Main Help Topics

Use this page to assign special configuration settings for the access point radios. The internal radio and the radio module both have an AP Radio Advanced page. You can also use this page to make temporary changes in port status to help with troubleshooting network problems.

Settings

Requested Status

Read and set the operating conditions of the port. Up (the default setting) turns the radio on for normal operation. Down turns the radio off. This setting is useful for troubleshooting on your network.

Current Status

Displays the current status of the radio port. This field can also display Error, meaning the port is operating but is in an error condition.

Packet Forwarding

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio.

Forwarding State

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio. The Forwarding State line under the setting displays the current forwarding state. For normal bridge operation, the forwarding state is Forwarding. Four other states are possible:

• Unknown -- The state cannot be determined.
• Disabled -- Forwarding capabilities are disabled.
• Blocking -- The port is blocking transmission. This is the state when no stations are associated.
• Broken -- This state reports radio failure.

Default Unicast Address Filter

MAC address filters allow or disallow the forwarding of unicast and multicast packets destined to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify.

The pull-down menus for unicast and multicast address filters contain two options:

• Allowed -- The device forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.
• Disallowed -- The device discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page. Select this setting for each authentication type that also uses MAC-based authentication.

Default Multicast Address Filter

This parameter is the same as Default Unicast Address Filters.

Note Unicast packets are addressed to just one device on the network. Multicast packets are addressed to multiple devices on the network.

Maximum Multicast Packets/Second

Enter the number of multicast packets that can pass through the port each second. If this setting is set to 0, the device passes an unlimited number of multicast packets. If this setting is set to a non-zero number, the device passes only that number of multicast packets.

Radio Cell Role

Use this pull-down menu to select the function of the bridge’s radio within its radio coverage area (cell). This setting determines how the bridge’s radio interacts with other wireless devices. The menu contains the following options:

• Root -- A wireless LAN transceiver that connects an Ethernet network with wireless client stations or with another Ethernet network. Use this setting if the bridge is connected to the wired LAN.
• Repeater/non-root -- A wireless LAN transceiver that transfers data between a client and another access point, or between two bridges. Use this setting for access points not connected to the wired LAN and for non-root bridges with clients.
• Client/non-root -- A station with a wireless connection to an access point or bridge but with no associations to other client devices. Use this setting for non-root bridges without clients. You can also use this setting for diagnostics or site surveys, such as when you need to test the bridge by having it communicate with another access point or bridge without accepting associations from client devices.

SSID For Use by Infrastructure Stations (such as Repeaters)

Use this entry field to identify the SSID to be used by repeaters and workgroup bridges to associate to the access point. It is also the SSID used by a non-root bridge to associate to a root bridge. This SSID should be mapped to the native VLAN ID in order to facilitate communications between infrastructure devices and a non-root access point or bridge.

Disallow Infrastructure Stations on Any Other SSID

Use this setting to prevent repeaters or workgroup bridges from associating to SSIDs other than the infrastructure SSID. The default setting is No, so to invoke this condition, you must change the setting to Yes.

Use Aironet Extensions

Select yes or no to use Cisco Aironet 802.11 extensions. This setting must be set to yes (the default setting) to enable these features:

• Load balancing -- The access point uses Aironet extensions to direct client devices to an access point that provides the best connection to the network based on factors such as number of users, bit error rates, and signal strength.
  
  
• Message Integrity Check (MIC) -- MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof.
  
  
• Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key.

The extensions also improve the access point’s ability to understand the capabilities of Cisco Aironet client devices associated with the access point.

Classify Workgroup Bridges as Network Infrastructure

Select no to allow more than 20 Cisco Aironet Workgroup Bridges to associate to the access point. The default setting (yes) limits the number of workgroup bridges that can associate to the access point to 20 or less.

The 'Reliable multicast messages from the access point to workgroup bridges' setting limits reliable delivery of multicast messages to approximately 20 Cisco Aironet Workgroup Bridges that are associated to the access point. The default setting, disabled, reduces the reliability of multicast delivery to allow more workgroup bridges to associate to the access point.

Access points and bridges normally treat workgroup bridges not as client devices but as infrastructure devices, like access points or bridges. Treating a workgroup bridge as an infrastructure device means that the access point reliably delivers multicast packets, including Address Resolution Protocol (ARP) packets, to the workgroup bridge.

The performance cost of reliable multicast delivery -- duplication of each multicast packet sent to each workgroup bridge -- limits the number of infrastructure devices, including workgroup bridges, that can associate to the access point. To increase beyond 20 the number of workgroup bridges that can maintain a radio link to the access point, the access point must reduce the delivery reliability of multicast packets to workgroup bridges. With reduced reliability, the access point cannot confirm whether multicast packets reach the intended workgroup bridge, so workgroup bridges at the edge of the access point’s coverage area might lose IP connectivity. When you treat workgroup bridges as client devices, you increase performance but reduce reliability.

This feature is best suited for use with stationary workgroup bridges. Mobile workgroup bridges might encounter spots in the access point’s coverage area where they do not receive multicast packets and lose communication with the access point even though they are still associated to it.

A Cisco Aironet Workgroup Bridge provides a wireless LAN connection for up to eight Ethernet-enabled devices. Refer to the Cisco Aironet Workgroup Bridge Software Configuration Guide for a description of workgroup bridges.

Require Use of Radio Firmware x.xx

This setting affects the firmware upgrade process when you load new firmware for a device. Select yes to force the radio firmware to be upgraded to a firmware version compatible with the current version of the management system. Select no to exempt the current radio firmware from firmware upgrades.

Ethernet Encapsulation Transform

Choose 802.1H or RFC1042 to set Ethernet encapsulation type. Data packets that are not 802.2 packets must be reformatted to 802.2 via 802.1H or RFC1042.

• 802.1H -- This default setting provides optimum performance for Cisco Aironet wireless products.
• RFC1042 -- Use this setting to ensure interoperability with non-Cisco Aironet wireless equipment. RFC1042 does not provide the interoperability advantages of 802.1H but is often used by other manufacturers of wireless equipment.

Quality of Service Setup

Click this link to go to the AP Radio Quality of Service page.

Bridge Spacing (bridges only)

Use this setting to specify the distance from a root bridge to the non-root bridges with which it communicates. You do not need to adjust this setting on non-root bridges. The Bridge Spacing setting adjusts the bridge’s timeout values to account for the time required for radio signals to travel from bridge to bridge. If more than one non-root bridge communicates with the root bridge, enter the distance from the root bridge to the non-root bridge that is farthest away. Enter a value from 0 to 40 kilometers.

Enhanced MIC Verification for WEP

Select MMH. MIC prevents attacks on encrypted packets called bit-flip attacks. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof.

You must set up and enable WEP before you can enable MIC. See the Setting up WEP section.

Temporal Key Integrity Protocol

Select Cisco. WEP key hashing defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key. WEP key hashing removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs.

You must set up and enable WEP before you can enable WEP key hashing. See the Setting up WEP section.

Broadcast WEP Key Rotation Interval (sec)

Enter the rotational interval in seconds. If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes. To disable broadcast WEP key rotation, enter 0.

EAP authentication provides dynamic unicast WEP keys for client devices but uses static multicast keys. With broadcast, or multicast, WEP key rotation enabled, the access point provides a dynamic broadcast WEP key and changes it at the interval you select. Broadcast key rotation is an excellent alternative to WEP key hashing if your wireless LAN supports wireless clients devices that are not Cisco devices or that cannot be upgraded to the latest firmware for Cisco client devices.

Advanced Primary SSID Setup

This link takes you to the AP Radio Primary SSID page, from which you can configure the primary SSID settings. On this page, you configure IEEE 802.1x authentication, EAP, unicast address filters, and the maximum number of associations for the radio’s primary SSID.

Preferred Access Points

You use these fields to set up a chain of repeater access points (access points without an Ethernet connection). Repeater access points function best when they associate with specific access points connected to the wired LAN. You use these fields to specify the access points that provide the most efficient data transmission link for the repeater.

If this preferred access point is a repeater, type the MAC address of one or more root-unit access points with which you want this access point to associate. With MAC addresses in these fields, the repeater access point always tried to associate with the specified access points instead of with other less-efficient access points.

Radio Modulation

Select Standard or MOK for the radio modulation the access point uses.

Standard -- This default setting is the modulation type specified in IEEE 802.11, the wireless standard published by the Institute of Electrical and Electronics Engineers (IEEE) Standards Association.

MOK -- This modulation was used before the IEEE finished the high-speed 802.11 standard and may still be in use in older wireless networks.

Radio Preamble

The radio preamble is a section of data at the head of a packet that contains information the access point and client devices need when sending and receiving packets. The drop-down menu allows you to select a long or short radio preamble:

Long -- A long preamble ensures compatibility between the access point and all early models of Cisco Aironet Wireless LAN Adapters (PC4800 and PC4800A).

Short -- A short preamble improves throughput performance. Cisco Aironet's Wireless LAN Adapter supports short preambles. Early models of Cisco Aironet's Wireless LAN Adapter (PC4800 and PC4800A) require long preambles.

Action Buttons