Cisco WAP121 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. WAP121
  6. Administration manual

Cisco WAP121 Administration Manual

Wireless-n access point with poe wireless-n selectable-band access point with poe
Hide thumbs Also See for WAP121:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
ADMINISTRATION
GUIDE
Cisco Small Business
WAP121 Wireless-N Access Point with PoE and
WAP321 Wireless-N Selectable-Band Access Point
with PoE

Advertisement

Table of Contents
loading

Related Manuals for Cisco WAP121

Summary of Contents for Cisco WAP121

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business WAP121 Wireless-N Access Point with PoE and WAP321 Wireless-N Selectable-Band Access Point with PoE...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

  • Page 3: Table Of Contents

    TSPEC Client Associations TSPEC Status and Statistics TSPEC AP Statistics RADIO Statistics Email Alert Status Chapter 3: Administration System Settings User Accounts Adding a User Changing a User Password Time Settings Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 4 Reboot Discovery—Bonjour Packet Capture Packet Capture Configuration Local Packet Capture Remote Packet Capture Packet Capture File Download Chapter 4: LAN Settings Port Settings LAN Settings Chapter 5: Wireless Settings Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 5 Enrolling a Client Using the PIN Method Enrolling a Client Using the Push Button Method Viewing Instance Summary Information Chapter 6: System Security RADIUS Server 802.1X Supplicant Password Complexity WPA-PSK Complexity Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 6 SNMP Users SNMP Targets Chapter 9: Captive Portal Global Captive Portal Configuration Instance Configuration Instance Association Upload Binary Files Web Customization Web Customization Preview Local Groups Local Users Authenticated Clients Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 7 Contents Failed Authentication Clients Appendix A: Where to Go From Here Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 8: Chapter 1: Getting Started

    When using Internet Explorer 8, you can configure security settings from Internet Explorer. Click Tools > Internet Options and then select the Security tab. Select Local Intranet and click Sites. Click Advanced and Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 9: Launching The Web-Based Configuration Utility

    Click Login. The Access Point Startup Wizard page opens. STEP 4 If this is the first time that you logged on with the default user name (cisco) and the default password (cisco) or your password has expired, the Change Admin Password page opens.

  • Page 10: Logging Out

    However, it is strongly recommend to keep the password security rules enabled. Click Next. The Enable Security - Name Your Wireless Network window STEP 7 displays. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 11: Getting Started

    Point Setup Wizard Configure Radio Settings Radio Configure Wireless Network Settings Networks Configure LAN Settings LAN Settings Run WPS WPS Setup Device System Summary System Summary Status Wireless Status Network Interfaces Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 12: Window Navigation

    Log Out Click to log out of the web-based configuration utility. About Click to display the WAP device type and version number. Help Click to display the online help. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 13: Navigation Window

    Edits or modifies an existing entry. Select an entry first. Refresh Redisplays the current page with the latest data. Save Saves the settings or configuration. Update Updates the new information to the Running Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 14: Chapter 2: Viewing Statistics

    Viewing Statistics This chapter describes how to display Cisco WAP121 and WAP321 statistics and contains these topics. • System Summary • Network Interfaces • Traffic Statistics • WorkGroup Bridge Transmit/Receive • Associated Clients • TSPEC Client Associations • TSPEC Status and Statistics •...
  • Page 15 Active—A connection session is established and packets are being transmitted and received. Established—A connection session is established between the WAP device and a server or client, depending on each device’s role with respect to this protocol. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 16: Network Interfaces

    Radio page. See Radio, page 60 for descriptions of these fields. You can click Refresh to refresh the screen and display the most current information. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 17: Traffic Statistics

    Errors—The total number of errors related to sending and receiving data on this WAP device. You can click Refresh to refresh the screen and display the most current information. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 18: Workgroup Bridge Transmit/Receive

    Total Bytes—The total number of bytes bridged between the wired clients in the workgroup bridge and the wireless network. You can click Refresh to refresh the screen and display the most current information. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 19: Associated Clients

    For the To Station, these counters indicate the number of packets and bytes transmitted from the WAP device to the wireless client. Packets—Number of packets received (transmitted) from the wireless client. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 20: Tspec Client Associations

    An example of a video traffic stream is a video player application on a wireless laptop that prioritizes a video conference feed from a corporate server. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 21 Statistics: • Network—Radio interface used by the client. • Station—Client station MAC address. • TS Identifier—TSPEC Traffic Session Identifier (range 0-7). • Access Category—TS Access Category (voice or video). Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 22: Tspec Status And Statistics

    If you reboot the WAP device, these figures indicate transmit and receive totals since the reboot. To view TSPEC status and statistics, click Status and Statistics > TSPEC Status and Statistics in the navigation window. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 23 (in Received table) by this WAP device for this VAP. • Total Voice Bytes—Total TS voice bytes sent (in Transmit table) or received (in Received table) by this WAP device for this VAP. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 24: Tspec Ap Statistics

    Packets Received—Total packets received by the WAP device. • Bytes Received—Total bytes received by the WAP device. • Packets Transmitted—Total packets transmitted by the WAP device. • Bytes Transmitted—Total bytes transmitted by the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 25 RTS Failure Count—Count of CTS frames not received in response to an RTS frame. • ACK Failure Count—Count of ACK frames not received when expected. • FCS Error Count—Count of FCS errors detected in a received MPDU frame. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 26: Email Alert Status

    Number of Email Failed—The total number of email failures. The range is an unsigned integer of 32 bits. The default is 0. • Time Last Email Sent—The day, date, and time when the last email was sent. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 27: Log

    Description—A description of the event. You can click Refresh to refresh the screen and display the most current information. You can click Clear All to clear all entries from the log. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 28: Chapter 3: Administration

    HTTP/HTTPS Service • Telnet/SSH Service • Management Access Control • Firmware Upgrade • Download/Backup Configuration File • Configuration Files Properties • Copy/Save Configuration • Reboot • Discovery—Bonjour • Packet Capture Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 29: System Settings

    Password: cisco You can use the User Accounts page configure up to five additional users and to change a user password. Adding a User To add a new user: Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 30: Changing A User Password

    Click Administration > User Accounts in the navigation window. STEP 1 The User Account Table displays the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. This user cannot be deleted. However, you can change the password.

  • Page 31: Time Settings

    Select Adjust Time for Daylight Savings if daylight savings time is applicable to STEP 3 your time zone. When selected, configure these fields: • Daylight Savings Start—Select which week, day, month, and time when daylight savings time starts. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 32 Daylight Savings Offset (minutes)—Specify the number of minutes to move the clock forward when daylight savings time begins. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 33: Log Settings

    Error messages with a severity level of 3–7 are written to volatile memory. The severity levels are as follows: 0—Emergency 1—Alert 2—Critical 3—Error 4—Warning Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 34: Remote Log Server

    The IPv4 address should be in a form similar to xxx.xxx.xxx.xxx (192.0.2. 1 0). • UDP Port—The logical port number for the syslog process on the remote host. The default port is 514. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 35: Email Alert

    255 character string with only printable characters. The default is null. • Log Duration—Configures how frequently a scheduled message is sent. The range is from 30 to 1440 minutes. The default is 30 minutes. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 36 Click Save. The changes are saved to the Running Configuration and to the Startup STEP 6 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 37: Email Alert Examples

    This session is maintained until the user logs off or the session inactivity timer expires. The range is from 1 to 10 sessions. The default is 5. If the Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 38 HTTP port to the HTTPS port. This field is available only when HTTP access is disabled. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 39: Managing Ssl Certificates

    For TFTP, enter the File Name as it exists on the TFTP server and the TFTP Server IPv4 Address, then click Upload. A confirmation displays to indicate that the upload was successful. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 40: Telnet/Ssh Service

    STEP 1 Select Enable for the Management ACL Mode. STEP 2 Enter up to five IPv4 and five IPv6 addresses that you want to provide access to. STEP 3 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 41: Firmware Upgrade

    Do not attempt to use files or files of other formats for the upgrade; these types of files will not work. Enter the TFTP Server IPv4 Address and click Upgrade. STEP 4 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 42: Http Upgrade

    To verify that the firmware upgrade completed successfully, log into the user STEP 4 interface and display the Upgrade Firmware page and view the active firmware version. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 43: Download/Backup Configuration File

    For a TFTP backup only, enter the Destination File Name with an .xml extension. STEP 4 Also include the path where the file is to be placed on the server, then enter the TFTP Server IPv4 Address. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 44: Downloading A Configuration File

    Include the path (where the file exists on the server) and enter the TFTP Server IPv4 Address. Select which configuration file on the WAP you want to be overwritten with the STEP 5 downloaded file: the Startup Configuration or the Backup Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 45: Configuration Files Properties

    Click Administration > Configuration Files Properties in the navigation window. STEP 1 Select the Startup Configuration, Backup Configuration, or Running STEP 2 Configuration file type. Click Clear Files. STEP 3 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 46: Copy/Save Configuration

    STEP 3 you are copying. (The running configuration cannot be overwritten.) Click Save to begin the copy process. STEP 4 When complete, a window displays the message, “Copy Operation Successful.” Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 47: Reboot

    A system administrator can use an installed Internet Explorer plug-in to discover the WAP device. The web-based configuration utility shows up as a tab in the browser. Bonjour works in both IPv4 and IPv6 networks. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 48: Packet Capture

    • Configure packet capture parameters. • Start a local or remote packet capture. • View the current packet capture status. • Download a packet capture file. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 49: Packet Capture Configuration

    Modifying the parameters while the packet capture is running does not affect the current packet capture session. To begin using new parameter values, an existing packet capture session must be stopped and re-started. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 50: Local Packet Capture

    WAP device. The fields display: • Current Capture Status—Whether packet capture is running or stopped. • Packet Capture Time—Elapsed capture time. • Packet Capture File Size—The current capture file size. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 51: Remote Packet Capture

    Use the default port (2002), or if you are using a port other than the default, enter STEP 4 the desired port number used for connecting Wireshark to the WAP device. Click Save. STEP 5 Click Start Capture. STEP 6 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 52 802. 1 1 control frames are still sent to Wireshark. You can set up a display filter to show only: • Data frames in the trace Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 53 Wireshark tool. When capturing 802. 1 1 traffic, large portion of the captured frames tend to be beacons (typically sent every 100 ms by all APs). Although Wireshark Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 54: Packet Capture File Download

    STEP 1 Click Download. A confirmation window displays. STEP 2 Click OK. A dialog box displays to enable you to choose a network location to save STEP 3 the file. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 55: Chapter 4: Lan Settings

    When disabled, you can manually configure the port speed and duplex mode. If autonegotiation is disabled, select a Port Speed (10Mb/s or 100Mb/s) and the STEP 3 duplex mode (Half- or Full-duplex). Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 56: Lan Settings

    VLAN ID at your router, then use this new VLAN ID in your WAP device. • Management VLAN ID—The VLAN associated with the IP address you use to access the WAP device. The default management VLAN ID is 1. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 57 When enabled, the WAP device learns its IPv6 addresses and gateway by processing the Router Advertisements received on the LAN port. The WAP device can have multiple autoconfigured IPv6 addresses. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 58 After new settings are saved, the corresponding processes may be stopped and NOTE restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when it will least affect your wireless clients. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 59: Chapter 5: Wireless Settings

    Networks • Scheduler • Scheduler Association • Bandwidth Utilization • MAC Filtering • WDS Bridge • Work Group Bridge • Quality of Service • WPS Setup • WPS Process Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 60: Radio

    1n—Only 802. 1 1n clients operating in the 5-GHz frequency can connect to the WAP device. 2.4 GHz 802. 1 1n—Only 802. 1 1n clients operating in the 2.4-GHz frequency can connect to the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 61 The guard interval is the dead time, in nanoseconds, between OFDM symbols. The guard interval prevents Inter-Symbol and Inter-Carrier Interference (ISI, ICI). The 802. 1 1n mode allows for a reduction in this guard Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 62 WAP device awaiting pick-up. The DTIM period that you specify indicates how often the clients served by this WAP device should check for buffered data still on the WAP device awaiting pickup. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 63 On the other hand, sending more RTS packets can help the network recover from interference or collisions which might occur on a busy network, or on a network experiencing electromagnetic interference. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 64 300 Mbps. If no MCS index is selected, the radio will operate at MCS index 0, which allows for a maximum transmission rate of 15 Mbps. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 65 TSPEC was admitted. Off — A station can send and receive voice priority traffic without requiring an admitted TSPEC; the WAP device ignores voice TSPEC requests from client stations. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 66 After new settings are saved, the corresponding processes may be stopped and CAUTION restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when it will least affect your wireless clients. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 67: Rogue Ap Detection

    Detected Rogue AP List. The Detected Rogue AP List and Trusted AP List provide information. NOTE The WAP121/WAP321 does not have any control over the APs on the list and cannot apply any security policies to APs detected through the RF scan. •...
  • Page 68 • Rate—The rate in megabits per second at which the rogue AP is currently transmitting. The current rate will always be one of the rates shown in Supported Rates. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 69 MAC addresses in hexadecimal format with each octet separated by colons, for example 00:11:22:33:44:55. Separate entries with a single space. For the AP to accept the file, it must contain only MAC addresses. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 70: Networks

    The default SSID for VAP0 is “ciscosb”. For all other VAPs, the default SSID is “Vir- tual Access Point x” where ‘x’ is the VAP number in the range of 1 to 4 for the WAP121 and 1 to 8 for the WAP321.The SSIDs for all VAPs can be configured to other values.

  • Page 71: Vlan Ids

    Each VAP is associated with a VLAN, which is identified by a VLAN ID (VID). A VID can be any value from 1 to 4094, inclusive. The WAP121 supports five active VLANs (four for WLAN plus one management VLAN). The WAP321 supports nine active VLANs (eight for WLAN plus one management VLAN).
  • Page 72 Static WEP Dynamic WEP WPA Personal WPA Enterprise If you select a security mode other than None, additional fields appear. These fields are explained in Configuring Security Settings, page Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 73 WAP device and sends HTTP traffic. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 74: Configuring Security Settings

    Transfer Key Index—A key index list. Key indexes 1 through 4 are available. The default is1. The Transfer Key Index indicates which WEP key the WAP device will use to encrypt the data it transmits. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 75 This algorithm is also used in plaintext, IEEE 802. 1 X, and WPA modes. When the authentication algorithm is set to Open System, any client can associate with the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 76 This ensures that neighboring access points cannot decode each other’s transmissions. • You cannot mix 64-bit and 128-bit WEP keys between the access point and its client stations. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 77 WAP device continues to use this RADIUS server as the primary server, and authentication requests are sent to the address you specify. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 78 (unicast) keys for each client associated to the VAP. The valid range is from 0 to 86400 seconds. A value of 0 indicates that the broadcast key is not refreshed. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 79 8 characters to a maximum of 63 characters. Acceptable characters include upper and lower case alphabetic letters, the numeric digits, and special symbols such as @ and #. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 80 WAP device the client is currently using to the target WAP device. Enabling this feature can help speed up authentication for roaming clients who connect to multiple APs. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 81 Server IP Address or Server IPv6 Address 1–3—Up to three IPv4 and/or IPv6 addresses to use as the backup RADIUS servers for this VAP. The field label is RADIUS IP Address when the IPv4 RADIUS IP Address Type option Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 82 (unicast) keys for each client associated to the VAP. The valid range is from 0 to 86400 seconds. A value of 0 indicates that the session key is not refreshed. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 83: Scheduler

    Reason—The reason for the scheduler operational status. Possible values are: IsActive—The scheduler is administratively enabled. ConfigDown—Operational status is down because global configuration is disabled. TimeNotSet—Time is not set on the WAP device either manually or through NTP. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 84: Configuring Scheduler Rules

    Click Save. The changes are saved to the Running Configuration and to the Startup STEP 6 Configuration. A Scheduler profile must be associated with a radio interface or a VAP interface to NOTE be in effect. See the Scheduler Association page. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 85: Scheduler Association

    STEP 2 In the Maximum Utilization Threshold box, enter the percentage of network STEP 3 bandwidth utilization allowed on the radio before the WAP device stops accepting new client associations. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 86: Mac Filtering

    Block all stations in list. Only the stations that appear in the list are denied access to the network through the WAP device. All other stations are permitted access. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 87 NOTE: After new settings are saved, the corresponding processes may be stopped and restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when it will least affect your wireless clients. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 88: Configuring Mac Authentication On The Radius Server

    All other access points associate only with the central WAP device that forwards the packets to the appropriate wireless bridge for routing purposes. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 89 • Encryption—The type of encryption to use on the WDS link. The options are none, WEP, and WPA Personal. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 90: Work Group Bridge

    Group Bridge mode is enabled, then the WAP device supports only one BSS for wireless clients that associate with it, and another BSS to which the WAP device associates as a wireless client. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 91 WAP device. WDS is a better solution and is preferred over the Work Group Bridge solution. The Work Group Bridge feature should be used ONL Y when connecting to non-Cisco WAP121 or WAP321 devices. When the Work Group Bridge feature is enabled, the VAP configurations are not applied;...
  • Page 92 MAC filter list. • VLAN ID—The VLAN associated with the BSS. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 93: Quality Of Service

    WiFi Alliance default values, which are best for general, mixed traffic. • Optimized for Voice—Populates the WAP device and Station EDCA parameters with values that are best for voice traffic. • Custom—Enables you to choose custom EDCA parameters. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 94 Maximum Contention Window—The upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 95 • Unscheduled Automatic Power Save Delivery—Select Enabled to enable APSD, which is a power management method. APSD is recommended if VoIP phones access the network through the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 96: Wps Setup

    WPS maintains network security during these simple steps by requiring both the users of new client devices and WLAN administrators to either have physical access to their respective devices or secure remote access to these devices. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 97 WLAN. The administrator, who cannot use WPS in this case, instead manually configures the device with the SSID, public shared key, and cryptography modes of the WPS-enabled WAP device. The device joins the network. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 98 WPS is operationally disabled on the VAP if any of these conditions are not met. Disabling WPS on a VAP does not cause disassociation of any clients previously NOTE authenticated through WPS on that VAP Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 99 WAP device with an enabled built-in registrar pushes a similar (hardware or software) button. This sequence begins enrollment process, and the client device joins the network. Although the Cisco WAP devices do not support an actual hardware button, the administrator can initiate the enrollment for a particular VAP using a “software button”...
  • Page 100 The WAP device adds an additional security mechanism for protecting its device PIN. After the WAP device has completed registration with an external registrar, and the resulting WPS transaction has concluded, the device PIN is automatically regenerated. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 101 VAP, however, should not be changed during the transaction; nor should the VAP be changed during the authentication process. This restriction is recommended but not enforced on the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 102: Configuring Wps Settings

    Wireless Settings WPS Setup Backward Compatibility with WPS Version 1.0 Although the WAP121 supports WPS version 2.0, the WAP device interoperates with enrollees and registrars that are certified by the Wi-Fi Alliance to conform to version 1.0 of the WPS protocol.
  • Page 103 The Instance Status area displays the WPS Operational Status as Enabled or NOTE Disabled. You can click Refresh to update the page with the most recent status information. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 104: Wps Process

    When the client is enrolled, either the WAP device’s built-in registrar or the external registrar on the network proceeds to configure the client with the SSID, encryption mode, and public shared key of a WPS-enabled BSS. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 105: Enrolling A Client Using The Push Button Method

    If the field is set to Configured, then these values are configured by the administrator. You can click Refresh to update the page with the most recent status information. NOTE Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 106: Chapter 6: System Security

    In addition to using the global RADIUS servers, you can also configure each VAP to NOTE use a specific set of RADIUS servers. See the Networks page. To configure global RADIUS servers: Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 107 If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 3 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 108: 802.1X Supplicant

    802. 1 X authenticator. The user name can be 1 to 64 characters long. ASCII-printable characters are allowed, which includes upper and lower case alphabetic letters, numeric digits, and all special characters except quotation marks (“). Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 109 If you selected TFTP, enter Filename and the TFTP Server IPv4 Address. Click Upload. STEP 3 A confirmation window displays, followed by a progress bar to indicate the status of the upload. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 110: Password Complexity

    Password Aging Time—The number of days before a newly created password expires, from 1 to 365. The default is 180 days. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 111: Wpa-Psk Complexity

    8 to 16. The default is 8. Select the checkbox to make the field editable and to activate this requirement. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 4 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 112: Chapter 7: Client Quality Of Service

    There is an implicit deny at the end of every Rule created. To avoid deny all, it is NOTE strongly recommended to add a permit rule within the ACL to allow traffic. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 113: Mac Acls

    ACL Name—A name to identify the ACL. The name can contain from 1 to 31 alphanumeric characters. Spaces are not allowed. • ACL Type—The type of ACL to configure: IPv4 IPv6 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 114 Protocol—The Protocol field to use an L3 or L4 protocol match condition based on the value of the IP Protocol field in IPv4 packets or the Next Header field of IPv6 packets. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 115 49152–65535—Dynamic and/or Private Ports • Destination IP Address—Requires a packet's destination IP address to match the address listed here. Enter an IP address in the appropriate field to apply this criteria. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 116 IP Precedence value from 0 to 7. • IP TOS Bits—Specifies a value to use the packet's Type of Service bits in the IP header as match criteria. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 117 IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate field to apply this criteria. • Destination IPv6 Prefix Length—Enter the prefix length of the destination IPv6 address. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 118 Ethernet frame. • Source MAC Mask—Select this field and enter the source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 119: Class Map

    However, on applications with strict timing requirements, such as voice or multimedia, any degradation of service has undesirable effects. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 120: Adding A Class Map

    Configure the parameters (parameters that display only for IPv4 or IPv6 class STEP 2 maps are noted): • Match Every Packet—The match condition is true to all the parameters in an L3 packet. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 121 The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP Address to use for matching against packet content. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 122 Match to Port—Matches the destination port in the datagram header with an IANA port number that you specify. The port range is from 0 to 65535 and includes three different types of ports: Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 123 VLAN ID—A VLAN ID to be matched for packets. The VLAN ID range is from 0 to 4095. The Service Type fields below display for IPv4 only. You can specify one type of service to use in matching packets to class criteria. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 124: Policy Map

    To add and configure a policy map: Click Client QoS > Policy Map in the navigation window. STEP 1 Enter a Policy Map Name and click Add Policy Map. STEP 2 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 125 Name list from the policy selected in the Policy Map Name list. • Member Classes—Lists all DiffServ classes currently defined as members of the selected policy. If no class is associated with the policy, the field is empty. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 126: Client Qos Association

    • Bandwidth Limit Up—The maximum allowed transmission rate from the client to the WAP device in bits per second (bps). The valid range is from 0 to 4294967295 bps. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 127 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 5 Configuration. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 128: Client Qos Status

    When a packet or frame is received by the WAP, the ACL rules are checked for a match. The packet or frame is processed if it is permitted and discarded if it is denied. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 129 WAP device in the inbound (client-to-WAP) direction. • DiffServ Policy Down—The name of the DiffServ policy applied to traffic from the WAP device in the outbound (WAP-to-client) direction. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 130: Chapter 8: Simple Network Management Protocol

    Managed devices can be network nodes such as WAP devices, routers, switches, bridges, hubs, servers, or printers. The WAP device can function as an SNMP managed device for seamless integration into network management systems. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 131: General Snmp Settings

    All—The set of stations that can access the WAP device through SNMP is not restricted. User Defined—Restricts the source of permitted SNMP requests to those specified in these lists: Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 132 Trap Destination Table—A list of up to three IP addresses or hostnames to receive SNMP traps. The valid range is from 1 to 63 characters. Select the checkbox and choose a Host Type (IPv4 or IPv6) before adding the IP Address/Hostname. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 133: Snmp Views

    Click SNMP > Views in the navigation window. STEP 1 Configure the parameters: STEP 2 • View Name—A name that identifies the MIB view. View names can contain up to 32 alphanumeric characters. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 134: Snmp Groups

    RO—A read-only group using authentication and data encryption. Users in this group use an MD5 key/password for authentication and a DES key/ password for encryption. Both the MD5 and DES key/passwords must be Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 135 Write Views—The write access to MIBs for the group, which can be one of these options: write-all—The group can create, alter, and delete MIBs. write-none—The group cannot create, alter, or delete MIBS. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 136: Snmp Users

    Authentication Type—The type of authentication to use on SNMPv3 requests from the user, which can be one of these options: MD5—Require MD5 authentication on SNMP requests from the user. None—SNMPv3 requests from this user require no authentication. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 137: Snmp Targets

    The IPv4 address should be in a form similar to xxx.xxx.xxx.xxx (192.0.2. 1 0). The IPv6 address should be in a form similar to xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx (2001:DB8::CAD5:7D91). Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 138 STEP 3 your changes are saved to the Running Configuration and to the Startup Configuration. To remove a user, select the user in the list and click Remove. NOTE Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 139: Chapter 9: Captive Portal

    You can configure CP verification to allow access for both guest and authenticated users. The Captive Portal feature is available only on the Cisco WAP321 device. NOTE Authenticated users must be validated against a database of authorized Captive Portal groups or users before access is granted.

  • Page 140: Global Captive Portal Configuration

    Up to two groups can be configured. Default Group exists by default and cannot be deleted. • User Count—The number of CP users currently configured on the WAP device. Up to 128 users can be configured. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 141: Instance Configuration

    Verification—The authentication method for CP to use to verify clients: Guest—The user does not need to be authenticated by a database. Local—The WAP device uses a local database to authenticated users. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 142 • RADIUS Accounting—Enables tracking and measuring the resources a particular user has consumed, such as system time and amount of data transmitted and received. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 143 CP instance from the Web Customization page. • Delete Instance—Deletes the current instance. Click Save. You changes are saved to the Running Configuration. STEP 6 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 144: Instance Association

    STEP 1 Select the instance name for each VAP you want to associate an instance to. STEP 2 Click Save. Your change are saved to the Running Configuration. STEP 3 Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 145: Upload Binary Files

    Go to the Web Customization page to apply an uploaded graphic to a CP web STEP 5 page. NOTE: To delete an image, select it from the Delete Web Customization Image list and click Delete. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 146: Web Customization

    This image is used for branding purposes, such as the company logo. If you uploaded a custom logo image to the WAP device, you can select it from the list. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 147 Browser Content—The text that displays in the page header, to the right of the logo. The range is from 1 to 128 characters. The default is Welcome to the Wireless Network. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 148 Welcome Content—The text that displays when the client has connected to the network. The range is from 0 to 256 characters. The default is: You are now authorized and connected to the network. • Delete Locale—Deletes the current locale. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 149: Web Customization Preview

    STEP 2 Configuration and to the Startup Configuration. NOTE: To delete a group, select it in the Captive Portal Groups list, select the Delete Group check box, and click Save. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 150: Local Users

    This setting limits the client’s bandwidth used to receive data from the network. The range is from 0 to 300 Mbps. The default is 0. • Delete User—Deletes the current user. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 151: Authenticated Clients

    Captive Portal ID—The ID of the Captive Portal instance to which the user is associated. • Session Timeout—The time that has elapsed since the user authenticated on Captive Portal. • Away Timeout—The time that has elapsed since the last user activity. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 152: Failed Authentication Clients

    • VAP ID—The VAP that the user is associated with. • Radio ID—The ID of the radio. Because the WAP321 has a single radio, this field always displays Radio1. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 153 Failure Time—The time that the authentication failure occurred. A timestamp is included that shows the time of the failure. You can click Refresh to show the latest data from the WAP device. Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 154: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco WAP121 and WAP321 Access Point. Support Cisco Small Business www.cisco.com/go/smallbizsupport Support Community Cisco Small Business www.cisco.com/go/smallbizhelp...
  • Page 155 Where to Go From Here Cisco Small Business Cisco Partner Central for www.cisco.com/web/partners/sell/smb Small Business (Partner Login Required) Cisco Small Business www.cisco.com/smb Home Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

This manual is also suitable for:

Wap321

Table of Contents