Benutzerhandbuch für Cisco Systems 3.2

Inhaltsverzeichnis

• Cisco Wireless LAN Controller Configuration Guide

  1
• Contents

  3
  • Preface

    13
    • Audience

      14
    • Purpose

      14
    • Organization

      14
    • Conventions

      15
    • Related Publications

      17
    • Obtaining Documentation

      17
      • Cisco.com

        17
      • Product Documentation DVD

        18
      • Ordering Documentation

        18
    • Documentation Feedback

      18
    • Cisco Product Security Overview

      19
      • Reporting Security Problems in Cisco Products

        19
    • Obtaining Technical Assistance

      20
      • Cisco Technical Support & Documentation Website

        20
      • Submitting a Service Request

        20
      • Definitions of Service Request Severity

        21
    • Obtaining Additional Publications and Information

      21
  • Overview

    23
    • Cisco Wireless LAN Solution Overview

      24
      • Single-Controller Deployments

        25
      • Multiple-Controller Deployments

        26
    • Operating System Software

      27
    • Operating System Security

      27
      • Cisco WLAN Solution Wired Security

        28
    • Layer2 and Layer3 LWAPP Operation

      29
      • Operational Requirements

        29
      • Configuration Requirements

        29
    • Cisco Wireless LAN Controllers

      29
      • Primary, Secondary, and Tertiary Controllers

        30
    • Client Roaming

      30
      • Same-Subnet (Layer2) Roaming

        30
      • Inter-Controller (Layer2) Roaming

        30
      • Inter-Subnet (Layer3) Roaming

        31
        • Special Case: Voice Over IP Telephone Roaming

          31
      • Client Location

        31
    • External DHCP Servers

      32
      • Per-Wireless LAN Assignment

        32
      • Per-Interface Assignment

        32
      • Security Considerations

        32
    • Cisco WLAN Solution Wired Connections

      33
    • Cisco WLAN Solution Wireless LANs

      33
    • Access Control Lists

      34
    • Identity Networking

      34
      • Enhanced Integration with Cisco Secure ACS

        35
    • File Transfers

      35
    • Power over Ethernet

      36
    • Pico Cell Functionality

      36
    • Intrusion Detection Service (IDS)

      37
    • Wireless LAN Controller Platforms

      37
      • Cisco 2000 Series Wireless LAN Controllers

        38
      • Cisco 4100 Series Wireless LAN Controllers

        38
      • Cisco 4400 Series Wireless LAN Controllers

        39
      • Cisco 2000 Series Wireless LAN Controller Model Numbers

        39
      • Cisco 4100 Series Wireless LAN Controller Model Numbers

        40
      • Cisco 4400 Series Wireless LAN Controller Model Numbers

        40
      • Startup Wizard

        41
      • Cisco Wireless LAN Controller Memory

        42
      • Cisco Wireless LAN Controller Failover Protection

        42
      • Cisco Wireless LAN Controller Automatic Time Setting

        43
        • Cisco Wireless LAN Controller Time Zones

          43
      • Network Connections to Cisco Wireless LAN Controllers

        43
        • Cisco 2000 Series Wireless LAN Controllers

          44
        • Cisco 4100 Series Wireless LAN Controllers

          44
        • Cisco 4400 Series Wireless LAN Controllers

          45
      • VPN and Enhanced Security Modules for 4100 Series Controllers

        46
    • Rogue Access Points

      46
      • Rogue Access Point Location, Tagging, and Containment

        47
    • Web User Interface and the CLI

      47
      • Web User Interface

        47
      • Command Line Interface

        48
  • Using the Web-Browser and CLI Interfaces

    49
    • Using the Web-Browser Interface

      50
      • Guidelines for Using the GUI

        50
      • Opening the GUI

        50
    • Enabling Web and Secure Web Modes

      50
      • Configuring the GUI for HTTPS

        50
        • Loading an Externally Generated HTTPS Certificate

          51
      • Disabling the GUI

        53
      • Using Online Help

        53
    • Using the CLI

      53
      • Logging into the CLI

        53
        • Using a Local Serial Connection

          54
        • Using a Remote Ethernet Connection

          54
      • Logging Out of the CLI

        55
      • Navigating the CLI

        55
    • Enabling Wireless Connections to the Web-Browser and CLI Interfaces

      56
  • Configuring Ports and Interfaces

    57
    • Overview of Ports and Interfaces

      58
      • Ports

        58
        • Distribution System Ports

          59
        • Service Port

          60
      • Interfaces

        61
        • Management Interface

          61
        • AP-Manager Interface

          62
        • Virtual Interface

          62
        • Service-Port Interface

          63
        • Dynamic Interface

          63
      • WLANs

        64
    • Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces

      65
      • Using the GUI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces

        65
      • Using the CLI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces

        68
        • Using the CLI to Configure the Management Interface

          68
        • Using the CLI to Configure the AP-Manager Interface

          68
        • Using the CLI to Configure the Virtual Interface

          69
        • Using the CLI to Configure the Service-Port Interface

          70
    • Configuring Dynamic Interfaces

      70
      • Using the GUI to Configure Dynamic Interfaces

        70
      • Using the CLI to Configure Dynamic Interfaces

        72
    • Configuring Ports

      73
      • Configuring Port Mirroring

        76
      • Configuring Spanning Tree Protocol

        77
        • Using the GUI to Configure Spanning Tree Protocol

          78
        • Using the CLI to Configure Spanning Tree Protocol

          82
    • Enabling Link Aggregation

      83
      • Link Aggregation Guidelines

        84
      • Using the GUI to Enable Link Aggregation

        85
      • Using the CLI to Enable Link Aggregation

        86
      • Configuring Neighbor Devices to Support LAG

        86
    • Configuring a 4400 Series Controller to Support More Than 48 Access Points

      86
      • Using Link Aggregation

        87
      • Using Multiple AP-Manager Interfaces

        87
      • Connecting Additional Ports

        92
  • Configuring Controller Settings

    93
    • Using the Configuration Wizard

      94
      • Before You Start

        94
      • Resetting the Device to Default Settings

        95
        • Resetting to Default Settings Using the CLI

          95
        • Resetting to Default Settings Using the GUI

          95
      • Running the Configuration Wizard on the CLI

        96
    • Managing the System Time and Date

      97
      • Configuring Time and Date Manually

        97
      • Configuring NTP

        97
    • Configuring a Country Code

      97
    • Enabling and Disabling 802.11 Bands
    • Configuring Administrator Usernames and Passwords
    • Configuring RADIUS Settings
    • Configuring SNMP Settings
    • Enabling 802.3x Flow Control
    • Enabling System Logging
    • Enabling Dynamic Transmit Power Control
    • Configuring Multicast Mode

      101
      • Understanding Multicast Mode

        101
      • Guidelines for Using Multicast Mode

        101
      • Enabling Multicast Mode
    • Configuring the Supervisor 720 to Support the WiSM
      • General WiSM Guidelines
      • Configuring the Supervisor
    • Using the Wireless LAN Controller Network Module
  • Configuring Security Solutions

    107
    • Cisco WLAN Solution Security

      108
      • Security Overview

        108
      • Layer1 Solutions

        108
      • Layer2 Solutions

        108
      • Layer3 Solutions

        109
      • Rogue Access Point Solutions

        109
        • Rogue Access Point Challenges

          109
        • Tagging and Containing Rogue Access Points

          109
      • Integrated Security Solutions

        110
    • Configuring the System for SpectraLink NetLink Telephones

      110
      • Using the GUI to Enable Long Preambles

        111
      • Using the CLI to Enable Long Preambles

        111
    • Using Management over Wireless

      112
      • Using the GUI to Enable Management over Wireless

        112
      • Using the CLI to Enable Management over Wireless

        113
    • Configuring DHCP

      113
      • Using the GUI to Configure DHCP

        113
      • Using the CLI to Configure DHCP

        114
    • Customizing the Web Authentication Login Screen

      114
      • Default Web Authentication Operation

        115
      • Customizing Web Authentication Operation

        117
        • Hiding and Restoring the Cisco WLAN Solution Logo

          117
        • Changing the Web Authentication Login Window Title

          117
        • Changing the Web Message

          118
        • Changing the Logo

          118
          • Preparing the TFTP Server

            118
          • Copying the Logo or Graphic to the TFTP Server

            118
          • Downloading the Logo or Graphic

            119
          • Hiding the Logo

            119
        • Creating a Custom URL Redirect

          120
        • Verifying Web Authentication Changes

          120
      • Example: Sample Customized Web Authentication Login Window

        121
    • Configuring Identity Networking

      122
      • Identity Networking Overview

        122
      • RADIUS Attributes Used in Identity Networking

        123
        • QoS-Level

          123
        • ACL-Name

          123
        • Interface-Name

          124
        • VLAN-Tag

          124
        • Tunnel Attributes

          125
  • Configuring WLANs

    127
    • Wireless LAN Overview

      128
    • Configuring Wireless LANs

      128
      • Displaying, Creating, Disabling, and Deleting Wireless LANs

        128
      • Activating Wireless LANs

        129
      • Assigning a Wireless LAN to a DHCP Server

        129
      • Configuring MAC Filtering for Wireless LANs

        129
        • Enabling MAC Filtering

          129
        • Creating a Local MAC Filter

          129
        • Configuring a Timeout for Disabled Clients

          130
      • Assigning Wireless LANs to VLANs

        130
      • Configuring Layer 2 Security

        130
        • Dynamic 802.1X Keys and Authorization

          130
        • WEP Keys

          131
        • Dynamic WPA Keys and Encryption

          131
        • Configuring a Wireless LAN for Both Static and Dynamic WEP

          132
      • Configuring Layer 3 Security

        132
        • IPSec

          132
        • IPSec Authentication

          132
        • IPSec Encryption

          132
        • IKE Authentication

          133
        • IKE Diffie-Hellman Group

          133
        • IKE Phase 1 Aggressive and Main Modes

          133
        • IKE Lifetime Timeout

          133
        • IPSec Passthrough

          134
        • Web-Based Authentication

          134
        • Local Netuser

          134
      • Configuring Quality of Service

        134
        • Configuring QoS Enhanced BSS (QBSS)

          135
          • Enabling WMM Mode

            135
          • Enabling 7920 Support Mode

            136
          • QBSS Information Elements Sometimes Degrade 7920 Phone Performance

            136
  • Controlling Lightweight Access Points

    137
    • Lightweight Access Point Overview

      138
      • Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points

        138
      • Cisco 1030 Remote Edge Lightweight Access Points

        139
      • Cisco 1000 Series Lightweight Access Point Part Numbers

        140
      • Cisco 1000 Series Lightweight Access Point External and Internal Antennas

        140
        • External Antenna Connectors

          141
        • Antenna Sectorization

          141
      • Cisco 1000 Series Lightweight Access Point LEDs

        141
      • Cisco 1000 Series Lightweight Access Point Connectors

        142
      • Cisco 1000 Series Lightweight Access Point Power Requirements

        142
        • Cisco 1000 Series Lightweight Access Point External Power Supply
      • Cisco 1000 Series Lightweight Access Point Mounting Options
      • Cisco 1000 Series Lightweight Access Point Physical Security
      • Cisco 1000 Series Lightweight Access Point Monitor Mode
    • Using the DNS for Controller Discovery
    • Dynamic Frequency Selection

      144
    • Autonomous Access Points Converted to Lightweight Mode

      145
      • Guidelines for Using Access Points Converted to Lightweight Mode

        145
      • Reverting from Lightweight Mode to Autonomous Mode

        145
        • Using a Controller to Return to a Previous Release

          146
        • Using the MODE Button and a TFTP Server to Return to a Previous Release

          146
      • Controllers Accept SSCs from Access Points Converted to Lightweight Mode

        147
      • Using DHCP Option 43

        147
      • Using a Controller to Send Debug Commands to Access Points Converted to Lightweight Mode

        147
      • Converted Access Points Send Crash Information to Controller

        148
      • Converted Access Points Send Radio Core Dumps to Controller

        148
      • Enabling Memory Core Dumps from Converted Access Points

        148
      • Display of MAC Addresses for Converted Access Points

        148
      • Disabling the Reset Button on Access Points Converted to Lightweight Mode

        149
      • Configuring a Static IP Address on an Access Point Converted to Lightweight Mode

        149
  • Managing Controller Software and Configurations

    151
    • Transferring Files to and from a Controller

      152
    • Upgrading Controller Software

      152
    • Saving Configurations

      154
    • Clearing the Controller Configuration

      154
    • Erasing the Controller Configuration

      154
    • Resetting the Controller

      155
  • Configuring Radio Resource Management

    157
    • Overview of Radio Resource Management

      158
      • Radio Resource Monitoring

        158
      • Dynamic Channel Assignment

        159
      • Dynamic Transmit Power Control

        160
      • Coverage Hole Detection and Correction

        160
      • Client and Network Load Balancing

        160
      • RRM Benefits

        161
    • Overview of RF Groups

      161
      • RF Group Leader

        161
      • RF Group Name

        162
    • Configuring an RF Group

      162
      • Using the GUI to Configure an RF Group

        163
      • Using the CLI to Configure RF Groups

        164
    • Viewing RF Group Status

      164
      • Using the GUI to View RF Group Status

        164
      • Using the CLI to View RF Group Status

        167
    • Enabling Rogue Access Point Detection

      168
      • Using the GUI to Enable Rogue Access Point Detection

        168
      • Using the CLI to Enable Rogue Access Point Detection

        171
    • Configuring Dynamic RRM

      171
      • Using the GUI to Configure Dynamic RRM

        172
      • Using the CLI to Configure Dynamic RRM

        178
    • Overriding Dynamic RRM

      179
      • Statically Assigning Channel and Transmit Power Settings to Access Point Radios

        180
        • Using the GUI to Statically Assign Channel and Transmit Power Settings

          180
        • Using the CLI to Statically Assign Channel and Transmit Power Settings

          182
      • Disabling Dynamic Channel and Power Assignment Globally for a Controller

        183
        • Using the GUI to Disable Dynamic Channel and Power Assignment

          183
        • Using the CLI to Disable Dynamic Channel and Power Assignment

          183
    • Viewing Additional RRM Settings Using the CLI

      184
  • Configuring Mobility Groups

    185
    • Overview of Mobility

      186
    • Overview of Mobility Groups

      189
      • Determining When to Include Controllers in a Mobility Group

        191
    • Configuring Mobility Groups

      191
      • Prerequisites

        191
      • Using the GUI to Configure Mobility Groups

        192
      • Using the CLI to Configure Mobility Groups

        195
    • Configuring Auto-Anchor Mobility

      195
      • Guidelines for Using Auto-Anchor Mobility

        196
      • Using the GUI to Configure Auto-Anchor Mobility

        196
      • Using the CLI to Configure Auto-Anchor Mobility

        198
  • Safety Considerations and Translated Safety Warnings

    199
    • Safety Considerations

      200
    • Warning Definition

      200
    • Class 1 Laser Product Warning

      203
    • Ground Conductor Warning

      205
    • Chassis Warning for Rack-Mounting and Servicing

      207
    • Battery Handling Warning for 4400 Series Controllers

      216
    • Equipment Installation Warning

      218
    • More Than One Power Supply Warning for 4400 Series Controllers

      221
  • Declarations of Conformity and Regulatory Information

    225
    • Regulatory Information for 1000 Series Access Points

      226
      • Manufacturers Federal Communication Commission Declaration of Conformity Statement

        226
      • Department of Communications—Canada

        227
        • Canadian Compliance Statement

          227
      • European Community, Switzerland, Norway, Iceland, and Liechtenstein

        228
        • Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC

          228
      • Declaration of Conformity for RF Exposure

        229
      • Guidelines for Operating Cisco Aironet Access Points in Japan

        230
        • Japanese Translation

          230
        • English Translation

          230
      • Administrative Rules for Cisco Aironet Access Points in Taiwan

        231
        • Access Points with IEEE 802.11a Radios

          231
          • Chinese Translation

            231
          • English Translation

            231
        • All Access Points

          231
          • Chinese Translation

            231
          • English Translation

            232
      • Declaration of Conformity Statements

        232
    • FCC Statements for Cisco 2000 Series Wireless LAN Controllers

      232
    • FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN ...

      233
  • End User License and Warranty

    235
    • End User License Agreement

      236
    • Limited Warranty

      238
      • Disclaimer of Warranty

        240
    • General Terms Applicable to the Limited Warranty Statement and End User License Agreement

      240
    • Additional Open Source Terms

      241
  • System Messages and Access Point LED Patterns

    243
    • System Messages

      244
    • Using Client Reason and Status Codes in Trap Logs

      246
      • Client Reason Codes

        246
      • Client Status Codes

        247
    • Using Lightweight Access Point LEDs

      248
  • Index

    249