Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Manual Técnica
authentication, or MFP.
This is how to configure:
config time ntp server 1 10.1.1.1
In order to verify, check for entries like this in your traplog:
30 Tue Feb 6 08:12:03 2007 Controller time base status − Controller is in sync with the central timebase.
If the wireless clients should be separated in several sub−networks for security reasons, each one with
different security policies, it is a good idea to use one or two WLANs (for example, each one has a
different Layer 2 encryption policy) together with the AAA−Override feature. This feature allows you
to assign per user settings. For example, move the user to either a specific dynamic interface in a
separated VLAN or apply a per user Access Control List (ACL).
different security policies, it is a good idea to use one or two WLANs (for example, each one has a
different Layer 2 encryption policy) together with the AAA−Override feature. This feature allows you
to assign per user settings. For example, move the user to either a specific dynamic interface in a
separated VLAN or apply a per user Access Control List (ACL).
•
Although the controller and access points do support WLAN with SSID using WiFi Protected Access
(WPA) and WPA2 simultaneously, it is very common that some wireless client drivers cannot handle
complex SSID settings. In general, it is a good idea to keep the security policies simple for any SSID
and only allow WPA2−AES. If some clients still do not support that, WPA2−AES and WPA1−TKIP
on the same SSID is supported. An SSID that supports only WPA1−TKIP is not be allowed starting
controller code 8.0
(WPA) and WPA2 simultaneously, it is very common that some wireless client drivers cannot handle
complex SSID settings. In general, it is a good idea to keep the security policies simple for any SSID
and only allow WPA2−AES. If some clients still do not support that, WPA2−AES and WPA1−TKIP
on the same SSID is supported. An SSID that supports only WPA1−TKIP is not be allowed starting
controller code 8.0
•
General Administration
These are the best practices for General Administration:
In general, before any upgrade it is a good idea to do a FTP/TFTP backup of the configuration.
•
The AP can use a syslog server to send troubleshooting information. Still, by default, it is sent as local
broadcast. If the AP is not on same subnet as the syslog server, it is advisable to change to a unicast
address. This change is in order to be able to collect this information and to reduce the possibility of a
broadcast storm caused by syslog messages sent to the local broadcast, in case there is an incidence
that affects all APs in the same subnetwork. In order to check this setting:
broadcast. If the AP is not on same subnet as the syslog server, it is advisable to change to a unicast
address. This change is in order to be able to collect this information and to reduce the possibility of a
broadcast storm caused by syslog messages sent to the local broadcast, in case there is an incidence
that affects all APs in the same subnetwork. In order to check this setting:
(WiSM−slot1−1) >show ap config general AP1130−9064
Cisco AP Identifier.............................. 164
Cisco AP Name.................................... AP1130−9064
Country code..................................... BE − Belgium
Regulatory Domain allowed by Country............. 802.11bg:−E 802.11a:−E
AP Country code.................................. BE − Belgium
AP Regulatory Domain............................. 802.11bg:−E 802.11a:−E
Switch Port Number .............................. 29
MAC Address...................................... 00:16:46:f2:90:64
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.100.200
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.100.1
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default−group
Primary Cisco Switch Name........................ Cisco_ea:5e:63
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
•