Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Building Broadband Service Manager

BBSM 5.1 Aironet Hardware Configuration Guide

Downloads

Document ID: 20708


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Security
VPN Issues
Parameter Definitions
Configuring the Cisco 2600 Router
      Entering Configuration Mode
      Configuring the NAT When Using Private IPs on BBSM Network(s) (Optional)
      Configuring the NAT Pool for Aironet Radios using LEAP Authentication (Optional)
      Routing to the Internet
      Routing to the Internal BBSM Network
      Configuring the SNMP Engine
      Configuring the Access List for Security Control
      Configuring the Serial Interface
      Configuring the Ethernet Interface
      Configuring the Telnet Interface
      Common Oversights and Mistakes
Configuring BBSM
      Configuring Routing and Remote Access
      Common Oversights and Mistakes
Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)
      Entering Configuration Mode
      Global Configuration
      Configuring the Access List for Security Control
      Configuring the FastEthernet0/1 - 0/23 Interface
      Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
      Configuring the VLAN 1 Interface
      Configuring the Telnet Interface
      Common Oversights and Mistakes
Configuring the Aironet Access Point
      Using the IP Setup Utility (IPSU)
      Express Setup Web Page
      Security Settings
      Common Oversights and Mistakes
Configuring the Aironet Workgroup Bridge
      Using IPSU
      Using a Web Browser to View/Change the Configuration
      The Identity Page
      The Radio Page
      The Console Page
      The Security Page
      Common Oversights and Mistakes
Configuring the Aironet Network Interface Card
      Common Oversights and Mistakes
Cisco Support Community - Featured Conversations
Related Information

Introduction

This document represents best practice methodologies for Cisco MxU Broadband Solution Deployment. The Building Broadband Solution Unit (BBSU) Total Implementation Package (TIP) utilizes Cisco Systems, Inc. Building Broadband Service Manager (BBSM), Ethernet, Long Reach Ethernet (LRE), Aironet, and Cable Product offerings to provide broadband connectivity for the MxU market.

This document is a supplemental tool that is intended for internal use by Cisco partners, resellers, and customers for the deployment of Cisco products. This tool is subject to the terms and conditions of the Cisco TIP License Agreement.

The purpose of this document is to provide baseline configuration guidelines for a Cisco Systems BBSM Network within an Aironet network; it is not a replacement for individual Point Product Configuration documentation.

Prerequisites

Requirements

Readers of this document should have knowledge of these topics:

  • The BBSM Internet Protocol (IP) scheme or network diagram for the property.

  • The wireless service set identifier(s) for your radio network (case-sensitive).

  • The username and password for your network account, if you are using LEAP.

Components Used

The information in this document is based on BBSM 5.1.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Security

The configurations that are contained in this documentation are provided as a sample and may require further modifications for use in your particular network. Access lists have been provided in the Configuring the Access List for Security Control for the Cisco 2600 Router and Configuring the Access List for Security Control for the 3500 XL/XL PWR Switch sections of the documentation as examples of how to prevent unauthorized access to routers and switches. These security measures are not comprehensive and you should modify them as required for each individual network. You must test any additions or modifications to access lists and other configuration items prior to inclusion into a production network environment.

It is the network administrator’s responsibility to analyze all security risks and respond to security issues for the BBSM network. Cisco assumes no responsibility for damage done by unauthorized personnel that access network equipment.

VPN Issues

BBSM supports all Virtual Private Network (VPN) solutions, once a customer connects to the BBSM service. You may experience problems depending on the IP scheme of the BBSM Internal Network. Some VPNs do not support Network Address Translation (NAT) or Port Address Translation (PAT). NAT or PAT must occur when you are using a private or a non-routable IP scheme (for example, 10.10.0.0). Translation of a private address to a public, routable address occurs on the router and is what actually causes some VPN solutions not to work. The Cisco VPN 3000 Concentrator, for example, is a system that can support VPN over NAT.

To ensure that all VPNs work all of the time, the entire BBSM solution must use a routable, or public, IP scheme.

Note: Even though routable IP addresses are used, customers that rely on Plug and Play to connect to BBSM with statically configured IP addresses may not be able to activate a VPN session. The reason for this is because BBSM uses a form of NAT to translate between their static IP address and an IP address from the Foreign Range.

If the customer requires a VPN connection and can not initiate one with a static IP address, then the customer must configure their computer for DHCP.

Parameter Definitions

This section defines the parameters, or variables, that are used throughout this document.

  • AP_IP_Address—The IP address of the Access Points (APs)

  • AP_Network—The effective network ID of the APs, regardless the of actual subnet mask

  • AP_Subnet_Mask—The effective subnet mask of the APs

  • BBSM_Internal_NIC—The IP address of the BBSM internal network interface controller (NIC)

  • BBSM_Internal_IP_Network—The network ID of the BBSM internal network

  • CD_Drive—The drive letter of the CD drive of the computer

  • ClientName—A unique name to differentiate between clients

  • Encryption_Key—Enter a 26-digit hexadecimal number

  • Gateway—The IP address of the BBSM internal NIC

  • Inside_IP—The private IP address that receives a 1:1 Network Address Translation (NAT) mapping to the Outside_IP

  • IP_Addr—The destination IP address or IP network for router access list 100

  • IP_Address—The IP address for the radio

  • IP_of_ACS—The IP address of the Remote Authentication Dial-In User Service/Asynchronous Communications Server (RADIUS/ACS)

  • IP_of_Radios—The IP range with which the Cisco 340/350 APs are configured

  • IP_of_tftp_server—The IP address of the TFTP server

  • Leave blank—Leave this setting blank. It defaults to Any

  • MAC_Address_of_AP—The Media Access Control (MAC) address of the AP obtained from the bottom of the AP

  • MAC_Address_of_WGB—The MAC address of the workgroup bridge (WGB) obtained from the bottom of the WGB

  • Man_Network—The integrator or corporate network to use to monitor and administer the network

  • Man_Wildcard—Used to determine the size of the management network

  • Name—The unique identifier for the WGB

  • Netmask—The subnet mask

  • password_1—The password required to enter Privileged mode

  • password_2—The password required to logon to the switch through Telnet

  • Private_IP_(X)—The private IP address to receive a 1:1 NAT map to a Real_IP_(X)

  • Real_IP_(X)—The real IP addresses that is obtained from the Internet service provider (ISP)

  • Remote_ID—The MAC address or IP address of the remote computer(s) that are authorized to access the WGB

  • RO_String—The read-only Simple Network Management Protocol (SNMP) community string

  • RW_String—The read-write SNMP community string

  • Shared_Secret—This must be the same as the RADIUS/ACS account

  • Subnet_Mask—The subnet mask for the BBSM internal network

  • Subnet_Mask_of_ACS—The effective subnet mask of the RADIUS server: for a single server, this is 255.255.255.255

  • SSID—The unique service set identifier

  • Switch_IP—The IP address of the 3500 switch

  • Transmit_Power—Transmit power of the WGB radio that controls the range of the WGB

  • username—The username for the user account created on the WGB

  • Wildcard—Used with IP_Addr to determine the size of the destination network for router access list 100

  • WGB_IP_address—The desired IP address of the WGB, according to the network design

Configuring the Cisco 2600 Router

Entering Configuration Mode

Issue these commands to enter configuration mode:

Router> enable

!--- Enter password, if prompted.

Router# config terminal

Router(config)# enable secret password_1 

Router(config)# hostname SJ1

!--- Use a unique hostname for each router, for easy identification.

Configuring the NAT When Using Private IPs on BBSM Network(s) (Optional)

Issue these commands to configure the NAT pool for BBSM end users:

SJ1(config)# ip nat pool all_clients Real_IP_2 Real_IP_3 netmask Netmask 

SJ1(config)# ip nat inside source list 1 pool all_clients overload

SJ1(config)# ip nat inside source static Private_IP_X Real_IP_X 

SJ1(config)# access-list 1 permit BBSM_Internal_IP_Network Wildcard 

SJ1(config)# access-list 1 permit BBSM_External_IP_Network Wildcard

Configuring the NAT Pool for Aironet Radios using LEAP Authentication (Optional)

Issue these commands to configure the NAT pool for Aironet radios that use LEAP authentication:

SJ1(config)# ip nat pool all_radios Real_IP_4 Real_IP_5 netmask Netmask 

SJ1(config)# ip nat inside source list 101 pool all_radios overload

!--- Issue the next command on one line.

SJ1(config)# access list 101 permit
             udp IP_of_Radios Wildcard host IP_of_ACS eq 1645

Routing to the Internet

Issue this command to route to the Internet:

SJ1(config)# ip route 0.0.0.0 0.0.0.0 ISP_Gateway

Routing to the Internal BBSM Network

Issue this command to route to the internal BBSM network:

SJ1(config)# ip route BBSM_Internal_IP_Network Netmask BBSM_External_NIC

Configuring the SNMP Engine

Issue these commands to configure the SNMP engine:

SJ1(config)# snmp community RW_String RW

SJ1(config)# snmp community RO_String RO

Configuring the Access List for Security Control

Issue these commands to configure the access list for security control:


!--- Issue these commands on one line each.

SJ1(config)# access-list 100 permit
            icmp Man_Network Wildcard any echo

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard host BBSM_I/E_NIC eq 9488

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard host BBSM_I/E_NIC eq ftp

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard host BBSM_I/E_NIC eq snmp

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard host BBSM_I/E_NIC eq telnet

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard host BBSM_I/E_NIC eq www

SJ1(config)# access-list 100 permit
            udp Man_Network Wildcard host BBSM_I/E_NIC eq tftp

SJ1(config)# access-list 100 permit
            icmp Man_Network Wildcard IP_Addr Wildcard echo

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard IP_Addr Wildcard eq telnet

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard IP_Addr Wildcard eq www

SJ1(config)# access-list 100 permit
            tcp Man_Network Wildcard IP_Addr Wildcard eq snmp

SJ1(config)# access-list 100 permit
            udp Man_Network Wildcard IP_Addr Wildcard eq tftp

SJ1(config)# access-list 100 deny ip any IP_Addr Wildcard 

SJ1(config)# access-list 100 deny icmp any any echo

SJ1(config)# access-list 100 permit ip any any

Note: You can repeat these access-list statements for multiple source and destination IP addresses, for source and destination port numbers, and for protocols.

Configuring the Serial Interface

Issue these commands to configure the serial interface:

SJ1(config)# interface serial0/0

SJ1(config-if)# ip address IP_Address_1 Netmask 

SJ1(config-if)# ip nat outside

SJ1(config-if)# ip access-group 100 in

Configuring the Ethernet Interface

Issue these commands to configure the Ethernet interface:

SJ1(config-if)# interface Ethernet0/0

SJ1(config-if)# ip address IP_Address_2 Netmask 

SJ1(config-if)# ip nat inside

Configuring the Telnet Interface

Issue these commands to configure the Telnet interface:

SJ1(config-if)# line vty 0 4

SJ1(config-line)# password password_2 

SJ1(config-line)# login

SJ1(config-line# line vty 5 15

SJ1(config-line)# login

SJ1(config-line)# ^Z

!--- Ctrl-Z ends the configuration session.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of the Cisco 2600 router:

  • NAT configurations are missing or are configured incorrectly.

  • The route for the BBSM internal network is missing or is incorrect.

Configuring BBSM

You can find detailed instructions to configure the BBSM software on the BBSM Installation CD at CD_Drive:\Documentation\config.pdf.

Note: You must install Adobe Acrobat Reader to view this file.

Configuring Routing and Remote Access

Note: Only follow these steps if LEAP authentication is used by clients or WGBs.

Use this procedure to add the output filter(s) that allows the Access Points to talk to the RADIUS/ACS server, to verify LEAP authentication for the clients:

  1. Choose Start > Programs > Administrative Tools > Routing and Remote Access.

  2. Expand BBSM (local) and choose IP Routing > General.

  3. Right-click External and choose Properties.

  4. Click Output Filters.

  5. Click Add.

  6. Check the Source Network check box and add this information:

    • Source Address: AP_Network

    • Source Subnet Mask: AP_Subnet_Mask

  7. Check the Destination Network check box and add this information:

    • Destination Address: IP_of_ACS

    • Destination Subnet Mask: Subnet_Mask_of_ACS

  8. Add this additional information:

    • Protocol: UDP (Source and Destination Port fields appear.)

    • Source Port: (Leave blank.)

    • Destination Port: 1645

  9. Click OK three times.

  10. Close the Routing and Remote Access window.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of BBSM:

  • The filter on the external NIC is missing or is configured incorrectly.

  • If you commit an error during the installation of the BBSM software, then stop the installation, reformat the hard drive, and begin the installation with a clean copy of Windows 2000 Server.

Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)

Entering Configuration Mode

Issue these commands to enter configuration mode:

Switch> enable

!--- Enter password if prompted.

Switch# config terminal

Global Configuration

Issue these commands for a global configuration:

Switch(config)# enable secret password_1 

Switch(config)# hostname BaseSwitch1

!--- Use a unique hostname for each switch, for easy identification.

BaseSwitch1(config)# ip default-gateway BBSM_Internal_NIC 

BaseSwitch1(config)# snmp community RW_String RW

BaseSwitch1(config)# snmp community RO_String RO

Configuring the Access List for Security Control

Issue these commands to configure the access list for security control:


!--- Issue these commands on one line each.

BaseSwitch1(config)# access-list 100 permit
                   icmp host BBSM_Internal_NIC host Switch_IP echo

BaseSwitch1(config)# access-list 100 permit
                   tcp host BBSM_Internal_NIC host Switch_IP eq telnet

BaseSwitch1(config)# access-list 100 permit
                   tcp host BBSM_Internal_NIC host Switch_IP eq www

BaseSwitch1(config)# access-list 100 permit
                   udp host BBSM_Internal_NIC host Switch_IP eq tftp

BaseSwitch1(config)# access-list 100 permit
                   udp host BBSM_Internal_NIC host Switch_IP eq snmp

Configuring the FastEthernet0/1 - 0/23 Interface

Issue these commands to configure the FastEthernet0/1 - 0/23 interface:

BaseSwitch1(config)# interface fastethernet0/x 

!--- Where x equals the interface number; for example, 0/1 or 0/23.

BaseSwitch1(config-if)# port protected

BaseSwitch1(config-if)# spanning-tree rootguard

BaseSwitch1(config-if)# spanning-tree portfast

Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)

Issue these commands to configure the FastEthernet0/1 - 0/24 interface storm control:

BaseSwitch1(config-if)# port block unicast

BaseSwitch1(config-if)# port block multicast

Configuring the VLAN 1 Interface

Issue these commands to configure the VLAN 1 interface:

BaseSwitch1(config-if)# interface vlan 1

BaseSwitch1(config-if)# ip address Switch_IP Netmask 

BaseSwitch1(config-if)# ip access-group 100 in

BaseSwitch1(config-if)# no ip directed-broadcast

BaseSwitch1(config-if)# no ip route-cache

Configuring the Telnet Interface

Issue these commands to configure the Telnet interface:

BaseSwitch1(config-if)# line vty 0 4

BaseSwitch1(config-line)# password password_2 

BaseSwitch1(config-line)# login

BaseSwitch1(config-line)# line vty 5 15

BaseSwitch1(config-line)# login

BaseSwitch1(config-line)# ^Z

!--- Ctrl-Z ends the configuration session.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of the 3500 XL/XL PWR switch (base switch configuration):

  • Do not include base switches in WEBConfig > Switches.

  • You must not configure Interface Ethernet0/24, the port that is pointing towards the BBSM server, with the port protected, spanning-tree rootguard, or spanning-tree portfast commands.

Configuring the Aironet Access Point

Using the IP Setup Utility (IPSU)

Follow these steps to obtain the IP address with the IPSU:

  1. Connect the AP to a DHCP server.

  2. Obtain the MAC address from the bottom of the AP.

  3. Launch the IPSU that came with the AP.

  4. For the Device MAC ID, enter MAC_Address_of_AP.

  5. Click the Function: Get IP Addr radio button.

  6. Click Get IP Address.

  7. Record the IP address and click Exit.

Express Setup Web Page

Follow these steps to setup the web page:

  1. Launch a web browser and enter the URL http://AP_IP_Address .

    The Express Setup Page appears, if the AP was not configured.

  2. Enter this information when the Express Setup Page appears:

    • System Name: Any unique name (for ease of identification)

    • MAC Address: (Read Only)

    • Configuration Server Protocol: None

    • IP Address: IP_Address

    • Default IP Subnet Mask: Netmask

    • Default Gateway: Gateway

    • Radio Service Set ID: SSID

      Note: Refer to the network diagram for your site.

    • Role in Radio Network: Access Point-Root/Repeater Non-Root

      Note: Refer to the network diagram for your site.

    • Optimize Radio Network for: Throughput

    • SNMP Admin Community: private

  3. Click Apply.

Security Settings

Login

When the User Manager is enabled, current users are displayed.

User Manager

Use the procedure in this section to create a list of users that are authorized to view and change the management system for the Access Point. The passwords are the same as the username. The needed communities are:

  • public—indent only

  • private—all checked but firmware

  • tsunami—all checked

  1. From the Summary Status page, select Setup > Security > User Information.

  2. Click Add New User and enter a username and password for the new user.

  3. Select the capabilities that you want to assign to the new user, and click Apply.

  4. Click Back on the browser to return to the Security Setup page.

  5. On the Security Setup page, click User Manager.

  6. When the User Manager Setup page appears, click User Manager: Enabled. You must define a full administrator user—a user with write, identity, and firmware capabilities—before you can enable the User Manager.

  7. Use the other settings on the User Manager Setup page to add more restrictions for the management system:

    • For the Allow Read-Only Browsing without Login, select No.

    • For the Protect Legal Credit Page, select Yes.

  8. Click OK to return to the Security Setup page.

Change Current User Password

This option allows the current user to modify their password.

Radio Data Encryption (WEP) (Optional)

Follow these steps to configure radio data encryption:

  1. From the Summary Status page, select Setup > Security > Radio Data Encryption (WEP).

  2. For Use of Data Encryption, select Optional.

    Optional supports both open and encrypted clients.

  3. For Accept Authentication Types, select Open and Network-EAP (LEAP).

  4. For the Encryption Key, enter Encryption_Key.

  5. For the Key Size, select 128 bit.

Configuring the RADIUS/ACS Server (Optional)

Follow these steps to configure RADIUS:

  1. From the Summary Status page, select Setup > Security > Authentication and enter this information:

    • Server Name/IP: IP_of_ACS

    • Server Type: RADIUS

    • Port: 1645

    • Shared Secret: Shared_Secret

    • Timeout: 20

  2. Click OK.

Allowing Broadcast SSID to Associate

Follow these steps to define whether or not to allow devices with a blank SSID to associate with the Access Point:

  1. From the Setup page, click AP Radio Hardware.

  2. Specify whether devices without a configured SSID are allowed to associate with the Access Point.

    • Select Yes (default setting) to allow devices with a blank SSID to associate with the Access Point.

    • Select No to require the SSID that is used by the client device to match the Access Point’s SSID.

Using Aironet Extensions

Follow these steps to use the Aironet extensions:

  1. From the Setup Page, click AP Radio Advanced.

  2. Select Yes to use Cisco Aironet 802.11 extensions.

    These extensions improve the ability of the Access Point to understand the capabilities of Cisco Aironet client devices that are associated with the Access Point.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of the Aironet Access Point:

  • A 128-bit WEP key must be set, to use LEAP authentication.

  • An SNMP community string that matches the BBSM Switches tab must be set up on the Access Point.

Configuring the Aironet Workgroup Bridge

Using IPSU

Follow these steps to obtain the IP address with the IPSU:

  1. Connect the WGB to a DHCP server.

  2. Obtain the MAC address from the bottom of the WGB.

  3. Launch the IPSU that came with the WGB.

  4. For the Device MAC ID, enter MAC_Address_of_WGB.

  5. Click the Function: Get IP Addr radio button.

  6. Click Get IP Address.

  7. Record the IP address and click Exit.

Using a Web Browser to View/Change the Configuration

Launch a web browser with a URL of http://IP_Address and click Allow Config Changes.

The Identity Page

Follow these steps to configure the identity page:

  1. Under Configuration, click Identity.

  2. Configure these settings, and either press Enter or click Save after each setting:

    • Use BOOTP/DHCP on startup: Off

    • System name: Name

    • Internet address: WGB_IP_address

    • Internet subnet mask: Netmask

    • Internet default gateway: Gateway

    Note: All other settings are optional and you may modify them if you desire.

The Radio Page

The WGB must have an SSID. An SSID is assigned to direct traffic to a specific Access Point. Under Configuration, click Radio and enter this information:

  • Service set identification: SSID

  • Allowed bit rates in megabits/second: Verify 1_11

  • Transmit power : Transmit_Power

Leave all other settings at the default value.

The Console Page

Deleting SNMP Community Strings

From the factory, the SNMP community list has these entries; the list limit is six community strings:

  • Public: Read-Only

  • Proxy: Read-Only

  • Private: Read-Only

  • Regional: Read-Only

  • Core: Read-Only

  1. Under Configuration, click Console.

  2. Follow these steps to delete all five community strings (Public, Proxy, Private, Regional, and Core):

    1. Click SNMP community properties.

    2. Under Remove a Community, click All.

    3. Click Display SNMP communities to verify that all community strings are deleted.

  3. Follow these steps to delete a single SNMP community string:

    1. Click SNMP community properties.

    2. Under Remove a Community, enter community_name.

Adding SNMP Community Strings

Follow these steps to add a read-write user:

  1. Under Configuration, click Console.

  2. Click SNMP community properties.

  3. To add a community, enter username and then press Enter.

  4. Click Set Community Access Mode.

  5. Enter the username and press Enter.

  6. Click write and press Enter.

Creating the Remote Operator List

To prevent unauthorized access to the WGB, you must add a user to the remote operator list.

Under Configuration, click Console, add an operator host Remote_ID, and press Enter.

Setting User Access

Follow these steps to set the read-only password:

  1. Click Set readonly privilege password.

  2. Enter the password and press Enter, then retype the password and press Enter again.

  3. To clear a read-only password, select none two times.

Setting the Read-Write Password

Follow these steps to set the read-write password:

  1. Click Set write privilege password.

  2. Enter the password and press Enter, then retype the password and press Enter again.

  3. To clear a read-write password, select none two times.

Resetting the WGB to Factory Defaults for the WGB340

Note: If a password is set and forgotten, the device must be returned to Cisco, where it is erased and restored to factory defaults. This is not available as an in-field procedure.

Resetting the WGB to Factory Defaults for the WGB350

If a password is set and forgotten, the device must be returned to factory defaults.

Follow these steps to reset the WGB350 to factory defaults:

  1. With the power on, insert a paper clip into the small hole to the left of the power plug.

  2. Wait three to four seconds until the status light turns red.

The unit will reboot with factory defaults.

The Security Page

LEAP can be used to provide security between the AP and the WGB.

Follow these steps to configure LEAP so that it will provide security between the AP and the WGB:

  1. Under Configuration, click Security.

  2. For the authentication mode, select eap.

  3. For the login username, select ACS_Account_Name and press Enter.

  4. For the login password, select ACS_Account_PW and press Enter.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of the Aironet Workgroup Bridge:

  • Ensure that the IP address is set on the WGB or it is inaccessible. Refer to the Identity Page.

  • When you upgrade or restore firmware, verify that you use the Work Group Bridge firmware and not the Wireless Bridge firmware.

    • The WGB firmware part number is WGB34x or WGB35x.

    • The Wireless Bridge firmware part number is BR34x or BR35x.

  • When you use LEAP between the AP and the WGB:

    • Ensure that the AP is set to use LEAP.

    • If clients connect to the AP with Open Authentication, ensure that the AP is set to allow optional data encryption.

    • Ensure the RADIUS/ACS server is configured with an account for the WGBs. Either one account for each WGB is required, or a single account that allows multiple concurrent sessions is required.

  • The WGB only supports LEAP authentication with the AP if the WGB has firmware v8.58 or higher.

  • If the WGB has firmware v8.58 or higher, it only associates to an AP that has firmware v11.05 or higher.

Configuring the Aironet Network Interface Card

Follow these steps to configure the Aironet NIC:

  1. Launch the Aironet Client Utility and select Commands > Edit Properties > System Parameters.

  2. Enter this information:

    • Client Name: Client_Name

    • SSID: SSID or leave blank

    • Network Type: Infrastructure

    • Current Profile: Enterprise

  3. Select Commands > Edit Properties > Network Security and enter this information.

    • Server Based Authentication: None or LEAP

    • Access Point Authentication: Open

    • Check the Enable WEP check box, to allow encryption between the NIC and the AP.

    All other tabs can be left at their default values.

Common Oversights and Mistakes

These common oversights and mistakes are associated with the configuration of the Aironet Network interface card:

  • When you use LEAP with an AP that is set for both Optional and LEAP authentication, you must check the Allow Association to Mixed Cells check box, to allow Authentication. You can find the Allow Association to Mixed Cells check box at ACU > Commands > Edit Properties > Network Security.

  • If you can not make a connection with a blank SSID, check the configuration of the AP and ensure that the Allow Broadcast SSID to Associate check box is checked. If not, then verify that the wireless NIC of the end user is configured with the SSID of the AP.

  • LEAP authentication is optional and may not be supported at all sites.

Cisco Support Community - Featured Conversations

Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers. Below are just some of the most recent and relevant conversations happening right now.

 

Related Information

Updated: Jan 31, 2006Document ID: 20708