User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
8-8
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 8 Configuring VLANs
Configuring VLANs
new cipher suite. Currently, the WPA protocol does not allow the cipher suite to be changed after the
initial 802.11 cipher negotiation phase. In this scenario, the client device is disassociated from the
wireless LAN.
The VLAN-mapping process consists of these steps:
1. A client device associates to the access point using any SSID configured on the access point.
2. The client begins RADIUS authentication.
3. When the client authenticates successfully, the RADIUS server maps the client to a specific VLAN,
regardless of the VLAN mapping defined for the SSID the client is using on the access point. If the
server does not return any VLAN attribute for the client, the client is assigned to the VLAN specified
by the SSID mapped locally on the access point.
These are the RADIUS user attributes used for vlan-id assignment. Each attribute must have a common
tag value between 1 and 31 to identify the grouped relationship.
• IETF 64 (Tunnel Type): Set this attribute to VLAN
• IETF 65 (Tunnel Medium Type): Set this attribute to 802
• IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id
Viewing VLANs Configured on the Access Point
In privileged EXEC mode, use the show vlan command to view the VLANs that the access point
supports. This is sample output from a show vlan command:
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: Dot11Radio0
FastEthernet0
Virtual-Dot11Radio0
This is configured as native Vlan for the following interface(s) :
Dot11Radio0
FastEthernet0
Virtual-Dot11Radio0
Protocols Configured: Address: Received: Transmitted:
Bridging Bridge Group 1 201688 0
Bridging Bridge Group 1 201688 0
Bridging Bridge Group 1 201688 0
Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: Dot11Radio0.2
FastEthernet0.2
Virtual-Dot11Radio0.2
Protocols Configured: Address: Received: Transmitted: