Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
11-8
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 11 Mobile Access Router, Universal Bridge Client, and Cisco Unified Wireless
Security
these criteria, the WMIC searches for a new root association and roams to a new root device before it
loses its current association. When the mobile station setting is disabled (the default setting) the WMIC
does not search for a new association until it loses its current association.
loses its current association. When the mobile station setting is disabled (the default setting) the WMIC
does not search for a new association until it loses its current association.
WMIC Universal Bridge Client Configuration
The WMIC can be configured as a UWGB, as is discussed in the beginning of this section. UWGB mode
enables support for the WMIC in a network 802.11 network environment that does not support WGB.
For example, this may be a non-Cisco mesh network. The current limitation of using UWGB mode
clients on a Cisco Unified Wireless Network is that you can only have one UWGB client per AP.
enables support for the WMIC in a network 802.11 network environment that does not support WGB.
For example, this may be a non-Cisco mesh network. The current limitation of using UWGB mode
clients on a Cisco Unified Wireless Network is that you can only have one UWGB client per AP.
In this role, the WMIC has the following functionality:
•
Associates to IOS and non-IOS access points.
•
Interoperability—The UWGB can forward routing traffic using a non-Cisco root device as a
universal client. The UWGB appears as a normal wireless client to the root device. As a root device,
the WMIC supports Cisco Compatible Extension clients, with all Cisco Compatible Extension v3
features and many v4 features.
universal client. The UWGB appears as a normal wireless client to the root device. As a root device,
the WMIC supports Cisco Compatible Extension clients, with all Cisco Compatible Extension v3
features and many v4 features.
station-role workgroup-bridge universal (mac address)
Note
You must use the MAC address of the associated VLAN to which the WMIC is bridged. As an example
use the MAC address of VLAN one. To acquire the MAC address of VLAN one, console in to the MAR
router card and issue the command show mac-address-table.
use the MAC address of VLAN one. To acquire the MAC address of VLAN one, console in to the MAR
router card and issue the command show mac-address-table.
WMIC as an Access Point Configuration
The WMIC can be configured as a root access point. In this role, it accepts associations from wireless
clients. This can be a useful configuration if you are planning to deploy a mobile hotspot. Issue the
following command in the dot11 interface configuration to configure the WMIC as an access point:
clients. This can be a useful configuration if you are planning to deploy a mobile hotspot. Issue the
following command in the dot11 interface configuration to configure the WMIC as an access point:
station-role root access-point
This specifies that the WMIC functions as a root access point.
Security
The security section of this chapter does not fully discuss in detail the underlying concepts behind the
security features of the 3200 MAR; for more in depth information on these security mechanisms, see
security features of the 3200 MAR; for more in depth information on these security mechanisms, see
Authentication Types
This section describes the authentication types that you can configure on the WMIC. The authentication
types are tied to the SSID that you configure on the WMIC. Before wireless devices can communicate,
they must authenticate to each other using open, 802.1x/EAP-based, or shared-key authentication. For
maximum security, wireless devices should also authenticate to your network using EAP authentication,
which is an authentication type that relies on an authentication server on your network.
types are tied to the SSID that you configure on the WMIC. Before wireless devices can communicate,
they must authenticate to each other using open, 802.1x/EAP-based, or shared-key authentication. For
maximum security, wireless devices should also authenticate to your network using EAP authentication,
which is an authentication type that relies on an authentication server on your network.