Page 1 Cisco 3200 Series Wireless MIC Software Configuration Guide January 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-6415-04...
Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
Page 3 Understanding the Cisco Mobile Wireless Network Public Safety Wireless Network Example Intersection Example Vehicle Network Example Data Path Example Call Setup Process Data Flow to and from the Home Network Features Management Options 1-10 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 4: Table Of Contents
Point-to-Point Bridging Point-to-Multipoint Bridging Redundant Bridging Workgroup Bridge Role Universal Workgroup Bridge (2.4-GHz Radios Only) Configuring Universal Workgroup Bridge on a Cisco 3200 3-11 Assigning Dynamic MAC address for Universal Workgroup Bridge 3-12 World Mode (2.4 GHz Radio Only) 3-12...
Page 5 4-29 Configuring the Bridge for Vendor-Proprietary RADIUS Server Communication 4-30 Displaying the RADIUS Configuration 4-31 Controlling WMIC Access with TACACS+ 4-32 Understanding TACACS+ 4-32 TACACS+ Operation 4-33 Default TACACS+ Configuration 4-33 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 6 Radio Channel and Transmit Frequency Configuration Understanding Radio Channels and Frequencies Determining the Radio Type Configuring a Channel or Frequency Configuring the Radio Channel or Frequency Configuring the Radio Channel Spacing Additional Information Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 7 MCP Support in 12.4(3)JK and Later Releases Setting Priority in 12.4(3)JK and Later Releases Dynamic Channel Width (4.9GHz WMIC only) Configuring a WMIC for MCP (12.4(3)JK or Later Releases) Configuration Examples Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 8 Understanding Spanning Tree Protocol STP Overview STP Support Bridge Protocol Data Units Election of the Spanning-Tree Root Spanning-Tree Timers Creating the Spanning-Tree Topology Spanning-Tree Interface States Blocking State Listening State Cisco 3200 Series Wireless MIC Software Configuration Guide viii OL-6415-04...
Page 9 Using CCKM Key Management Using WPA Key Management Configuring Certificates Using the crypto pki CLI Configuration Using the Cut and Paste Method Configuration Using the TFTP Method 3-11 Configuration Using SCEP 3-12 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 10 Configuring System Message Logging System Log Message Format Default System Message Logging Configuration Disabling and Enabling Message Logging Setting the Message Display Destination Device Enabling and Disabling Timestamps on Log Messages Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 11 Obtaining the Image Files Obtaining TFTP Server Software Reloading the Bootloader Image Error and Event Messages Filters Understanding Filters Configuring Filters Simple Network Management Protocol 10-1 Understanding SNMP 10-1 SNMP Versions 10-2 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 12 Configuring the Authentication Server to Support Fast Secure Roaming 14-5 Using CLI Commands to Enable the WDS Server 14-9 Using CLI Commands to Enable the Root Device 14-10 Viewing WDS Information 14-11 Using Debug Messages 14-11 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 13 Protection of Broadcast Management Frames 15-2 Client MFP For Access Points in Root mode 15-2 Configuring Client MFP 15-2 Configuring Infrastructure MFP 15-3 L O S S A R Y N D E X Cisco 3200 Series Wireless MIC Software Configuration Guide xiii OL-6415-04...
Page 14 Cisco 3200 Series Wireless MIC Software Configuration Guide OL-6415-04...
Page 15: Roles And The Associations Of Wireless Devices
This guide is for the networking professional who installs and manages Cisco 3200 Series wireless and mobile routers. To use this guide, you should have experience working with the Cisco IOS and be familiar with the concepts and terminology of wireless local area networks.
Page 16: Service Set Identifiers
“Cisco Discovery Protocol” describes how to configure Cisco Discovery Protocol (CDP) on your WMIC. CDP is a device-discovery protocol that runs on all Cisco network equipment. “Authentication Types” describes how to configure authentication types. Client devices use these authentication methods to join your network.
Page 17 (Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het aanhangsel “Translated Safety Warnings” (Vertalingen van veiligheidsvoorschriften) raadplegen.) Cisco 3200 Series Wireless MIC Software Configuration Guide xvii OL-6415-04...
Page 18 Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta säkerhetsvarningar].) Cisco 3200 Series Wireless MIC Software Configuration Guide xviii OL-6415-04...
Page 19: Related Documentation
Cisco 3200 Series router. The Release Notes for the Cisco 3250 Mobile Router lists the enhancements to and caveats for Cisco IOS releases as they relate to the Cisco 3200 Series router can be found at: http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_releases.html...
Page 20: Obtaining Documentation
The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet.
Page 21 We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.
Page 22 Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting Note a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts &...
Page 23: Obtaining Additional Publications And Information
Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
Page 24 Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ Cisco Press publishes a wide range of general networking, training and certification titles. Both new • and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com...
Page 25 (CDMA) 1xEVDO, can be used to fill gaps in connections and provide backup wireless connectivity. The Cisco 3200 Series routers serve as aggregation devices in public safety vehicles and communicate with the broadband wireless infrastructure as well as aggregation devices at traffic intersections. This extends the existing agency IP network out to traffic intersections.
Page 26 IP call box public provider User access backup Traffic mobile networks IP camera controller fixed networks Police and intersections Medical Fire Fixed networks Fire In-vehicle mobile In-vehicle mobile and intersections networks networks Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 27 Within each cluster of primary and secondary intersections, typically there are two primary intersections for diversity. The Cisco 3200 Series routers at the secondary intersections are connected to all of the network devices at that intersection, such as a traffic controller and a video camera. In...
Page 28 Vehicle Network Example A Cisco 3200 Series router installed in a mobile unit allows the client devices in and around the vehicle to stay connected while roaming. WMICs in vehicle-mounted Cisco 3200 Series routers are configured as access points to provide connectivity for 802.11b/g and 4.9-GHz wireless clients.
Page 29 Cisco 3200 Series router. The Cisco 3200 Series router builds a modem over IP (MoIP) tunnel to its home agent, encapsulating the data packets.
Page 30 Data Flow to and from the Home Network The Cisco 3200 Series router is registered to its home agent using the foreign agent CoA. If any devices attached to the Cisco 3200 Series router must communicate with nodes on the home network, they send the data to the Cisco 3200 Series router.
Page 31 After a network username and password for the non-root bridge or workgroup bridge are set, it authenticates to the network using Cisco Light Extensible Authentication Protocol (LEAP), and receives and uses dynamic WEP keys.
Page 32 Dynamic UWGB MAC address—for UWGB mode, the MAC address of the device behind can be • dynamically learned instead of being manually configured. The Cisco Key Integrity Protocol (CKIP) and Cisco Message Integrity Check (CMIC) encryption is Note supported only on 2.4-GHz WMIC.
Page 33 The platform-dependent SNMP code was Management modified to return new values Protocol (SNM)P (entPhysicalVendorType, System OID, and MIB IDs Chassis ID). Dot11 MIB Supported The dot11 parameters are parameters returned through the dot11 MIB interface. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 34: Management Options
Management Options Management Options You can use the WMIC management system through the following interfaces: The Cisco IOS command-line interface (CLI), which you use through a PC that is running terminal • emulation software or a Telnet session. “Connecting to the WMIC and Using the Command-Line Interface”...
Page 35: Configuring The Wmic For The First Time
Configuring the WMIC for the First Time This document describes how to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. Before You Start Before you install the WMIC, make sure that you are using a computer connected to the same network...
Page 36: Using The Console Port To Access The Privileged Exec Mode
Press Enter. A prompt appears. Step 4 Type en. A prompt for the username appears. Step 5 Enter the username. The default username is Cisco. The password prompt displays. Step 6 Enter the WMIC password. The default password is Cisco. Step 7 A prompt displays, indicating that you are in Exec mode.
Page 37: Obtaining And Assigning An Ip Address
(MAC) address. The network administrator will query the DHCP server using the MAC address to identify the IP address. Use the Cisco IP Setup Utility (IPSU) to identify the assigned address. You can also use IPSU – to assign an IP address to the WMIC if it did not receive an IP address from the DHCP server.
Page 38: Protecting Your Wireless Lan
WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use different encryption settings. If you find that the security setting for an SSID conflicts with another SSID, you can delete one or more SSIDs to eliminate the conflict. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 39: Express Security Types
IP traffic with stronger algorithms than those used in WEP. As with EAP authentication, you must enter the IP address and shared secret for an authentication server on your network (server authentication port 1645). Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 40: Cli Security Configuration Examples
20 key 3 size 128bit 7 4E78330C1A841439656A9323F25A transmit-ke encryption vlan 20 mode wep mandatory ssid static_wep_ssid vlan 20 authentication open interface Dot11Radio0 no ip address no ip route-cache ssid no_security-ssid Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 41: Example: Eap Authentication
2312 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 42: Example: Wpa
Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 43 32 include-in-access-req format %h radius-server host 10.91.104.92 auth-port 1645 acct-port 1646 key 7 135445415F59 radius-server authorization permit missing Service-Type radius-server vsa send accounting bridge 1 route ip line con 0 line vty 5 15 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 44 Configuring the WMIC for the First Time Protecting Your Wireless LAN Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 45: Understanding Wireless Device Network Roles
Roles and the Associations of Wireless Devices This document describes the roles Cisco wireless devices can be assigned and how the role of a device affects its ability to associate or not associate with other wireless devices. Understanding Wireless Device Network Roles This section describes the roles a Cisco wireless network device can serve in common wireless network configurations.
Page 46: Access Point Role
Roles and the Associations of Wireless Devices Understanding Wireless Device Network Roles Access Point Role Access point is the most common role, as it is typically deployed as a LAN device. In the access point role the router accepts associations from wireless clients and non-root devices, such as a non-root bridge. If the access point provides its clients a connection to a wired network through a wired connection it is said to be a root access point.
Page 47: Point-To-Point Bridging
When two or more bridges in a Cisco MMN are used, one bridge must be defined as the root bridge. Cisco wireless bridges default to operation in root bridge mode. In any bridge domain (group of connected bridges) there should exist only one root bridge.
Page 48: Point-To-Multipoint Bridging
Roles and the Associations of Wireless Devices Understanding Wireless Device Network Roles Figure 2 Point-to-Point Bridges Without Clients Root bridge Non-root bridge Point-to-Point Bridging With Wireless Clients Figure 3 shows bridges with wireless clients in a point-to-point configuration. In this scenario, the non-root bridge are deployed with wireless clients to bridge through the root bridge to the Internet cloud.
Page 49: Redundant Bridging
Spanning Tree Protocol (STP) to prevent loops. (STP is disabled by default.) Figure 5 shows two pairs of bridges in a redundant configuration. Figure 5 Redundant Bridge Configuration Cisco 3200 Roles and the Associations of Wireless Devices...
Page 50: Workgroup Bridge Role
In addition, you can configure the wireless device to support the following workgroup bridge features: Interoperability—The universal workgroup bridge can forward routing traffic using a non-cisco root • device as a universal client. The universal workgroup bridge appears as a normal wireless client to the root device.
Page 51 Roles and the Associations of Wireless Devices Understanding Wireless Device Network Roles Figure 6 Workgroup Bridge Mode Access point Workgroup bridge To enable the router in workgroup-bridge mode: wd(config)#interface dot11radio interfacenumber wd(config-in)#station-role workgroup-bridge The device to which a workgroup bridge associates can treat the workgroup bridge as an infrastructure device or as a simple client device.
Page 52: Universal Workgroup Bridge (2.4-Ghz Radios Only)
• A universal workgroup bridge can not associate with a Cisco 1500 when the universal workgroup bridge is configured with only Allow WPA2 TKIP Clients. To work around this, the Cisco 1500 controller must be configured with WPA Compatibility Mode.
Page 53 When a 2.4 GHz wireless device is configured as a universal workgroup bridge, it does not advertise • itself as a Cisco Compatible eXtensions (CCX) client; however, it does support CCX features. The CCX program (Aironet extensions) delivers advanced WLAN system-level capabilities and Cisco-specific WLAN innovations to third-party WI-FI-enabled laptops, WLAN adapter cards, PDAs, WI-FI phones, and application-specific devices (ASDs).
Page 54 3. Light Extensible Authentication Protocol 4. Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling 5. Temporal Key Integrity Protocol 6. Advanced Encryption Standard 7. Cisco Centralized Key Management 8. Extensible Authentication Protocol-Transport layer Security 9. Multiple Basic Service Set Identifier 10. Service Set Identifier 11.
Page 55 Roles and the Associations of Wireless Devices Understanding Wireless Device Network Roles Configuring Universal Workgroup Bridge on a Cisco 3200 To support manageability when the Ethernet client (MARC card) is active, configure the Universal Workgroup Bridge and Mobile Access Router Card.
Page 56: Assigning Dynamic Mac Address For Universal Workgroup Bridge
5.30.17 or later detect whether the wireless device is using 802.11d world mode or Cisco legacy world mode and automatically use the world mode that matches the mode used by the wireless device. World mode is disabled by default.
Page 57: Supported Country Codes
The command syntax is world-mode {legacy | dot11d country_code code {both | indoor | outdoor} [roaming]} The legacy parameter enables Cisco legacy world mode. The legacy mode is only intended to be used with Cisco Aironet 350/CB20A NIC adapters running earlier versions of software. Some non-legacy wireless client cards might not associate or maintain connections with wireless devices if the world-mode legacy command is configured.
Page 58 Roles and the Associations of Wireless Devices World Mode (2.4 GHz Radio Only) Table 3 Supported Country Codes Access Point Indoor/ Country Code/ Regulatory 802.11 Channels Maximum Transmit Power Outdoor Frequency Regulatory Country Domain Bands Allowed (EIRP) Range (GHz) Authority —...
Page 59 Roles and the Associations of Wireless Devices World Mode (2.4 GHz Radio Only) Table 3 Supported Country Codes (continued) Access Point Indoor/ Country Code/ Regulatory 802.11 Channels Maximum Transmit Power Outdoor Frequency Regulatory Country Domain Bands Allowed (EIRP) Range (GHz) Authority —...
Page 60 Roles and the Associations of Wireless Devices World Mode (2.4 GHz Radio Only) Table 3 Supported Country Codes (continued) Access Point Indoor/ Country Code/ Regulatory 802.11 Channels Maximum Transmit Power Outdoor Frequency Regulatory Country Domain Bands Allowed (EIRP) Range (GHz) Authority ILO/ —...
Page 61 Roles and the Associations of Wireless Devices World Mode (2.4 GHz Radio Only) Table 3 Supported Country Codes (continued) Access Point Indoor/ Country Code/ Regulatory 802.11 Channels Maximum Transmit Power Outdoor Frequency Regulatory Country Domain Bands Allowed (EIRP) Range (GHz) Authority 1-13 100 mW EIRP...
Page 62: Additional Information
CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE,...
Page 63 Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Page 64 Roles and the Associations of Wireless Devices Additional Information Roles and the Associations of Wireless Devices...
Page 65: Administering The Wmic
The prompt is updated whenever the system name changes, unless you manually configure the prompt by using the prompt command in global configuration mode. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.1.
Page 66: Managing Dns
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that is identified by a com domain name; its domain name is cisco.com.
Page 67: Displaying The Dns Configuration
The default domain name is the value set by the ip domain-name global configuration command. If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 68: Default Banner Configuration
This example shows the banner displayed from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 69: Configuring A Login Banner
Password protection restricts access to a network or network device. Privilege levels define what commands users can issue after they have logged into a network device. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference for Release 12.2.
Page 70: Default Password And Privilege Level Configuration
The password is encrypted in the configuration file. Enable secret password and privilege level The default enable password is Cisco. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file.
Page 71: Protecting Enable And Enable Secret Passwords With Encryption
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 72 By default, no password is defined. • (Optional) For encryption-type, only type 5, a Cisco proprietary encryption algorithm, is available. If you specify an encryption type, you must provide an encrypted password—an encrypted password that you copy from another WMIC configuration.
Page 73: Configuring Username And Password Pairs
You must have at least one username configured and you must set your local login to open a Telnet session to the WMIC. If you enter no username for the only username, you can be locked out of the WMIC. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 74: Configuring Multiple Privilege Levels
Protecting Access to Privileged EXEC Commands Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 75: Logging Into And Exiting A Privilege Level
Protected Access (WPA) authentication cannot be created because of the different encryption settings. If a security setting for an SSID conflicts with another SSID, delete one or more SSIDs to eliminate the conflict. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 76: Express Security Types
SSID without a network does not have a RADIUS server, consider WEP key that matches the access point key. using an access point as a local authentication server. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 77 If you are using the CLI, this warning message appears: SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 78: Security Configuration Examples
10 no ip address no ip route-cache duplex auto speed auto bridge-group 1 As it applies to the 4.9-GHz WMIC: hostname root username Cisco password 7 02250D480809 ip subnet-zero no aaa new-model Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 79 0 4 login local transport preferred all transport input all transport output all line vty 5 15 login transport preferred all transport input all transport output all Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 80 30 mode wep mandatory Dot11 ssid eap_ssid vlan 30 authentication open eap eap_methods authentication network-eap eap_methods interface Dot11Radio0 no ip address no ip route-cache ssid eap_ssid speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 rts threshold 2312 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 81 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 82 32 include-in-access-req format%h radius-server host 10.91.104.92 auth-port 1645 acct-port 1646 key 7 135445415F59 radius-server authorization permit missing Service-Type radius-server vsa send accounting bridge 1 route ip line con 0 line vty 5 15 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 83: Configuring And Enabling Radius
Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 84: Radius Operation
RADIUS server and from the RADIUS server to the non-root bridge. See the “Authentication Types” for instructions on setting up authentication using a RADIUS server. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 85: Controlling Wmic Access With Radius
Configuring the Bridge for Vendor-Proprietary RADIUS Server Communication • Displaying the RADIUS Configuration • For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference for Release 12.2. Identifying the RADIUS Server Host Access point-to-RADIUS-server communication involves several components: •...
Page 86 “Defining AAA Server Groups” section on page To configure per-server RADIUS server communication, follow these required steps, beginning in privileged EXEC mode: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 87 172.20.36.50 acct-port 1618 key rad2 This example shows how to configure host1 as the RADIUS server using the default ports for both authentication and accounting: bridge(config)# radius-server host host1 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 88: Configuring Radius Login Authentication
“Identifying the RADIUS Server Host” section. Step 4 line [console | tty | vty] line-number Enters line configuration mode, and configures the lines to apply the [ending-line-number] authentication list. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 89: Defining Aaa Server Groups
To define the AAA server group and associate a particular RADIUS server with it, follow these steps, beginning in privileged EXEC mode: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 90 To remove a server group from the configuration list, use the no aaa group server radius group-name command in global configuration mode. To remove the IP address of a RADIUS server, use the no server ip-address command in server group configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 91: Configuring Radius Authorization For User Privileged Access And Network Services
Verifies your entries. Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. To disable authorization, use the no aaa authorization {network | exec} method1 command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 92: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. To enable RADIUS accounting for each Cisco IOS privilege level and for network services, follow these steps, beginning in privileged EXEC mode:...
Page 93: Configuring The Bridge To Use Vendor-Specific Radius Attributes
The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco’s vendor ID is 9, and the supported option has vendor type 1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization.
Page 94: Configuring The Bridge For Vendor-Proprietary Radius Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the bridge and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
Page 95: Displaying The Radius Configuration
172.20.30.15 nonstandard bridge(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config command.in privileged EXEC mode: Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 96: Controlling Wmic Access With Tacacs+
TACACS+ is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference for Release 12.2.
Page 97: Tacacs+ Operation
TACACS+ and AAA are disabled by default. To prevent a lapse in security, you cannot configure TACACS+ through a network management application.When enabled, TACACS+ can authenticate administrators accessing the WMIC through the CLI. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 98: Configuring Tacacs+ Login Authentication
Step 3 aaa new-model Enables AAA. Step 4 aaa group server tacacs+ group-name (Optional) Defines the AAA server-group with a group name. This command puts the WMIC in a server group subconfiguration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 99: Configuring Tacacs+ Login Authentication
To configure login authentication, follow these required steps, beginning in privileged EXEC mode: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 100: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
You can use the aaa authorization command in global configuration mode with the tacacs+ keyword to set parameters that restrict a user’s network access to privileged EXEC mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 101: Starting Tacacs+ Accounting
(AV) pairs, and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. To enable TACACS+ accounting for each Cisco IOS privilege level and for network services, follow these steps, beginning in privileged EXEC mode:...
Page 102: Displaying The Tacacs+ Configuration
Configures user AAA authorization to check the local database to determine whether the user is allowed to run an EXEC shell. Step 5 aaa authorization network local Configures user AAA authorization for all network-related service requests. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 103: Configuring The Wmic For Secure Shell
SSH is a protocol that provides a secure, remote connection to a Layer 2 or a Layer 3 device. There are two versions of SSH: SSH version 1 and SSH version 2. Cisco IOS release 12.3(8)JK supports only SSH version 1.
Page 104: Configuring Ssh
Administering the WMIC Managing Aironet Extensions For more information about SSH, see the “Configuring Secure Shell” section in the Cisco IOS Security Configuration Guide for Release 12.2. The SSH feature in Cisco IOS release 12.3(8)JK does not support IP Security (IPSec).
Page 105: Managing The System Time And Date
You can manage the system time and date on your WMIC automatically, by using the Network Time Protocol (NTP), or manually, by setting the time and date on the WMIC. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.2.
Page 106 Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 107 NTP server mode (server association) with the Catalyst 6500 series switch. Catalyst 3550 switch This switch is configured as an NTP peer to the upstream and downstream Catalyst 3550 switches. Workstations Catalyst 3550 switch Workstations Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 108: Configuring Time And Date Manually
The symbol that precedes the show clock display has this meaning: *—Time is not authoritative. • (blank)—Time is authoritative. • .—Time is authoritative, but NTP is not synchronized. • Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 109: Configuring The Time Zone
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone command in global configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 110: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: bridge(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 111: Configuring Ntp
The WMIC does not synchronize to a device unless both it and the device have an authentication key, and the key number is specified by the ntp trusted-key key-number command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 112 This example shows how to configure the WMIC to synchronize only to devices providing authentication key 42 in the device’s NTP packets: bridge(config)# ntp authenticate bridge(config)# ntp authentication-key 42 md5 aNiceKey bridge(config)# ntp trusted-key 42 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 113: Configuring Ntp Associations
This example shows how to configure the WMIC to synchronize its system clock with the clock of the peer at IP address 172.16.22.44, using NTP version 2: bridge(config)# ntp server 172.16.22.44 version 2 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 114: Configuring Ntp Broadcast Service
To disable the interface from sending NTP broadcast packets, use the no ntp broadcast interface configuration command. This example shows how to configure an interface to send NTP version 2 packets: bridge(config)# interface gigabitethernet0/1 bridge(config-if)# ntp broadcast version 2 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 115 To change the estimated round-trip delay to the default, use the no ntp broadcastdelay command in global configuration mode. This example shows how to configure an interface to receive NTP broadcast packets: bridge(config)# interface gigabitethernet0/1 bridge(config-if)# ntp broadcast client Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 116: Configuring Ntp Access Restrictions
NTP control queries, but does not allow the WMIC to synchronize itself to a device whose address passes the access list criteria. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 117: Disabling Ntp Services On A Specific Interface
Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. To reenable receipt of NTP packets on an interface, use the no ntp disable command in interface configuration mode. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 118: Configuring The Source Ip Address For Ntp Packets
To display NTP information, use the following commands in privileged EXEC mode: show ntp associations [detail] • show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 119 This example shows how to set summer time to start on October 12, 2005, at 02:00, and to end on April 26, 2006, at 02:00: bridge(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 120 Administering the WMIC Managing the System Time and Date Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 121: Radio Channel And Transmit Frequency Configuration
• Understanding Radio Channels and Frequencies By default, the channel selected by Cisco wireless devices is the one that is least congested. At startup and by default, wireless devices passively scan for and select the least-congested channel. The channel settings on wireless devices correspond to the frequencies available in your regulatory domain.
Page 122: Determining The Radio Type
Radio Channel and Transmit Frequency Configuration Determining the Radio Type Determining the Radio Type Determine the radio type to establish the frequency range of the radio. Use the show controllers dot11Radio command to show the radio type, frequency, and current channel for the wireless device. For example: bridge#show controller dot11 interfaceNum interface Dot11Radio0...
Page 123: Configuring The Radio Channel Spacing
Additional information on DFS and TPC can be found in the Cisco “Dynamic Frequency Selection and IEEE 802.11h Transmit Power Control” document available at: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f7c2.html For additional information on the 4.9 GHz (public safety) band, see the “Cisco Support for 4.9 GHz Public Safety Broadband Spectrum in the US” white paper at: http://www.cisco.com/en/US/products/hw/routers/ps272/prod_brochure0900aecd802d816e.html...
Page 124 Radio Channel and Transmit Frequency Configuration Additional Information Radio Channels and Transmit Frequencies OL-11491-03...
Page 125: Ieee 802.11N (5-Ghz Band)
Radio Channel Frequencies This note lists the radio channels supported by Cisco access products in the regulatory domains of the world. IEEE 802.11n (2.4-GHz Band), page 1 • IEEE 802.11n (5-GHz Band), page 2 • IEEE 802.11b (2.4-GHz Band), page 3 •...
Page 126 – 2472 – 2484 – 1. 802.11n is not supported on the Cisco 3200 Series WMIC. IEEE 802.11n (5-GHz Band) The channel identifiers, channel center frequencies, and regulatory domains of each IEEE 802.11n 20-MHz-wide channel are shown in Table Table 2...
Page 127 – 5809 – – – 2. 802.11n is not supported on the Cisco 3200 Series WMIC. IEEE 802.11b (2.4-GHz Band) The channel identifiers, channel center frequencies, and regulatory domains of each IEEE 802.11b 22-MHz-wide channel are shown in Table Table 3 Channels for IEEE 802.11b...
Page 128 Radio Channel Frequencies IEEE 802.11g (2.4-GHz Band) Note Mexico is included in the Americas ( – A) regulatory domain; however, channels 1 through 8 are for indoor use only while channels 9 through 11 can be used indoors and outdoors. Users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of Mexico.
Page 129 Radio Channel Frequencies IEEE 802.11a (5-GHz Band) IEEE 802.11a (5-GHz Band) The channel identifiers, channel center frequencies, and regulatory domains of each IEEE 802.11a 20-MHz-wide channel are shown in Table Table 5 5-GHz Radio Band Regulatory Domains Center Channel Frequency North America EMEA Japan...
Page 130 Radio Channel Frequencies 4.9 GHz (public safety) Channels and Frequencies 4.9 GHz (public safety) Channels and Frequencies This band is available only in the U.S. The radio operates on 5-MHz wide, 10-MHz wide, or 20-MHz wide channels between 4940-MHz and 4990-MHz for the licensed public safety community. The channel identifiers, channel center frequencies, and channel width for the 4.90GHz band are shown Table Table 6...
Page 131: Dynamic Frequency Selection
TPC is used to automatically adjust the transmission power level on 5.0-GHz radios, also to avoid interfering with radar. 5.0 GHz (802.11a/h) radios in wireless devices running Cisco IOS version 12.4(6)T and later shipped to Europe and Japan are required to use DFS to detect and avoid interfering with radar signals to comply with those regulatory domains.
Page 132: Dfs Actions
132 (5660 MHz) 136 (5680 MHz) • 140 (5700 MHz) • 1. 52, (5260 MHz), 64 (5320 MHz), 120 (5600 MHz), and 128 ( 5640) are not supported on the Cisco 3200 Series WMIC. Radio Channels and Transmit Frequencies OL-11491-03...
Page 133: Configuring A Preferred Channel
Dynamic Frequency Selection Understanding Dynamic Frequency Selection The maximum legal transmit power is greater for some 5 GHz channels than for others. When the wireless device randomly selects a 5 GHz channel on which power is restricted, the wireless device automatically reduces transmit power to comply with power limits for that channel in that regulatory domain.
Page 134: Configuring Radar Detection By Clients
• client’s notification. Configuring an SNMP Trap for Radar Detection This command is available on the Cisco 3205 WMIC only. Note To configure an SNMP trap for radar detection or to switch to prefer channel notification, use the snmp-server enable traps command on the master (root) device.
Page 135: Additional Information
Additional information on DFS and TPC can be found in the Cisco “Dynamic Frequency Selection and IEEE 802.11h Transmit Power Control” document available at: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f7c2.html For additional information on the 4.9 GHz (public safety) band, see the “Cisco Support for 4.9 GHz Public Safety Broadband Spectrum in the US” white paper at: http://www.cisco.com/en/US/products/hw/routers/ps272/prod_brochure0900aecd802d81...
Page 136 Dynamic Frequency Selection Additional Information Radio Channels and Transmit Frequencies OL-11491-03...
Page 137: Understanding Radio Transmit Power
For general information on channel selection and transmit power, see the FCC Regulations Update For 2004 white paper at: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps5861/prod_white_paper0900aecd801c 4a88_ps4555_Products_White_Paper.html Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2007 Cisco Systems, Inc. All rights reserved.
Page 138: Determine The Radio Type
Configuring Radio Transmit Power Determine the Radio Type Determine the radio type to establish the frequency range and power setting of the radio. Use the show controllers dot11Radio command to show the radio type, frequency, and current channel for the wireless device.
Page 139: Configuring Client Radio Transmit Power
Configuring Client Radio Transmit Power Configuring Client Radio Transmit Power The transmit power level of Cisco clients can be controlled by a Cisco wireless infrastructure device. The client software chooses the actual transmit power level, choosing between the lower of the access point value and the locally configured value.
Page 140: Maximum Power Levels And Antenna Gains
Maximum Power Levels and Antenna Gains Maximum Power Levels and Antenna Gains IEEE 802.11g (2.4 GHz Band) Table 2 indicates the maximum power levels and antenna gains allowed for the 2.4 GHz radios in most regulatory domains. We recommend that you check your local regulations with the appropriate agencies. Table 2 Maximum Power Levels Per Antenna Gain for IEEE 802.11g Maximum Power Level (mW)
Page 141: Configuring Radio Data Rates
Configuring Radio Data Rates Configuring Radio Data Rates Client devices are required to support at least one basic data rate or they are not be allowed to associate with the wireless device. For example, if the speed of the wireless device is set to basic-1.0, the client must support a 1.0 Mbps transmission rate or it will not be allowed to associate with the wireless device.
Page 142: Speed Command
Configuring Radio Data Rates speed Command To manage the data rates on wireless devices, use the speed datarate interface command. Table 3 shows the data rate settings for the speed command. Table 3 Data Rates for speed Command Keywords 2.4 GHz 802.11b 2.4 GHz 802.11g 4.9 GHz at 4.9 GHz at...
Page 143: Speed Command Examples
Configuring Radio Data Rates Table 3 Data Rates for speed Command Keywords 2.4 GHz 802.11b 2.4 GHz 802.11g 4.9 GHz at 4.9 GHz at Keyword Radio Radio 4.9 GHz at 5 MHz 10 MHz 20 MHz throughput basic-1.0, basic-1.0, basic-1.5, basic-3.0, basic-6.0, basic-2.0,...
Page 144: Verify Settings
Configuring Radio Data Rates Verify Settings Use the show controller dot11radio command to display the data rates for the speed command and the default keyword. With the speed command set to the default value for a 2.4 GHz, 802.11g radio, the show controller dot11radio command displays the following: WD# show controller dot11Radio0 interface Dot11Radio0...
Page 145: Multiple Client Profiles
In 12.4(3)JK and later releases, MCP has been redesigned to support the following client modes: workgroup-bridge • universal workgroup-bridge • • non-root bridge Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 146: Setting Priority In 12.4(3)Jk And Later Releases
Dynamic Channel Width (4.9GHz WMIC only) Cisco 3202 WMICs support dynamic channel width for 4.9GHz. For 4.9GHz WMIC, the channel width setting is added into SSID profile to achieve dynamic channel bandwidth selection.
Page 147: Configuring A Wmic For Mcp (12.4(3)Jk Or Later Releases)
The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 148: Configuration Examples
8 client(config-ssid)# end client# config terminal client(config)# interface dot11Radio 0 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 149: Configuring A Wmic For Mcp (12.3(8)Jk Only)
The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices. Step 4 client profile multiple Enables the multiple client profile.
Page 150: Configuration Examples
EAPTLS_AES WPAPSK_WEP128 Authentication Type open LEAP EAP_TLS WPA PSK Encryption Type none TKIP 128bits WEP key Assigned VLAN ID The following commands are used to configure the client profiles. Client profile A: Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 151 11 key 3 size 128bit 98765432109876543210abcdef transmit-key client(config-if)# encryption vlan 11 mode ciphers tkip wep128 client(config-if)# end client# config terminal client(config)# interface Dot11Radio 0 client(config-if)# ssid WPAPSK_WEP128 client(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 152 Multiple Client Profiles Configuring a WMIC for MCP (12.3(8)JK Only) Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 153: Understanding Ssids
SSID to allow the WMIC to authenticate to your network using the Extensible Authentication Protocol (EAP) authentication method. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 154: Configuring The Ssid
Assign the SSID to the native VLAN • bridge# configure terminal bridge(config)# dot11r ssid bridgeman bridge(config-ssid)# accounting accounting-method-list bridge(config-ssid)# vlan 1 bridge(config-ssid)# encryption mode cipher wep 128 bridge(config-ssid)# priority 10 bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# end Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 155: Configuring Any Ssid
To allow the WMIC to associate with the root device by using any ssid, the root device must enable the Note guest mode. For Cisco wireless APs or WMICs, this can be done by configuring guest-mode (or mbssid guest-mode, if mbssid is configured) for the specific SSID. The priority of the "any" profile is least (default) and can not be configured.
Page 156: Guidelines For Using Multiple Bssids
Use the show dot11 bssid command in privileged EXEC mode to display the relationship between SSIDs and BSSIDs or MAC addresses. This example shows the command output: AP1230# show dot11 bssid Interface BSSID Guest SSID Dot11Radio1 0011.2161.b7c0 atlantic Dot11Radio0 0005.9a3e.7c0f WPA2-TLS-g Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 157: Cipher Suites And Wep
Cipher suites are sets of encryption and integrity algorithms designed to protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM). Because cipher suites provide the protection of WEP while also allowing use of authenticated key management, Cisco recommends that you enable WEP by using the encryption mode cipher command in the command-line interface (CLI).
Page 158: Configuring Cipher Suites
Configuring WEP Configuring WEP with 12.4(3)JK or Later Releases Cisco 3201 WMICs with 12.4(3)JK or later release move encryption settings from the dot11 interface to each SSID configuration. Csico 3202 WMIC and 3205WMIC supports this feature change starting 12.4(3)JL release.
Page 159: Configuring Wep With 12.3(8)Jk Or Earlier Releases
2 is the transmit key by default. If you enable WEP with MIC, use the same WEP key for the transmit key in the same key slot on both root devices and non-root bridges. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 160: Wep Key Restrictions
Example WEP Key Setup Table 2 shows an example WEP key setup that would work for the root device and an associated non-root bridge. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 161: Enabling Cipher Suite
Enabling Cipher Suite Enabling Cipher Suite with 12.4(3)JK or Later Releases Cisco 3201WMIC with 12.4(3)JK or later releases moves cipher settings from dot11 interface to each SSID configuration. Cisco 3202 WMIC and 3205 WMIC supports this feature change starting 12.4(3)JL release.
Page 162 See the Cisco IOS Command Reference for Cisco Access Points and Bridges for a detailed description of the encryption mode wep command.
Page 163: Enabling Cipher Suite With 12.3(8)Jk Or Earlier Releases
See the Cisco IOS Command Reference for Cisco Access Points and Bridges for a detailed description of the encryption mode wep command.
Page 164: Matching Cipher Suites With Wpa
SSID, the authentication fails on this SSID. For a complete description of WPA and CCKM and instructions for configuring authenticated key management, see the “Authentication Types” document. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 165: Spanning Tree Protocol In A Wireless Environment
Spanning-Tree Timers, page 4 • Creating the Spanning-Tree Topology, page 4 • Spanning-Tree Interface States, page 5 • Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 166: Stp Overview
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol STP Overview Spanning-Tree Protocol (STP) is a Layer 2 link management protocol that prevents loops from being formed when switches or bridges are interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE algorithm by exchanging BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces.
Page 167: Bridge Protocol Data Units
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the bridge with the lowest bridge ID becomes the spanning-tree root for that VLAN.
Page 168: Election Of The Spanning-Tree Root
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol Election of the Spanning-Tree Root All bridges in the Layer 2 network participating in STP gather information about other bridges in the network through an exchange of BPDU data messages. This exchange of messages results in these actions: •...
Page 169: Spanning-Tree Interface States
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol Figure 1 Spanning-Tree Topology Unrestricted Quarantine/ Access Restricted Access VLAN/Network VLAN/Network Wireless laptops Spanning-Tree Interface States Propagation delays can occur when protocol information passes through a wireless LAN. As a result, topology changes can take place at different times and at different places in the network.
Page 170: Blocking State
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol Figure 2 illustrates how an interface moves through the states. Figure 2 Spanning-Tree Interface States Power-on initialization Blocking state Listening Disabled state state Learning state Forwarding state When you enable STP on the bridge, the Ethernet and radio interfaces go through the blocking state and the transitory states of listening and learning.
Page 171: Listening State
Spanning Tree Protocol in a Wireless Environment Understanding Spanning Tree Protocol Note If an bridge port is blocked, some broadcast or multicast packets can reach a forwarding port on the bridge and cause the bridging logic to switch the blocked port into listening state momentarily before the packets are dropped at the blocked port.
Page 172: Configuring Stp Features
Spanning Tree Protocol in a Wireless Environment Configuring STP Features Configuring STP Features These sections include spanning-tree configuration information: Default STP Configuration, page 8 • Configuring STP Settings, page 8 • STP Configuration Examples, page 9 • Default STP Configuration STP is disabled by default.
Page 173: Stp Configuration Examples
Spanning Tree Protocol in a Wireless Environment Configuring STP Features Command Purpose Step 5 exit Return to global configuration mode. Step 6 bridge number protocol ieee Enable STP for the bridge group. You must enable STP on each bridge group that you create with bridge-group commands.
Page 174: Non-Root Bridge Without Vlans
Spanning Tree Protocol in a Wireless Environment Configuring STP Features no ip route-cache ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip bridge 1 priority 9000 line con 0 exec-timeout 0 0 line vty 0 4 login line vty 5 15 login Non-Root Bridge Without VLANs This example shows the configuration of a non-root bridge with no VLANs configured with STP...
Page 175: Root Bridge With Vlans
Spanning Tree Protocol in a Wireless Environment Configuring STP Features Root Bridge with VLANs This example shows the configuration of a root bridge with VLANs configured with STP enabled: hostname master-bridge-hq ip subnet-zero ip ssh time-out 120 ip ssh authentication-retries 3 bridge irb interface Dot11Radio0 no ip address...
Page 176: Non-Root Bridge With Vlans
Spanning Tree Protocol in a Wireless Environment Configuring STP Features encapsulation dot1Q 2 no ip route-cache bridge-group 2 interface FastEthernet0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 interface BVI1 ip address 1.4.64.23 255.255.0.0 no ip route-cache ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip bridge 1 priority 9000...
Page 177 Spanning Tree Protocol in a Wireless Environment Configuring STP Features encapsulation dot1Q 2 no ip route-cache no cdp enable bridge-group 2 interface Dot11Radio0.3 encapsulation dot1Q 3 no ip route-cache no cdp enable bridge-group 3 interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto interface FastEthernet0.1...
Page 178: Displaying Spanning-Tree Status
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...
Page 179: Cisco Discovery Protocol
Cisco Discovery Protocol This document describes how to configure Cisco Discovery Protocol (CDP). It contains these sections: Understanding CDP, page 1 • Configuring CDP, page 1 • • Monitoring and Maintaining CDP, page 4 Understanding CDP Cisco Discovery Protocol (CDP) is a device-discovery protocol that runs on all Cisco network equipment.
Page 180: Default Cdp Configuration
For additional CDP show commands, see the “Monitoring and Maintaining CDP” section on page Disabling and Enabling CDP To disable the CDP device discovery capability, follow these steps, beginning in privileged EXEC mode: Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 181 Step 3 cdp enable Enables CDP on an interface after disabling it. Step 4 Returns to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 182 Sending a holdtime value of 120 seconds bridge# show cdp entry * ------------------------- Device ID: bridge Entry address(es): IP address: 10.1.1.66 Platform: cisco WS-C3550-12T, Capabilities: Switch IGMP Interface: GigabitEthernet0/2, Port ID (outgoing port): GigabitEthernet0/2 Holdtime : 129 sec Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 183 GigabitEthernet0/4 is up, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/5 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 184 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 50882, Input: 52510 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 185: Authentication Types
• • EAP Authentication to the Network, page 3 • MAC Address Authentication to the Network, page 6 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 186: Open Authentication To The Wmic
2. Authentication response Shared Key Authentication to the WMIC Cisco provides shared key authentication to comply with the IEEE 802.11b and IEEE 802.11g standards. However, because of shared key’s security flaws, we recommend that you use another method of authentication, such as EAP, in environments in which security is an issue.
Page 187: Eap Authentication To The Network
When you enable EAP on your bridges, authentication to the network occurs in the sequence shown in Figure 0-3. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 188 EAP on the WMIC. If you use EAP authentication, you can select open or share-key authentication, but you do not have to. Note EAP authentication controls authentication both to your bridge and to your network. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 189: Eap-Tls
The NAS tunnels the authentication messages between the peer (user machine trying to authenticate) and the AAA server (such as the Cisco ACS). The NAS is aware of the EAP authentication process only when it starts and ends.
Page 190: Mac Address Authentication To The Network
Using CCKM Key Management Using Cisco Centralized Key Management (CCKM), EAP-authenticated client devices can roam from one root device to another without any perceptible delay during reassociation. A root device or switch on the network provides Wireless Domain Services (WDS) and creates a cache of security credentials for CCKM-enabled devices on the subnet.
Page 191: Configuring Certificates Using The Crypto Pki Cli
Specifies that the terminal is to be used for certificate enrollment. Step 4 rsakeypair name 1024 Specifies that a manual key with the given name will be generated with length 1024. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 192 Enter the base 64 encoded CA certificate. End with a blank line or the word “quit” on a line by itself -----BEGIN CERTIFICATE----- MIIC5zCCApGgAwIBAgIQdngf6fp6ZqdEX1QPnzgqiDANBgkqhkiG9w0BAQUFADB9 MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxFjAU BgNVBAoTDUNpc2NvIFN5c3RlbXMxFDASBgNVBAsTC1dOQlUgU3lkbmV5MSEwHwYD VQQDExh3bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20wHhcNMDUwNjE1MDQ1MzQ5WhcN MDgwNjE1MDUwMzM0WjB9MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYD VQQHEwZTeWRuZXkxFjAUBgNVBAoTDUNpc2NvIFN5c3RlbXMxFDASBgNVBAsTC1dO QlUgU3lkbmV5MSEwHwYDVQQDExh3bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20wXDAN BgkqhkiG9w0BAQEFAANLADBIAkEAnDZq1u+RhYyC8uNdsuXDwOve1yEZvKJerrb6 XFVyJZV4jfSKSnZ2ZRNf3VX3NcRyQxKSszgCHMGcUyBnH350ZwIDAQABo4HsMIHp MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSB9hMkazhs ebKHX3b9qw8VPilQRzCBlwYDVR0fBIGPMIGMMEOgQaA/hj1odHRwOi8vd25idS1z eWQtYWNzLWEvQ2VydEVucm9sbC93bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20uY3Js MEWgQ6BBhj9maWxlOi8vXFx3bmJ1LXN5ZC1hY3MtYVxDZXJ0RW5yb2xsXHduYnUt Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 193 TEST-CUT-PASTE % Start certificate enrollment.. % The fully-qualified domain name in the certificate will be: maldives-ap.cisco.com % The subject name in the certificate will be: maldives-ap.cisco.com % Include the router serial number in the subject name? [yes/no]:yes Jun 29 12:17:08.232: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair...
Page 194 Serial Number: 80AD5AD4 hostname=maldives-ap.cisco.com serialNumber=80AD5AD4 CRL Distribution Point: http://wnbu-syd-acs-a/CertEnroll/wnbu-syd-acs-a.cisco.com.crl Validity Date: start date: 12:13:42 AEST Jun 29 2005 date: 12:23:42 AEST Jun 29 2006 renew date: 11:00:00 AEST Jan 1 1970 Associated Trustpoints: TEST-CUT-PASTE Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 195: Configuration Using The Tftp Method
URL, or to the fully qualified domain name (FQDN). For example, if a URL option is tftp://TFTP-server/TFTPfiles/router1, the file TFTPfiles/router1.ca is read from the TFTP server TFTP-server. If the routers FQDN is router1.cisco.com, and URL option is tftp://tftp.cisco.com, the file router1.cisco.com.ca is read from the TFTP server tftp.cisco.com. The file must contain the certificate of the CA in binary format (Distinguished Encoding Rules (DER) or base 64-encoded (Privacy Enhanced Mail (PEM)).
Page 196: Configuration Using Scep
SCEP is selected to acquire a certificate under the Enterprise Certificate Server (CA) mode for the Windows CA server that works with the Cisco ACS server. Windows Server 2003 Enterprise Edition allows the modification of the CA server template. For use of SCEP with the Enterprise CA server, you must modify the IPSec template (offline request) so that its enhanced key usage extension is same as that for the user template.
Page 197 Jun 29 13:18:46.606: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair Re-enter password: % The fully-qualified domain name in the certificate will be: maldives-ap.cisco.com % The subject name in the certificate will be: maldives-ap.cisco.com % Include the router serial number in the subject name? [yes/no]: yes...
Page 198: Adding The Trustpoint To The Dot1X Credentials
Adding the Trustpoint to the dot1x Credentials To specify the trustpoint to be used for the authentication, follow these steps: If you do not specify a trustpoint, EAP-TLS uses the default trustpoint. Note Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 199: Configuring Authentication Types
Default Authentication Settings The default SSID on the WMIC is autoinstall. Table 1 shows the default authentication settings for the default SSID: Table 1 Default Authentication Configuration Feature Default Setting SSID autoinstall Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 200: Assigning Authentication Types To An Ssid
Enters global configuration mode. Step 2 dot11 ssid ssid-string Creates an SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive. Do not include spaces in SSIDs. Note Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 201 • with MAC address authentication. For list-name, specify the authentication method list. (Optional) Set the SSID’s authentication type to shared key • with EAP authentication. For list-name, specify the authentication method list. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 202 WDS device. Step 7 Returns to privileged EXEC mode. Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 203: Configuring Up 2.4 The Wmic Radio As An Eap Client
Specifies the dot1x credentials profile created in Step 2 and enters the dot1x credentials configuration submode. Step 13 eap profile profile-name-string Specifies the EAP profile created in Step 7. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 204 0 bridge(config-if)# encryption mode ciphers aes-ccm bridge(config-if)# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 205: Setting Up A Non-Root Bridge As A Leap Client For 4.9 Wmic Radios
For 4.9-GHz radios, you can set up a non-root bridge to authenticate to your network like other wireless client devices. After you provide a network username and password for the non-root bridge, it authenticates to your network using LEAP, the Cisco wireless authentication protocol, and receives and uses dynamic WEP keys.
Page 206 (Optional) Sets the authentication type for the SSID to use list-name LEAP for authentication and key distribution. Cisco bridges support only LEAP, while other wireless clients may support other EAP methods such as EAP, PEAP, or TLS. Step 4 authentication client username Specifies the user name and password for the LEAP client.
Page 207: Configuring The Root Device To Interact With The Wds Device
For detailed instructions on configuring WDS and CCKM on your wireless LAN, see Chapter 11 in the Cisco IOS Software Configuration Guide for Cisco Access Points. On your root device, enter this command in global configuration mode:...
Page 208: Configuring Authentication Holdoffs, Timeouts, And Intervals
Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no form of these commands to reset the values to default settings. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 209: Matching Authentication Types On Root Devices And Non-Root Bridges
WDS device, and add the root device to your authentication server as a client device. WPA key management Set up and enable WEP and enable Set up and enable WEP and enable WPA authentication. WPA authentication. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 210 Authentication Types Matching Authentication Types on Root Devices and Non-Root Bridges Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 211: Qos In A Wireless Environment
B e t a D r a f t f o r R e v i e w - C i s c o C o n f i d e n t i a l QoS in a Wireless Environment This chapter describes how to configure quality of service (QoS) on your Cisco wireless mobile interface card (WMIC). With this feature, you can provide preferential treatment to certain traffic at the expense of others.
Page 212: Qos For Wireless Lans Versus Qos On Wired Lans
(ISL). They support only MQC policy-map set cos action. • To contrast the wireless LAN QoS implementation with the QoS implementation on other Cisco network devices, see the Cisco IOS Quality of Service Solutions Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/index.htm Impact of QoS on a Wireless LAN Wireless LAN QoS features are a subset of the proposed 802.11e draft.
Page 213: Precedence Of Qos Settings
Support for burst transmission of multiple frames in a transmit opportunity • Support for the WMM specified backoff procedure Support for the WMM retransmit procedure • Addition of 802.1d priority for WMM enabled clients • Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 214: Configuring Qos
0.100 encapsulation dot1Q 100 bridge-group 100 interface fastEthernet 0.101 encapsulation dot1Q 101 bridge-group 101 interface dot11Radio 0.1 encapsulation dot1Q 1 native bridge-group 1 interface dot11Radio 0.100 encapsulation dot1Q 100 bridge-group 100 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 215: Qos Example Of Ip Dscp And Ip Precedence
L3Map class prec2 set cos 2 class dscp12 set cos 0 class prec5 set cos 5 class dscp46 set cos 6 interface dot11Radio 0 service-policy output L3Map Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 216 B e t a D r a f t f o r R e v i e w - C i s c o C o n f i d e n t i a l Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 217: Configuring Vlans
Configuring VLANs This document describes how to configure your Cisco wireless mobile interface card (WMIC) to operate with the VLANs set up on your wired LAN. These sections describe how to configure your WMIC to support VLANs: • Understanding VLANs, page 1 •...
Page 218: Related Documents
Root Bridge Related Documents These documents provide more detailed information pertaining to VLAN design and configuration: Cisco IOS Switching Services Configuration Guide. Click this link to browse to this document: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/index.htm Cisco Internetwork Design Guide. Click this link to browse to this document: •...
Page 219: Incorporating Wireless Bridges Into Vlans
Step 3 encapsulation dot1q vlan-id Enables a VLAN on the subinterface. [native] (Optional) Designate the VLAN as the native VLAN. On many networks, the native VLAN is VLAN 1. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 220 Assigns the SSID to the native VLAN. Step 13 infrastructure-ssid Designates the SSID as the infrastructure SSID. It is used to instruct a non-root bridge or workgroup bridge radio to associate with this SSID. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 221 1 bridge(config-subif)# exit bridge(config)# interface fastEthernet0.1 bridge(config-subif)# encapsulation dot1q 1 native bridge(config-subif)# bridge group 1 bridge(config-subif)# exit bridge(config)# interface dot11radio0 bridge(config-if)# ssid batman bridge(config-ssid)# vlan 1 bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# end Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 222: Viewing Vlans Configured On The Wmic
Bridge Group 1 201688 Bridging Bridge Group 1 201688 Bridging Bridge Group 1 201688 Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interfaces: Dot11Radio0.2 FastEthernet0.2 Virtual-Dot11Radio0.2 Protocols Configured: Address: Received: Transmitted: Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 223: System Message Logging
This document describes how to configure system message logging on your Cisco wireless mobile interface card (WMIC). For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.2.
Page 224: Configuring System Message Logging
The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 225: Default System Message Logging Configuration
CHANGED: Interface Dot11Radio0, changed state to reset *Mar 1 17:02:19.618: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up *Mar 1 17:14:21.520: %SYS-5-CONFIG_I: Configured from console by Cisco on vty0 (10.0.0.42) *Mar 1 17:36:33.519: %SYS-5-CONFIG_I: Configured from console by Cisco on vty0 (10.0.0.42)
Page 226: Disabling And Enabling Message Logging
When this command is enabled, messages appear only after you press Return. For more information, see the “Enabling and Disabling Timestamps on Log Messages” section on page To re-enable message logging after it has been disabled, use the logging on global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 227: Setting The Message Display Destination Device
EXEC command. To disable logging to the console, use the no logging console global configuration command. To disable logging to a file, use the no logging file [severity-level-number | type] global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 228: Enabling And Disabling Timestamps On Log Messages
Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. To disable sequence numbers, use the no service sequence-numbers global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 229: Defining The Message Severity Level
To disable logging to the console, use the no logging console global configuration command. To disable logging to a terminal other than the console, use the no logging monitor global configuration command. To disable logging to syslog servers, use the no logging trap global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 230: Limiting Syslog Messages Sent To The History Table And To Snmp
Changes the default level of syslog messages stored in the history file and sent to the SNMP server. Table 3 on page 8 for a list of level keywords. By default, warnings, errors, critical, alerts, and emergencies messages are sent. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 231: Setting A Logging Rate Limit
To disable the rate limit, use the no logging rate-limit global configuration command. Configuring UNIX Syslog Servers The next sections describe how to configure the 4.3 BSD UNIX server syslog daemon and define the UNIX system logging facility. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 232: Logging Messages To A Unix Syslog Daemon
Step 3 logging trap level Limits messages logged to the syslog servers. Be default, syslog servers receive informational messages and lower. See Table 3 on page 8 for level keywords. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 233: Displaying The Logging Configuration
To display the current logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2.
Page 234 System Message Logging Displaying the Logging Configuration Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 235: Tunnel Templates
! Designates the tunnel template to apply during registration. The interfacenumber argument is set to the tunnel template. wd(config)#end Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 236: Applying The Tunnel Template On The Mobile Router
Applying the Tunnel Template on the Mobile Router Use the show ip mobile tunnel command to display the active tunnels. The following example displays the active Mobile IP tunnels and the template configuration for the tunnel on the home agent: Router# show ip mobile tunnel Mobile Tunnels: Total mobile ip tunnels 2...
Page 237: Example Configuration
In the following example configuration, a tunnel template is defined and configured to be brought up at the home agent and mobile router. The foreign agent does not require any additional configuration to support the Cisco Mobile Networks—Tunnel Templates for Multicast feature. Home Agent...
Page 238: Applying Tunnel Templates To The Ipsec Two-Box Solution
The local address should be set to the home address interface. This recommendation eliminates the need for policy routing and allows for all traffic to be Cisco Express Forwarding (CEF) switched (which is not supported on loopback interfaces).
Page 239 Applying Tunnel Templates to the IPSec Two-box Solution router mobile ip mobile secure home-agent 192.168.1.2 spi 100 key hex 1234567890abcdef1234567890abcdef algorithm md5 mode prefix-suffix ip mobile router address 192.168.100.10 255.255.255.0 home-agent 192.168.1.2 mobile-network Ethernet1/0 ! Tunnel Template where the crypto map is applied template Tunnel99 ! Reverse tunneling must be enabled or traffic will not exit via the tunnel reverse-tunnel...
Page 240 Applying Tunnel Templates to the IPSec Two-box Solution MN#show crypto ipsec sa interface tunnel 0 interface: Tunnel 0 Crypto map tag: MAR_VPN, local addr 192.168.100.10 protected vrf: (none) local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (192.168.2.2/255.255.255.255/0/0) current-peer 192.168.1.1 port 500 PERMIT, flags={) #pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5 #pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9...
Page 241: Related Documents
Cisco 3200 Series router. The Release Notes for the Cisco 3250 Mobile Router lists the enhancements to and caveats for Cisco IOS releases as they relate to the Cisco 3200 Series router can be found at: http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_releases.html...
Page 242 Related Documents Related documents from the Cisco TAC Web pages include: • Antenna Cabling (http://www.cisco.com/warp/public/102/wlan/antcable.html) Tunnel Templates...
Page 243: Wimic Troubleshooting
WIMIC Troubleshooting This document provides troubleshooting procedures for basic problems with the wireless device. For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following URL (select Top Issues and then select Wireless Technologies): http://www.cisco.com/tac...
Page 244 Reset factory defaults. Failures Firmware failure; try disconnecting and reconnecting unit power. Blinking red – – Hardware failure. The wireless device must be replaced. Firmware – – Loading new firmware image. Upgrade Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 245: Checking Basic Settings
The following steps reset all configuration settings to factory defaults, including passwords, WEP keys, Note the IP address, and the SSID. The default username and password are both Cisco, which is case-sensitive. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 246: Using The Cli
Loading "flash:/c350.k9w7.mx.122.13.JA/c350.k9w7.mx.122.13.JA"...######## . . . The wireless device is configured with factory default values, including the IP address (set to receive an Note IP address using DHCP) and the default username and password (Cisco). Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 247: Reloading The Image
WIMIC Troubleshooting Reloading the Image Step 8 When Cisco IOS software is loaded, you can use the del privileged EXEC command to delete the config.old file from flash. ap# del flash:config.old Delete filename [config.old] Delete flash:config.old [confirm] Reloading the Image If the wireless device has a firmware failure, you must reload the image file.
Page 248 Your entry might look like this example: ap: set BOOT flash:/c350-k9w7-mx.122-13.JA1/c350-k9w7-mx.122-13.JA1 Enter the set command to check your bootloader entries. Step 9 ap: set BOOT=flash:/c350-k9w7-mx.122-13.JA1/c350-k9w7-mx.122-13.JA1 DEFAULT_ROUTER=192.168.133.1 IP_ADDR=192.168.133.160 NETMASK=255.255.255.0 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 249: Obtaining The Image Files
Obtaining the Image Files You can obtain the wireless device image file from the Cisco.com software center by following these steps: Use your Internet browser to access the Cisco Software Center at the following URL: Step 1 http://www.cisco.com/public/sw-center/sw-wireless.shtml...
Page 250: Error And Event Messages
Auto upgrade of the software failed due Copy the error message exactly as it boot_file_pathent creation failed to error in creation of pathent (internal appears and report it to your technical data structure). support representative. Association Management Messages Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 251 [mac] DOT11-6-DISASSOC: Interface A station disassociated from a bridge. None. [interface], Deauthenticating Station [mac] [char] DOT11-6-ROAMED: Station A station has roamed to a new bridge. None. [mac-address] Roamed to [mac-address] Unzip Messages Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 252 A station has roamed to a new bridge. None. [mac-address] Roamed to [mac-address] DOT11-6-STANDBY_ACTIVE: The device is transitioning from standby None. Standby to Active, Reason = [chars] mode to active mode. ([int]) Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 253 Ethernet client devices connected to the workgroup bridge. UNDER_VOLTAGE: Under voltage The hardware under voltage detection Check the power supply and associated condition detected. logic has reported a low voltage power connections. condition. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 254 WIMIC Troubleshooting Error and Event Messages Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 255: Protocol Filters
You can include filters in the WMIC’s QoS policies. Refer to “QoS in a Wireless Environment” detailed instructions on setting up QoS policies. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 256: Configuring Filters
Filters Configuring Filters Configuring Filters To configure filters using Cisco IOS CLI commands, you use access control lists (ACLs) and bridge groups. You can find explanations of these concepts and instructions for implementing them in these documents: Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to •...
Page 257: Simple Network Management Protocol
SNMP Agent Functions, page 3 • SNMP Community Strings, page 3 • Using SNMP to Access MIB Variables, page 3 • Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 258: Snmp Versions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command works only with SNMPv2. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 259: Snmp Agent Functions
MIB-related queries sent by the SNMP manager in get-request, get-next-request, and set-request format. Figure 1 SNMP Network get-request, get-next-request, Network device get-bulk, set-request get-response, traps SNMP agent SNMP manager For information on supported MIBs and how to access them, see “Supported MIBs.” Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 260: Configuring Snmp
A MIB view, which defines the subset of all MIB objects accessible to the given community • Read and write or read-only permission for the MIB objects accessible to the community • Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 261 Configuring SNMP Note In the current Cisco IOS MIB agent implementation, the default community string is for the Internet MIB object sub-tree. Because IEEE802dot11 is under another branch of the MIB object tree, you must enable either a separate community string and view on the IEEE802dot11 MIB or a common view and community string on the ISO object in the MIB object tree.
Page 262: Configuring Trap Managers And Enabling Traps
Bridges running this IOS release can have an unlimited number of trap managers. Community strings can be any length. Table 3 describes the supported traps (notification types). You can enable any or all of these traps and configure a trap manager to receive them. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 263 These notification types are always enabled. You can use the snmp-server host global configuration command to a specific host to receive the notification types listed in Table Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 264 To remove the specified host from receiving traps, use the no snmp-server host host global configuration command. To disable a specific trap type, use the no snmp-server enable traps notification-types global configuration command. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 265: Setting The Agent Contact And Location Information
The WMIC also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community string public is sent with the traps. bridge(config)# snmp-server community public bridge(config)# snmp-server enable traps config Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 266: Displaying Snmp Status
2c public The following example shows how to send Entity MIB traps to the host cisco.com. The community string is restricted. The first line enables the WMIC to send Entity MIB traps in addition to any traps previously enabled.
Page 267: Maximum Power Levels
Maximum Power Levels Per Antenna Gain for IEEE 802.11g Maximum Power Level (mW) Antenna Gain Regulatory Domain (dBi) OFDM Americas (–A) (4 W EIRP maximum) 13.5 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 268 OFDM EMEA (–E) and Israel(-I) (100 mW EIRP maximum) 13.5 — Japan (-J) (10 mW/MHz EIRP maximum) 13.5 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 269: Using Ftp To Access The Mib Files
Supported MIBs This document lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the Cisco wireless mobile interface card (WMIC) supports. The Cisco IOS SNMP agent supports both SNMPv1 and SNMPv2. This document contains these sections: •...
Page 270: Using Ftp To Access The Mib Files
Enter your e-mail username when prompted for the password. Step 3 At the prompt, change directories to /pub/mibs/v1 or /pub/mibs/v2. Step 4 ftp> Use the get MIB_filename command to obtain a copy of the MIB file. Step 5 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 271 Supported MIBs Using FTP to Access the MIB Files Note You can also access information about MIBs on the Cisco website: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 272 Supported MIBs Using FTP to Access the MIB Files Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 273: Protocol Filters
In each table, the Protocol column lists the protocol name, the Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008 Cisco Systems, Inc. All rights reserved.
Page 274 0x00FF Novell IPX (old) — 0x8137 Novell IPX (new) 0x8138 EAPOL (old) — 0x8180 EAPOL (new) — 0x888E Telxon TXP 0x8729 Aironet DDP 0x872D Enet Config Test — 0x9000 NetBUI — 0xF0F0 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 275 Internet Group Management Protocol IGMP Transmission Control Protocol Exterior Gateway Protocol — CHAOS — User Datagram Protocol XNS-IDP ISO-TP4 ISO-CNLP CNLP Banyan VINES VINES Encapsulation Header encap_hdr Spectralink Voice Protocol Spectralink — Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 276 Domain Name Server domain — BOOTP Server — BOOTP Client — TFTP — gopher — netrjs finger — Hypertext Transport Protocol HTTP ttylink link Kerberos v5 Kerberos krb5 supdup — hostname hostnames Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 277 ISO CMIP Management Over IP CMIP Management Over IP cmip-man CMOT ISO CMIP Agent Over IP cmip-agent X Display Manager Control xdmcp Protocol NeXTStep Window Server NeXTStep Border Gateway Protocol Prospero — Internet Relay Chap Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 278 SUP server supfilesrv swat for SAMBA swat SUP debugging supfiledbg 1127 ingreslock — 1524 Prospero non-priveleged prospero-np 1525 RADIUS — 1812 Concurrent Versions System 2401 Cisco IAPP — 2887 Radio Free Ethernet 5002 Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 279: Wds, Fast Secure Roaming, And Radio Management
• Understanding WDS The following sections describe WDS and the Cisco wireless mobile interface card (WMIC) can be configured as a WDS server even when it is configured as an access point. When configured as an access point, the WMIC can use a WDS server and can act as a WDS authenticator (client).
Page 280: Role Of The Wds Access Point
During normal operation, Light Extensible Authentications Protocol (LEAP)-enabled client devices mutually authenticate with a new access point by performing a complete LEAP authentication, including communication with the main RADIUS server, as in Figure Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 281 When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices roam from one access point to another without involving the main server. Using Cisco Centralized Key Management (CCKM), an access point configured to provide WDS takes the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice or other time-sensitive applications.
Page 282: Understanding Radio Management
Repeater access points do not support WDS. Do not configure a repeater access point as a WDS • candidate, and do not configure a WDS access point to return (fall back) to repeater mode in case of Ethernet failure. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 283: Requirements For Wds And Fast Secure Roaming
WDS access point. Follow these steps to configure the access points on your server: Log into Cisco Secure ACS and click Network Configuration to browse to the Network Configuration Step 1 page. You must use the Network Configuration page to create an entry for the WDS access point.
Page 284 Configuring WDS and Fast Secure Roaming Figure 3 Network Configuration Page Click Add Entry under the AAA Clients table. The Add AAA Client page appears. Figure 4 shows the Step 2 Add AAA Client page. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 285 Click User Setup to browse to the User Setup page. You must use the User Setup page to create entries Step 9 for the access points that use the WDS access point. Figure 5 shows the User Setup page. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 286 Enter the name of the access point in the User field. Step 10 Click Add/Edit. Step 11 Scroll down to the User Setup box. Figure 6 shows the User Setup box. Step 12 Figure 6 ACS User Setup Box Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 287: Using Cli Commands To Enable The Wds Server
[no] aaa group server radius client [no] server <IP address of RADIUS server> auth-port <Port number> acct-port <Port number> [no] aaa authentication login <method_infra> group infra where <method_infra> is <named authentication list> Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 288: Using Cli Commands To Enable The Root Device
Refer to http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/iprmb_r/ip4bookg.pdf details on Mobile IP configuration commands. Refer to http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtfamoip.htm for details on the foreign agent local routing feature and its configuration details. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 289: Viewing Wds Information
(mn), the WDS discovery process, and access |wds-discovery } point authentication to the WDS access point (state). debug wlccp leap-client Use this command to turn on display of debugging messages related to LEAP-enabled client devices. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 290: Using Cli Commands To Enable Roaming
• In the Cisco 3205 5.0 GHz radio, the client listens first to make sure there is traffic on the channel before transmitting the probe request. This process can take up to 3 seconds for a WMIC to re-associate to a new AP.
Page 291: Management Frame Protection
For complete protection, you should also configure an MFP AP for Simple Network Time Protocol (SNTP). Client MFP encrypts class 3 management frames sent between APs and Cisco Compatible Extension version 5 (CCXv5)—capable client stations, so that both AP and client can take preventive action by dropping spoofed class 3 management frames (management frames) that are passed between an AP and a client station that is authenticated and associated).
Page 292: Protection Of Unicast Management Frames
SSID if the SSID is WPA2 capable; otherwise, Client MFP is disabled. • show dot11 ids mfp client statistics Use this command to display Client MFP statistics on the AP console for a dot11radio interface. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 293: Configuring Infrastructure Mfp
WDS manages signature keys that are used to create the MIC IEs, and the WDS securely transfers them between generators and detectors. Step 3 Returns to the privileged EXEC mode. Step 4 copy running-config (Optional) Saves your entries in the configuration file. startup-config Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 294 Management Frame Protection Understanding Management Frame Protection Cisco 3200 Series Wireless MIC Software Configuration Guide...
Page 295 High-gain antennas have a more focused radiation pattern in a specific direction. A station is configured properly to enable it to wirelessly communicate with an associated access point. A suggested set of authentication methods authentication suite Cisco Wireless Router and HWIC Configuration Guide GL-1 OL-6415-03...
Page 296 Complementary code keying. A modulation technique used by IEEE 802.11b-compliant wireless LANs for transmission at 5.5 and 11 Mbps. Cisco Centralized Key Management. Using CCKM, authenticated client devices CCKM can roam from one access point to another without any perceptible delay during reassociation.
Page 297 Glossary CCKM is the basis of Cisco Fast reassociation and reauthentication solution, Cisco Centralized Key Management which utilizes a central node, an AP, as the key distributor to enable protected (CCKM) communications between the AP and the Wireless Stations. Station using CCKM use proprietary supports SSN Group Key update.
Page 298 LAN or if it must be reached through a gateway. This number is expressed in a form similar to an IP address; for example: 255.255.255.0. An antenna that radiates its signal in a spherical pattern. isotropic Cisco Wireless Router and HWIC Configuration Guide GL-4 OL-6415-03...
Page 299 Pre-Shared Keys as the WEP keys. The Robust Security Network (RSN) (PSK) specification allows a system to use a Pre-Shared Key if there is no other authentication method available, but using a Pre-Shared Key is not as secure. Cisco Wireless Router and HWIC Configuration Guide GL-5 OL-6415-03...
Page 300 Robust Security Network RSN Information Element RSNIE A connector type unique to Cisco radios and antennas. Part 15.203 of the FCC RP-TNC rules covering spread spectrum devices limits the types of antennas that may be used with transmission equipment. In compliance with this rule, Cisco, like all other wireless LAN providers, equips its radios and antennas with a unique connector to prevent attachment of non-approved antennas to radios.
Page 301 Wireless LAN Solutions Engine. The WLSE is a specialized appliance for WLSE managing Cisco wireless LAN infrastructures. It centrally identifies and configures access points in customer-defined groups and reports on throughput and client associations. WLSE centralized management capabilities are further enhanced with an integrated template-based configuration tool for added configuration ease and improved productivity.
Page 302 WEP and TKIP encryption algorithms as well as 802.1X and EAP for simple integration with existing authentication systems. WPA key management uses a combination of encryption methods to protect communication between client devices and the access point. Cisco Wireless Router and HWIC Configuration Guide GL-8 OL-6415-03...
Page 303 Advanced Encryption Standard (AES) using WPA key management AES-CCMP 11-2 authorization Aironet 802.11 extensions 4-40 with RADIUS 4-27 Aironet Client Utility (ACU) with TACACS+ 4-32, 4-36 antenna gains ARPANET attributes, RADIUS Cisco 3200 Series Wireless MIC Software Configuration Guide IN-1 OL-6415-04...
Page 304 Centralized Key Management (CCKM) 11-1 cdp timer certificates clear cdp counters configuring clear cdp table channel client profile multiple 3-11, 9-5 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-2 OL-6415-04...
Page 305 4-47 password and privilege level show controllers dot11Radio 5-2, 8-2 SNMP show crypto ipsec 10-4 system message logging show ip mobile router Cisco 3200 Series Wireless MIC Software Configuration Guide IN-3 OL-6415-04...
Page 306 Ethernet indicator host name, ARPANET rules Ethertype protocols hostname command protocols Ethertype 13-2 Express Security page Extensible Authentication Protocol IAPP messaging See EAP Cisco 3200 Series Wireless MIC Software Configuration Guide IN-4 OL-6415-04...
Page 307 FTP 12-2 Ethernet location of files 12-2 radio traffic overview 10-1 status SNMP interaction with 10-3 Lightweight AP Protocol (LWAPP) 4-40, 11-1, 8-3 Load balancing 4-40 Mobile IP Cisco 3200 Series Wireless MIC Software Configuration Guide IN-5 OL-6415-04...
Page 308 NTP services per interface 4-10 4-53 prompt command source IP address, configuring 4-54 protocol filters stratum 9-2, 13-1 4-41 protocols synchronizing devices 4-49 IP port time 13-4 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-6 OL-6415-04...
Page 309 10-2 authentication 4-24 roaming, fast secure roaming using CCKM 14-2 authorization 4-27 role communication, global 4-22, 4-28 station-role command communication, per-server 4-21, 4-22 roles multiple UDP ports 4-22 access point Cisco 3200 Series Wireless MIC Software Configuration Guide IN-7 OL-6415-04...
Page 310 SSH Communications Security, Ltd. show ip mobile tunnel command SSID show vlan 2.4-GHz radio 10-2 Simple Network Management Protocol configuring 10-2 See SNMP default (tsunami) SNMP disable 10-2 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-8 OL-6415-04...
Page 311 BPDU timers, described TACACS+ stratum, NTP 4-41 accounting, defined 4-32 summer time 4-46 authentication, defined 4-32 syslog authorization, defined 4-32 See system message logging configuring system clock 4-41 accounting 4-37 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-9 OL-6415-04...
Page 312 10-6 overview defined 10-2 SSID 2-4, 4-11, 4-12, 10-2 enabling 10-6 with wireless bridges notification types 10-6 vlan command 10-2 overview 10-1, 10-3 Tropos access point troubleshooting with CiscoWorks 10-3 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-10 OL-6415-04...
Page 313 Wireless Domain Services See WDS Wireless Domain Services (WDS) 14-1 WMIC and WDS 14-1 multiple client profiles 9-3, 9-5 workgroup bridge infrastructure-client world mode 3-13 802.11d 3-12 Cisco legacy 3-12 Cisco 3200 Series Wireless MIC Software Configuration Guide IN-11 OL-6415-04...
Page 314 Index Cisco 3200 Series Wireless MIC Software Configuration Guide IN-12 OL-6415-04...

This manual is also suitable for:

C3230asy-kit= - 3200 series rugged enclosure assembly C3230enc-1wmic-k9 - 3230 router C3270enc-k9 3200 series

Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Software Configuration Manual

Roles and the Associations of Wireless Devices

Radio Channel Frequencies

Service Set Identifiers

Radio Transmit Power

Supported Mibs

Configuring the WMIC for the First Time

Administering the WMIC

Radio Channel and Transmit Frequency Configuration

Dynamic Frequency Selection

Multiple Client Profiles

Cipher Suites and WEP

Spanning Tree Protocol in a Wireless Environment

Cisco Discovery Protocol

Authentication Types

Qos in a Wireless Environment

Configuring Vlans

System Message Logging

Tunnel Templates

WIMIC Troubleshooting

Filters 9-1

Simple Network Management Protocol

Maximum Power Levels

Quick Links

Related Manuals for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module

Summary of Contents for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module