User's Manual
Table Of Contents
- Welcome to the Product Guide!
- Legal Information
- Obtaining Documentation
- Documentation Feedback
- Cisco Product Security Overview
- Obtaining Technical Assistance
- Obtaining Additional Publications and Information
- FCC Statements for Cisco 1000 Series Lightweight Access Points
- Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
- FCC Statements for Cisco 4100 Series Wireless LAN Controllers
- FCC Statements for Cisco 2000 Series Wireless LAN Controllers
- Safety Considerations
- OVERVIEWS
- About the Cisco Structured Wireless-Aware Network
- Single-Cisco Wireless LAN Controller Deployments
- Multiple-Cisco Wireless LAN Controller Deployments
- About the Operating System Software
- About Operating System Security
- About Cisco SWAN Wired Security
- Layer 2 and Layer 3 LWAPP Operation
- About Radio Resource Management (RRM)
- About the Master Cisco Wireless LAN Controller
- About the Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers
- About Client Roaming
- About Client Location
- About External DHCP Servers
- About Controller Mobility Groups
- About Cisco SWAN Wired Connections
- About Cisco SWAN WLANs
- About Access Control Lists
- About Identity Networking
- About File Transfers
- About Power Over Ethernet
- Pico Cell Functionality
- Intrusion Detection Service (IDS)
- About Cisco Wireless LAN Controllers
- About Cisco 2000 Series Wireless LAN Controllers
- Cisco 4100 Series Wireless LAN Controllers
- Cisco Wireless LAN Controller Features
- Cisco 2000 Series Wireless LAN Controller Model Numbers
- Cisco 4100 Series Wireless LAN Controller Model Numbers
- Appliance Mode
- About Distribution System Ports
- About the Management Interface
- About the AP-Manager Interface
- About Operator-Defined Interfaces
- About the Virtual Interface
- About the Service Port
- About the Service-Port Interface
- About the Startup Wizard
- About Cisco Wireless LAN Controller Memory
- Cisco Wireless LAN Controller Failover Protection
- Cisco Wireless LAN Controller Automatic Time Setting
- Cisco Wireless LAN Controller Time Zones
- Network Connection to Cisco Wireless LAN Controllers
- VPN/Enhanced Security Module
- About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points
- About Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points
- About Cisco 1000 Series Lightweight Access Point Models
- About Cisco 1000 Series Lightweight Access Point External and Internal Antennas
- About Cisco 1000 Series Lightweight Access Point LEDs
- About Cisco 1000 Series Lightweight Access Point Connectors
- About Cisco 1000 Series Lightweight Access Point Power Requirements
- About Cisco 1000 Series Lightweight Access Point External Power Supply
- About Cisco 1000 Series Lightweight Access Point Mounting Options
- About Cisco 1000 Series Lightweight Access Point Physical Security
- About Cisco 1000 Series Lightweight Access Point Monitor Mode
- About Rogue Access Points
- About the Cisco Wireless Control System
- About the Web User Interface
- About the Command Line Interface
- About the Cisco Structured Wireless-Aware Network
- SOLUTIONS
- Operating System Security
- Converting a Cisco SWAN from Layer 2 to Layer 3 Mode
- Converting a Cisco SWAN from Layer 3 to Layer 2 Mode
- Configuring a Firewall for Cisco WCS
- Configuring the System for SpectraLink NetLink Telephones
- Using Management over Wireless
- Configuring a WLAN for a DHCP Server
- Customizing the Web Auth Login Screen
- Configuring Identity Networking for Operating System 2.2
- TASKS
- Using the Cisco SWAN CLI
- Configuring Cisco Wireless LAN Controllers
- Collecting Cisco Wireless LAN Controller Parameters
- Configuring System Parameters
- Configuring Cisco Wireless LAN Controller Interfaces
- Creating Access Control Lists
- Configuring WLANs
- Configuring Controller Mobility Groups
- Configuring RADIUS
- Configuring SNMP
- Configuring Other Ports and Parameters
- Adding SSL to the Web User Interface
- Transferring Files To and From a Cisco Wireless LAN Controller
- Updating the Operating System Software
- Using the Startup Wizard
- Adding SSL to the Web User Interface
- Adding SSL to the 802.11 Interface
- Saving Configurations
- Clearing Configurations
- Erasing the Cisco Wireless LAN Controller Configuration
- Resetting the Cisco Wireless LAN Controller
- Using the Cisco Wireless Control System
- Starting and Stopping Windows Cisco WCS
- Starting and Stopping Linux Cisco WCS
- Starting and Stopping the Cisco WCS Web Interface
- Using Cisco WCS
- Checking the Cisco SWAN Network Summary
- Adding a Cisco Wireless LAN Controller to Cisco WCS
- Creating an RF Calibration Model
- Adding a Campus Map to the Cisco WCS Database
- Adding a Building to a Campus
- Adding a Standalone Building to the Cisco WCS Database
- Adding an Outdoor Area to a Campus
- Adding Floor Plans to a Campus Building
- Adding Floor Plans to a Standalone Building
- Adding APs to Floor Plan and Outdoor Area Maps
- Monitoring Predicted Coverage (RSSI)
- Monitoring Channels on Floor Map
- Monitoring Transmit Power Levels on a Floor Map
- Monitoring Coverage Holes on a Floor Map
- Monitoring Users on a Floor Map
- Monitoring Clients From a Floor Map
- Troubleshooting with Cisco WCS
- Detecting and Locating Rogue Access Points
- Acknowledging Rogue APs
- Locating Clients
- Finding Coverage Holes
- Pinging a Network Device from a Cisco Wireless LAN Controller
- Viewing Current Cisco Wireless LAN Controller Status and Configurations
- Viewing Cisco WCS Statistics Reports
- Updating OS Software from Cisco WCS
- Managing Cisco WCS and Database
- Installing Cisco WCS
- Updating Windows Cisco WCS
- Updating Linux Cisco WCS
- Reinitializing the Windows Cisco WCS Database
- Reinitializing the Linux Cisco WCS Database
- Administering Cisco WCS Users and Passwords
- Using the Web User Interface
- Troubleshooting Tips
- REFERENCES
3/11/05 Controller Mobility Group
OL-7426-02
Per-WLAN AssignmentPer-WLAN Assignment
All Cisco SWAN WLANs can be configured to use the same or different DHCP Servers, or no DHCP
Server. This allows operators considerable flexibility in configuring their Wireless LANs, as further
described in the Cisco SWAN WLANs
section.
Note that Cisco SWAN WLANs that support Management over Wireless
must allow the management
(device servicing) clients to obtain an IP Address from a DHCP Server.
Per-Interface AssignmentPer-Interface Assignment
• The Layer 2 Management Interface can be configured for a primary and secondary DHCP
server.
• The Layer 3 AP-Manager Interface can be configured for a primary and secondary DHCP server.
• Each of the Operator-Defined Interfaces can be configured for a primary and secondary DHCP
server.
• The Virtual Interface does not use DHCP servers.
• The Service-Port Interface can be configured to enable or disable DHCP servers.
Security ConsiderationsSecurity Considerations
For enhanced security, it is recommended that operators require all clients to obtain their IP Addresses
from a DHCP server. To enforce this requirement, all Cisco SWAN WLANs can be configured with a
‘DHCP Required’ setting and a valid DHCP Server IP Address, which disallows client static IP Addresses.
If a client associating with a WLAN with ‘DHCP Required’ set does not obtain its IP Address from the
designated DHCP Server, it is not allowed access to any network services.
Note that if ‘DHCP Required’ is selected, clients must obtain an IP address via DHCP. Any client with a
static IP address will not be allowed on the network. The Cisco Wireless LAN Controller monitors DHCP
traffic since it acts as a DHCP proxy for the clients.
If slightly less security is tolerable, operators can create Cisco SWAN WLANs
with ‘DHCP Required’
disabled and a valid DHCP Server IP Address. Clients then have the option of using a static IP Address
or obtaining an IP Address from the designated DHCP Server.
Operators are also allowed to create separate Cisco SWAN WLANs
with ‘DHCP Required’ disabled and a
DHCP Server IP Address of 0.0.0.0. These WLANs drop all DHCP requests and force clients to use a
static IP Address. Note that these WLANs do not support Management over Wireless.
About Controller Mobility GroupsController Mobility Group
Network operators can define Controller Mobility Groups to allow client roaming across groups of Cisco
Wireless LAN Controllers. Because the Cisco Wireless LAN Controllers in Multiple-Cisco Wireless LAN
Controller Deployments can detect each other across the network and over the air, it is important that
each enterprise, institution, and wireless internet service provider isolate their Cisco Wireless LAN
Controllers. The Operating System makes it easy for operators to create this isolation by allowing them
to assign a Controller Mobility Group Name to their Cisco Wireless LAN Controllers. This assignment can
be made using the Web User Interface
, the Cisco Wireless Control System, or the Command Line
Interface.
Note that all the Cisco Wireless LAN Controllers in a Controller Mobility Group must use the same
LWAPP Layer 2 and Layer 3 LWAPP Operation, or you will defeat the Mobility software algorithm.
The following figure shows the results of creating Controller Mobility Group Names for two groups of
Cisco Wireless LAN Controllers. The Cisco Wireless LAN Controllers in the ABC Controller Mobility Group
recognize and communicate with each other through their Cisco 1000 Series IEEE 802.11a/b/g Light-
weight Access Points and Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points and
through their shared subnets, but the ABC Controller Mobility Group tags the XYZ Cisco 1000 Series