-
Cisco Systems, Inc.www.cisco.com
Cisco has more than 200 offices worldwide. Addresses, phone
numbers, and fax numbers are listed on the Cisco website at
www.cisco.com/go/offices.
Cisco IOS Configuration Guide for Autonomous Cisco Aironet
Access PointsCisco IOS Release 15.3(3)JAB
Text Part Number: OL-31535-01
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE
ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION
OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING
PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU
ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an
adaptation of a program developed by the University of California,
Berkeley (UCB) as part of UCBs public domain version of the UNIX
operating system. All rights reserved. Copyright 1981, Regents of
the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES
AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR
TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING
OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks
of Cisco and/or its affiliates in the U.S. and other countries. To
view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are
the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and
any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in
this document are not intended to be actual addresses and phone
numbers. Any examples, command display output, network topology
diagrams, and other figures included in the document are shown for
illustrative purposes only. Any use of actual IP addresses or phone
numbers in illustrative content is unintentional and
coincidental.
Cisco IOS Configuration Guide for Autonomous Cisco Aironet
Access Points 1992-2014 Cisco Systems, Inc. All rights
reserved.
-
OL-29225-01
Workgroup BridgeCentral Unit in an A
C H A P T E R 2 Using the Web-Browser In
Using the Web-Browser 1-7
ll-Wireless Network 1-8C O N T E N T S
1
Preface xix
Audience i-xix
Purpose i-xix
Configuration Procedures and Examples i-xx
Organization i-xx
Conventions i-xxii
Related Publications i-xxii
Obtaining Documentation, Obtaining Support, and Security
Guidelines i-xxiii
C H A P T E R 1 Overview of Access Point Features 1-1
Radios in Access Points 1-1
New Features and Platforms in this Release 1-2New Access Point
Platforms Supported 1-2
Support for Cisco Aironet 3700 Series access point 1-2Support
for Cisco Aironet 2700 Series access point 1-2Support for Cisco
Aironet 1700 Series access point 1-3
New Features 1-3Multiple Port Support for Cisco Aironet 1550
Series Outdoor Access Points 1-3Automatic Configuring of the Access
Point 1-4Support for L2TPv3 1-4
Configuration and CLI Changes in this Release 1-4
Management Options 1-4
Roaming Client Devices 1-5
Network Configuration Examples 1-5Root Access Point 1-5Repeater
Access Point 1-6Bridges 1-71Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
terface 2-1
Interface for the First Time 2-2
-
Contents
Using the Management Pages in the Web-Browser Interface 2-2Using
Action Buttons 2-3Character Restrictions in Entry Fields 2-4
Enabling HTTPS for Secure Browsing 2-5Deleting an HTTPS
Certificate 2-7
Using Online User Guides 2-7
Disabling the Web-Browser Interface 2-7
C H A P T E R 3 Using the Command-Line Interface 3-1
Cisco IOS Command Modes 3-2
Getting Help 3-3
Abbreviating Commands 3-3
Using the no and Default Forms of Commands 3-4
Understanding CLI Messages 3-4
Using Command History 3-4Changing the Command History Buffer
Size 3-5Recalling Commands 3-5Disabling the Command History Feature
3-5
Using Editing Features 3-6Enabling and Disabling Editing
Features 3-6Editing Commands Through Keystrokes 3-6Editing Command
Lines that Wrap 3-7
Searching and Filtering Output of show and more Commands 3-8
Accessing the CLI 3-9Opening the CLI with Telnet 3-9Opening the
CLI with Secure Shell 3-9
C H A P T E R 4 Configuring the Access Point for the First Time
4-1
Before You Start 4-1Resetting the Device to Default Settings
4-2
Resetting to Default Settings Using the MODE Button 4-2Resetting
to Default Settings Using the GUI 4-2Resetting to Default Settings
Using the CLI 4-3
Logging into the Access Point 4-3
Obtaining and Assigning an IP Address 4-4Default IP Address
Behavior 4-5
Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series
Access Points Locally 4-52Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
OL-29225-01
-
Contents
Connecting to the 1550 Series Access Point Locally 4-5
Default Radio Settings 4-6
Assigning Basic Settings 4-6Default Settings on the Easy Setup
Page 4-10Understanding the Security Settings 4-11
Using VLANs 4-12Security Types for an SSID 4-12Limitations of
Security Settings 4-14
CLI Configuration Examples 4-15
Configuring System Power Settings Access Points 4-21Using the AC
Power Adapter 4-21Using a Switch Capable of IEEE 802.3af Power
Negotiation 4-21Using a Switch That Does Not Support IEEE 802.3af
Power Negotiation 4-22Using a Power Injector 4-22dot11 extension
power native Command 4-22
Support for 802.11n Performance on 1250 Series Access Points
with Standard 802.3af PoE 4-221250 Series Power Modes 4-22
Support for 802.11ac 4-23Channel Widths for 802.11ac 4-23Power
Management for 802.11ac 4-24
Assigning an IP Address Using the CLI 4-25
Using a Telnet Session to Access the CLI 4-25
Configuring the 802.1X Supplicant 4-26Creating a Credentials
Profile 4-26Applying the Credentials to an Interface or SSID
4-27
Applying the Credentials Profile to the Wired Port 4-27Applying
the Credentials Profile to an SSID Used For the Uplink 4-27Creating
and Applying EAP Method Profiles 4-28
Configuring IPv6 4-28Configuring DHCPv6 address 4-30IPv6
Neighbor Discovery 4-30Configuring IPv6 Access Lists 4-32RADIUS
Configuration 4-32IPv6 WDS Support 4-32CDPv6 Support: 4-33RA
filtering 4-34
Automatic Configuring of the Access Point 4-343Cisco IOS
Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Enabling Autoconfig 4-34
-
Contents
Prepare a Configuration Information File 4-34Enable
environmental variables 4-35Schedule the Configuration Information
File Download 4-35
Enabling Autoconfig via a Boot File 4-36Checking the Autoconfig
Status 4-36Debugging Autoconfig 4-37
C H A P T E R 5 Administrating the Access Point 5-1
Disabling the Mode Button 5-2
Preventing Unauthorized Access to Your Access Point 5-3
Protecting Access to Privileged EXEC Commands 5-3Default
Password and Privilege Level Configuration 5-4Setting or Changing a
Static Enable Password 5-4Protecting Enable and Enable Secret
Passwords with Encryption 5-6Configuring Username and Password
Pairs 5-7Configuring Multiple Privilege Levels 5-8
Setting the Privilege Level for a Command 5-9Logging Into and
Exiting a Privilege Level 5-9
Configuring Easy Setup 5-10
Configuring Spectrum Expert Mode 5-11
Controlling Access Point Access with RADIUS 5-12Default RADIUS
Configuration 5-12Configuring RADIUS Login Authentication
5-12Defining AAA Server Groups 5-14Configuring RADIUS Authorization
for User Privileged Access and Network Services 5-16Displaying the
RADIUS Configuration 5-17
Controlling Access Point Access with TACACS+ 5-17Default TACACS+
Configuration 5-17Configuring TACACS+ Login Authentication
5-17Configuring TACACS+ Authorization for Privileged EXEC Access
and Network Services 5-19Displaying the TACACS+ Configuration
5-19
Configuring Ethernet Speed and Duplex Settings 5-20
Configuring the Access Point for Wireless Network Management
5-20
Configuring the Access Point for Local Authentication and
Authorization 5-21
Configuring the Authentication Cache and Profile 5-22
Configuring the Access Point to Provide DHCP Service 5-244Cisco
IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-29225-01
Setting up the DHCP Server 5-24
-
Contents
Monitoring and Maintaining the DHCP Server Access Point 5-26Show
Commands 5-26Clear Commands 5-26Debug Command 5-27
Configuring the Access Point for Secure Shell 5-27Understanding
SSH 5-27Configuring SSH 5-27Support for Secure Copy Protocol
5-28
Configuring Client ARP Caching 5-28Understanding Client ARP
Caching 5-28
Optional ARP Caching 5-29Configuring ARP Caching 5-29
Managing the System Time and Date 5-29Understanding Simple
Network Time Protocol 5-30Configuring SNTP 5-30Configuring Time and
Date Manually 5-30
Setting the System Clock 5-31Displaying the Time and Date
Configuration 5-32Configuring the Time Zone 5-32Configuring Summer
Time (Daylight Saving Time) 5-33
Defining HTTP Access 5-35
Configuring a System Name and Prompt 5-35Default System Name and
Prompt Configuration 5-35Configuring a System Name
5-36Understanding DNS 5-36
Default DNS Configuration 5-37Setting Up DNS 5-37Displaying the
DNS Configuration 5-38
Creating a Banner 5-38Default Banner Configuration
5-38Configuring a Message-of-the-Day Login Banner 5-38Configuring a
Login Banner 5-40
Upgrading Autonomous Cisco Aironet Access Points to Lightweight
Mode 5-41
C H A P T E R 6 Configuring Radio Settings 6-1
Enabling the Radio Interface 6-2
Configuring the Role in Radio Network 6-3Universal Workgroup
Bridge Mode 6-65Cisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-29225-01
Point-to-point and Multi Point bridging support for 802.11n
platforms 6-6
-
Contents
Configuring Dual-Radio Fallback 6-7Radio Tracking 6-8Fast
Ethernet Tracking 6-8MAC-Address Tracking 6-8
Configuring Radio Data Rates 6-9Access Points Send Multicast and
Management Frames at Highest Basic Rate 6-9
Configuring MCS Rates 6-12
Configuring Radio Transmit Power 6-13Limiting the Power Level
for Associated Client Devices 6-15
Configuring Radio Channel Settings 6-15Channel Widths for
802.11n 6-16Dynamic Frequency Selection 6-17
Radar Detection on a DFS Channel 6-19CLI Commands 6-19
Confirming that DFS is Enabled 6-19Configuring a Channel
6-20Blocking Channels from DFS Selection 6-20
Setting the 802.11n Guard Interval 6-21
Enabling and Disabling World Mode 6-22
Disabling and Enabling Short Radio Preambles 6-22
Configuring Transmit and Receive Antennas 6-23
Enabling and Disabling Gratuitous Probe Response 6-25
Disabling and Enabling Aironet Extensions 6-25
Configuring the Ethernet Encapsulation Transformation Method
6-26
Enabling and Disabling Reliable Multicast to Workgroup Bridges
6-27
Enabling and Disabling Public Secure Packet Forwarding
6-29Configuring Protected Ports 6-30
Configuring the Beacon Period and the DTIM 6-31
Configure RTS Threshold and Retries 6-31
Configuring the Maximum Data Packet Retries 6-32
Configuring the Fragmentation Threshold 6-33
Enabling Short Slot Time for 802.11g Radios 6-33
Performing a Carrier Busy Test 6-34
Configuring VoIP Packet Handling 6-34
Configuring ClientLink 6-37Using the CLI to Configure ClientLink
6-386Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-29225-01
Debugging Radio Functions 6-38
-
Contents
802.11r Configuration 6-39
C H A P T E R 7 Configuring Multiple SSIDs 7-1
Understanding Multiple SSIDs 7-2
Configuring Multiple SSIDs 7-3Creating an SSID Globally 7-3
Viewing SSIDs Configured Globally 7-5Using a RADIUS Server to
Restrict SSIDs 7-5
Configuring Multiple Basic SSIDs 7-6Requirements for Configuring
Multiple BSSIDs 7-6Guidelines for Using Multiple BSSIDs
7-6Configuring Multiple BSSIDs 7-7
CLI Configuration Example 7-8Displaying Configured BSSIDs
7-8
Assigning IP Redirection for an SSID 7-8Guidelines for Using IP
Redirection 7-9Configuring IP Redirection 7-10
Including SSIDL IE in an SSID Beacon 7-10
NAC Support for MBSSID 7-11Configuring NAC for MBSSID 7-13
C H A P T E R 8 Configuring Spanning Tree Protocol 8-1
Understanding Spanning Tree Protocol 8-2STP Overview 8-2Access
Point/Bridge Protocol Data Units 8-3Election of the Spanning-Tree
Root 8-4Spanning-Tree Timers 8-4Creating the Spanning-Tree Topology
8-5Spanning-Tree Interface States 8-5
Blocking State 8-6Listening State 8-7Learning State
8-7Forwarding State 8-7Disabled State 8-7
Configuring STP Features 8-8Default STP Configuration
8-8Configuring STP Settings 8-9STP Configuration Examples
8-107Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-29225-01
Root Bridge Without VLANs 8-10
-
Contents
Non-Root Bridge Without VLANs 8-11Root Bridge with VLANs
8-12Non-Root Bridge with VLANs 8-14
Displaying Spanning-Tree Status 8-16
C H A P T E R 9 Configuring an Access Point as a Local
Authenticator 9-1
Understanding Local Authentication 9-2
Configuring a Local Authenticator 9-2Guidelines for Local
Authenticators 9-3Configuration Overview 9-3Configuring the Local
Authenticator Access Point 9-3Configuring Other Access Points to
Use the Local Authenticator 9-6Configuring EAP-FAST Settings
9-7
Configuring PAC Settings 9-7Configuring an Authority ID
9-8Configuring Server Keys 9-8Possible PAC Failures Caused by
Access Point Clock 9-8
Limiting the Local Authenticator to One Authentication Type
9-9Unblocking Locked Usernames 9-9Viewing Local Authenticator
Statistics 9-9Using Debug Messages 9-10
C H A P T E R 10 Configuring WLAN Authentication and Encryption
10-1
Understanding Authentication and Encryption Mechanisms 10-2
Understanding Encryption Modes 10-6
Configuring Encryption Modes 10-7Creating Static WEP Keys
10-8
WEP Key Restrictions 10-9Example WEP Key Setup 10-9
Enabling Cipher Suites 10-10Matching Cipher Suites with WPA or
CCKM 10-11
Enabling and Disabling Broadcast Key Rotation 10-13
C H A P T E R 11 Configuring Authentication Types 11-1
Understanding Authentication Types 11-2Open Authentication to
the Access Point 11-2WEP Shared Key Authentication to the Access
Point 11-3EAP Authentication to the Network 11-48Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
MAC Address Authentication to the Network 11-5
-
Contents
Combining MAC-Based, EAP, and Open Authentication 11-6Using CCKM
for Authenticated Clients 11-6Using WPA Key Management 11-7
Configuring Authentication Types 11-9Assigning Authentication
Types to an SSID 11-9
Configuring WPA Migration Mode for Legacy WEP SSIDs
11-13Configuring Additional WPA Settings 11-14Configuring MAC
Authentication Caching 11-15
Configuring Authentication Holdoffs, Timeouts, and Intervals
11-16Creating and Applying EAP Method Profiles for the 802.1X
Supplicant 11-17
Creating an EAP Method Profile 11-18Applying an EAP Profile to
the Fast Ethernet Interface 11-18Applying an EAP Profile to an
Uplink SSID 11-20
Matching Access Point and Client Device Authentication Types
11-20
Guest Access Management 11-23Guest Account Creation
11-24Customized Guest Access Pages 11-25
C H A P T E R 12 Configuring WDS, Fast Secure Roaming, Radio
Management, and Wireless Intrusion Detection Services 12-1
Understanding WDS 12-2Role of the WDS Device 12-2Role of Access
Points Using the WDS Device 12-3
Understanding Fast Secure Roaming 12-3
Understanding Wireless Intrusion Detection Services 12-4
Configuring WDS 12-5Guidelines for WDS 12-6Requirements for WDS
12-6Configuration Overview 12-6Configuring Access Points as
Potential WDS Devices 12-7
CLI Configuration Example 12-9Configuring Access Points to use
the WDS Device 12-10
CLI Configuration Example 12-11Configuring the Authentication
Server to Support WDS 12-12Configuring WDS Only Mode 12-14Viewing
WDS Information 12-15Using Debug Messages 12-16
Configuring Fast Secure Roaming 12-179Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Requirements for Fast Secure Roaming 12-17
-
Contents
Configuring Access Points to Support Fast Secure Roaming
12-18CLI Configuration Example 12-20Support for 802.11r 12-20
Configuring Management Frame Protection 12-21Management Frame
Protection 12-21Client MFP Overview 12-21Client MFP For Access
Points in Root mode 12-22Configuring Client MFP 12-23Protection of
Management Frames with 802.11w 12-24
Configuring Radio Management 12-25CLI Configuration Example
12-25
Configuring Access Points to Participate in WIDS
12-26Configuring the Access Point for Scanner Mode 12-26Configuring
the Access Point for Monitor Mode 12-26Displaying Monitor Mode
Statistics 12-27Configuring Monitor Mode Limits 12-28
Configuring an Authentication Failure Limit 12-28
C H A P T E R 13 Configuring RADIUS and TACACS+ Servers 13-1
Configuring and Enabling RADIUS 13-1Understanding RADIUS
13-2RADIUS Operation 13-2Configuring RADIUS 13-4
Default RADIUS Configuration 13-4Identifying the RADIUS Server
Host 13-5Configuring RADIUS Login Authentication 13-7Defining AAA
Server Groups 13-9Configuring RADIUS Authorization for User
Privileged Access and Network Services 13-11Configuring Packet of
Disconnect 13-12Selecting the CSID Format 13-13Starting RADIUS
Accounting 13-14Configuring Settings for All RADIUS Servers
13-15Configuring the Access Point to Use Vendor-Specific RADIUS
Attributes 13-16Configuring the Access Point for Vendor-Proprietary
RADIUS Server Communication 13-17Configuring WISPr RADIUS
Attributes 13-18
Displaying the RADIUS Configuration 13-19RADIUS Attributes Sent
by the Access Point 13-20
Configuring and Enabling TACACS+ 13-2310Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Understanding TACACS+ 13-23
-
Contents
TACACS+ Operation 13-24Configuring TACACS+ 13-24
Default TACACS+ Configuration 13-25Identifying the TACACS+
Server Host and Setting the Authentication Key 13-25Configuring
TACACS+ Login Authentication 13-26Configuring TACACS+ Authorization
for Privileged EXEC Access and Network Services 13-27Starting
TACACS+ Accounting 13-28
Displaying the TACACS+ Configuration 13-29
C H A P T E R 14 Configuring VLANs 14-1
Understanding VLANs 14-2Incorporating Wireless Devices into
VLANs 14-3
Configuring VLANs 14-4Configuring a VLAN 14-5Assigning Names to
VLANs 14-7
Guidelines for Using VLAN Names 14-7Creating a VLAN Name
14-7
Using a RADIUS Server to Assign Users to VLANs 14-8Viewing VLANs
Configured on the Access Point 14-8
VLAN Configuration Example 14-10
C H A P T E R 15 Configuring QoS 15-1
Understanding QoS for Wireless LANs 15-2QoS for Wireless LANs
Versus QoS on Wired LANs 15-2Impact of QoS on a Wireless LAN
15-2Precedence of QoS Settings 15-3Using Wi-Fi Multimedia Mode
15-4Using Band Select 15-5
Configuring QoS 15-6Configuration Guidelines 15-6Configuring QoS
Using the Web-Browser Interface 15-7The QoS Policies Advanced Page
15-10
QoS Element for Wireless Phones 15-10IGMP Snooping 15-11AVVID
Priority Mapping 15-11WiFi Multimedia (WMM) 15-11Rate Limiting
15-12
Adjusting Radio Access Categories 15-1211Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Configuring Nominal Rates 15-13
-
Contents
Optimized Voice Settings 15-14
C H A P T E R 16 Configuring Filters 16-1
Understanding Filters 16-2
Configuring Filters Using the CLI 16-2
Configuring Filters Using the Web-Browser Interface
16-3Configuring and Enabling MAC Address Filters 16-3
Creating a MAC Address Filter 16-4Using MAC Address ACLs to
Block or Allow Client Association to the Access Point 16-6
Configuring MAC Address Authentication 16-8Determining the
source of MAC Authentication 16-9Configuring the SSID for MAC
Authentication 16-11
Creating a Time-Based ACL 16-12ACL Logging 16-13
Configuring and Enabling IP Filters 16-13Creating an IP Filter
16-14
Configuring and Enabling EtherType Filters 16-15Creating an
EtherType Filter 16-16
C H A P T E R 17 Configuring CDP 17-1
Understanding CDP 17-2
Configuring CDP 17-2Default CDP Configuration 17-2Configuring
the CDP Characteristics 17-2Disabling and Enabling CDP
17-3Disabling and Enabling CDP on an Interface 17-4
Monitoring and Maintaining CDP 17-5
Enabling CDP Logging 17-7
C H A P T E R 18 Configuring SNMP 18-1
Understanding SNMP 18-2SNMP Versions 18-2SNMP Manager Functions
18-3SNMP Agent Functions 18-4SNMP Community Strings 18-4Using SNMP
to Access MIB Variables 18-4
Configuring SNMP 18-512Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
OL-29225-01
Default SNMP Configuration 18-5
-
Contents
Enabling the SNMP Agent 18-6Configuring Community Strings
18-6Specifying SNMP-Server Group Names 18-8Configuring SNMP-Server
Hosts 18-8Configuring SNMP-Server Users 18-8Configuring Trap
Managers and Enabling Traps 18-8Setting the Agent Contact and
Location Information 18-10Using the snmp-server view Command
18-11SNMP Examples 18-11
Displaying SNMP Status 18-12
C H A P T E R 19 Configuring Repeater and Standby Access Points
and Workgroup Bridge Mode 19-1
Understanding Repeater Access Points 19-2
Configuring a Repeater Access Point 19-3Default Configuration
19-4Guidelines for Repeaters 19-4Setting Up a Repeater 19-5
Aligning Antennas 19-6Verifying Repeater Operation 19-7Setting
Up a Repeater As a WPA2 Client 19-7Setting Up a Repeater As a
EAP-FAST Client 19-8
Understanding Hot Standby 19-9
Configuring a Hot Standby Access Point 19-10Verifying Standby
Operation 19-12
Understanding Workgroup Bridge Mode 19-13Treating Workgroup
Bridges as Infrastructure Devices or as Client Devices
19-14Configuring a Workgroup Bridge for Roaming 19-15Configuring a
Workgroup Bridge for Limited Channel Scanning 19-16
Configuring the Limited Channel Set 19-16Ignoring the CCX
Neighbor List 19-16
Configuring a Client VLAN 19-17
Workgroup Bridge VLAN Tagging 19-17
Configuring Workgroup Bridge Mode 19-17
Using Workgroup Bridges in a Lightweight Environment
19-21Guidelines for Using Workgroup Bridges in a Lightweight
Environment 19-22
Sample Workgroup Bridge Association Verification 19-23Enabling
VideoStream Support on Workgroup Bridges 19-2313Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
-
Contents
C H A P T E R 20 Managing Firmware and Configurations 20-1
Working with the Flash File System 20-1Displaying Available File
Systems 20-2Setting the Default File System 20-3Displaying
Information About Files on a File System 20-4Changing Directories
and Displaying the Working Directory 20-4Creating and Removing
Directories 20-4Copying Files 20-5Deleting Files 20-6Creating,
Displaying, and Extracting tar Files 20-6
Creating a tar File 20-6Displaying the Contents of a tar File
20-7Extracting a tar File 20-8
Displaying the Contents of a File 20-8
Working with Configuration Files 20-8Guidelines for Creating and
Using Configuration Files 20-9Configuration File Types and Location
20-10Creating a Configuration File by Using a Text Editor
20-10Copying Configuration Files by Using TFTP 20-10
Preparing to Download or Upload a Configuration File by Using
TFTP 20-11Downloading the Configuration File by Using TFTP
20-11Uploading the Configuration File by Using TFTP 20-11
Copying Configuration Files by Using FTP 20-12Preparing to
Download or Upload a Configuration File by Using FTP
20-13Downloading a Configuration File by Using FTP 20-13Uploading a
Configuration File by Using FTP 20-14
Copying Configuration Files by Using RCP 20-15Preparing to
Download or Upload a Configuration File by Using RCP
20-16Downloading a Configuration File by Using RCP 20-16Uploading a
Configuration File by Using RCP 20-17
Clearing Configuration Information 20-18Deleting a Stored
Configuration File 20-18
Working with Software Images 20-18Image Location on the Access
Point 20-19tar File Format of Images on a Server or Cisco.com
20-19Copying Image Files by Using TFTP 20-20
Preparing to Download or Upload an Image File by Using TFTP
20-20Downloading an Image File by Using TFTP 20-2014Cisco IOS
Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Uploading an Image File by Using TFTP 20-22
-
Contents
Copying Image Files by Using FTP 20-22Preparing to Download or
Upload an Image File by Using FTP 20-23Downloading an Image File by
Using FTP 20-24Uploading an Image File by Using FTP 20-26
Copying Image Files by Using RCP 20-27Preparing to Download or
Upload an Image File by Using RCP 20-27Downloading an Image File by
Using RCP 20-29Uploading an Image File by Using RCP 20-31
Reloading the Image Using the Web Browser Interface 20-32Browser
HTTP Interface 20-32Browser TFTP Interface 20-33
C H A P T E R 21 Configuring L2TPv3 Over UDP/IP 21-1
Prerequisites 21-1
Configuring L2TP Class 21-2
Configuring Pseudowire Class 21-3
Relationship between L2TP Class and Pseudowire Class 21-4
Configuring the Tunnel interface 21-4
Configure Tunnel management Interface 21-4
Mapping SSID to the Tunnel/Xconnect 21-5
Configuring TCP mss adjust 21-6
Configuring UDP checksum 21-6
C H A P T E R 22 Configuring System Message Logging 22-1
Understanding System Message Logging 22-2
Configuring System Message Logging 22-2System Log Message Format
22-2Default System Message Logging Configuration 22-3Disabling and
Enabling Message Logging 22-4Setting the Message Display
Destination Device 22-5Enabling and Disabling Timestamps on Log
Messages 22-6Enabling and Disabling Sequence Numbers in Log
Messages 22-6Defining the Message Severity Level 22-7Limiting
Syslog Messages Sent to the History Table and to SNMP 22-8Setting a
Logging Rate Limit 22-9Configuring the System Logging Facility
22-10
Displaying the Logging Configuration 22-1115Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
-
Contents
C H A P T E R 23 Troubleshooting 23-1
Checking the LED Indicators 23-2
Checking Power 23-2
Low Power Condition 23-2
Checking Basic Settings 23-3SSID 23-3WEP Keys 23-3Security
Settings 23-3
Resetting to the Default Configuration 23-4Using the MODE Button
23-4Using the Web Browser Interface 23-5Using the CLI 23-5
Reloading the Access Point Image 23-6Using the MODE button
23-7Using the Web Browser Interface 23-7
Browser HTTP Interface 23-8Browser TFTP Interface 23-8
Using the CLI 23-9Obtaining the Access Point Image File
23-11Obtaining TFTP Server Software 23-11
Image Recovery on the 1520 Access Point 23-11
A P P E N D I X A Protocol Filters A-1
A P P E N D I X B Supported MIBs B-1
MIB List B-1
Using FTP to Access the MIB Files B-2
A P P E N D I X C Error and Event Messages C-1
Conventions C-2
Software Auto Upgrade Messages C-3
Association Management Messages C-5
Unzip Messages C-6
System Log Messages C-7
802.11 Subsystem Messages C-8
Inter-Access Point Protocol Messages C-2116Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Local Authenticator Messages C-21
-
Contents
WDS Messages C-24
Mini IOS Messages C-25
Access Point/Bridge Messages C-26
Cisco Discovery Protocol Messages C-26
External Radius Server Error Messages C-26
LWAPP Error Messages C-27
Sensor Messages C-28
SNMP Error Messages C-29
SSH Error Messages C-30
G L O S S A R Y17Cisco IOS Software Configuration Guide for
Cisco Aironet Access Points
OL-29225-01
-
Contents 18Cisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-29225-01
-
Preface
AudienceThis guide is for the networking professional who
installs and manages Cisco Aironet Access Points in Autonomous
mode. To use this guide, you should have experience working with
the Cisco IOS software and be familiar with the concepts and
terminology of wireless local area networks.The guide covers Cisco
IOS Releases 15.3(3)JAB. The following access point platforms are
supported:
AP 802 AP 1040 AP 1140 AP 1260 AP 1530 AP 1550 AP 1600 AP 1700
AP 2600 AP 2700 AP 3500 AP 3600 AP 3700
Note This guide does not cover lightweight access points.
Configuration for these devices can be found in the appropriate
installation and configuration guides on Cisco.com.-xixCisco IOS
Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
PurposeThis guide provides the information you need to install
and configure your access point. This guide provides procedures for
using the Cisco IOS software commands that have been created or
changed for use with the access point. It does not provide detailed
information about these commands. For detailed information about
these commands, refer to the Cisco IOS Command Reference for Cisco
Aironet Access
-
Configuration Procedures and ExamplesPoints and Bridges for this
release. For information about the standard Cisco IOS software
commands, refer to the Cisco IOS software documentation set
available from the Cisco.com home page at Support >
Documentation. This guide also includes an overview of the access
point web-based interface (APWI), which contains all the
functionality of the command-line interface (CLI). This guide does
not provide field-level descriptions of the APWI windows nor does
it provide the procedures for configuring the access point from the
APWI. For all APWI window descriptions and procedures, refer to the
access point online help, which is available from the Help buttons
on the APWI pages.
Configuration Procedures and ExamplesThe procedures and examples
given in this guide have been documented as seen on the Cisco
Aironet 3600 Series Access Points.To view the latest configuration
examples, visit Cisco Tech Zone(https://techzone.cisco.com). In the
Tech Zone Navigator, browse to Wireless LAN > Autonomous APs
(IOS) - Knowledge base for Autonomous (IOS) Wireless
Deployments.
Note You need to have an account on Cisco.com to access Cisco
Tech Zone. If you do not have an account, you can create one by
clicking Register Now on the Log In page.
OrganizationThis guide is organized into these chapters:Chapter
1, Overview of Access Point Features, lists the software and
hardware features of the access point and describes the access
point role in your network.Chapter 2, Using the Web-Browser
Interface, describes how to use the web-browser interface to
configure the access point.Chapter 3, Using the Command-Line
Interface, describes how to use the command-line interface (CLI) to
configure the access point.
Chapter 4, Configuring the Access Point for the First
Time,describes how to configure basic settings on a new access
point.Chapter 5, Administrating the Access Point, describes how to
perform one-time operations to administer your access point, such
as preventing unauthorized access to the access point, setting the
system date and time, and setting the system name and
prompt.Chapter 6, Configuring Radio Settings, describes how to
configure settings for the access point radio such as the role in
the radio network, transmit power, channel settings, and
others.Chapter 7, Configuring Multiple SSIDs, describes how to
configure and manage multiple Service Set Identifiers (SSIDs) and
multiple basic SSIDs (BSSIDs) on your access point. You can
configure up to 16 SSIDs and up to eight BSSIDs on your access
point.Chapter 8, Configuring Spanning Tree Protocol,describes how
to configure Spanning Tree Protocol (STP) on your access point,
bridge, or access point operating in a bridge mode. STP prevents
bridge loops from occurring in your network.-xxCisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
OrganizationChapter 9, Configuring an Access Point as a Local
Authenticator, describes how to configure the access point to act
as a local RADIUS server for your wireless LAN. If the WAN
connection to your main RADIUS server fails, the access point acts
as a backup server to authenticate wireless devices.Chapter 10,
Configuring WLAN Authentication and Encryption, describes how to
configure the cipher suites required to use authenticated key
management, Wired Equivalent Privacy (WEP), and WEP features
including MIC, CMIC, TKIP, CKIP, and broadcast key rotation.Chapter
11, Configuring Authentication Types, describes how to configure
authentication types on the access point. Client devices use these
authentication methods to join your network.Chapter 12, Configuring
WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion
Detection Services, describes how to configure the access point to
participate in WDS, to allow fast reassociation of roaming client
services, and to participate in radio management.Chapter 13,
Configuring RADIUS and TACACS+ Servers, describes how to enable and
configure the RADIUS and Terminal Access Controller Access Control
System Plus (TACACS+), which provide detailed accounting
information and flexible administrative control over authentication
and authorization processes.
Chapter 14, Configuring VLANs, describes how to configure your
access point to interoperate with the VLANs set up on your wired
LAN. Chapter 15, Configuring QoS, describes how to configure and
manage MAC address, IP, and EtherType filters on the access point
using the web-browser interface.Chapter 16, Configuring Filters,
describes how to configure and manage MAC address, IP, and
EtherType filters on the access point using the web-browser
interface.Chapter 17, Configuring CDP, describes how to configure
Cisco Discovery Protocol (CDP) on your access point. CDP is a
device-discovery protocol that runs on all Cisco network
equipment.Chapter 18, Configuring SNMP, describes how to configure
the Simple Network Management Protocol (SNMP) on your access point.
Chapter 19, Configuring Repeater and Standby Access Points and
Workgroup Bridge Mode, describes how to configure your access point
as a hot standby unit or as a repeater unit. Chapter 20, Managing
Firmware and Configurations, describes how to manipulate the Flash
file system, how to copy configuration files, and how to archive
(upload and download) software images.Chapter 21, Configuring
L2TPv3 Over UDP/IP, describes how to configure the Layer 2
Tunneling Protocol (L2TPv3), which is a tunneling protocol that
enables tunneling of Layer 2 packets over IP core networks.
Chapter 22, Configuring System Message Logging, describes how to
configure system message logging on your access point.Chapter 23,
Troubleshooting,provides troubleshooting procedures for basic
problems with the access point.Appendix A, Protocol Filters, lists
some of the protocols that you can filter on the access point.
Appendix B, Supported MIBs, lists the Simple Network Management
Protocol (SNMP) Management Information Bases (MIBs) that the access
point supports for this software release.Appendix C, Error and
Event Messages, lists the CLI error and event messages and provides
an explanation and recommended action for each message.-xxiCisco
IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-30644-01
-
ConventionsConventionsThis publication uses these conventions to
convey instructions and information:Command descriptions use these
conventions:
Commands and keywords are in boldface text. Arguments for which
you supply values are in italic. Square brackets ([ ]) mean
optional elements. Braces ({ }) group required choices, and
vertical bars ( | ) separate the alternative elements. Braces and
vertical bars within square brackets ([{ | }]) mean a required
choice within an optional
element.Interactive examples use these conventions:
Terminal sessions and system displays are in screen font.
Information you enter is in boldface screen font. Nonprinting
characters, such as passwords or tabs, are in angle brackets (<
>).
Notes, cautions, and timesavers use these conventions and
symbols:
Note Means reader take note. Notes contain helpful suggestions
or references to materials not contained in this manual.
Caution Means reader be careful. In this situation, you might do
something that could result equipment damage or loss of data.
Tip Means the following will help you solve a problem. The tips
information might not be troubleshooting or even an action, but
could be useful information.
Related Publications Release Notes for Cisco Aironet Access
Points and Bridges for Cisco IOS Release 15.3(3)JAB. For each of
the supported access points, the following types of guides have
been provided as
required on its respective support page on Cisco.com: Access
Point Getting Started Guide Access Point Hardware Installation
Guide (Only in cases where hardware installation is not
covered in the Getting Started Guide) Installation Instructions
for Cisco Aironet Power Injectors Access Point Deployment Guide
Cisco Aironet 802.11 a/b/g/n/ac Radio Installion and Upgrade
Instructions-xxiiCisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-30644-01
-
Obtaining Documentation, Obtaining Support, and Security
GuidelinesObtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support,
providing documentation feedback, security guidelines, and also
recommended aliases and general Cisco documents, see the monthly
Whats New in Cisco Product Documentation, which also lists all new
and revised Cisco technical documentation,
at:http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html-xxiiiCisco
IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-30644-01
-
Obtaining Documentation, Obtaining Support, and Security
Guidelines-xxivCisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-30644-01
-
Cisco IOS Software COL-30644-01
an access point can roam throughout a facility while maintaining
seamless, uninterrupted access to the network.Each access point
platform contains one, two, or tsupported by each access point
model, see the corhree radios. For more information on the radios
responding Access Point Data Sheet.C H A P T E R 1Overview of
Access Point Features
Cisco Aironet Access Points (hereafter called access points, or
abbreviated as APs) provide a secure, affordable, and easy-to-use
wireless LAN solution that combines mobility and flexibility with
the enterprise-class features required by networking professionals.
With a management system based on Cisco IOS software, Cisco Aironet
access points are Wi-Fi certified, and depending on the specific
model are 802.11a-compliant, 802.11b-compliant, 802.11g-compliant,
802.11n-compliant, and 802.11ac-compliant wireless LAN
transceivers.
Note When booting up a 1530, 1700, or a 2700 series AP for the
first time, it will boot up with a unified mode software image. To
deploy the AP in an autonomous network, use following command from
the AP console or telnet to force AP to reboot using autonomous
mode software image.capwap ap autonomousFor more information on
software images on the AP, see Working with Software Images, page
20-18.
You can configure and monitor the wireless device using the
command-line interface (CLI), the browser-based management system,
or Simple Network Management Protocol (SNMP). This chapter contains
the following sections:
Radios in Access Points, page 1-1 New Features and Platforms in
this Release, page 1-2 Management Options, page 1-4 Roaming Client
Devices, page 1-5 Network Configuration Examples, page 1-5
Radios in Access PointsAn access point serves as the connection
point between wireless and wired networks or as the center point of
a stand-alone wireless network. In large installations, wireless
users within the radio range of 1-1onfiguration Guide for Cisco
Aironet Access Points
-
Chapter 1 Overview of Access Point FeaturesNew Features and
Platforms in this ReleaseNew Features and Platforms in this
ReleaseFor full information on the new features and updates to
existing features in this release, see the Release Notes for
Autonomous Cisco Aironet Access Points and Bridges for Cisco IOS
Release 15.3(3)JA.For the full list of CLI commands supported in
this release, see the Cisco IOS Command Reference for Autonomous
Cisco Aironet Access Points and Bridges, Cisco IOS Release
15.3(3)JA.
Note The proxy Mobile-IP feature is not supported in Cisco IOS
Release 12.3(2)JA and later.
New Access Point Platforms SupportedThis release supports the
following new access point platforms:
Support for Cisco Aironet 3700 Series access point
This access point is built on 4x4:3(2.4GHz), 4x4:3(5GHz) MIMO
technology, with integrated and external antenna options, and
supports 802.11a,b,g,n,ac.
Supported models are 3700E and 3700I Supported operating modes
are:
Root
Root Bridge Non Root Bridge Workgroup Bridge Scanner Spectrum
Repeater
Support for Cisco Aironet 2700 Series access point
This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO
technology, with integrated and external antenna options, and
supports 802.11a,b,g,n,ac. This access point has both primary and
secondary gigabit Ethernet ports. The primary port is gigabit
Ethernet 0 and is the backhaul port. The primary port can be set as
trunk port. The secondary port is gigabitEthernet 1, and is the
access port. You can configure the secondary port to a VLAN ID
using the interface configuration command bridge multiple-port
client-vlan vlan-id
Supported models are 2700E and 2700I Supported operating modes
are:
Root
Root Bridge1-2Cisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesNew Features and
Platforms in this Release Non Root Bridge Workgroup Bridge Scanner
Spectrum Repeater
Support for Cisco Aironet 1700 Series access point
This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO
technology, and comes with integrated antennas, and supports
802.11a,b,g,n,ac. This access point has both primary and secondary
gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and
is the backhaul port. The primary port can be set as trunk port.
The secondary port is gigabitEthernet 1, and is the access port.
You can configure the secondary port to a VLAN ID using the
interface configuration command bridge multiple-port client-vlan
vlan-id
Supported model is 1700I Supported operating modes are:
Root
Root Bridge Non Root Bridge Workgroup Bridge Scanner Spectrum
Repeater
New Features
Multiple Port Support for Cisco Aironet 1550 Series Outdoor
Access Points
The 1550 series has four Ethernet ports PoE-In port, PoE-Out
port, Auxiliary port, and SFP Port. All four ports are supported in
the current release. This series also has an internal cable modem
in the 1552C and 1552CU models. The cable modem connects to the
Auxiliary port. You can set the PoE-In port, SFP port, or the
Auxiliary port as the primary Ethernet port. You can set the
primary Ethernet port using the configuration command: dot11
primary-ethernet-port port-number-0to3You can set the primary
Ethernet port as a trunk and handle multiple VLANs, but the
secondary ports can be set as access ports only. To configure the
vlan-id in secondary ports, use the interface configuration command
bridge multiple-port client-vlan vlan-id1-3Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesManagement
OptionsAutomatic Configuring of the Access Point
The Autoconfig feature of autonomous access points allows the AP
to download its configuration, periodically, from a Secure Copy
Protocol (SCP) server. For more information, see Automatic
Configuring of the Access Point, page 4-34
Support for L2TPv3
Layer 2 Tunneling Protocol (L2TPv3), is a tunneling protocol
that enables tunneling of Layer 2 packets over IP core networks.For
detailed information, see Chapter 21, Configuring L2TPv3 Over
UDP/IP.
Configuration and CLI Changes in this ReleaseThe following
updates and new additions have been made:
For Cisco Aironet 2700 series access points, you can configure
the secondary port to a VLAN ID using the interface configuration
command bridge multiple-port client-vlan vlan-id
For Cisco Aironet 1550 series outdoor access points: You can set
the PoE-In port, SFP port, or the Auxiliary port as the primary
Ethernet port. You
can set the primary Ethernet port using the configuration
command: dot11 primary-ethernet-port port-number-0to3
You can set the primary Ethernet port as a trunk and handle
multiple VLANs, but the secondary ports can be set as access ports
only. To configure the vlan-id in secondary ports, use the
interface configuration command bridge multiple-port client-vlan
vlan-id
Removal of WPA/TKIP ConfigurationWi-Fi certified access points
no longer support a WPA/TKIP configuration. TKIP is only allowed in
combination with WPA2/AES for backward compatibility to allow older
TKIP-only devices to associate. Authentication key-management WPA
version 1 will be changed to authentication
key-management WPA. The following message will be
displayed:Warning: WPA Version 1 no longer permitted by itself -
WPA2 has been enabled
WPA version 1 option has been removed from the authentication
key-management WPA CLI and configuring TKIP only under this
interface is not supported. It will be changed to aes-ccm tkip to
work on mixed mode with the following message on the ap
console:
Warning: TKIP encryption no longer permitted by itself - AES-CCM
has been enabled
Management OptionsYou can use the wireless device management
system through the following interfaces:
The Cisco IOS command-line interface (CLI), which you use
through a console port or Telnet session. Use the interface
dot11radio global configuration command to place the wireless
device into the radio configuration mode. Most of the examples in
this manual are taken from the CLI. 1-4Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesRoaming Client
DevicesChapter 3, Using the Command-Line Interface, provides a
detailed description of the CLI. A web-browser interface, which you
use through a Web browser. Chapter 2, Using the
Web-Browser Interface, provides a detailed description of the
web-browser interface. Simple Network Management Protocol (SNMP).
Chapter 18, Configuring SNMP, explains how to
configure the wireless device for SNMP management.
Roaming Client DevicesIf you have more than one wireless device
in your wireless LAN, wireless client devices can roam seamlessly
from one wireless device to another. The roaming functionality is
based on signal quality, not proximity. When signal quality drops
from a client, it roams to another access point. Wireless LAN users
are sometimes concerned when a client device stays associated to a
distant access point instead of roaming to a closer access point.
However, if a client signal to a distant access point remains
strong and the signal quality is high, the client will not roam to
a closer access point. Checking constantly for closer access points
would be inefficient, and the extra radio traffic would slow
throughput on the wireless LAN.
Using Cisco Centralized Key Management (CCKM) or 802.11r, with a
device providing wireless distribution system (WDS), client devices
can roam from one access point to another so quickly that there is
no perceptible delay in voice or other time-sensitive
applications.
Network Configuration ExamplesThis section describes the role of
an access point in common wireless network configurations. The
access point default configuration is as a root unit connected to a
wired LAN or as the central unit in an all-wireless network. Access
points can also be configured as repeater access points, bridges,
and workgroup bridges. These roles require specific
configurations.
Root Access PointAn access point connected directly to a wired
LAN provides a connection point for wireless users. If more than
one access point is connected to the LAN, users can roam from one
area of a facility to another without losing their connection to
the network. As users move out of range of one access point, they
automatically connect to the network (associate) through another
access point. The roaming process is seamless and transparent to
the user. Figure 1-1 shows access points acting as root units on a
wired LAN.1-5Cisco IOS Software Configuration Guide for Cisco
Aironet Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesNetwork Configuration
ExamplesFigure 1-1 Access Points as Root Units on a Wired LAN
Repeater Access PointAn access point can be configured as a
stand-alone repeater to extend the range of your infrastructure or
to overcome an obstacle that blocks radio communication. The
repeater forwards traffic between wireless users and the wired LAN
by sending packets to either another repeater or to an access point
connected to the wired LAN. The data is sent through the route that
provides the best performance for the client. Figure 1-2 shows an
access point acting as a repeater. Consult the Configuring a
Repeater Access Point section on page 19-3 for instructions on
setting up an access point as a repeater.
Note Non-Cisco client devices might have difficulty
communicating with repeater access points.
Figure 1-2 Access Point as Repeater
Access point
Access point
1354
45
Access point Repeater
1354
441-6Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesNetwork Configuration
ExamplesBridgesAccess points can be configured as root or non-root
bridges. In this role, an access point establishes a wireless link
with a non-root bridge. Traffic is passed over the link to the
wired LAN. Access points in root and non-root bridge roles can be
configured to accept associations from clients. Figure 1-3 shows an
access point configured as a root bridge with clients. Figure 1-4
shows two access points configured as a root and non-root bridge,
both accepting client associations. Consult the Configuring the
Role in Radio Network section on page 6-3 for instructions on
setting up an access point as a bridge. When wireless bridges are
used in a point-to-multipoint configuration the throughput is
reduced depending on the number of non-root bridges that associate
with the root bridge. With a link data rate at 54 Mbps, the maximum
throughput is about 25 Mbps in a point-to-point link. The addition
of three bridges to form a point-to-multipoint network reduces the
throughput to about 12.5 Mbps.
Figure 1-3 Access Point as a Root Bridge with Clients
Figure 1-4 Access Points as Root and Non-root Bridges with
Clients
Workgroup BridgeYou can configure access points as workgroup
bridges. In workgroup bridge mode, the unit associates to another
access point as a client and provides a network connection for the
devices connected to its Ethernet port. For example, if you need to
provide wireless connectivity for a group of network printers,
Root bridge Non-root bridge
1354
47
Root bridge Non-root bridge
1354
461-7Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Chapter 1 Overview of Access Point FeaturesNetwork Configuration
Examplesyou can connect the printers to a hub or to a switch,
connect the hub or switch to the access point Ethernet port, and
configure the access point as a workgroup bridge. The workgroup
bridge associates to an access point on your network. If your
access point has multiple radios, either radio can function in
workgroup bridge mode..Figure 1-5 shows an access point configured
as a workgroup bridge. Consult the Understanding Workgroup Bridge
Mode section on page 19-13 and the Configuring Workgroup Bridge
Mode section on page 19-17 for information on configuring your
access point as a workgroup bridge.
Figure 1-5 Access Point as a Workgroup Bridge
Central Unit in an All-Wireless NetworkIn an all-wireless
network, an access point acts as a stand-alone root unit. The
access point is not attached to a wired LAN; it functions as a hub
linking all stations together. The access point serves as the focal
point for communications, increasing the communication range of
wireless users. Figure 1-6 shows an access point in an all-wireless
network.
Figure 1-6 Access Point as Central Unit in All-Wireless
Network
Access pointWorkgroup bridge
1354
48
Access point
1354
431-8Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Cisco IOS Software COL-30644-01C H A P T E R 2Using the
Web-Browser Interface
This chapter describes the web-browser interface that you can
use to configure the wireless device. This chapter contains the
following sections:
Using the Web-Browser Interface for the First Time, page 2-2
Using the Management Pages in the Web-Browser Interface, page 2-2
Enabling HTTPS for Secure Browsing, page 2-5 Using Online User
Guides, page 2-7 Disabling the Web-Browser Interface, page 2-7
The web-browser interface contains management pages that you use
to change the wireless device settings, upgrade firmware, and
monitor and configure other wireless devices on the network.
Note The wireless device web-browser interface is fully
compatible with Microsoft Internet Explorer version 9.0 and Mozilla
Firefox version 17.
Note Avoid using both the CLI and the web-browser interfaces to
configure the wireless device. If you configure the wireless device
using the CLI, the web-browser interface might display an
inaccurate interpretation of the configuration. However, the
inaccuracy does not necessarily mean that the wireless device is
misconfigured. 2-1onfiguration Guide for Cisco Aironet Access
Points
-
Chapter 2 Using the Web-Browser InterfaceUsing the Web-Browser
Interface for the First TimeUsing the Web-Browser Interface for the
First TimeUse the wireless device IP address to browse to the
management system. See the Logging into the Access Point section on
page 4-3 for instructions on assigning an IP address to the
wireless device. Follow these steps to begin using the web-browser
interface:
Step 1 Start the browser.Step 2 Enter the wireless device IP
address in the address bar of the and press Enter.
The Summary Status page appears.
Using the Management Pages in the Web-Browser InterfaceThe
system management pages use consistent techniques to present and
save configuration information. You can use the navigation bar
present at the top of a page to select the main menu options.
Another navigation bar is present on the left side of the page, to
use for navigating through the sub menus. You can use the
navigation bar to browse to other management pages, and use the
configuration action buttons to save or cancel changes to the
configuration.
Note It is important to remember that clicking your web-browser
Back button returns you to the previous page without saving any
changes you have made. Clicking Cancel cancels any changes you made
in the page and keeps you on that page. Changes are only applied
when you click Apply.
Figure 2-1 shows the web-browser interface home page.2-2Cisco
IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceUsing the Management
Pages in the Web-Browser InterfaceFigure 2-1 Web-Browser Interface
Home Page
Using Action ButtonsTable 2-1 lists the page links and buttons
that appear on the management page.
Table 2-1 Buttons and Links on the Management Page
Button/Link Description
Navigation Links
Home Displays wireless device status page with information on
the number of radio devices associated to the wireless device, the
status of the Ethernet and radio interfaces, and a list of recent
wireless device activity.
Easy Setup Displays the Easy Setup page that includes basic
settings such as system name, IP address, and role in radio
network.
Network Displays a list of infrastructure devices on your
wireless LAN. Provides configuration submenus for the access point
interfaces (radio and Ethernet).
Association Displays a list of all devices on your wireless LAN,
listing their system names, network roles, and parent-client
relationships.
Wireless Displays a summary of wireless Domain services
configuration and devices, and provides links to WDS configuration
pages.
Security Displays a summary of security settings and provides
links to security configuration pages.2-3Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceUsing the Management
Pages in the Web-Browser InterfaceCharacter Restrictions in Entry
FieldsYou cannot use the following characters in the entry fields
on the web-browser interface. This is true for all access points
using Cisco IOS software.
]+/TabTrailing space
Services Displays status for several wireless device features
and links to configuration pages for Telnet/SSH, CDP, domain name
server, filters, QoS, SNMP, SNTP, and VLANs.
Management Displays a list of current guest users and provides
links to configuration pages for guest users and web authentication
pages.
Software Displays the Version number of the firmware that the
wireless device is running and provides links to configuration
pages for upgrading and managing firmware.
Event Log Displays the wireless device event log and provides
links to configuration pages where you can select events to be
included in traps, set event severity levels, and set notification
methods.
Configuration Action Buttons
Apply Saves changes made on the page and remains on the
page.Refresh Updates status information or statistics displayed on
a page.Cancel Discards changes to the page and remains on the
page.Back Discards any changes made to the page and returns to the
previous page.Logout Exits the AP configuration web interface
without saving.Ping Pings an IPv4 or IPv6 addressSave Configuration
Saves the APs current configuration to NVRAM.
Table 2-1 Buttons and Links on the Management Page
(continued)
Button/Link Description2-4Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceEnabling HTTPS for
Secure BrowsingEnabling HTTPS for Secure BrowsingYou can protect
the communication with the access point web-browser interface by
enabling HTTPS. HTTPS protects HTTP browser sessions by using the
Secure Socket Layer (SSL) protocol.
Note When you enable HTTPS, your browser might lose its
connection to the access point. If you lose the connection, change
the URL in your browser address line from http://ip_address to
https://ip_address and log into the access point again.
Note When you enable HTTPS, most browsers prompt you for
approval each time you browse to a device that does not have a
fully qualified domain name (FQDN). To avoid the approval prompts,
create an FQDN for the access point as detailed in the following
procedure.
Follow these steps to create an FQDN and enable HTTPS:
Step 1 If your browser uses popup-blocking software, disable the
popup-blocking feature.Step 2 Choose Easy Setup > Network
Configuration.
The Network Configuration page appears.Step 3 Enter a name for
the access point in the Host Name field, and then click Apply. Step
4 Choose Services > DNS page.
The Services: DNS - Domain Name Service page appears.Step 5 In
the Domain Name System (DNS) field, click the Enable radio button.
Step 6 In the Domain Name field, enter your companys domain name.
Step 7 Enter at least one IP address for your DNS server in the
Name Server IPv4/IPv6 Addresses fields.Step 8 Click Apply.
The access point FQDN is a combination of the system name and
the domain name. For example, if your system name is ap3600 and
your domain name is company.com, the FQDN is
ap3600.company.com.
Step 9 Enter the FQDN on your DNS server.
Tip If you do not have a DNS server, you can register the access
point FQDN with a dynamic DNS service. Search the Internet for
dynamic DNS to find a fee-based DNS service.
Step 10 Choose Services > HTTP.The Services: HTTP - Web
Server page is displayed.
Step 11 In the Web-based Configuration Management field, select
the Enable Secure (HTTPS) Browsing check box. 2-5Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceEnabling HTTPS for
Secure BrowsingStep 12 In the Domain Name field, enter a domain
name, and then click Apply.
Note Enabling HTTPS automatically disables HTTP. To maintain
HTTP access with HTTPS enabled, check the Enable Secure (HTTPS)
Browsing check box, and then check the Enable Standard (HTTP)
Browsing check box. Although you can enable both standard HTTP and
HTTPS, we recommend that you enable only one.
A warning appears stating that you will now use secure HTTP to
browse to the access point. The warning also displays the new URL
containing https, which you will need to use to browse to the
access point.
Step 13 In the warning box, click OK.The address in your browser
address line changes from http:// to https://.
Step 14 Another warning appears stating that the access point
security certificate was not issued by a trusted certificate
authority. However, you can ignore this warning. Click Continue to
this Website (not recommended).
Note The following steps assume that you are using Microsoft
Internet Explorer. If you are not, please refer to your browser
documentation for more information on how to access web sites using
self signed certificates.
Step 15 The access point login window appears and you must log
in to the access point again. The default username is Cisco
(case-sensitive) and the default password is Cisco
(case-sensitive).
Step 16 To display the access points security certificate, click
the Certificate error icon in the address bar. Step 17 Click View
Certificates.Step 18 In the Certificate window, click Install
Certificate.
The Microsoft Windows Certificate Import Wizard appears. Step 19
Click Next.
The next screen asks where you want to store the certificate. We
recommend that you use the default storage area on your system.
Step 20 Click Next to accept the default storage area.You have
now successfully imported the certificate.
Step 21 Click Finish. A security warning is displayed.
Step 22 Click Yes. A message box stating that the installation
is successful is displayed.
Step 23 Click OK.
CLI Configuration Example
This example shows the CLI commands that are equivalent to the
steps listed in the Enabling HTTPS for Secure Browsing section on
page 2-5:AP# configure terminalAP(config)# hostname
ap3600AP(config)# ip domain name company.comAP(config)# ip
name-server 10.91.107.18AP(config)# ip http secure-server2-6Cisco
IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceUsing Online User
GuidesAP(config)# end
In this example, the access point system name is ap3600, the
domain name is company.com, and the IP address of the DNS server is
10.91.107.18. For complete descriptions of the commands used in
this example, consult the Cisco IOS Commands Master List, Release
12.4. Click this link to browse to the master list of
commands:http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124mindx/124htnml.htm
Deleting an HTTPS CertificateThe access point generates a
certificate automatically when you enable HTTPS. However, if you
need to change the fully qualified domain name (FQDN) for an access
point, or you need to add an FQDN after enabling HTTPS, you might
need to delete the certificate. Follow these steps:
Step 1 Browse to the Services: HTTP Web Server page.Step 2
Uncheck the Enable Secure (HTTPS) Browsing check box to disable
HTTPS.Step 3 Click Delete Partial SSL certificate to delete the
certificate.Step 4 Click Apply. The access point generates a new
certificate using the new FQDN.
CLI Commands for Deleting an HTTPS Certificate
In the global configuration mode, use the following commands for
deleting an HTTPS certificate.
Using Online User GuidesIn the web-browser interface, click the
help icon at the top of the Home page to the online version of this
guide (Cisco IOS Configuration Guide for Autonomous Cisco Aironet
Access Points). You can choose view the guide online or you can
also download a PDF version of the guide for offline reference. The
online guide is periodically updated and hence will give you more
up to date information.
Disabling the Web-Browser InterfaceTo prevent all use of the
web-browser interface, select the Disable Web-Based Management
check box on the Services: HTTP-Web Server page and click Apply. To
re-enable the web-browser interface, enter this global
configuration command on the access point CLI:
Command Purpose
Step 1 no ip http secure-server Disables HTTPSStep 2 crypto key
zeroize rsa name-of-rsa-key Deletes the RSA key for the http
server. Along with
this all the router certificates (HTTPS certificates) issued
using these keys will also be removed.2-7Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 2 Using the Web-Browser InterfaceDisabling the
Web-Browser Interfaceap(config)# ip http server2-8Cisco IOS
Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Cisco IOS Software COL-30644-01C H A P T E R 3Using the
Command-Line Interface
This chapter describes the Cisco IOS command-line interface
(CLI) that you can use to configure the wireless device. It
contains the following sections:
Cisco IOS Command Modes, page 3-2 Getting Help, page 3-3
Abbreviating Commands, page 3-3 Using the no and Default Forms of
Commands, page 3-4 Understanding CLI Messages, page 3-4 Using
Command History, page 3-4 Using Editing Features, page 3-6
Searching and Filtering Output of show and more Commands, page 3-8
Accessing the CLI, page 3-93-1onfiguration Guide for Cisco Aironet
Access Points
-
Chapter 3 Using the Command-Line InterfaceCisco IOS Command
ModesCisco IOS Command ModesThe Cisco IOS user interface is divided
into many different modes. The commands available to you depend on
which mode you are currently in. Enter a question mark (?) at the
system prompt to obtain a list of commands available for each
command mode.When you start a session on the wireless device, you
begin in user mode, often called user EXEC mode. A subset of the
Cisco IOS commands are available in user EXEC mode. For example,
most of the user EXEC commands are one-time commands, such as show
commands, which show the current configuration status, and clear
commands, which clear counters or interfaces. The user EXEC
commands are not saved when the wireless device reboots.To have
access to all commands, you must enter privileged EXEC mode.
Normally, you must enter a password to enter privileged EXEC mode.
From this mode, you must enter privileged EXEC mode before you can
enter the global configuration mode. Using the configuration modes
(global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are
stored and used when the wireless device reboots. To access the
various configuration modes, you must start at global configuration
mode. From global configuration mode, you can enter interface
configuration mode and line configuration mode.Table 3-1 describes
the main command modes, how to access each one, the prompt you see
in that mode, and how to exit the mode. The examples in the table
use the host name ap.
Table 3-1 Command Mode Summary
Mode Access Method Prompt Exit Method About This Mode
User EXEC Begin a session with the wireless device.
ap> Enter logout or quit. Use this mode to: Change terminal
settings Perform basic tests Display system
informationPrivileged EXEC While in user EXEC
mode, enter the enable command.
ap# Enter disable to exit. Use this mode to verify commands. Use
a password to protect access to this mode.
Global configuration While in privileged EXEC mode, enter the
configure command.
ap(config)# To exit to privileged EXEC mode, enter exit or end,
or press Ctrl-Z.
Use this mode to configure parameters that apply to the entire
wireless device.
Interface configuration
While in global configuration mode, enter the interface command
(with a specific interface).
ap(config-if)#
To exit to global configuration mode, enter exit. To return to
privileged EXEC mode, press Ctrl-Z or enter end.
Use this mode to configure parameters for the Ethernet and radio
interfaces. The 2.4-GHz radio and the 802.11n 2.4-GHz radio is
radio 0, The 5-GHz radio and the 802.11n 5-GHz radio is radio
1.3-2Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceGetting HelpGetting
HelpYou can enter a question mark (?) at the system prompt to
display a list of commands available for each command mode. You can
also obtain a list of associated keywords and arguments for any
command, as shown in Table 3-2.
Abbreviating CommandsYou have to enter only enough characters
for the wireless device to recognize the command as unique. This
example shows how to enter the show configuration privileged EXEC
command:ap# show conf
Table 3-2 Help Summary
Command Purpose
help Obtains a brief description of the help system in any
command mode.abbreviated-command-entry? Obtains a list of commands
that begin with a particular character string.
For example:ap# di?dir disable disconnect
abbreviated-command-entry Completes a partial command name. For
example:ap# sh confap# show configuration
? Lists all commands available for a particular command mode.
For example: ap> ?
command ? Lists the associated keywords for a command. For
example:ap> show ?
command keyword ? Lists the associated arguments for a
keyword.For example:ap(config)# cdp holdtime ? Length of time (in
sec) that receiver must keep this packet 3-3Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceUsing the no and
Default Forms of CommandsUsing the no and Default Forms of
CommandsMost configuration commands also have a no form. In
general, use the no form to disable a feature or function or
reverse the action of a command. For example, the no shutdown
interface configuration command reverses the shutdown of an
interface. Use the command without the keyword no to re-enable a
disabled feature or to enable a feature that is disabled by
default. Configuration commands can also have a default form. The
default form of a command returns the command setting to its
default. Most commands are disabled by default, so the default form
is the same as the no form. However, some commands are enabled by
default and have variables set to certain default values. In these
cases, the default command enables the command and sets variables
to their default values.
Understanding CLI MessagesTable 3-3 lists some error messages
that you might encounter while using the CLI to configure the
wireless device.
Using Command HistoryThe CLI provides a history or record of
commands that you have entered. This feature is particularly useful
for recalling long or complex commands or entries, including access
lists. You can customize the command history feature to suit your
needs as described in these sections:
Changing the Command History Buffer Size, page 3-5 Recalling
Commands, page 3-5 Disabling the Command History Feature, page
3-5
Table 3-3 Common CLI Error Messages
Error Message Meaning How to Get Help
% Ambiguous command: "show con"
You did not enter enough characters for the wireless device to
recognize the command.
Re-enter the command followed by a question mark (?) with a
space between the command and the question mark.The possible
keywords that you can enter with the command are displayed.
% Incomplete command. You did not enter all the keywords or
values required by this command.
Re-enter the command followed by a question mark (?) with a
space between the command and the question mark.The possible
keywords that you can enter with the command are displayed.
% Invalid input detected at ^ marker.
You entered the command incorrectly. The caret (^) marks the
point of the error.
Enter a question mark (?) to display all the commands that are
available in this command mode.The possible keywords that you can
enter with the command are displayed.3-4Cisco IOS Software
Configuration Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceUsing Command
HistoryChanging the Command History Buffer SizeBy default, the
wireless device records ten command lines in its history buffer.
Beginning in privileged EXEC mode, enter this command to change the
number of command lines that the wireless device records during the
current terminal session: ap# terminal history [size
number-of-lines]
The range is from 0 to 256.Beginning in line configuration mode,
enter this command to configure the number of command lines the
wireless device records for all sessions on a particular
line:ap(config-line)# history [size number-of-lines]
The range is from 0 to 256.
Recalling CommandsTo recall commands from the history buffer,
perform one of the actions listed in Table 3-4.
Disabling the Command History FeatureThe command history feature
is automatically enabled. To disable the feature during the current
terminal session, enter the terminal no history privileged EXEC
command. To disable command history for the line, enter the no
history line configuration command.
Table 3-4 Recalling Commands
Action1
1. The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Result
Press Ctrl-P or the up arrow key. Recall commands in the history
buffer, beginning with the most recent command. Repeat the key
sequence to recall successively older commands.
Press Ctrl-N or the down arrow key. Return to more recent
commands in the history buffer after recalling commands with Ctrl-P
or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
show history While in privileged EXEC mode, list the last
several commands that you just entered. The number of commands that
are displayed is determined by the setting of the terminal history
global configuration command and history line configuration
command.3-5Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceUsing Editing
FeaturesUsing Editing FeaturesThis section describes the editing
features that can help you manipulate the command line. It contains
these sections:
Enabling and Disabling Editing Features, page 3-6 Editing
Commands Through Keystrokes, page 3-6 Editing Command Lines that
Wrap, page 3-7
Enabling and Disabling Editing FeaturesAlthough enhanced editing
mode is automatically enabled, you can disable it.To re-enable the
enhanced editing mode for the current terminal session, enter this
command in privileged EXEC mode: ap# terminal editing
To reconfigure a specific line to have enhanced editing mode,
enter this command in line configuration mode: ap(config-line)#
editing
To globally disable enhanced editing mode, enter this command in
line configuration mode: ap(config-line)# no editing
Editing Commands Through KeystrokesTable 3-5 shows the
keystrokes that you need to edit command lines.
Table 3-5 Editing Commands Through Keystrokes
Capability Keystroke1 Purpose
Move around the command line to make changes or corrections.
Ctrl-B or the left arrow key
Move the cursor back one character.
Ctrl-F or the right arrow key
Move the cursor forward one character.
Ctrl-A Move the cursor to the beginning of the command
line.Ctrl-E Move the cursor to the end of the command line.Esc B
Move the cursor back one word.Esc F Move the cursor forward one
word.Ctrl-T Transpose the character to the left of the cursor with
the
character located at the cursor.Recall commands from the buffer
and paste them in the command line. The wireless device provides a
buffer with the last ten items that you deleted.
Ctrl-Y Recall the most recent entry in the buffer.Esc Y Recall
the next buffer entry.
The buffer contains only the last 10 items that you have deleted
or cut. If you press Esc Y more than ten times, you cycle to the
first buffer entry.3-6Cisco IOS Software Configuration Guide for
Cisco Aironet Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceUsing Editing
FeaturesEditing Command Lines that WrapYou can use a wraparound
feature for commands that extend beyond a single line on the
screen. When the cursor reaches the right margin, the command line
shifts ten spaces to the left. You cannot see the first ten
characters of the line, but you can scroll back and check the
syntax at the beginning of the command. To scroll back to the
beginning of the command entry, press Ctrl-B or the left arrow key
repeatedly. You can also press Ctrl-A to immediately move to the
beginning of the line.
Note The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Delete entries if you make a mistake or change your mind.
Delete or Backspace Erase the character to the left of the
cursor.Ctrl-D Delete the character at the cursor.Ctrl-K Delete all
characters from the cursor to the end of the
command line.Ctrl-U or Ctrl-X Delete all characters from the
cursor to the beginning of
the command line.Ctrl-W Delete the word to the left of the
cursor.Esc D Delete from the cursor to the end of the word.
Capitalize or lowercase words or capitalize a set of
letters.
Esc C Capitalize at the cursor.Esc L Change the word at the
cursor to lowercase.Esc U Capitalize letters from the cursor to the
end of the word.
Designate a particular keystroke as an executable command,
perhaps as a shortcut.
Ctrl-V or Esc Q
Scroll down a line or screen on displays that are longer than
the terminal screen can display.Note The More prompt appears
for
output that has more lines than can be displayed on the terminal
screen, including show command output. You can use the Return and
Space bar keystrokes whenever you see the More prompt.
Return Scroll down one line.Space Scroll down one screen.
Redisplay the current command line if the wireless device
suddenly sends a message to your screen.
Ctrl-L or Ctrl-R Redisplay the current command line.
1. The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Table 3-5 Editing Commands Through Keystrokes (continued)
Capability Keystroke1 Purpose3-7Cisco IOS Software Configuration
Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceSearching and
Filtering Output of show and more CommandsIn this example, the
access-list global configuration command entry extends beyond one
line. When the cursor first reaches the end of the line, the line
is shifted ten spaces to the left and redisplayed. The dollar sign
($) shows that the line has been scrolled to the left. Each time
the cursor reaches the end of the line, the line is again shifted
ten spaces to the left. ap(config)# access-list 101 permit tcp
131.108.2.5 255.255.255.0 131.108.1ap(config)# $ 101 permit tcp
131.108.2.5 255.255.255.0 131.108.1.20 255.25ap(config)# $t tcp
131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eqap(config)#
$108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
After you complete the entry, press Ctrl-A to check the complete
syntax before pressing the Return key to execute the command. The
dollar sign ($) appears at the end of the line to show that the
line has been scrolled to the right:ap(config)# access-list 101
permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The software assumes you have a terminal screen that is 80
columns wide. If you have a width other than that, use the terminal
width privileged EXEC command to set the width of your terminal.Use
line wrapping with the command history feature to recall and modify
previous complex command entries. For information about recalling
previous command entries, see the Editing Commands Through
Keystrokes section on page 3-6.
Searching and Filtering Output of show and more CommandsYou can
search and filter the output for show and more commands. This is
useful when you need to sort through large amounts of output or if
you want to exclude output that you do not need to see.To use this
functionality, enter a show or more command followed by the pipe
character (|), one of the keywords begin, include, or exclude, and
an expression that you want to search for or filter out:command |
{begin | include | exclude} regular-expressionExpressions are case
sensitive. For example, if you enter | exclude output, the lines
that contain output are not displayed, but the lines that contain
Output are displayed.This example shows how to include in the
output display only lines where the expression protocol appears:ap#
show interfaces | include protocolVlan1 is up, line protocol is
upVlan10 is up, line protocol is downGigabitEthernet0/1 is up, line
protocol is downGigabitEthernet0/2 is up, line protocol is up
3-8Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceAccessing the
CLIAccessing the CLIYou can open the wireless device CLI using
Telnet or Secure Shell (SSH).
Opening the CLI with TelnetFollow these steps to open the CLI
with Telnet. These steps are for a PC running Microsoft Windows
with a Telnet terminal application. Check your PC operating
instructions for detailed instructions for your operating
system.
Step 1 Select Start > Programs > Accessories > Telnet.
If Telnet is not listed in your Accessories menu, select Start >
Run, type Telnet in the entry field, and press Enter.
Step 2 In the Telnet window, type open followed by the wireless
device IP address, and press Enter.Step 3 At the username and
password prompts, enter your administrator username and password.
The default
username is Cisco, and the default password is Cisco. The
default enable password is also Cisco. Usernames and passwords are
case-sensitive.
Opening the CLI with Secure ShellSecure Shell Protocol is a
protocol that provides a secure, remote connection to networking
devices set up to use it. Secure Shell (SSH) is a software package
that provides secure login sessions by encrypting the entire
session. SSH features strong cryptographic authentication, strong
encryption, and integrity protection. For detailed information on
SSH, visit the homepage of SSH Communications Security, Ltd. at
this URL: http://www.ssh.com/SSH provides more security for remote
connections than Telnet by providing strong encryption when a
device is authenticated. SSH versions 1 and 2 are supported in this
release. See the Configuring the Access Point for Secure Shell
section on page 5-27 for detailed instructions on setting up the
wireless device for SSH access.3-9Cisco IOS Software Configuration
Guide for Cisco Aironet Access Points
OL-30644-01
-
Chapter 3 Using the Command-Line InterfaceAccessing the
CLI3-10Cisco IOS Software Configuration Guide for Cisco Aironet
Access Points
OL-30644-01
-
Cisco IOS Software COL-30644-01
Before You StartBefore you install the wireless device, make
sure network as the wireless device, and obtain the fol
A system name for the wireless deviceyou are using a computer
connected to the same C H A P T E R 4Configuring the Access Point
for the First Time
This chapter describes how to configure basic settings on the
wireless device for the first time. The contents of this chapter
are similar to the instructions in the quick start guide that
shipped with the wireless device. You can configure all the
settings described in this chapter using the CLI, but it might be
simplest to browse to the wireless device web-browser interface to
complete the initial configuration and then use the CLI to enter
additional settings for a more detailed configuration. This chapter
contains the following sections:
Before You Start, page 4-1 Logging into the Access Point, page
4-3 Obtaining and Assigning an IP Address, page 4-4 Connecting to
the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points
Locally, page 4-5 Connecting to the 1550 Series Access Point
Locally, page 4-5 Default Radio Settings, page 4-6 Assigning Basic
Settings, page 4-6 CLI Configuration Examples, page 4-15
Configuring System Power Settings Access Points, page 4-21
Assigning an IP Address Using the CLI, page 4-25 Assigning an IP
Address Using the CLI, page 4-25 Using a Telnet Session to Access
the CLI, page 4-25 Configuring the 802.1X Supplicant, page 4-26
Configuring IPv6, page 4-28 Automatic Configuring of the Access
Point, page 4-34
Note In this release, the access point radio interfaces are
disabled by default.4-1onfiguration Guide for Cisco Aironet Access
Points
lowing information from your network administrator:
-
Chapter 4 Configuring the Access Point for the First TimeBefore
You Start The case-sensitive wireless service set identifier (SSID)
for your radio network If not connected to a DHCP server, a unique
IP address for the wireless device (such as
172.17.255.115) If the wireless device is not on the same subnet
as your PC, a default gateway address and subnet
mask A Simple Network Management Protocol (SNMP) community name
and the SNMP file attribute (if
SNMP is in use) If you use IPSU to find the wireless device IP
address, the access point MA