configuring the access point for the first timeconfiguring the access point for the first time
TRANSCRIPT
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
1/373
Corporate Headquarters
Cisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 526-4100
Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
Cisco IOS Release 12.2(13)JA
October 2003
Text Part Number: OL-4526-01
http://www.cisco.com/http://www.cisco.com/ -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
2/373
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of Calif ornia, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
Copyright 2003 Cisco Systems, Inc.
All rights reserved.
CCIP, CCSP, the Cisco Arrow logo, the Cisco PoweredNetwork mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA,
CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net
Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar,Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar,
ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0304R)
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
3/373
iii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
C O N T E N T S
Preface xv
Audience xv
Purpose xv
Organization xv
Conventions xvii
Related Publications xix
Obtaining Documentation xix
Cisco.com xix
Documentation CD-ROM xxOrdering Documentation xx
Documentation Feedback xx
Obtaining Technical Assistance xx
Cisco TAC Website xxi
Opening a TAC Case xxi
TAC Case Priority Definitions xxi
Obtaining Additional Publications and Information xxii
CHAPTER 1 Overview 1-1Features 1-2
Management Options 1-3
Roaming Client Devices 1-4
Network Configuration Examples 1-4
Root Unit on a Wired LAN 1-4
Repeater Unit that Extends Wireless Range 1-6
Central Unit in an All-Wireless Network 1-7
CHAPTER 2 Configuring the Access Point for the First Time 2-1Before You Start 2-2
Resetting the Access Point to Default Settings 2-2
Obtaining and Assigning an IP Address 2-3
Connecting to the 350 Series Access Point Locally 2-3
Connecting to the 1100 Series Access Point Locally 2-4
Connecting to the 1200 Series Access Point Locally 2-5
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
4/373
Contents
iv
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Assigning Basic Settings 2-6
Default Settings on the Express Setup Page 2-10
Protecting Your Wireless LAN 2-10
Using the IP Setup Utility 2-11
Obtaining and Installing IPSU 2-11
Using IPSU to Find the Access Points IP Address 2-11
Using IPSU to Set the Access Points IP Address and SSID 2-12
Assigning an IP Address Using the CLI 2-14
Using a Telnet Session to Access the CLI 2-14
CHAPTER3 Using the Web-Browser Interface 3-1
Using the Web-Browser Interface for the First Time 3-2
Using the Management Pages in the Web-Browser Interface 3-2
Using Action Buttons 3-4
Character Restrictions in Entry Fields 3-5
Using Online Help 3-5
CHAPTER4 Using the Command-Line Interface 4-1
Cisco IOS Command Modes 4-2
Getting Help 4-3
Abbreviating Commands 4-3
Using no and default Forms of Commands 4-3Understanding CLI Messages 4-4
Using Command History 4-4
Changing the Command History Buffer Size 4-4
Recalling Commands 4-5
Disabling the Command History Feature 4-5
Using Editing Features 4-5
Enabling and Disabling Editing Features 4-6
Editing Commands Through Keystrokes 4-6
Editing Command Lines that Wrap 4-7
Searching and Filtering Output of show and more Commands 4-8
Accessing the CLI 4-8
Opening the CLI with Telnet 4-8
Opening the CLI with Secure Shell 4-9
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
5/373
Contents
v
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
CHAPTER 5 Administering the Access Point 5-1
Preventing Unauthorized Access to Your Access Point 5-2
Protecting Access to Privileged EXEC Commands 5-2
Default Password and Privilege Level Configuration 5-2Setting or Changing a Static Enable Password 5-3
Protecting Enable and Enable Secret Passwords with Encryption 5-4
Configuring Username and Password Pairs 5-5
Configuring Multiple Privilege Levels 5-6
Setting the Privilege Level for a Command 5-6
Logging Into and Exiting a Privilege Level 5-7
Controlling Access Point Access with RADIUS 5-7
Default RADIUS Configuration 5-8
Configuring RADIUS Login Authentication 5-8
Defining AAA Server Groups 5-9
Configuring RADIUS Authorization for User Privileged Access and Network Services 5-11
Displaying the RADIUS Configuration 5-12
Controlling Access Point Access with TACACS+ 5-12
Default TACACS+ Configuration 5-13
Configuring TACACS+ Login Authentication 5-13
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 5-14
Displaying the TACACS+ Configuration 5-15
Configuring the Access Point for Wireless Network Management 5-15
Configuring the Access Point for Local Authentication and Authorization 5-16
Configuring the Access Point to Provide DHCP Service 5-17
Setting up the DHCP Server 5-17
Monitoring and Maintaining the DHCP Server Access Point 5-18
Show Commands 5-18
Clear Commands 5-19
Debug Command 5-19
Configuring the Access Point for Secure Shell 5-19
Understanding SSH 5-19
Configuring SSH 5-20Configuring Client ARP Caching 5-20
Understanding Client ARP Caching 5-20
Optional ARP Caching 5-20
Configuring ARP Caching 5-21
Managing the System Time and Date 5-21
Understanding the System Clock 5-21
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
6/373
Contents
vi
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Understanding Network Time Protocol 5-22
Configuring NTP 5-23
Default NTP Configuration 5-24
Configuring NTP Authentication 5-24
Configuring NTP Associations 5-26
Configuring NTP Broadcast Service 5-27
Configuring NTP Access Restrictions 5-28
Configuring the Source IP Address for NTP Packets 5-30
Displaying the NTP Configuration 5-31
Configuring Time and Date Manually 5-31
Setting the System Clock 5-32
Displaying the Time and Date Configuration 5-32
Configuring the Time Zone 5-33
Configuring Summer Time (Daylight Saving Time) 5-34Configuring a System Name and Prompt 5-36
Default System Name and Prompt Configuration 5-36
Configuring a System Name 5-36
Understanding DNS 5-37
Default DNS Configuration 5-37
Setting Up DNS 5-37
Displaying the DNS Configuration 5-38
Creating a Banner 5-38
Default Banner Configuration 5-39
Configuring a Message-of-the-Day Login Banner 5-39
Configuring a Login Banner 5-40
CHAPTER6 Configuring Radio Settings 6-1
Disabling and Enabling the Radio Interface 6-2
Configuring the Role in Radio Network 6-2
Configuring Radio Data Rates 6-4
Configuring Radio Transmit Power 6-6
Limiting the Power Level for Associated Client Devices 6-7
Configuring Radio Channel Settings 6-8
Enabling and Disabling World-Mode 6-10
Disabling and Enabling Short Radio Preambles 6-10
Configuring Transmit and Receive Antennas 6-11
Disabling and Enabling Aironet Extensions 6-12
Configuring the Ethernet Encapsulation Transformation Method 6-13
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
7/373
Contents
vii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Enabling and Disabling Reliable Multicast to Workgroup Bridges 6-13
Enabling and Disabling Public Secure Packet Forwarding 6-14
Configuring Protected Ports 6-15
Configuring the Beacon Period and the DTIM 6-16
Configure RTS Threshold and Retries 6-16
Configuring the Maximum Data Retries 6-17
Configuring the Fragmentation Threshold 6-17
Enabling Short Slot Time for 802.11g Radios 6-18
Performing a Carrier Busy Test 6-18
CHAPTER 7 Configuring Multiple SSIDs 7-1
Understanding Multiple SSIDs 7-2
Configuring Multiple SSIDs 7-2Default SSID Configuration 7-3
Creating an SSID 7-3
Using Spaces in SSIDs 7-4
Using a RADIUS Server to Restrict SSIDs 7-5
CHAPTER 8 Configuring an Access Point as aLocal Authenticator 8-1
Understanding Local Authentication 8-2
Configuring a Local Authenticator 8-2
Guidelines for Local Authenticators 8-3
Configuration Overview 8-3
Configuring the Local Authenticator Access Point 8-3
Configuring Other Access Points to Use the Local Authenticator 8-6
Unblocking Locked Usernames 8-7
Viewing Local Authenticator Statistics 8-7
Using Debug Messages 8-7
CHAPTER 9 Configuring Cipher Suites and WEP 9-1
Understanding Cipher Suites and WEP 9-2
Configuring Cipher Suites and WEP 9-3
Creating WEP Keys 9-3
WEP Key Restrictions 9-4
Example WEP Key Setup 9-5
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
8/373
Contents
viii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Enabling Cipher Suites and WEP 9-6
Matching Cipher Suites with WPA and CCKM 9-7
Enabling and Disabling Broadcast Key Rotation 9-7
CHAPTER10 Configuring Authentication Types 10-1
Understanding Authentication Types 10-2
Open Authentication to the Access Point 10-2
Shared Key Authentication to the Access Point 10-3
EAP Authentication to the Network 10-3
MAC Address Authentication to the Network 10-5
Combining MAC-Based, EAP, and Open Authentication 10-5
Using CCKM for Authenticated Clients 10-6
Using WPA Key Management 10-6
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP 10-8
Configuring Authentication Types 10-9
Default Authentication Settings 10-9
Assigning Authentication Types to an SSID 10-9
Configuring WPA Migration Mode 10-13
Configuring Additional WPA Settings 10-14
Configuring Authentication Holdoffs, Timeouts, and Intervals 10-15
Matching Access Point and Client Device Authentication Types 10-16
CHAPTER11 Configuring Fast Reassociation 11-1Understanding Fast Reassociation 11-2
Configuring Fast Reassociation 11-4
Requirements for Fast Reassociation 11-4
Guidelines for Fast Reassociation 11-4
Configuration Overview 11-4
Configuring Access Points as Potential WDS Access Points 11-5
CLI Configuration Example 11-8
Configuring Access Points to use the WDS Access Point 11-9
CLI Configuration Example 11-10
Configuring the Authentication Server to Support Fast Reassociation 11-10
Viewing WDS Information 11-17
Using Debug Messages 11-18
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
9/373
Contents
ix
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
CHAPTER 12 Configuring RADIUS and TACACS+ Servers 12-1
Configuring and Enabling RADIUS 12-2
Understanding RADIUS 12-2
RADIUS Operation 12-3
Configuring RADIUS 12-4
Default RADIUS Configuration 12-4
Identifying the RADIUS Server Host 12-4
Configuring RADIUS Login Authentication 12-7
Defining AAA Server Groups 12-9
Configuring RADIUS Authorization for User Privileged Access and Network Services 12-11
Starting RADIUS Accounting 12-12
Selecting the CSID Format 12-13
Configuring Settings for All RADIUS Servers 12-13
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes 12-14
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication 12-15
Configuring WISPr RADIUS Attributes 12-16
Displaying the RADIUS Configuration 12-17
RADIUS Attributes Sent by the Access Point 12-18
Configuring and Enabling TACACS+ 12-20
Understanding TACACS+ 12-20
TACACS+ Operation 12-21
Configuring TACACS+ 12-22
Default TACACS+ Configuration 12-22
Identifying the TACACS+ Server Host and Setting the Authentication Key 12-23
Configuring TACACS+ Login Authentication 12-24
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 12-25
Starting TACACS+ Accounting 12-26
Displaying the TACACS+ Configuration 12-26
CHAPTER 13 Configuring VLANs 13-1
Understanding VLANs 13-2
Related Documents 13-3
Incorporating Wireless Devices into VLANs 13-4
Configuring VLANs 13-4
Configuring a VLAN 13-4
Using a RADIUS Server to Assign Users to VLANs 13-6
Viewing VLANs Configured on the Access Point 13-6
VLAN Configuration Example 13-7
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
10/373
Contents
x
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
CHAPTER14 Configuring QoS 14-1
Understanding QoS for Wireless LANs 14-2
QoS for Wireless LANs Versus QoS on Wired LANs 14-2
Impact of QoS on a Wireless LAN 14-2
Precedence of QoS Settings 14-3
Configuring QoS 14-4
Configuration Guidelines 14-4
Configuring QoS Using the Web-Browser Interface 14-4
Adjusting Radio Access Categories 14-8
Disabling IGMP Snooping Helper 14-10
Disabling AVVID Priority Mapping 14-10
QoS Configuration Examples 14-10
Giving Priority to Voice Traffic 14-10
Giving Priority to Video Traffic 14-12
CHAPTER15 Configuring Proxy Mobile IP 15-1
Understanding Proxy Mobile IP 15-2
Overview 15-2
Components of a Proxy Mobile IP Network 15-2
How Proxy Mobile IP Works 15-3
Agent Discovery 15-3
Subnet Map Exchange 15-4
Registration 15-5Tunneling 15-5
Proxy Mobile IP Security 15-6
Configuring Proxy Mobile IP 15-6
Configuration Guidelines 15-7
Configuring Proxy Mobile IP on Your Wired LAN 15-7
Configuring Proxy Mobile IP on Your Access Point 15-8
CHAPTER16 Configuring Filters 16-1
Understanding Filters 16-2Configuring Filters Using the CLI 16-2
Configuring Filters Using the Web-Browser Interface 16-2
Configuring and Enabling MAC Address Filters 16-3
Creating a MAC Address Filter 16-4
Using MAC Address ACLs to Block or Allow Client Association to the Access Point 16-6
CLI Configuration Example 16-8
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
11/373
Contents
xi
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Configuring and Enabling IP Filters 16-8
Creating an IP Filter 16-9
Configuring and Enabling Ethertype Filters 16-11
Creating an Ethertype Filter 16-12
CHAPTER 17 Configuring CDP 17-1
Understanding CDP 17-2
Configuring CDP 17-2
Default CDP Configuration 17-2
Configuring the CDP Characteristics 17-2
Disabling and Enabling CDP 17-3
Disabling and Enabling CDP on an Interface 17-4
Monitoring and Maintaining CDP 17-4
CHAPTER 18 Configuring SNMP 18-1
Understanding SNMP 18-2
SNMP Versions 18-2
SNMP Manager Functions 18-3
SNMP Agent Functions 18-3
SNMP Community Strings 18-3
Using SNMP to Access MIB Variables 18-4
Configuring SNMP 18-4
Default SNMP Configuration 18-5
Enabling the SNMP Agent 18-5
Configuring Community Strings 18-5
Configuring Trap Managers and Enabling Traps 18-7
Setting the Agent Contact and Location Information 18-9
Using the snmp-server view Command 18-9
SNMP Examples 18-9
Displaying SNMP Status 18-10
CHAPTER
19 Configuring Repeater and Standby Access Points 19-1Understanding Repeater Access Points 19-2
Configuring a Repeater Access Point 19-3
Default Configuration 19-4
Guidelines for Repeaters 19-4
Setting Up a Repeater 19-4
Verifying Repeater Operation 19-5
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
12/373
Contents
xii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Setting Up a Repeater As a LEAP Client 19-6
Setting Up a Repeater As a WPA Client 19-7
Understanding Hot Standby 19-8
Configuring a Hot Standby Access Point 19-8
Verifying Standby Operation 19-10
CHAPTER20 Managing Firmware and Configurations 20-1
Working with the Flash File System 20-2
Displaying Available File Systems 20-2
Setting the Default File System 20-3
Displaying Information About Files on a File System 20-3
Changing Directories and Displaying the Working Directory 20-4
Creating and Removing Directories 20-4
Copying Files 20-5
Deleting Files 20-5
Creating, Displaying, and Extracting tar Files 20-6
Creating a tar File 20-6
Displaying the Contents of a tar File 20-6
Extracting a tar File 20-7
Displaying the Contents of a File 20-8
Working with Configuration Files 20-8
Guidelines for Creating and Using Configuration Files 20-9
Configuration File Types and Location 20-9Creating a Configuration File by Using a Text Editor 20-10
Copying Configuration Files by Using TFTP 20-10
Preparing to Download or Upload a Configuration File by Using TFTP 20-10
Downloading the Configuration File by Using TFTP 20-11
Uploading the Configuration File by Using TFTP 20-11
Copying Configuration Files by Using FTP 20-12
Preparing to Download or Upload a Configuration File by Using FTP 20-13
Downloading a Configuration File by Using FTP 20-13
Uploading a Configuration File by Using FTP 20-14
Copying Configuration Files by Using RCP 20-15
Preparing to Download or Upload a Configuration File by Using RCP 20-16
Downloading a Configuration File by Using RCP 20-16
Uploading a Configuration File by Using RCP 20-17
Clearing Configuration Information 20-18
Deleting a Stored Configuration File 20-18
Working with Software Images 20-18
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
13/373
Contents
xiii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Image Location on the Access Point 20-19
tar File Format of Images on a Server or Cisco.com 20-19
Copying Image Files by Using TFTP 20-20
Preparing to Download or Upload an Image File by Using TFTP 20-20
Downloading an Image File by Using TFTP 20-21
Uploading an Image File by Using TFTP 20-22
Copying Image Files by Using FTP 20-23
Preparing to Download or Upload an Image File by Using FTP 20-23
Downloading an Image File by Using FTP 20-24
Uploading an Image File by Using FTP 20-26
Copying Image Files by Using RCP 20-27
Preparing to Download or Upload an Image File by Using RCP 20-27
Downloading an Image File by Using RCP 20-29
Uploading an Image File by Using RCP 20-31Reloading the Image Using the Web Browser Interface 20-32
Browser HTTP Interface 20-32
Browser TFTP Interface 20-33
CHAPTER 21 Configuring System Message Logging 21-1
Understanding System Message Logging 21-2
Configuring System Message Logging 21-2
System Log Message Format 21-2
Default System Message Logging Configuration 21-3
Disabling and Enabling Message Logging 21-4
Setting the Message Display Destination Device 21-5
Enabling and Disabling Timestamps on Log Messages 21-6
Enabling and Disabling Sequence Numbers in Log Messages 21-6
Defining the Message Severity Level 21-7
Limiting Syslog Messages Sent to the History Table and to SNMP 21-8
Setting a Logging Rate Limit 21-9
Configuring UNIX Syslog Servers 21-10
Logging Messages to a UNIX Syslog Daemon 21-10
Configuring the UNIX System Logging Facility 21-10
Displaying the Logging Configuration 21-12
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
14/373
Contents
xiv
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
CHAPTER22 Troubleshooting 22-1
Checking the Top Panel Indicators 22-2
Checking Basic Settings 22-5
SSID 22-5WEP Keys 22-5
Security Settings 22-5
Resetting to the Default Configuration 22-5
Using the MODE Button 22-6
Using the Web Browser Interface 22-6
Reloading the Access Point Image 22-7
Using the MODE button 22-7
Web Browser Interface 22-8
Browser HTTP Interface 22-8
Browser TFTP Interface 22-8
Obtaining the Access Point Image File 22-9
Obtaining TFTP Server Software 22-9
Channels and Antenna Settings A-1
Channels A-2
IEEE 802.11b (2.4-GHz Band) A-2
IEEE 802.11g (2.4-GHz Band) A-3
IEEE 802.11a (5-GHz Band) A-4
Maximum Power Levels and Antenna Gains A-5IEEE 802.11b (2.4-GHz Band) A-5
IEEE 802.11g (2.4-GHz Band) A-6
IEEE 802.11a (5-GHz Band) A-7
Protocol Filters B-1
Supported MIBs C-1
MIB List C-1
Using FTP to Access the MIB Files C-2
Error and Event Messages D-1
GLOSSARY
INDEX
http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/ -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
15/373
xv
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
AudienceThis guide is for the networking professional who installs and manages Cisco Aironet Access Points. To
use this guide, you should have experience working with the Cisco IOS software and be familiar with
the concepts and terminology of wireless local area networks.
PurposeThis guide provides the information you need to install and configure your access point. This guide
provides procedures for using the Cisco IOS software commands that have been created or changed for
use with the access point. It does not provide detailed information about these commands. For detailed
information about these commands, refer to the Cisco IOS Command Reference for Cisco Aironet Access
Points and Bridges for this release. For information about the standard Cisco IOS software commands,
refer to the Cisco IOS software documentation set available from the Cisco.com home page at Service
and Support > Technical Documents. On the Cisco Product Documentation home page, select Release
12.2 from the Cisco IOS Software drop-down list.This guide also includes an overview of the access point web-based interface (APWI), which contains
all the funtionality of the command-line interface (CLI). This guide does not provide field-level
descriptions of the APWI windows nor does it provide the procedures for configuring the access point
from from the APWI. For all APWI window descriptions and procedures, refer to the access point online
help, which is available from the Help buttons on the APWI pages.
OrganizationThis guide is organized into these chapters:
Chapter 1, Overview, lists the software and hardware features of the access point and describes theaccess points role in your network.
Chapter 2, Configuring the Access Point for the First Time,describes how to configure basic settings
on a new access point.
Chapter 3, Using the Web-Browser Interface, describes how to use the web-browser interface to
configure the access point.
Chapter 4, Using the Command-Line Interface, describes how to use the command-line interface
(CLI) to configure the access point.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
16/373
xvi
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Organization
Chapter 5, Administering the Access Point, describes how to perform one-time operations to
administer your access point, such as preventing unauthorized access to the access point, setting the
system date and time, and setting the system name and prompt.
Chapter 6, Configuring Radio Settings, describes how to configure settings for the access point radio
such as the role in the radio network, data rates, transmit power, channel settings, and others.
Chapter 7, Configuring Multiple SSIDs,describes how to configure and manage multiple service setidentifiers (SSIDs) on your access point. You can configure up to 16 SSIDs on your access point and
assign different configuration settings to each SSID.
Chapter 8, Configuring an Access Point as a Local Authenticator, describes how to configure the
access point to act as a local RADIUS server for your wireless LAN. If the WAN connection to your
main RADIUS server fails, the access point acts as a backup server to authenticate wireless devices.
Chapter 9, Configuring Cipher Suites and WEP,describes how to configure the cipher suites required
to use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including
MIC, CMIC, TKIP, CKIP, and broadcast key rotation.
Chapter 10, Configuring Authentication Types, describes how to configure authentication types on the
access point. Client devices use these authentication methods to join your network.
Chapter 11, Configuring Fast Reassociation,describes how to configure the access point to allow fastreassociation of roaming client devices. Using Cisco Centralized Key Management (CCKM) and an
access point configured as a subnet context manager, client devices can roam from one access point to
another without causing a delay in timing-sensitive applications, such as Voice over IP.
Chapter 12, Configuring RADIUS and TACACS+ Servers,describes how to enable and configure the
Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control
System Plus (TACACS+), which provide detailed accounting information and flexible administrative
control over authentication and authorization processes.
Chapter 13, Configuring VLANs, describes how to configure your access point to interoperate with
the VLANs set up on your wired LAN.
Chapter 14, Configuring QoS, describes how to configure quality of service (QoS) on your access
point. With this feature, you can provide preferential treatment to certain traffic at the expense of others.Chapter 15, Configuring Proxy Mobile IP, describes how to configure your access points proxy
mobile IP feature. When you enable proxy mobile IP on your access point and on your wired network,
the access point helps client devices from other networks remain connected to their home networks.
Chapter 16, Configuring Filters,describes how to configure and manage MAC address, IP, and
Ethertype filters on the access point using the web-browser interface.
Chapter 17, Configuring CDP,describes how to configure Cisco Discovery Protocol (CDP) on your
access point. CDP is a device-discovery protocol that runs on all Cisco network equipment.
Chapter 18, Configuring SNMP,describes how to configure the Simple Network Management
Protocol (SNMP) on your access point.
Chapter 19, Configuring Repeater and Standby Access Points,descibes how to configure your access
point as a hot standby unit or as a repeater unit.
Chapter 20, Managing Firmware and Configurations, describes how to manipulate the Flash file
system, how to copy configuration files, and how to archive (upload and download) software images.
Chapter 21, Configuring System Message Logging, describes how to configure system message
logging on your access point.
Chapter 22, Troubleshooting, provides troubleshooting procedures for basic problems with the access
point.
http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/ -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
17/373
xvii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Conventions
Appendix A, Channels and Antenna Settings, lists the access point radio channels and the maximum
power levels supported by the worlds regulatory domains.
Appendix B, Protocol Filters, lists some of the protocols that you can filter on the access point.
Appendix C, Supported MIBs, lists the Simple Network Management Protocol (SNMP) Management
Information Bases (MIBs) that the access point supports for this software release.
Appendix D, Error and Event Messages, lists the CLI error and event messages and provides an
explanation and recommended action for each message.
ConventionsThis publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Commands and keywords are in boldface text.
Arguments for which you supply values are in italic.
Square brackets ([ ]) mean optional elements.
Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Interactive examples use these conventions:
Terminal sessions and system displays are in screen font.
Information you enter is in boldface screen font.
Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and timesavers use these conventions and symbols:
Tip Means the following will help you solve a problem. The tips information might not be troubleshooting
or even an action, but could be useful information.
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result equipment damage
or loss of data.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
18/373
xviii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Conventions
Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before youwork on any equipment, be aware of the hazards involved with electrical circuitry and be familiarwith standard practices for preventing accidents. (To see translations of the warnings that appear
in this publication, refer to the appendix Translated Safety Warnings.)
Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kanveroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bijelektrische schakelingen betrokken risicos en dient u op de hoogte te zijn van standaardmaatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in dezepublicatie verschijnen, kunt u het aanhangsel Translated Safety Warnings (Vertalingen vanveiligheidsvoorschriften) raadplegen.)
Varoitus Tm varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennenkuin tyskentelet minkn laitteiston parissa, ota selv shkkytkentihin liittyvist vaaroista jatavanomaisista onnettomuuksien ehkisykeinoista. (Tss julkaisussa esiintyvien varoitustenknnkset lydt liitteest "Translated Safety Warnings" (knnetyt turvallisuutta koskevat
varoitukset).)
Attention Ce symbole davertissement indique un danger. Vous vous trouvez dans une situation pouvantentraner des blessures. Avant daccder cet quipement, soyez conscient des dangers poss parles circuits lectriques et familiarisez-vous avec les procdures courantes de prvention desaccidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillezconsulter lannexe intitule Translated Safety Warnings (Traduction des avis de scurit).
Warnung Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einerKrperverletzung fhren knnte. Bevor Sie mit der Arbeit an irgendeinem Gert beginnen, seien Siesich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zurVermeidung von Unfllen bewut. (bersetzungen der in dieser Verffentlichung enthaltenenWarnhinweise finden Sie im Anhang mit dem Titel Translated Safety Warnings (bersetzung der
Warnhinweise).)
Avvertenza Questo simbolo di avvertenza indica un pericolo. Si in una situazione che pu causare infortuni.Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuitielettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzionedelle avvertenze riportate in questa pubblicazione si trova nellappendice, Translated SafetyWarnings (Traduzione delle avvertenze di sicurezza).
Advarsel Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan fre til personskade. Fr duutfrer arbeid p utstyr, m du vre oppmerksom p de faremomentene som elektriske kretserinnebrer, samt gjre deg kjent med vanlig praksis nr det gjelder unng ulykker. (Hvis du vil seoversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "TranslatedSafety Warnings" [Oversatte sikkerhetsadvarsler].)
Aviso Este smbolo de aviso indica perigo. Encontra-se numa situao que lhe poder causar danosfisicos. Antes de comear a trabalhar com qualquer equipamento, familiarize-se com os perigosrelacionados com circuitos elctricos, e com quaisquer prticas comuns que possam prevenirpossveis acidentes. (Para ver as tradues dos avisos que constam desta publicao, consulte oapndice Translated Safety Warnings - Tradues dos Avisos de Segurana).
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
19/373
xix
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Related Publications
Related PublicationsThese documents provide complete information about the access point:
Quick Start Guide: Cisco Aironet 350 Series Access Points
Quick Start Guide: Cisco Aironet 1100 Series Access Points
Quick Start Guide: Cisco Aironet 1200 Series Access Points
Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges
Installation Instructions for Cisco Aironet Power Injectors
Cisco Aironet 802.11g Radio Upgrade Instructions
Release Notes for 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(13)JA
Click this link to browse to the Cisco Aironet documentation home page:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/index.htm
Obtaining DocumentationCisco provides several ways to obtain documentation, technical assistance, and other technical
resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Advertencia! Este smbolo de aviso significa peligro. Existe riesgo para su integridad fsica. Antes de manipularcualquier equipo, considerar los riesgos que entraa la corriente elctrica y familiarizarse con losprocedimientos estndar de prevencin de accidentes. (Para ver traducciones de las advertenciasque aparecen en esta publicacin, consultar el apndice titulado Translated Safety Warnings.)
Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada.Innan du utfr arbete p ngon utrustning mste du vara medveten om farorna med elkretsar ochknna till vanligt frfarande fr att frebygga skador. (Se frklaringar av de varningar somfrekommer i denna publikation i appendix "Translated Safety Warnings" [versattaskerhetsvarningar].)
http://www.cisco.com/univercd/cc/td/doc/product/wireless/index.htmhttp://www.cisco.com/univercd/home/home.htmhttp://www.cisco.com/http://www.cisco.com/public/countries_languages.shtmlhttp://www.cisco.com/univercd/cc/td/doc/product/wireless/index.htmhttp://www.cisco.com/univercd/cc/td/doc/product/wireless/index.htmhttp://www.cisco.com/public/countries_languages.shtmlhttp://www.cisco.com/http://www.cisco.com/univercd/home/home.htm -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
20/373
xx
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Documentation Feedback
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM
package, which may have shipped with your product. The Documentation CD-ROM is updated regularly
and may be more current than printed documentation. The CD-ROM package is available as a single unit
or through an annual or quarterly subscription.Registered Cisco.com users can order a single Documentation CD-ROM (product number
DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Click Subscriptions & Promotional Materials in the left navigation bar.
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in
North America, by calling 800 553-NETS (6387).
Documentation FeedbackYou can submit e-mail comments about technical documentation to [email protected].
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical AssistanceFor all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco
Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services,
online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for
technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.htmlhttp://www.cisco.com/go/subscriptionhttp://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htmhttp://www.cisco.com/en/US/partner/ordering/index.shtmlhttp://www.cisco.com/en/US/partner/ordering/index.shtmlhttp://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htmhttp://www.cisco.com/go/subscriptionhttp://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.htmlhttp://www.cisco.com/public/countries_languages.shtml -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
21/373
xxi
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Obtaining Technical Assistance
Cisco TAC Website
The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC
website is available 24 hours a day, 365 days a year.
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If youhave a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
Using the online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open
P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which
you require product information.) After you describe your situation, the TAC Case Open Tool
automatically recommends resources for an immediate solution. If your issue is not resolved using the
recommended resources, your case will be assigned to a Cisco TAC engineer.
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely
degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers
are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions
Priority 1 (P1)Your network is down or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Priority 4 (P4)You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
http://www.cisco.com/tachttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/tac/caseopenhttp://www.cisco.com/warp/public/687/Directory/DirTAC.shtmlhttp://www.cisco.com/warp/public/687/Directory/DirTAC.shtmlhttp://www.cisco.com/tac/caseopenhttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/tac -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
22/373
xxii
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Preface
Obtaining Additional Publications and Information
Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various online
and printed sources.
The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as
ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
Cisco Press publishes a wide range of general networking, training and cer tification titles. Both new
and experienced user will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press online at this URL:
http://www.ciscopress.com
Packet magazine is the Cisco quarterly publication that provides the latest networking trends,
technology breakthroughs, and Cisco products and solutions to help industry professionals get the
most from their networking investment. Included are networking deployment and troubleshooting
tips, configuration examples, customer case studies, tutorials and training, certification information,
and links to numerous in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/packet
iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet
business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
TrainingCisco offers world-class networking training. Current offerings in network training are
listed at this URL:
http://www.cisco.com/en/US/learning/index.html
http://www.cisco.com/en/US/products/products_catalog_links_launch.htmlhttp://www.ciscopress.com/http://www.cisco.com/packethttp://www.cisco.com/go/iqmagazinehttp://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.htmlhttp://www.cisco.com/en/US/learning/index.htmlhttp://www.cisco.com/en/US/learning/index.htmlhttp://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.htmlhttp://www.cisco.com/go/iqmagazinehttp://www.cisco.com/packethttp://www.ciscopress.com/http://www.cisco.com/en/US/products/products_catalog_links_launch.html -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
23/373
C H A P T E R
1-1
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
1
Overview
Cisco Aironet Access Points (hereafter called access points) provide a secure, affordable, and
easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class
features required by networking professionals. With a management system based on Cisco IOS software,
Cisco Aironet 350, 1100, and 1200 series access points are Wi-Fi certified, 802.11b-compliant,
802.11g-compliant, and 802.11a-compliant wireless LAN transceivers.
The 350 series access point, which can be upgraded to run Cisco IOS software, uses a single, 802.11b,
2.4-GHz mini-PCI radio. The 1100 series access point uses a single, 802.11b, 2.4-GHz mini-PCI radio
that can be upgraded to an 802.11g, 2.4-GHz radio. The 1200 series access point can contain two radios:
a 2.4-GHz radio in an internal mini-PCI slot and a 5-GHz radio module in an external, modified cardbus
slot. The 1200 series access point supports one radio of each type, but it does not support two 2.4-GHz
or two 5-GHz radios. You can configure the radios separately, using different settings on each radio.
Access points serves as the connection point between wireless and wired networks or as the center point
of a stand-alone wireless network. In large installations, wireless users within radio range of an access
point can roam throughout a facility while maintaining seamless, uninterrupted access to the network.
You can configure and monitor the access point using the command-line interface (CLI), the
browser-based management system, or Simple Network Management Protocol (SNMP).
This chapter provides information on the following topics:
Features, page 1-2
Management Options, page 1-3
Roaming Client Devices, page 1-4
Network Configuration Examples, page 1-4
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
24/373
1-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Features
FeaturesAccess points running Cisco IOS software offer these software features:
World modeUse this feature to communicate the access points regulatory setting information,
including maximum transmit power and available channels, to world mode-enabled clients. Clients
using world mode can be used in countries with different regulatory settings and automaticallyconform to local regulations. World mode is supported only on the 2.4-GHz radio.
Repeater modeConfigure the access point as a wireless repeater to extend the coverage area of
your wireless network.
Standby modeConfigure the access point as a standby unit that monitors another access point and
assumes its role in the network if the monitored access point fails.
Multiple SSIDsCreate up to 16 SSIDs on your access point and assign any combination of these
settings to each SSID:
Broadcast SSID mode for guests on your network
Client authentication methods
Maximum number of client associations
VLAN identifier
Proxy Mobile IP
RADIUS accounting list identifier
A separate SSID for infrastructure devices such as repeaters and workgroup bridges
VLANsAssign VLANs to the SSIDs on your access point (one VLAN per SSID) to differentiate
policies and services among users.
QoSUse this feature to support quality of service for prioritizing traffic from the Ethernet to the
access point. The access point also supports the voice-prioritization schemes used by 802.11b
wireless phones such as Spectralink's Netlink and Symbols Netvision.
Proxy Mobile IPUse this feature to configure the access point to provide proxy Mobile IP servicefor clients that do not have mobile IP software installed.
RADIUS AccountingEnable accounting on the access point to send accounting data about
wireless client devices to a RADIUS server on your network.
TACACS+ adminstrator authenticationEnable TACACS+ for server-based, detailed accounting
information and flexible administrative control over authentication and authorization processes. It
provides secure, centralized validation of administrators attempting to gain access to your access
point.
Enhanced securityEnable three advanced security features to protect against sophisticated attacks
on your wireless network's WEP keys: Message Integrity Check (MIC), WEP key hashing, and
broadcast WEP key rotation.
Enhanced authentication servicesSet up repeater access points to authenticate to your networklike other wireless client devices. After you provide a network username and password for the
repeater, it authenticates to your network using LEAP, Cisco's wireless authentication method, and
receives and uses dynamic WEP keys.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
25/373
1-3
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Management Options
Wi-Fi Protected Access (WPA)Wi-Fi Protected Access is a standards-based, interoperable
security enhancement that strongly increases the level of data protection and access control for
existing and future wireless LAN systems. It is derived from and will be forward-compatible with
the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for
data protection and 802.1X for authenticated key management.
Fast secured roaming using Cisco Centralized Key Management (CCKM)Using CCKM,authenticated client devices can roam securely from one access point to another without any
perceptible delay during reassociation. An access point on your network provides wireless domain
services (WDS) and creates a cache of security credentials for CCKM-enabled client devices on the
subnet. The WDS access points cache of credentials dramatically reduces the time required for
reassociation when a CCKM-enabled client device roams to a new access point.
Access point as backup or stand-alone authentication serverYou can configure an access point to
act as a local RADIUS server to provide authentication service for small wireless LANs without a
RADIUS server or to provide backup authentication service in case of a WAN link or a server
failure. The access point can authenticate LEAP-enabled wireless client devices and allow them to
join your network.
Rogue access point detectionAccess points running Cisco IOS Release 12.2(11)JA work together
with LEAP-enabled client devices running firmware version 5.02.17 or later to detect rogue accesspoints on your wireless LAN. The access point records a message in the system log when a client
device discovers and reports an access point on the wireless LAN that fails to authenticate the client
using LEAP. When the client successfully authenticates through another access point, it reports the
access point that failed LEAP as a potential rogue device.
Client ARP cachingTo reduce traffic on the wireless LAN, you can configure access points
running Cisco IOS Release 12.2(13)JA to reply to ARP queries on behalf of associated client
devices. In previous releases, the access point forwards ARP queries to all associated client devices,
and the specified client responds with its MAC address. When the access point maintains an ARP
cache, however, it responds to ARP queries on behalf of the client device and does not forward the
queries through its radio port.
CCKM voice clients and WPA clients on the same VLANAccess points running Cisco IOS
Release 12.2(13)JA allow both 802.11b CCKM voice clients and 802.11b WPA clients on the sameVLAN.
WISPr RADIUS attributesThe Wi-Fi Alliances WISPrBest Current Practices for Wireless
Internet Service Provider (WISP) Roaming document lists RADIUS attributes that access points
must send with RADIUS accounting and authentication requests. You can configure access points
running Cisco IOS Release 12.2(13)JA to include these attributes in all RADIUS accounting and
authentication requests.
Support for 802.11g radiosCisco IOS Release 12.2(13)JA supports the 802.11g, 2.4-GHz
mini-PCI radio. You can upgrade the 802.11b, 2.4-GHz radio in 1100 and 1200 series access points
with an 802.11g, 2.4-GHz radio.
Management OptionsYou can use the access point management system through the following interfaces:
The Cisco IOS command-line interface (CLI), which you use through a Telnet session. Most of the
examples in this manual are taken from the CLI. Chapter 4, Using the Command-Line Interface,
provides a detailed description of the CLI.
A web-browser interface, which you use through a web browser. Chapter 3, Using the
Web-Browser Interface, provides a detailed description of the web-browser interface.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
26/373
1-4
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Roaming Client Devices
Simple Network Management Protocol (SNMP). Chapter 18, Configuring SNMP, explains how to
configure your access point for SNMP management.
Roaming Client DevicesIf you have more than one access point in your wireless LAN, wireless client devices can roam
seamlessly from one access point to another. The roaming functionality is based on signal quality, not
proximity. When a clients signal quality drops, it roams to another access point.
Wireless LAN users are sometimes concerned when a client device stays associated to a distant access
point instead of roaming to a closer access point. However, if a clients signal to a distant access point
remains strong and the signal quality is high, the client will not roam to a closer access point. Checking
constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput
on the wireless LAN.
Using CCKM and an access point acting as a subnet context manager, client devices can roam from one
access point to another so quickly that there is no perceptible delay in voice or other time-sensitive
applications.
Network Configuration ExamplesThis section describes the access points role in three common wireless network configurations. The
access points default configuration is as a root unit connected to a wired LAN or as the central unit in
an all-wireless network. The repeater role requires a specific configuration.
Root Unit on a Wired LAN
An access point connected directly to a wired LAN provides a connection point for wireless users. If
more than one access point is connected to the LAN, users can roam from one area of a facility to anotherwithout losing their connection to the network. As users move out of range of one access point, they
automatically connect to the network (associate) through another access point. The roaming process is
seamless and transparent to the user. Figure 1-1shows access points acting as root units on a wired LAN.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
27/373
1-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Network Configuration Examples
Figure 1-1 Access Points as Root Units on a Wired LAN
Access Point
(Root Unit)
Access Point
(Root Unit)
65999
Wired LAN
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
28/373
1-6
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Network Configuration Examples
Repeater Unit that Extends Wireless Range
An access point can be configured as a stand-alone repeater to extend the range of your infrastructure or
to overcome an obstacle that blocks radio communication. The repeater forwards traffic between
wireless users and the wired LAN by sending packets to either another repeater or to an access point
connected to the wired LAN. The data is sent through the route that provides the best performance forthe client. Figure 1-2 shows an access point acting as a repeater. Consult the Configuring a Repeater
Access Point section on page 19-3 for instructions on setting up an access point as a repeater.
Note Non-Cisco client devices might have difficulty communicating with repeater access points.
Figure 1-2 Access Point as Repeater
Access Point
(Root Unit)
Access Point
(Repeater)
66000
Wired LAN
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
29/373
1-7
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Network Configuration Examples
Central Unit in an All-Wireless Network
In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not
attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as
the focal point for communications, increasing the communication range of wireless users. Figure 1-3
shows an access point in an all-wireless network.
Figure 1-3 Access Point as Central Unit in All-Wireless Network
Access Point
(Root Unit)
65998
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
30/373
1-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 1 Overview
Network Configuration Examples
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
31/373
C H A P T E R
2-1
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
2
Configuring the Access Point for the First Time
This chapter describes how to configure basic settings on your access point for the first time. The
contents of this chapter are similar to the instructions in the quick start guide that shipped with your
access point. You can configure all the settings described in this chapter using the CLI, but it might be
simplest to browse to the access points web-browser interface to complete the initial configuration and
then use the CLI to enter additional settings for a more detailed configuration.
This chapter contains these sections:
Before You Start, page 2-2
Obtaining and Assigning an IP Address, page 2-3
Connecting to the 350 Series Access Point Locally, page 2-3
Connecting to the 1100 Series Access Point Locally, page 2-4
Connecting to the 1200 Series Access Point Locally, page 2-5
Assigning Basic Settings, page 2-6
Protecting Your Wireless LAN, page 2-10
Using the IP Setup Utility, page 2-11
Assigning an IP Address Using the CLI, page 2-14
Using a Telnet Session to Access the CLI, page 2-14
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
32/373
2-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Before You Start
Before You StartBefore you install the access point, make sure you are using a computer connected to the same network
as the access point, and obtain the following information from your network administrator:
A system name for the access point
The case-sensitive wireless service set identifier (SSID) for your radio network
If not connected to a DHCP server, a unique IP address for your access point (such as
172.17.255.115)
If the access point is not on the same subnet as your PC, a default gateway address and subnet mask
A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if
SNMP is in use)
If you use IPSU to find or assign the access point IP address, the MAC address from the label on the
bottom of the access point (such as 00164625854c)
Resetting the Access Point to Default SettingsIf you need to start over during the initial setup process, follow these steps to reset the access point to
factory default settings using the access point MODE button:
Step 1 Disconnect power (the power jack for external power or the Ethernet cable for in-line power) from the
access point.
Step 2 Press and hold the MODE button while you reconnect power to the access point.
Step 3 Hold the MODE button until the Status LED turns amber (approximately 1 to 2 seconds), and release the
button. All access point settings return to factory defaults.
Follow these steps to return to default settings using the web-browser interface:
Step 1 Open your Internet browser. The browser interface is fully compatible with Microsoft Internet Explorer
version 5.5 and 6.0 on Windows platforms (98, NT, 2000, and XP) and on Linux and Solaris platforms.
Step 2 Enter the access points IP address in the browser address line and press Enter. An Enter Network
Password window appears.
Step 3 Enter your username in the User Name field. The default username is Cisco.
Step 4 Enter the access point password in the Password field and press Enter. The default password is Cisco.
The Summary Status page appears.
Step 5 ClickSystem Software and the System Software screen appears.
Step 6 ClickSystem Configuration and the System Configuration screen appears.
Step 7 Click the Reset toDefaults button.
Note If the access point is configured with a static IP address, the IP address does not change.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
33/373
2-3
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Obtaining and Assigning an IP Address
Obtaining and Assigning an IP AddressTo browse to the access points Express Setup page, you must either obtain or assign the access points
IP address using one of the following methods:
Use default address 10.0.0.1 when you connect to the access point locally. For detailed instructions,
see the Connecting to the 1100 Series Access Point Locally section on page 2-4.
If you have a 350 or a 1200 series access point, connect to the access point console port and assign
a static IP address. Follow the steps in theConnecting to the 350 Series Access Point Locally
section on page 2-3 or in the Connecting to the 1200 Series Access Point Locally section on
page 2-5 to connect to the console port.
Use a DHCP server (if available) to automatically assign an IP address. You can find out the
DHCP-assigned IP address using one of the following methods:
If you have a 350 or a 1200 series access point, connect to the access point console port and use
the show ip interface briefcommand to display the IP address. Follow the steps intheConnecting to the 350 Series Access Point Locally section on page 2-3 or in the
Connecting to the 1200 Series Access Point Locally section on page 2-5 to connect to the
console port. Provide your organizations network administrator with your access points Media Access
Control (MAC) address. Your network administrator will query the DHCP server using the
MAC address to identify the IP address. The access points MAC address is on label attached
to the bottom of the access point.
Use the Cisco IP Setup Utility (IPSU) to identify the assigned address. You can also use IPSU
to assign an IP address to the access point if it did not receive an IP address from the DHCP
server. IPSU runs on most Microsoft Windows operating systems: Windows 9x, 2000, Me, NT,
and XP.
You can download IPSU from the Software Center on Cisco.com. Click this link to browse to
the Software Center:
http://www.cisco.com/public/sw-center/sw-wireless.shtml
Connecting to the 350 Series Access Point LocallyIf you need to configure the access point locally (without connecting the access point to a wired LAN),
you can connect a PC to its RS-232 console port using a nine-pin, male-to-female, straight-through serial
cable. Follow these steps to open the CLI by connecting to the access point console port:
Step 1 Connect a nine-pin, male-to-female, straight-through DB-9 serial cable to the RS-232 serial port on the
access point and to the COM port on a computer. Figure 2-3 shows the serial port connection.
http://www.cisco.com/public/sw-center/sw-wireless.shtmlhttp://www.cisco.com/public/sw-center/sw-wireless.shtml -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
34/373
2-4
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Connecting to the 1100 Series Access Point Locally
Figure 2-1 Connecting the Serial Cable (Access Point with Plastic Case)
Figure 2-2 Connecting the Serial Cable (Access Point with Metal Case)
Step 2 Set up a terminal emulator to communicate with the access point. Use the following settings for the
terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and Xon/Xoff flow control.
Connecting to the 1100 Series Access Point LocallyIf you need to configure the access point locally (without connecting the access point to a wired LAN),
you can connect a PC to its Ethernet port using a Category 5 Ethernet cable. You can use a local
connection to the Ethernet port much as you would use a serial port connection.
Note You do not need a special crossover cable to connect your PC to the access point; you can useeither a straight-through cable or a crossover cable.
If the access point is configured with default values and not connected to a DHCP server or cannot obtain
an IP address, it defaults to IP address 10.0.0.1 and becomes a mini-DHCP server. In that capacity, the
access point provides up to twenty IP addresses between 10.0.0.11 and 10.0.0.30 to the following
devices:
An Ethernet-capable PC connected to its Ethernet port
ETHERNET
SERIAL
SERIAL
5VDC
9-pin serial extensioncable to PC COM port
RS-232
CISC
OAI
RONE
T35
0SE
RIES
WI
RELE
SSA
CCE
SS
POI
NT
ETHE
RNETA
CTIV
ITY
ASSO
CIAT
ION
STAT
US
RAD
IOA
CTIV
ITY
SERIALPORT
ONLINE POWERETHERNET
LEFT
RIGHT/PRIMARY
SERIALPORT
5VDC
9-pin serial extensioncable to PC COM port
RS-232
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
35/373
2-5
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Connecting to the 1200 Series Access Point Locally
Wireless client devices configured to use either no SSID or tsunami as the SSID, and with all
security settings disabled
The mini-DHCP server feature is disabled automatically when you assign a static IP address to the access
point.
Caution When an access point with default settings is connected on a wired LAN and does not receive an IP
address from a DHCP server, the access point provides an IP address to any DHCP requests it receives
Follow these steps to connect to the access point locally:
Step 1 Make sure that the PC you intend to use is configured to obtain an IP address automatical ly, or manually
assign it an IP address from 10.0.0.2 to 10.0.0.10. Connect your PC to the access point using a Category
5 Ethernet cable. You can use either a crossover cable or a straight-through cable.
Step 2 Power up the access point.
Step 3 Follow the steps in the Assigning Basic Settings section on page 2-6. If you make a mistake and need
to start over, follow the steps in the Resetting the Access Point to Default Settings section on page 2-2
Step 4 After configuring the access point, remove the Ethernet cable from your PC and connect the access point
to your wired LAN.
Note When you connect your PC to the access point or reconnect your PC to the wired LAN, you might need
to release and renew the IP address on the PC. On most PCs, you can perform a release and renew by
rebooting your PC or by entering ipconfig /release and ipconfig /renew commands in a commandprompt window. Consult your PC operating instructions for detailed instructions.
Connecting to the 1200 Series Access Point LocallyIf you need to configure the access point locally (without connecting the access point to a wired LAN),
you can connect a PC to its console port using a DB-9 to RJ-45 serial cable. Follow these steps to open
the CLI by connecting to the access point console port:
Step 1 Connect a nine-pin, female DB-9 to RJ-45 serial cable to the RJ-45 serial port on the access point and
to the COM port on a computer. Figure 2-3shows the serial port connection.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
36/373
2-6
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Assigning Basic Settings
Figure 2-3 Connecting the Serial Cable
Note The Cisco part number for the DB-9 to RJ-45 serial cable is AIR-CONCAB1200. Browse to
http://www.cisco.com/go/marketplace to order a serial cable.
Step 2 Set up a terminal emulator to communicate with the access point. Use the following settings for the
terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control.
Assigning Basic SettingsAfter you determine or assign the access points IP address, you can browse to the access points Express
Setup page and perform an initial configuration:
Step 1 Open your Internet browser. You must use Microsoft Internet Explorer (version 5.x or later) or NetscapeNavigator (version 4.x).
Step 2 Enter the access points IP address in the browser address line and press Enter. An Enter Network
Password screen appears.
Step 3 Press Tab to bypass the Username field and advance to the Password field.
Step 4 Enter the case-sensitive password Cisco and press Enter. The Summary Status page appears. Figure 2-4shows the Summary Status page.
RJ-45 serialconnector
DB-9 to RJ-45serial cable
74005
http://www.cisco.com/go/marketplacehttp://www.cisco.com/go/marketplace -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
37/373
2-7
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Assigning Basic Settings
Figure 2-4 Summary Status Page
Step 5 ClickExpress Setup. The Express Setup screen appears. Figure 2-5 shows the Express Setup page.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
38/373
2-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Assigning Basic Settings
Figure 2-5 Express Setup Page
Step 6 Enter the configuration settings you obtained from your system administrator. The configurable settings
include:
System Name The system name, while not an essential setting, helps identify the access point on
your network. The system name appears in the titles of the management system pages.
Note When you change the system name, the access point resets the radios, causing associated
client devices to disassociate and quickly reassociate.
Configuration Server ProtocolClick on the button that matches the networks method of IPaddress assignment.
DHCPIP addresses are automatically assigned by your networks DHCP server.
Static IPThe access point uses a static IP address that you enter in the IP address field.
IP AddressUse this setting to assign or change the access points IP address. If DHCP is enabledfor your network, leave this field blank.
Note If the access points IP address changes while you are configuring the access point using theweb-browser interface or a Telnet session over the wired LAN, you lose your connection to the
access point. If you lose your connection, reconnect to the access point using its new IP address.
Follow the steps in the Resetting the Access Point to Default Settings section on page 2-2if
you need to start over.
IP Subnet MaskEnter the IP subnet mask provided by your network administrator so the IPaddress can be recognized on the LAN. If DHCP is enabled, leave this field blank.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
39/373
2-9
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Assigning Basic Settings
Default GatewayEnter the default gateway IP address provided by your network administrator.
If DHCP is enabled, leave this field blank.
Radio Service Set ID (SSID)Enter the case-sensitive SSID (32 alphanumeric characters
maximum) provided by your network administrator. The SSID is a unique identifier that client
devices use to associate with the access point.
Broadcast SSID in BeaconUse this setting to allow devices that do not specify an SSID toassociate with the access point.
YesThis is the default setting; it allows devices that do not specify an SSID to associate withthe access point.
NoDevices must specify an SSID to associate with the access point. With No selected, the
SSID used by the client devices must match exactly the access point s SSID.
Role in Radio NetworkClick on the button that describes the role of the access point on your
network. Select Access Point (Root) if your access point is connected to the wired LAN. Select
Repeater (Non-Root) if it is not connected to the wired LAN.
Optimize Radio Network forUse this setting to select either preconfigured settings for the access
point radio or customized settings for the access point radio.
ThroughputMaximizes the data volume handled by the access point but might reduce itsrange.
RangeMaximizes the access points range but might reduce throughput.
CustomThe access point uses settings you enter on the Network Interfaces: Radio-802.11b
Settings page. Clicking Custom takes you to the Network Interfaces: Radio-802.11b Settingspage.
Aironet ExtensionsEnable this setting if there are only Cisco Aironet devices on your wireless
LAN.
SNMP CommunityIf your network is using SNMP, enter the SNMP Community name provided
by your network administrator and select the attributes of the SNMP data (also provided by your
network administrator).
Step 7 ClickApply to save your settings. If you changed the IP address, you lose your connection to the access
point. Browse to the new IP address to reconnect to the access point.
Your access point is now running but probably requires additional configuring to conform to your
networks operational and security requirements . Consult the chapters in this manual for the information
you need to complete the configuration.
Note You can restore the access point to its factory defaults by unplugging the power jack and
plugging it back in while holding down the Mode button for a few seconds, or until the Status
LED turns amber.
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
40/373
2-10
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Protecting Your Wireless LAN
Default Settings on the Express Setup Page
Table 2-1 lists the default settings for the settings on the Express Setup page.
Protecting Your Wireless LANAfter you assign basic settings to your access point, you must configure security settings to prevent
unauthorized access to your network. Because it is a radio device, the access point can communicate
beyond the physical boundaries of your building. Configure some combination of these security features
to protect your network from intruders:
Unique SSIDs that are not broadcast in the access point beacon (see Chapter 7, Configuring
Multiple SSIDs)
Cipher suites, WEP, and WEP features (see Chapter 9, Configuring Cipher Suites and WEP)
Dynamic WEP and client authentication (see Chapter 10, Configuring Authentication Types)
Table 2-1 Default Settings on the Express Setup Page
Setting Default
System Name ap
Configuration Server Protocol DHCP
IP Address Assigned by DHCP by default; if
DHCP is disabled, the default
setting is 10.0.0.1
IP Subnet Mask Assigned by DHCP by default; if
DHCP is disabled, the default
setting is 255.255.255.224
Default Gateway Assigned by DHCP by default; if
DHCP is disabled, the defaultsetting is 0.0.0.0
Radio Service Set ID (SSID) tsunami
Broadcast SSID in Beacon Yes1
1. When you assign multiple SSIDs, this setting no longer appears.
Role in Radio Network Access point (root)
Optimize Radio Network for Throughput
Aironet Extensions Enable
SNMP Community defaultCommunity
-
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
41/373
2-11
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configuring the Access Point for the First Time
Using the IP Setup Utility
Using the IP Setup UtilityIPSU enables you to find the access points IP address when it has been assigned by a DHCP server. You
can also use IPSU to set the access points IP address and SSID if they have not been changed from the
default settings. This section explains how to install the utility, how to use it to find the access points IP
address, and how to use it to set the IP address and the SSID.
Note IPSU can be used only on the following operating systems: Windows 95, 98, NT, 2000, ME, or XP.
Tip Another simple way to find the access points IP address is to look on the Status screen in the Aironet
Client Utility on a client device associated to the access point.
Obtaining IPSU
IPSU is available on the Cisco website. Click this link to browse to the Software Center on Cisco.com:
http://www.cisco.com/public/sw-center/sw-wireless.shtml
You can find IPSU in the Software Display Tables for access points that run Cisco IOS software.
Using IPSU to Find the Access Points IP Address
If your access point receives an IP address from a DHCP server, you can use IPSU to find its IP address.
Because IPSU sends a reverse-ARP request based on the access point MAC address, you must run IPSU
from a computer on the same subnet as the access point. Follow these steps to find the access points IP
address:
Step 1 Double-click the IPSU icon on your computer desktop to start the utility. The IPSU screen appears (see
Figure 2-6).
Figure 2-6 IPSU Get IP Address Screen
http://www.cisco.com/public/sw-center/sw-wireless.shtmlhttp://www.cisco.com/public/sw-center/sw-wireless.shtml -
7/29/2019 Configuring the Access Point for the First TimeConfiguring the Access Point for the First Time
42/373
2-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-4526-01
Chapter 2 Configur