BenutzerhandbuchInhaltsverzeichnisCisco Wireless LAN Controller Configuration Guide1Contents3Preface13Audience14Purpose14Organization14Conventions15Related Publications17Obtaining Documentation17Cisco.com17Product Documentation DVD18Ordering Documentation18Documentation Feedback18Cisco Product Security Overview19Reporting Security Problems in Cisco Products19Obtaining Technical Assistance20Cisco Technical Support & Documentation Website20Submitting a Service Request20Definitions of Service Request Severity21Obtaining Additional Publications and Information21Overview23Cisco Wireless LAN Solution Overview24Single-Controller Deployments25Multiple-Controller Deployments26Operating System Software27Operating System Security27Cisco WLAN Solution Wired Security28Layer2 and Layer3 LWAPP Operation29Operational Requirements29Configuration Requirements29Cisco Wireless LAN Controllers29Primary, Secondary, and Tertiary Controllers30Client Roaming30Same-Subnet (Layer2) Roaming30Inter-Controller (Layer2) Roaming30Inter-Subnet (Layer3) Roaming31Special Case: Voice Over IP Telephone Roaming31Client Location31External DHCP Servers32Per-Wireless LAN Assignment32Per-Interface Assignment32Security Considerations32Cisco WLAN Solution Wired Connections33Cisco WLAN Solution Wireless LANs33Access Control Lists34Identity Networking34Enhanced Integration with Cisco Secure ACS35File Transfers35Power over Ethernet36Pico Cell Functionality36Intrusion Detection Service (IDS)37Wireless LAN Controller Platforms37Cisco 2000 Series Wireless LAN Controllers38Cisco 4100 Series Wireless LAN Controllers38Cisco 4400 Series Wireless LAN Controllers39Cisco 2000 Series Wireless LAN Controller Model Numbers39Cisco 4100 Series Wireless LAN Controller Model Numbers40Cisco 4400 Series Wireless LAN Controller Model Numbers40Startup Wizard41Cisco Wireless LAN Controller Memory42Cisco Wireless LAN Controller Failover Protection42Cisco Wireless LAN Controller Automatic Time Setting43Cisco Wireless LAN Controller Time Zones43Network Connections to Cisco Wireless LAN Controllers43Cisco 2000 Series Wireless LAN Controllers44Cisco 4100 Series Wireless LAN Controllers44Cisco 4400 Series Wireless LAN Controllers45VPN and Enhanced Security Modules for 4100 Series Controllers46Rogue Access Points46Rogue Access Point Location, Tagging, and Containment47Web User Interface and the CLI47Web User Interface47Command Line Interface48Using the Web-Browser and CLI Interfaces49Using the Web-Browser Interface50Guidelines for Using the GUI50Opening the GUI50Enabling Web and Secure Web Modes50Configuring the GUI for HTTPS50Loading an Externally Generated HTTPS Certificate51Disabling the GUI53Using Online Help53Using the CLI53Logging into the CLI53Using a Local Serial Connection54Using a Remote Ethernet Connection54Logging Out of the CLI55Navigating the CLI55Enabling Wireless Connections to the Web-Browser and CLI Interfaces56Configuring Ports and Interfaces57Overview of Ports and Interfaces58Ports58Distribution System Ports59Service Port60Interfaces61Management Interface61AP-Manager Interface62Virtual Interface62Service-Port Interface63Dynamic Interface63WLANs64Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces65Using the GUI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces65Using the CLI to Configure the Management, AP-Manager, Virtual, and Service-Port Interfaces68Using the CLI to Configure the Management Interface68Using the CLI to Configure the AP-Manager Interface68Using the CLI to Configure the Virtual Interface69Using the CLI to Configure the Service-Port Interface70Configuring Dynamic Interfaces70Using the GUI to Configure Dynamic Interfaces70Using the CLI to Configure Dynamic Interfaces72Configuring Ports73Configuring Port Mirroring76Configuring Spanning Tree Protocol77Using the GUI to Configure Spanning Tree Protocol78Using the CLI to Configure Spanning Tree Protocol82Enabling Link Aggregation83Link Aggregation Guidelines84Using the GUI to Enable Link Aggregation85Using the CLI to Enable Link Aggregation86Configuring Neighbor Devices to Support LAG86Configuring a 4400 Series Controller to Support More Than 48 Access Points86Using Link Aggregation87Using Multiple AP-Manager Interfaces87Connecting Additional Ports92Configuring Controller Settings93Using the Configuration Wizard94Before You Start94Resetting the Device to Default Settings95Resetting to Default Settings Using the CLI95Resetting to Default Settings Using the GUI95Running the Configuration Wizard on the CLI96Managing the System Time and Date97Configuring Time and Date Manually97Configuring NTP97Configuring a Country Code97Enabling and Disabling 802.11 BandsConfiguring Administrator Usernames and PasswordsConfiguring RADIUS SettingsConfiguring SNMP SettingsEnabling 802.3x Flow ControlEnabling System LoggingEnabling Dynamic Transmit Power ControlConfiguring Multicast Mode101Understanding Multicast Mode101Guidelines for Using Multicast Mode101Enabling Multicast ModeConfiguring the Supervisor 720 to Support the WiSMGeneral WiSM GuidelinesConfiguring the SupervisorUsing the Wireless LAN Controller Network ModuleConfiguring Security Solutions107Cisco WLAN Solution Security108Security Overview108Layer1 Solutions108Layer2 Solutions108Layer3 Solutions109Rogue Access Point Solutions109Rogue Access Point Challenges109Tagging and Containing Rogue Access Points109Integrated Security Solutions110Configuring the System for SpectraLink NetLink Telephones110Using the GUI to Enable Long Preambles111Using the CLI to Enable Long Preambles111Using Management over Wireless112Using the GUI to Enable Management over Wireless112Using the CLI to Enable Management over Wireless113Configuring DHCP113Using the GUI to Configure DHCP113Using the CLI to Configure DHCP114Customizing the Web Authentication Login Screen114Default Web Authentication Operation115Customizing Web Authentication Operation117Hiding and Restoring the Cisco WLAN Solution Logo117Changing the Web Authentication Login Window Title117Changing the Web Message118Changing the Logo118Preparing the TFTP Server118Copying the Logo or Graphic to the TFTP Server118Downloading the Logo or Graphic119Hiding the Logo119Creating a Custom URL Redirect120Verifying Web Authentication Changes120Example: Sample Customized Web Authentication Login Window121Configuring Identity Networking122Identity Networking Overview122RADIUS Attributes Used in Identity Networking123QoS-Level123ACL-Name123Interface-Name124VLAN-Tag124Tunnel Attributes125Configuring WLANs127Wireless LAN Overview128Configuring Wireless LANs128Displaying, Creating, Disabling, and Deleting Wireless LANs128Activating Wireless LANs129Assigning a Wireless LAN to a DHCP Server129Configuring MAC Filtering for Wireless LANs129Enabling MAC Filtering129Creating a Local MAC Filter129Configuring a Timeout for Disabled Clients130Assigning Wireless LANs to VLANs130Configuring Layer 2 Security130Dynamic 802.1X Keys and Authorization130WEP Keys131Dynamic WPA Keys and Encryption131Configuring a Wireless LAN for Both Static and Dynamic WEP132Configuring Layer 3 Security132IPSec132IPSec Authentication132IPSec Encryption132IKE Authentication133IKE Diffie-Hellman Group133IKE Phase 1 Aggressive and Main Modes133IKE Lifetime Timeout133IPSec Passthrough134Web-Based Authentication134Local Netuser134Configuring Quality of Service134Configuring QoS Enhanced BSS (QBSS)135Enabling WMM Mode135Enabling 7920 Support Mode136QBSS Information Elements Sometimes Degrade 7920 Phone Performance136Controlling Lightweight Access Points137Lightweight Access Point Overview138Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points138Cisco 1030 Remote Edge Lightweight Access Points139Cisco 1000 Series Lightweight Access Point Part Numbers140Cisco 1000 Series Lightweight Access Point External and Internal Antennas140External Antenna Connectors141Antenna Sectorization141Cisco 1000 Series Lightweight Access Point LEDs141Cisco 1000 Series Lightweight Access Point Connectors142Cisco 1000 Series Lightweight Access Point Power Requirements142Cisco 1000 Series Lightweight Access Point External Power SupplyCisco 1000 Series Lightweight Access Point Mounting OptionsCisco 1000 Series Lightweight Access Point Physical SecurityCisco 1000 Series Lightweight Access Point Monitor ModeUsing the DNS for Controller DiscoveryDynamic Frequency Selection144Autonomous Access Points Converted to Lightweight Mode145Guidelines for Using Access Points Converted to Lightweight Mode145Reverting from Lightweight Mode to Autonomous Mode145Using a Controller to Return to a Previous Release146Using the MODE Button and a TFTP Server to Return to a Previous Release146Controllers Accept SSCs from Access Points Converted to Lightweight Mode147Using DHCP Option 43147Using a Controller to Send Debug Commands to Access Points Converted to Lightweight Mode147Converted Access Points Send Crash Information to Controller148Converted Access Points Send Radio Core Dumps to Controller148Enabling Memory Core Dumps from Converted Access Points148Display of MAC Addresses for Converted Access Points148Disabling the Reset Button on Access Points Converted to Lightweight Mode149Configuring a Static IP Address on an Access Point Converted to Lightweight Mode149Managing Controller Software and Configurations151Transferring Files to and from a Controller152Upgrading Controller Software152Saving Configurations154Clearing the Controller Configuration154Erasing the Controller Configuration154Resetting the Controller155Configuring Radio Resource Management157Overview of Radio Resource Management158Radio Resource Monitoring158Dynamic Channel Assignment159Dynamic Transmit Power Control160Coverage Hole Detection and Correction160Client and Network Load Balancing160RRM Benefits161Overview of RF Groups161RF Group Leader161RF Group Name162Configuring an RF Group162Using the GUI to Configure an RF Group163Using the CLI to Configure RF Groups164Viewing RF Group Status164Using the GUI to View RF Group Status164Using the CLI to View RF Group Status167Enabling Rogue Access Point Detection168Using the GUI to Enable Rogue Access Point Detection168Using the CLI to Enable Rogue Access Point Detection171Configuring Dynamic RRM171Using the GUI to Configure Dynamic RRM172Using the CLI to Configure Dynamic RRM178Overriding Dynamic RRM179Statically Assigning Channel and Transmit Power Settings to Access Point Radios180Using the GUI to Statically Assign Channel and Transmit Power Settings180Using the CLI to Statically Assign Channel and Transmit Power Settings182Disabling Dynamic Channel and Power Assignment Globally for a Controller183Using the GUI to Disable Dynamic Channel and Power Assignment183Using the CLI to Disable Dynamic Channel and Power Assignment183Viewing Additional RRM Settings Using the CLI184Configuring Mobility Groups185Overview of Mobility186Overview of Mobility Groups189Determining When to Include Controllers in a Mobility Group191Configuring Mobility Groups191Prerequisites191Using the GUI to Configure Mobility Groups192Using the CLI to Configure Mobility Groups195Configuring Auto-Anchor Mobility195Guidelines for Using Auto-Anchor Mobility196Using the GUI to Configure Auto-Anchor Mobility196Using the CLI to Configure Auto-Anchor Mobility198Safety Considerations and Translated Safety Warnings199Safety Considerations200Warning Definition200Class 1 Laser Product Warning203Ground Conductor Warning205Chassis Warning for Rack-Mounting and Servicing207Battery Handling Warning for 4400 Series Controllers216Equipment Installation Warning218More Than One Power Supply Warning for 4400 Series Controllers221Declarations of Conformity and Regulatory Information225Regulatory Information for 1000 Series Access Points226Manufacturers Federal Communication Commission Declaration of Conformity Statement226Department of Communications—Canada227Canadian Compliance Statement227European Community, Switzerland, Norway, Iceland, and Liechtenstein228Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC228Declaration of Conformity for RF Exposure229Guidelines for Operating Cisco Aironet Access Points in Japan230Japanese Translation230English Translation230Administrative Rules for Cisco Aironet Access Points in Taiwan231Access Points with IEEE 802.11a Radios231Chinese Translation231English Translation231All Access Points231Chinese Translation231English Translation232Declaration of Conformity Statements232FCC Statements for Cisco 2000 Series Wireless LAN Controllers232FCC Statements for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN ...233End User License and Warranty235End User License Agreement236Limited Warranty238Disclaimer of Warranty240General Terms Applicable to the Limited Warranty Statement and End User License Agreement240Additional Open Source Terms241System Messages and Access Point LED Patterns243System Messages244Using Client Reason and Status Codes in Trap Logs246Client Reason Codes246Client Status Codes247Using Lightweight Access Point LEDs248Index249Größe: 8,06 MBSeiten: 256Language: EnglishHandbuch öffnen