User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
1-4
Cisco Wireless Router and HWIC Configuration Guide
OL-6415-04
Chapter 1 Overview
Features
• VLANs—Assign VLANs to the SSIDs on the wireless device (one VLAN per SSID) to differentiate
policies and services among users.
• QoS—Use this feature to support quality of service for prioritizing traffic from the Ethernet to the
access point. The access point also supports the voice-prioritization schemes used by 802.11b
wireless phones such as the Cisco
7920 and Spectralink's Netlink™.
• RADIUS Accounting—Enable accounting on the access point to send accounting data about
wireless client devices to a RADIUS server on your network.
• Enhanced security—Enable three advanced security features to protect against sophisticated attacks
on your wireless network's WEP keys: Message Integrity Check (MIC), WEP key hashing, and
broadcast WEP key rotation.
• Enhanced authentication services—Set up repeater access points to authenticate to your network
like other wireless client devices. After you provide a network username and password for the
repeater, it authenticates to your network using Light Extensible Authentication Protocol (LEAP),
Cisco's wireless authentication method, and receives and uses dynamic WEP keys.
• Wi-Fi Protected Access (WPA)—Wi-Fi Protected Access is a standards-based, interoperable
security enhancement that strongly increases the level of data protection and access control for
existing and future wireless LAN systems. It is derived from and will be forward-compatible with
the upcoming IEEE 802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP) for
data protection and 802.1X for authenticated key management.
• Access point as backup or stand-alone authentication server—You can configure an access point to
act as a local authentication server to provide authentication service for small wireless LANs
without a RADIUS server or to provide backup authentication service in case of a WAN link or a
server failure. The number of clients supported varies based on platform, with up to 1000 user
accounts supported on the higher end platforms.
• Support for 802.11g radios—Cisco IOS Releases 12.4(2)T or later support the standard 802.11g,
2.4-GHz radio.
• Support for Cisco 802.11a Radios—The 802.11a radios support all access point features introduced
in Cisco IOS Release 12.4 and later.
• AES-CCMP—This feature supports Advanced Encryption Standard-Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (AES-CCMP). AES-CCMP is required for
Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i wireless LAN security.
• IEEE 802.1X Local Authentication Service for EAP-FAST—This feature expands wireless domain
services (WDS) IEEE 802.1X local authentication to include support for Extensible Authentication
Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST).
• Wi-Fi Multimedia (WMM) Required Elements—This feature supports the required elements of
WMM. WMM is designed to improve the user experience for audio, video, and voice applications
over a Wi-Fi wireless connection. WMM is a subset of the IEEE 802.11e Quality of Service (QoS)
draft standard. WMM supports QoS prioritized media access via the Enhanced Distributed Channel
Access (EDCA) method. Optional elements of the WMM specification including call admission
control using traffic specifications (TSPEC) are not supported in this release.
• VLAN Assignment By Name—This feature allows the RADIUS server to assign a client to a virtual
LAN (VLAN) identified by its VLAN name. In releases before Cisco IOS Release 12.4(5)T, the
RADIUS server identified the VLAN by ID. This feature is important for deployments where VLAN
IDs are not used consistently throughout the network.