Allow AAA Override |
AAA override for global WLAN parameters that you can enable or disable. When AAA Override is enabled, and a client has conflicting AAA and switches WLAN authentication parameters, client authentication is performed by the AAA server. As part of this authentication, the operating system moves clients from the default Cisco WLAN Solution WLAN VLAN to a VLAN returned by the AAA server and predefined in the switches interface configuration. In all cases, the operating system also uses QoS, DSCP, 802.1p priority tag values, and ACLs provided by the AAA server, if they are predefined in the switches interface configuration. (This VLAN switching by AAA Override is also referred to as Identity Networking.) If the Corporate WLAN primarily uses a Management Interface assigned to VLAN 2, and if AAA Override returns a redirect to VLAN 100, the operating system redirects all client transmissions to VLAN 100, regardless of the physical port to which VLAN 100 is assigned. When AAA Override is disabled, all client authentication defaults to the switches authentication parameter settings, and authentication is performed only by the AAA server if the switches WLAN does not contain any client-specific authentication parameters. The AAA override values might come from a RADIUS server, for example. |
Coverage Hole Detection |
Coverage hole detection (CHD) on this WLAN that you can enable or disable. By default, CHD is enabled on all WLANs on the switches. You can disable CHD on a WLAN. When you disable CHD on a WLAN, a coverage hole alert is still sent to the Switch, but no other processing is done to mitigate the coverage hole. This feature is useful for guest WLANs where guests are connected to your network for short periods of time and are likely to be highly mobile. |
Session Timeout |
Configure a WLAN with a session timeout in seconds. The session timeout is the maximum time for a client session to remain active before requiring reauthorization. Entering zero denotes the session will never expire. |
Aironet IE |
Support of Aironet IEs per WLAN that you can enable or disable. The default is disabled. |
Diagnostic Channel |
Diagnostic channel support on the WLAN that you can enable or disable. The default is disabled. |
P2P Blocking Action |
Peer-to-peer blocking settings that you can choose from the following:
-
Disabled—(Default) Disables peer-to-peer blocking and bridges traffic locally within the switch whenever possible.
-
Drop—Causes the switches to discard the packets.
-
Forward-UpStream—Causes the packets to be forwarded on the upstream VLAN. The device above the switches decides what action to take regarding the packets.
|
Client Exclusion |
Timeout in seconds for disabled client machines that you can enable or disable. Client machines are disabled by their MAC address and their status can be observed on the Clients > Details page. A timeout setting of 0 indicates that the client is disabled permanently. Administrative control is required to reenable the client. The default is enabled and the timeout setting is configured as 60 seconds. |
Timeout Value (secs) |
|
Max Allowed Client |
Maximum clients allowed per Switch. You can set a limit to the number of clients that can connect to a WLAN. This feature is useful in scenarios where you have a limited number of clients that can connect to a Switch. You can set a limit on the number of guest clients that can access a given WLAN. The number of clients that you can configure per WLAN depends on the platform that you are using. A maximum of up to 12000 clients are supported.
Note |
The maximum number of clients per WLAN feature is supported only for access points that are in connected mode. |
|
DHCP |
DHCP Server IP Address |
Enter the DHCP server on the WLAN that overrides the DHCP server address on the interface assigned to the WLAN. |
DHCP Address Assignment Required |
Enables the DHCP address assignment and makes it mandatory for clients to get their IP address from the DHCP server. |
DHCP Option 82 |
Enables the DHCP82 payload on the WLAN. |
DHCP option 82 Format |
Specifies the DHCP option 82 format. Valus are as follows:
-
add-ssid— Set RemoteID format that is the AP radio MAC address and SSID.
-
ap-ethmac—Set RemoteID format that is the AP Ethernet MAC address.
Note |
If the format option is not configured, only the AP radio MAC address is used. |
|
DHCP Option ASCII Mode |
Configures ASCII for DHCP Option 82. If this is not configured, the option 82 format is set to ASCII format. |
DHCP Option 82 RID Mode |
Adds the Cisco 2 byte RID for DHCP option 82. |
NAC |
NAC State |
Enables the NAC on the WLAN. |
Off Channel Scanning Defer |
Scan Differ Priority |
Defer priority for the channel scan that you can assign by clicking on the priority argument. The valid range for the priority is 0 to 7. The priority is 0 to 7 (this value should be set to 6 on the client and on the WLAN). Multiple values can be set. The default values are 4, 5 and 6. |
Scan Differ Time |
Channel scan defer time in milliseconds that you can assign. The valid range is 100 (default) to 60000 (60 seconds). This setting should match the requirements of the equipment on your wireless LAN. |
Override Interface ACL |
IPv4 ACL |
The WLANs IPv4 ACL group. Values are as follow:
-
Un-configured
-
Pre-auth_ipv4_acl
|
IPv6 ACL |
The WLANs IPv6 ACL group. Values are as follow:
-
Un-configured
-
Pre-auth_ipv6_acl
|