–An upside-down triangle indicates descending order.
–No triangle indicates that the data is not sorted.
•To select all the jobs in the table, click Select All.
•To deselect all the jobs in the table, click DeSelect All.
Note If you have multiple screens, you must Select All or DeSelect All one screen at a time.
•To undo the selected configuration job, click Undo.
The Undo feature is not supported for the following:
–Custom Values
–Security options: Local Admin Authentication under the Local Admin Access; Encryption Key Values under Local AP/Client Security; Shared Secret under Server-Based Security; and Shared Secret under Accounting.
–FTP username and password
–Previously undone jobs
–Routing table configurations (for versions prior to 11.23T only)
–Adding a user in place of an existing user on the access point. The Undo feature works for new users.
Automating Configurations
This window allows you to automatically upload configuration templates to access points and bridges. Use this feature to:
•Apply startup templates through the DHCP server to newly-installed devices with manufacturer-default configurations.
•Apply a common template to devices after they are discovered, auto managed, and the WLSE has their inventory information.
The topics covered in this section are:
•Assigning a Startup Configuration
•Assigning an Auto-Managed Configuration
Assigning a Startup Configuration
The startup configuration is used for newly-installed devices that have a manufacturer-default configuration. After the devices are powered on and receive an IP address from a DHCP server, the startup configuration will be automatically uploaded to the devices.
Before You Begin
1. Create a template for the startup configuration. (See Creating a Startup Configuration Template.)
2. Configure the DHCP server to:
a. Return the WLSE's address. This is done by entering the <IP address of the WLSE> in the Boot Server Host Name field (option number 066) on the DHCP server.
b. Return the name of the initial template file in the DHCP reply message. This is done by entering <startup file name> in the BootfileName field (option number 067) on the DHCP server.
For example, if you had a WLSE with the IP address 10.10.11.12) and an associated startup template with Bootfile Name "newap1200.ini", you would do the following:
a. On the DHCP server, select Scope > Scope Options.
b. Set Scope option 066 (TFTP boot server name or IP address) with 10.10.11.12 (the WLSE's IP address).
c. Set Scope option 067 (Bootfile Name) with new-ap1200.ini (the new Bootfile Name associated with the startup template file.)
Tip After the access point is powered on and the startup configuration is applied, you may want to prevent the startup configuration from being uploaded to devices again if for some reason the access points reboot. To prevent the initial configuration from being uploaded to devices after a reboot, set the bootconfigReadINI variable on the access point to never by auto-managed configuration or regular configuration.
Related Topics
•Creating a Startup Configuration Template
•Assigning an Auto-Managed Configuration
Procedure
Step 1 Select Configure > Auto Update > Startup Configuration. The Startup Configuration Template dialog box appears.
Step 2 Complete the following:
Field
|
Description
|
Startup Templates
|
Lists the startup templates that have been created.
|
Bootfile Name
|
Enter the configuration file name that appears on the DHCP server. This must have an .ini extension.
|
Description
|
Enter a description for the configuration.
|
Configuration Template
|
From the list select the startup template to assign to the configuration file.
Click Details to see the device types and device versions for which the template is valid.
|
Step 3 Click Save to save the template.
Step 4 Click Delete to delete the template.
Creating a Startup Configuration Template
The startup configuration is used to bootstrap a device to allow the WLSE to discover it.
Caution The startup configuration template is placed in tftpboot directory and anyone who knows the file name can access it. This template should contain only minimal feature settings.
To create a startup template select Configure > Templates. (To configure the access point manually without using a startup configuration, see Set Up Access Points and Bridges.)
Use the following table to guide you in creating a startup configuration template:
Tasks
|
Template Choice
|
Notes
|
1. Enable Cisco Discovery Protocol (CDP).
|
Select Services > CDP.
|
CDP is required for the WLSE to discover devices on the network.
|
2. Enable SNMP.
(Optional) Set the location.
(Optional) Set the system name and system contact.
|
Select Services > SNMP.
|
SNMP is required for the WLSE to discover and manage the device.
Setting the location enables proper grouping of devices into the system-defined Location group. For more information, see Managing Groups.
|
3. Set the community string by creating a user with all privileges.
|
Select Security > Local Admin Access.
To create an user with SNMP read/write privileges, enter a username and password and select the Write, SNMP, Firmware, and Administrator capabilities.
|
The username of the user with Write and SNMP privileges is used as the SNMP read/write community string.
This community string should also have been configured on the WLSE using Administration > Discover > Device Credentials > SNMP Communities.
The Firmware privilege is required for configuring devices from the WLSE.
|
5. Set up TFTP as the transfer protocol between the WLSE and access points.
|
Select Services > FTP.
|
TFTP is used for transferring configuration changes to access points.
|
Assigning an Auto-Managed Configuration
Use this option to automatically apply a customized configuration to auto-managed devices after their inventory information has been collected by the WLSE.
The configuration which is applied to the devices is based on the system-defined group with which the devices are associated.
Tip It is recommended that as part of the auto-managed configuration template, you create an HTTP user and password by selecting Security > Local Admin Access. You also enter this user and password on the WLSE by selecting Administration > Discover > Device Credentials > HTTP User/Password.
There following topics are covered in this section:
•Assigning a Configuration Template—See Assigning Auto-Managed Configurations
•Emailing the Configuration Job Results—See Using Auto-Managed Options
Assigning Auto-Managed Configurations
Procedure
Step 1 Select Configure > Auto Update > Auto-Managed Configuration. The Auto-Managed Configuration Templates dialog box appears with the names of the groups for which you can apply an automated template.
Step 2 Complete the following:
Field
|
Description
|
Auto-Managed Templates
|
Lists the auto-managed templates that have been created.
|
Name
|
Enter a name for the auto-managed configuration. This must have a .ini extension.
|
Description
|
Enter a description for the configuration.
|
Automatically apply configuration template to devices matching the criteria below when they get auto managed
|
1. Select the checkbox if you want to automatically apply a template.
2. From the list select the template you want to assign.
3. Click Details to see the device types and device versions for which this template is valid.
|
Device Types
|
Note Auto-managed templates for AP 350's are applied to 350 bridges; you cannot assign a different template for bridges based on device type alone. If the bridges are running are different software version than the AP350s, use a different template for bridges and set the appropriate version numbers.
1. Select the checkbox to enable the device types.
2. From the list, select the device and click >> to add it to the list of valid devices for that template.
3. To remove devices from the list, select the device, then click Remove.
|
Software Versions
|
1. Select the checkbox to enable the software versions.
2. Enter the version numbers if they are not in the list, or from the list, select the version number, then click >> to add it to the list of valid versions for that template.
3. To remove version numbers, select the version number form the list, then click Remove.
|
Step 3 Click Save to save the template.
Step 4 To delete a template, select it from the Auto-Managed Templates listbox, then click Delete.
Using Auto-Managed Options
This option allows you to email the results of your auto-managed configuration job.
Procedure
Step 1 Select Configure > Auto Update > Auto-Managed Configuration > Auto-Managed Options. The Auto-Managed Configuration Options dialog box appears.
Step 2 Select the checkbox to enable email notification.
Step 3 Enter the email address for the recipients of the notification.
Tip If email notification is not working, you may need to configure the mailroute by selecting Administration > Appliance > Configure Mailroute.
Step 4 Click Save.
