Main Help Topics

Use this page to assign special configuration settings for the access point's internal and module radio ports. You can also use this page to make temporary changes in port status to help with troubleshooting network problems.

Settings

Requested Status

Read and set the operating conditions of the port. Up (the default setting) turns the radio on for normal operation. Down turns the radio off. This setting is useful for troubleshooting on your network.

Current Status

Displays the current status of the radio port. This field can also display Error, meaning the port is operating but is in an error condition.

Packet Forwarding

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio.

Forwarding State

This setting is always set to Enabled for normal operation. For troubleshooting, you might want to set packet forwarding to Disabled, which prevents data from moving between the Ethernet and the radio. The Forwarding State line under the setting displays the current forwarding state. For normal bridge operation, the forwarding state is Forwarding. Four other states are possible:

• Unknown -- The state cannot be determined.
• Disabled -- Forwarding capabilities are disabled.
• Blocking -- The port is blocking transmission. This is the state when no stations are associated.
• Broken -- This state reports radio failure.

Default Unicast Address Filter

MAC address filters allow or disallow the forwarding of unicast and multicast packets destined to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify.

The pull-down menus for unicast and multicast address filters contain two options:

• Allowed -- The device forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.
• Disallowed -- The device discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page. Select this setting for each authentication type that also uses MAC-based authentication.

For example, if the access point is configured for both open and Network-EAP authentication, you could set Default Unicast Address Filter under Open to Disallowed but leave Default Unicast Address Filter under Network-EAP set to Allowed. This configuration forces client devices using open authentication to authenticate using MAC addresses but does not force LEAP-enabled client devices to authenticate using MAC addresses. To force all client devices to authenticate using MAC addresses, select Disallowed for all the enabled authentication types.

Default Multicast Address Filter

This parameter is the same as Default Unicast Address Filters.

Note Unicast packets are addressed to just one device on the network. Multicast packets are addressed to multiple devices on the network.

Maximum Multicast Packets/Second

Enter the number of multicast packets that can pass through the port each second. If 0 is entered, the device passes an unlimited number of multicast packets. If a non-zero number is entered, the device passes only that number of multicast packets.

Radio Cell Role

Use this pull-down menu to select the function of the bridge’s radio within its radio coverage area (cell). This setting determines how the bridge’s radio interacts with other wireless devices. The menu contains the following options:

• Root -- A wireless LAN transceiver that connects an Ethernet network with wireless client stations or with another Ethernet network. Use this setting if the bridge is connected to the wired LAN.
• Repeater/non-root -- A wireless LAN transceiver that transfers data between a client and another access point, or between two bridges. Use this setting for access points not connected to the wired LAN and for non-root bridges with clients.
• Client/non-root -- A station with a wireless connection to an access point or bridge but with no associations to other client devices. Use this setting for non-root bridges without clients. You can also use this setting for diagnostics or site surveys, such as when you need to test the bridge by having it communicate with another access point or bridge without accepting associations from client devices.

Maximum Number of Associations

Use this entry field to specify the maximum number of wireless networking devices that are allowed to associate to the access point. The default setting, 0, means that the maximum possible number of associations is allowed.

Classify Workgroup Bridges as Network Infrastructure

Select no to allow more than 20 Cisco Aironet Workgroup Bridges to associate to the access point. The default setting, yes, limits the number of workgroup bridges that can associate to the access point to 20 or less.

Access points and bridges normally treat workgroup bridges not as client devices but as infrastructure devices, like access points or bridges. Treating a workgroup bridge as an infrastructure device means that the access point reliably delivers multicast packets to the workgroup bridge. The access point also delivers multicast packets to client devices, but less reliably. Reliable multicast delivery limits the number of infrastructure devices, including workgroup bridges, that can associate to the access point. To increase beyond 20 the number of workgroup bridges that can associate to the access point, the access point must reduce the delivery reliability of multicast packets to workgroup bridges.

Note This feature is best suited for use with stationary workgroup bridges. Mobile workgroup bridges might encounter spots in the access point's coverage area where they do not receive multicast packets and lose communication with the access point even though they are still associated to it.

Use Aironet Extensions

Choose yes or no to use Cisco Aironet 802.11 extensions. This setting must be set to yes (the default setting) to allow Cisco Aironet client devices to perform load balancing. The access point or bridge uses Aironet extensions to direct client devices to an access point or bridge that provides the best connection to the network based on factors such as number of users, bit error rates, and signal strength. The extensions also improve the access point's or bridge's ability to understand the capabilities of Cisco Aironet client devices associated with the access point or bridge.

Require Use of Radio Firmware x.xx

This setting affects the firmware upgrade process when you load new firmware for a device. Choose yes to force the radio firmware to be upgraded to a firmware version compatible with the current version of the management system. Choose no to exempt the current radio firmware from firmware upgrades.

Ethernet Encapsulation Transform

Choose 802.1H or RFC1042 to set Ethernet encapsulation type. Data packets that are not 802.2 packets must be reformatted to 802.2 via 802.1H or RFC1042.

• 802.1H -- This default setting provides optimum performance for Cisco Aironet wireless products.
• RFC1042 -- Use this setting to ensure interoperability with non-Cisco Aironet wireless equipment. RFC1042 does not provide the interoperability advantages of 802.1H but is often used by other manufacturers of wireless equipment.

Quality of Service Setup

Click this link to go to the AP Radio Quality of Service page

Bridge Spacing

Use this setting to specify the distance from a root bridge to the non-root bridges with which it communicates. You do not need to adjust this setting on non-root bridges. The Bridge Spacing setting adjusts the bridge’s timeout values to account for the time required for radio signals to travel from bridge to bridge. If more than one non-root bridge communicates with the root bridge, enter the distance from the root bridge to the non-root bridge that is farthest away. Enter a value from 0 to 40 kilometers.

Enhanced MIC Verification for WEP

Select MMH. MIC prevents attacks on encrypted packets called bit-flip attacks. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof.

You must set up and enable WEP before you can enable MIC. See the setting up WEP section.

Temporal Key Integrity Protocol

Select IV. WEP key hashing defends against an attack on WEP in which the intruder uses the unencrypted initialization vector (IV) in encrypted packets to calculate the WEP key. WEP key hashing removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs.

You must set up and enable WEP before you can enable WEP key hashing. See the setting up WEP section.

Broadcast WEP Key Rotation Interval (sec)

Enter the rotational interval in seconds. If you enter 900, for example, the access point sends a new broadcast WEP key to all associated client devices every 15 minutes. To disable broadcast WEP key rotation, enter 0.

EAP authentication provides dynamic unicast WEP keys for client devices but uses static multicast keys. With broadcast, or multicast, WEP key rotation enabled, the access point provides a dynamic broadcast WEP key and changes it at the interval you select. Broadcast key rotation is an excellent alternative to WEP key hashing if your wireless LAN supports wireless clients devices that are not Cisco devices or that cannot be upgraded to the latest firmware for Cisco client devices.

Advanced Primary SSID Setup

This link takes you to the AP Radio Primary SSID page, from which you can configure the primary SSID settings. On this page, you configure IEEE 802.11x authentication, EAP, unicast address filters, and the maximum number of associations for the radio’s primary SSID

Accept Authentication Types

Select Open, Shared key, or Network EAP to set the authentications a device recognizes.

• Open -- This default setting allows any device, regardless of its WEP keys, to authenticate and then attempt to communicate with another device. If the bridge is using WEP and the other device is not, the other device can authenticate with the bridge but cannot communicate.
• Shared key -- The bridge sends an unencrypted challenge text string to any device attempting to communicate with the bridge. The device requesting authentication encrypts the challenge text and sends it back to the bridge. If the challenge text is encrypted correctly, the bridge allows the requesting device to authenticate. Both the unencrypted challenge and the encryption challenge can be monitored, however, which leaves the bridge open to attack from an intruder who guesses the WEP key by comparing the unencrypted and encrypted text strings. Because of this weakness, Shared Key authentication can be less secure than Open authentication.
• Network-EAP -- The device uses the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server on your network to provide authentication for wireless client devices. Client devices use dynamic WEP keys to authenticate to the network.

Require EAP

Default Unicast Address Filter

Unicast MAC address filters allow or disallow the forwarding of unicast packets sent to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify.

The pull-down menus for unicast address filters contain two options:

• Allowed -- The access point forwards all traffic except packets sent to the MAC addresses listed as disallowed on the Address Filters page.
• Disallowed -- The access point discards all traffic except packets sent to the MAC addresses listed as allowed on the Address Filters page or on your authentication server.

Specified Access Points/Roots

You use these fields to set up a chain of repeater (access points/bridges without an Ethernet connection). Repeater access points/bridges function best when they associate with specific devices connected to the wired LAN. You use these fields to specify the device that provides the most efficient data transmission link for the repeater.

If this device is a repeater, type the MAC address of one or more root-unit devices with which you want this device to associate. With MAC addresses in these fields, the repeater access point/bridge always tries to associate with the specified device instead of with other less-efficient devices.

Radio Modulation

Select Standard or MOK for the radio modulation the device uses.

• Standard -- This default setting is the modulation type specified in IEEE 802.11, the wireless standard published by the Institute of Electrical and Electronics Engineers (IEEE) Standards Association.
• MOK -- This modulation was used before the IEEE finished the high-speed 802.11 standard and may still be in use in older wireless networks.

Radio Preamble

The radio preamble is a section of data at the head of a packet that contains information the device and client devices need when sending and receiving packets. The pull-down menu allows you to select a long or short radio preamble.

• Long -- A long preamble ensures compatibility between the device and all early models of Cisco Aironet Wireless LAN Adapters (PC4800 and PC4800A).
• Short -- A short preamble improves throughput performance. Cisco Aironet's Wireless LAN Adapter supports short preambles. Early models of Cisco Aironet's Wireless LAN Adapter (PC4800 and PC4800A) require long preambles.

Action Buttons