Allow
AAA Override
|
AAA
override for global WLAN parameters that you can enable or disable.
When AAA
Override is enabled, and a client has conflicting AAA and
switches WLAN authentication parameters,
client authentication is performed by the AAA server. As part of this
authentication, the operating system moves clients from the default Cisco WLAN
Solution WLAN VLAN to a VLAN returned by the AAA server and predefined in the
switches interface configuration. In all
cases, the operating system also uses QoS, DSCP, 802.1p priority tag values,
and ACLs provided by the AAA server, if they are predefined in the
switches interface configuration. (This VLAN
switching by AAA Override is also referred to as Identity Networking.)
If the
Corporate WLAN primarily uses a Management Interface assigned to VLAN 2, and if
AAA Override returns a redirect to VLAN 100, the operating system redirects all
client transmissions to VLAN 100, regardless of the physical port to which VLAN
100 is assigned.
When
AAA Override is disabled, all client authentication defaults to the
switches authentication parameter settings,
and authentication is performed only by the AAA server if the
switches WLAN does not contain any
client-specific authentication parameters.
The AAA
override values might come from a RADIUS server, for example.
|
Coverage
Hole Detection
|
Coverage
hole detection (CHD) on this WLAN that you can enable or disable.
By
default, CHD is enabled on all WLANs on the
switches. You can disable CHD on a WLAN.
When you
disable CHD on a WLAN, a coverage hole alert is still sent to the
Switch, but no other processing is done to
mitigate the coverage hole. This feature is useful for guest WLANs where guests
are connected to your network for short periods of time and are likely to be
highly mobile.
|
Session
Timeout
|
Configure a WLAN with a session timeout in seconds. The session
timeout is the maximum time for a client session to remain active before
requiring reauthorization. The minimum session timeout allowed is 1 second and
the maximum timeout allowed is 65535 seconds.
Note
|
Entering zero denotes the session will never expire.
|
|
Aironet
IE
|
Support
of Aironet IEs per WLAN that you can enable or disable. The default is
disabled.
|
Diagnostic Channel
|
Diagnostic channel support on the WLAN that you can enable or
disable. The default is disabled.
|
P2P
Blocking Action
|
Peer-to-peer blocking settings that you can choose from the
following:
- Disabled—(Default) Disables
peer-to-peer blocking and bridges traffic locally within the
switch whenever possible.
- Drop—Causes the
switches to discard the packets.
- Forward-UpStream—Causes the
packets to be forwarded on the upstream VLAN. The device above the
switches decides what action to take
regarding the packets.
|
Client
Exclusion
|
Timeout
in seconds for disabled client machines that you can enable or disable. Client
machines are disabled by their MAC address and their status can be observed on
the Clients > Details page. A timeout setting of 0 indicates that the client
is disabled permanently. Administrative control is required to reenable the
client. The default is enabled and the timeout setting is configured as 60
seconds.
|
Timeout Value (secs)
|
The minimum timeout value allowed is 0 seconds and the maximum
timeout value allowed is 2147483647 seconds.
|
Max
Allowed Client
|
Maximum
clients allowed per
Switch.
You can
set a limit to the number of clients that can connect to a WLAN. This feature
is useful in scenarios where you have a limited number of clients that can
connect to a
Switch. You can set a limit on the number
of guest clients that can access a given WLAN. The number of clients that you
can configure per WLAN depends on the platform that you are using. A maximum of
up to 12000 clients are supported.
Note
|
The
maximum number of clients per WLAN feature is supported only for access points
that are in connected mode.
|
|
DHCP
|
DHCP Server IP Address
|
Enter the DHCP server on the WLAN that overrides the DHCP server
address on the interface assigned to the WLAN.
|
DHCP Address Assignment Required
|
Enables
the DHCP address assignment and makes it mandatory for clients to get their IP
address from the DHCP server.
|
DHCP Option 82
|
Enables the DHCP82 payload on the WLAN.
|
DHCP option 82 Format
|
Specifies the DHCP option 82 format. Values are as follows:
- add-ssid— Set RemoteID
format that is the AP radio MAC address and SSID.
- ap-ethmac—Set RemoteID
format that is the AP Ethernet MAC address.
Note
|
If
the format option is not configured, only the AP radio MAC address is used.
|
|
DHCP Option ASCII Mode
|
Configures ASCII for DHCP Option 82. If this is not configured,
the option 82 format is set to ASCII format.
|
DHCP Option 82 RID Mode
|
Adds the Cisco 2 Byte RID for DHCP option 82.
|
NAC
|
NAC State
|
Enables the NAC on the WLAN.
|
Off Channel Scanning Defer
|
Scan
Differ Priority
|
Defer
priority for the channel scan that you can assign by clicking on the priority
argument. The valid range for the priority is 0 to 7. The priority is 0 to 7
(this value should be set to 6 on the client and on the WLAN).
Multiple
values can be set. The default values are 4, 5 and 6.
|
Scan
Differ Time
|
Channel
scan defer time in milliseconds that you can assign. The valid range is 100
(default) to 60000 (60 seconds). This setting should match the requirements of
the equipment on your wireless LAN.
|
Override Interface ACL
|
IPv4 ACL
|
The WLANs IPv4 ACL group. Values are as follows:
- Un-configured
- Pre-auth_ipv4_acl
|
IPv6 ACL
|
The WLANs IPv6 ACL group. Values are as follows:
- Un-configured
- Pre-auth_ipv6_acl
|