Cisco Systems 3.2 Manuale Utente
6-8
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 6 Configuring WLANs
Configuring Wireless LANs
IPSec Passthrough
IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other
IPSec equipment. IPSec Passthrough is also known as VPN Passthrough. Enter this command to enable
IPSec Passthrough for a wireless LAN:
IPSec equipment. IPSec Passthrough is also known as VPN Passthrough. Enter this command to enable
IPSec Passthrough for a wireless LAN:
•
config wlan security passthru {enable | disable} wlan-id gateway
–
For gateway, enter the IP address of the IPSec (VPN) passthrough gateway.
•
Enter show wlan to verify that the passthrough is enabled.
Web-Based Authentication
Wireless LANs can use web authentication if IPSec is not enabled on the controller. Web Authentication
is simple to set up and use, and can be used with SSL to improve the overall security of the wireless
LAN. Enter these commands to enable web authentication for a wireless LAN:
is simple to set up and use, and can be used with SSL to improve the overall security of the wireless
LAN. Enter these commands to enable web authentication for a wireless LAN:
•
config wlan security web {enable | disable} wlan-id
•
Enter show wlan to verify that web authentication is enabled.
Local Netuser
Cisco Wireless LAN Controllers have built-in network client authentication capability, similar to that
provided by a RADIUS authentication server. Enter these commands to create a list of usernames and
passwords allowed access to the wireless LAN:
provided by a RADIUS authentication server. Enter these commands to create a list of usernames and
passwords allowed access to the wireless LAN:
•
Enter show netuser to display client names assigned to wireless LANs.
•
Enter config netuser add username password wlan-id to add a user to a wireless LAN.
•
Enter config netuser wlan-id username wlan-id to add a user to a wireless LAN without specifying
a password for the user.
a password for the user.
•
Enter config netuser password username password to create or change a password for a particular
user.
user.
•
Enter config netuser delete username to delete a user from the wireless LAN.
Configuring Quality of Service
Cisco WLAN Solution wireless LANs support four levels of QoS: Platinum/Voice, Gold/Video,
Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic wireless LAN
to use Platinum QoS, assign the low-bandwidth wireless LAN to use Bronze QoS, and assign all other
traffic between the remaining QoS levels. Enter these commands to assign a QoS level to a wireless
LAN:
Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic wireless LAN
to use Platinum QoS, assign the low-bandwidth wireless LAN to use Bronze QoS, and assign all other
traffic between the remaining QoS levels. Enter these commands to assign a QoS level to a wireless
LAN:
•
config wlan qos wlan-id {bronze | silver | gold | platinum}
•
Enter show wlan to verify that you have QoS properly set for each wireless LAN.
The wireless LAN QoS level (platinum, gold, silver, or bronze) defines a specific 802.11e user priority
(UP) for over-the-air traffic. This UP is used to derive the over-the-wire priorities for non-WMM traffic,
and it also acts as the ceiling when managing WMM traffic with various levels of priorities. The access
point uses this QoS-profile-specific UP in accordance with the values in
(UP) for over-the-air traffic. This UP is used to derive the over-the-wire priorities for non-WMM traffic,
and it also acts as the ceiling when managing WMM traffic with various levels of priorities. The access
point uses this QoS-profile-specific UP in accordance with the values in
to derive the IP DSCP
value that is visible on the wired LAN.