Access Point GUI
This chapter provides the following information:
Accessing the GUI
Follow these steps to access the Cisco Aironet 600 Series OfficeExtend access point GUI.
Step 1 Connect your laptop to the local Ethernet port 1, or 2 on the 600 Series OfficeExtend access point.
Note Ethernet port 4 (Remote LAN port) may not be used to configure the 600 Series OfficeExtend access point.
Step 2 With the 600 Series OfficeExtend access point connected to your home router/gateway as described in the procedure “Installing the Access Point” section, enter the IP address of the 600 Series OfficeExtend access point in the Address field of your Internet browser (http://<ap-ipaddress>) and click Go.
Note The default IP address is 10.0.0.1.
Note Make sure your laptop is not connected to your company’s network using a virtual private network (VPN) connection.
The 600 Series Office Extend Access Point Login page is displayed.
Step 3 When prompted, enter the username and password to log into the access point.
Note The default username and password are admin and admin.
The 600 Series OfficeExtend Access Point welcome page is displayed.
Step 4 On the 600 Series OfficeExtend Access Point welcome page, click Enter. The 600 Series Office Extend Access Point Home page is displayed.
Figure 2-1 Home Page with AP Info Tab View
The GUI consists of these pages:
Note When modifying any of the settings described in the following sections, ensure that you click Apply for the settings to take effect.
This is a multi-tab page shows general information about the AP settings, information about configured Local SSIDs and available Corporate SSIDs, and a summary of the client association statistics. It contains the following tabs:
The AP Info tab (see Figure 2-1) shows the access point name, IP address, AP mode, AP MAC address, AP uptime, software version, CAPWAP status, and WAN gateway status.
This page also shows radio-specific information including status, frequency/channel, transmit power, number of packets in and out, and number of bytes in and out.
The CAPWAP status shows the status of the AP’s CAPWAP connection with the controller. The CAPWAP status can be:
- Noop—Indicates CAPWAP is in No operation state
- Init—Indicates CAPWAP is in initialization process state
- Discovery—Indicates CAPWAP is in discovery state
- DTLS Setup—Indicates DTLS connection is in progress
- DTLS Teardown—Indicates DTLS connection is down
- Join—Indicates CAPWAP is in Join state
- Connected—Indicates AP and Controller is in Connected state
- Image Data—Indicates CAPWAP connection has been established and is downloading the image from controller
- Configure - Indicates CAPWAP is in configuration state
- Sulking—Indicates CAPWAP bad/stuck state
- Idle—Indicates CAPWAP is in idle state without any operation
If the WAN connection is established and the AP’s Gateway is reachable then the WAN status is shown as Reachable, else it is shown as Not Reachable.
The SSID tab (see Figure 2-2) lists configured Local SSIDs and available Corporate SSIDs and the configured security policy. Additionally, for Corporate SSIDs, split-tunnel status is also displayed.
Figure 2-2 Home–SSID Tab
The Client tab (see Figure 2-3) give the details of associated clients with Local as well as Corporate SSIDs. For each connected client, this page reports the client MAC address, WLAN SSID, elapsed association time, number of bytes in and out, number of duplicates and retries, and the number of failed decryptions.
Figure 2-3 Home–Client Tab
This page which allows you to configure different options like personal SSID, local DHCP server, etc.
The Configuration page is a multi-tab page which allows you to configure the following options:
The main options that can be configured on this page are:
Wherever applicable, default values will be shown.
The System tab (see Figure 2-4) displays general system information, such as username and password for the access point and radio interface information.
Figure 2-4 Configuration–System Tab
The SSID tab (see Figure 2-5) contains the fields necessary for you to configure and set up security for your personal SSIDs.
Figure 2-5 Configuration–SSID Tab
The Configuration DHCP tab (see Figure 2-6) contains the fields necessary for you to change your DHCP scope.
Figure 2-6 Configuration–DHCP Tab
The Configuration WAN tab (see Figure 2-7) contains the fields necessary for you to configure the IP address of the Wireless LAN controller on your access point.
Figure 2-7 Configuration-WAN Tab
The Firewall page (see Figure 2-8) allows you to enable or disable the firewall feature on the AP. If enabled, the Firewall Mode shows Firewall Enabled.
To disable the firewall, from the drop-down list choose Disabled, and then click Apply. The firewall is disabled by default.
The following firewall settings are available:
- Block all TCP and UDP port traffic. By default all ports are blocked.
- Selective unblocking of traffic based on application types such as HTTP, HTTPS, SSH, and FTP.
- Unblocking of traffic based on LAN destination addresses, protocols and ports.
- Port forwarding, with 10 or less total entries for separate port numbers.
Note All firewall settings are applicable on the WAN port for local traffic (traffic sent directly to the Internet, and not to the corporate network). Firewall protection for CAPWAP traffic and traffic sent through the controller to the corporate office is configured and monitored on the WLC.
Figure 2-8 Configuration–Firewall Page
Precedence of Firewall Settings
The order of precedence of the firewall settings is as given below:
1. Port Forwards
3. LAN Application Access
4. LAN Access Client
The filters you can apply are categorized into the two sections – LAN Application Access and LAN Access Client. See Figure 2-9.
Figure 2-9 Firewall–Filtering Page
LAN Application Access
Using the LAN Application Access set of filters (see Figure 2-9) you can enable or disable for LAN clients, the access to certain pre-configured applications on the Internet. This filter also provides an easy way of granting access for a non-Admin end user.
You can enable or disable access to the following 10 pre-configured application types. This configuration allows LAN machines to access, through the OEAP, the selected applications and services over the Internet:
LAN Access Client
The LAN Access Client set of filters (see Figure 2-9) provide a more fine grained but controlled unblocking of packets based on protocol, port, and IP range. This configuration also allows LAN devices to access, through the OEAP, the selected applications and services over the Internet. A maximum of 10 such filters are allowed. You need to specify the protocol (TCP/UDP), LAN client IP range and destination port range to configure each filters.
The Port Forwards settings (see Figure 2-10) allow you to configure port forwarding rules for packets from WAN port to Local LAN clients and back. A maximum of 10 Port Forwards can be set, but the ranges should not overlap and should be of the same size. Every rule takes protocol (TCP/UDP), WAN port range, Local LAN client IP (where traffic will be forwarded), and LAN port range as parameters.
Figure 2-10 Firewall–Forwarding Settings Page
The DMZ feature allows one network computer connected to a local LAN or WLAN to be exposed to the Internet for using special-purpose services such as Internet gaming. The DMZ feature forwards all the ports terminating on a WAN IP (set as the DMZ IP Address) at the same time to one PC.
The DMZ feature, if enabled, will forward all incoming WAN packets to the LAN machine, except the CAPWAP control/data and packets which are destined to any ports and which have a port forwarding rule. The DMZ feature is not applicable to corporate networks such as Remote-LAN and Corp WLAN.
However, the Port Forwards feature is more secure, compared to DMZ feature because the former only opens the ports you want to have opened, while DMZ opens all the ports of one computer, exposing the computer to the Internet/WAN.
Figure 2-11 Firewall–DMZ Page
The Download/Upload page (see Figure 2-12) allows the following functions;
- To download the content of the AP NVRAM (Download configuration file) for archiving or management purposes. For this, click Download Configuration File.
- To upload a configuration file to the access point. Click Choose File, browse and select a configuration file, and then click Upload Configuration File.
- To download the last boot Eventlog file, click Save last boot event log to file.
- To download the current Eventlog file, click Save current event log to file.
Figure 2-12 Download/Upload Page
Event Log Page
This page shows you the logged errors and allows you to clear the log. Click Clear to clear the log.
The Network Diagnostics page (see Figure 2-13) allows you to run the Speed Test and Link Test for the Network between AP and Controller. To run diagnostics, click Start Diagnostics.
Figure 2-13 Network Diagnostics
The functionalities of the Network Diagnostics page are as follows:
- Speed Test—The Speed test feature calculates both the download and upload speeds (DTLS and non-DTLS) between the controller and the AP. It provides the network speed with DTLS and Non-DTLS connections.
Using the Speed Test feature you can determine the non-DTLS throughput of the system, by running a speed test on demand. This allows for root cause failure analysis and debugging of network bottlenecks.
- Link Test—The Link test provides the link latency and the jitter values. Link latency monitors the round-trip time of the CAPWAP packets (echo request and response) from the access point to the controller. The round-trip time is calculated in milliseconds. The jitter value is then calculated using the link latency values. Jitter is the amount of variation in latency/response time, in milliseconds.
- Network Diagnostics Last Run—Shows the details of the last run diagnostics along with its timestamp.
Note You can run the Speed and Link tests from the AP’s GUI, the controller’s GUI, and the controller’s CLI.
Running Network Diagnostics via Controller CLI
From the wireless LAN controller CLI, you can use the following command to run network diagnostics:
(Cisco Controller)> show ap network-diagnostics ap1
AP network diagnostics has been initiated
Waiting for network diagnostics to complete
======================= AP Network Diagnostics =====================
DTLS Upload Speed................ 10.83 Mbps
DTLS Download Speed................ 9.87 Mbps
Non-DTLS Upload Speed................ 22.29 Mbps
Non-DTLS Download Speed................ 24.44 Mbps
Latency................ 1 mSec
Jitter................ 0 mSec
show ap network-diagnostics ap-name
Running Network Diagnostics via Controller GUI
You can initiate the network diagnostics tests from the Network Diagnostics tab in the controller GUI. This tab is available at Wireless > All APs > Details.