You must configure an SSID before client devices can associate to the access point. The SSID can consist of up to 32 alphanumeric, case-sensitive, characters. The first character can not contain the following characters:. The following characters are invalid and cannot be used in an SSID:.
Table describes the four security types that you can assign to an SSID. This is the least secure option. This option is more secure than no security. However, static WEP keys are vulnerable to attack. Mandatory WEP. This option enables You are required to enter the IP address and shared secret for an authentication server on your network server authentication port Because Mandatory Client devices that associate using this SSID must perform Wi-Fi Protected Access WPA permits wireless access to users authenticated against a database through the services of an authentication server, then encrypts their IP traffic with stronger algorithms than those used in WEP.
As with EAP authentication, you must enter the IP address and shared secret for an authentication server on your network server authentication port Mandatory WPA authentication. Because the Express Security page is designed for simple configuration of basic security, the options available are a subset of the wireless device's security capabilities.
Keep these limitations in mind when using the Express Security page:. However, you can delete SSIDs and re-create them. The SSIDs that you create are enabled on all radio interfaces.
To configure multiple authentication servers, use the Security Server Manager page. The SSID can contain up to 32 alphanumeric characters. This is a useful option for an SSID used by guests or by client devices in a public space. Only one SSID can be included in the wireless device beacon. The settings are listed in order of robustness, from No Security to WPA, which is the most secure setting. Step 6 Click Apply.
This section contains these example configurations:. The AG and AG access points disable the radio interfaces when the unit senses that the power source to which it is connected does not provide enough power. Depending on your power source, you might need to enter the power source type in the access point configuration. Use the System Software: System Configuration page on the web-browser interface to select a power option.
If you use the AC power adapter to provide power to the AG or AG access point, you do not need to adjust the access point configuration. If you use a power injector to provide power to the AG or AG access point, select Power Injector on the System Software: System Configuration page and enter the MAC address of the switch port to which the access point is connected.
This section explains how to install the utility and how to use it to find the wireless device's IP address. Tip Another simple way to find the wireless device's IP address is to look on the Status screen in the Aironet Client Utility on a client device associated to the wireless device. IPSU is available on the Cisco web site. Click this link to browse to the Software Center on Cisco. Follow these steps to find the wireless device's IP address:.
Step 2 When the utility window opens, make sure the Get IP addr radio button in the Function box is selected. The wireless device's MAC address is printed on the label on the bottom of the unit. It should contain six pairs of hexadecimal digits. Your wireless device's MAC address might look like the following example:. Note The MAC address field is not case-sensitive. When you connect the wireless device to the wired LAN, the wireless device links to the network using a bridge virtual interface BVI that it creates automatically.
Instead of tracking separate IP addresses for the wireless device's Ethernet and radio ports, the network uses the BVI. Note If you are connected to the wireless device using a Telnet session, you lose your connection to the wireless device when you assign a new IP address to the BVI. If you need to continue configuring the wireless device using Telnet, use the new IP address to open another Telnet session to the wireless device.
Follow these steps to access the CLI by using a Telnet session. Check your PC operating instructions for detailed instructions for your operating system.
Note In Windows , the Telnet window does not contain drop-down menus. To start the Telnet session in Windows , type open followed by the wireless device's IP address. First, access points can be placed in public places, inviting the possibility that they could be unplugged and their network connection used by an outsider.
Second, when a repeater access point is incorporated into a wireless network, the repeater access point must authenticate to the root access point in the same way as a client does.
It is not available on and series access points. The supplicant is configured in two phases:. You can complete the phases in any order, but they must be completed before the supplicant becomes operational. Beginning in privileged EXEC mode, follow these steps to create an Creates a dot1x credentials profile and enters the dot1x credentials configuration submode.
Hidden passwords are used when applying a previously saved configuration. LINE —An unencrypted clear text password. Note Unencrypted and clear text are the same. You can enter a 0 followed by the clear text password, or omit the 0 and enter the clear text password.
Use the no form of the dot1x credentials command to negate a parameter. The following example creates a credentials profile named test with the username Cisco and a the unencrypted password Cisco :. Credential profiles are applied to an interface or an SSID in the same way. Beginning in the privileged EXEC mode, follow these steps to apply the credentials to the access point's wired port:.
Enter the interface configuration mode for the access point's Fast Ethernet port. Note You can also use interface fa0 to enter the fast Ethernet configuration mode. The following example applies the credentials profile test to the access point's Fast Ethernet port:.
If you have a repeater access point in your wireless network and are using the Enter the The SSID can consist of up to 32 alphanumeric characters.
SSIDs are case sensitive. Note The first character cannot contain the! The following example applys the credentials profile test to the ssid testap1 on a repeater access point. Welcome to the custom book wizard. Using this tool you can create books containing a custom selection of content. To get started, enter a name for the book or select an existing book to add to. Select the topics and posts that you would like to add to your book.
Preview your selected content before you download or save to your dashboard. Mobi View on Kindle device or Kindle app on multiple devices.
Save to Dashboard. Your contact details will be kept confidential and will not be shared outside Cisco. If we need additional information regarding your feedback, we will contact you at this email address.
Toggle navigation Cisco Content Hub. Command Explorer. Topics Navigation. Recent Chapters. Top Viewed. Configuring the Access Point for the First Time. Caution You should never delete any of the system files prior to resetting defaults or reloading software. Caution Do not interrupt the boot process to avoid damaging the configuration file. You can also see the following CLI message when the load process has finished: Line protocal on Interface Dot11Radio0, changed state to up.
Password: xxxxxxx. Enter configuration commands, one per line. Create a New Book. Select an Existing Book. Book 1 Book 2. Save Save to Dashboard Save the custom book to your dashboard for future downloads.
Cancel Previous Next Finish. Status Draft. Cancel Save Edit Close. Missing Information. Inaccurate Information. Cancel Submit. New Folder Cancel OK. Last Updated Note Tags. Click on the file types below to dowload the content in that format.
OK Cancel Yes No. Enter interface configuration mode for the BVI. Optional —Enter the anonymous identity to be used. Optional —Enter a description for the credentials profile.
Enter an unencrypted password for the credentials. Optional Save your entries in the configuration file. Enter the name of a previously created credentials profile.
Enter the name of a preconfigured credentials profile. This option is more secure than no security. However, static WEP keys are vulnerable to attack. Mandatory WEP. This option enables You are required to enter the IP address and shared secret for an authentication server on your network server authentication port Because Mandatory Client devices that associate using this SSID must perform If you are using the CLI, this warning message appears:.
Wi-Fi Protected Access WPA permits wireless access to users authenticated against a database through the services of an authentication server, then encrypts their IP traffic with stronger algorithms than those used in WEP. As with EAP authentication, you must enter the IP address and shared secret for an authentication server on your network server authentication port Mandatory WPA authentication.
The security settings in the Easy Setup Radio Configuration section are designed for simple configuration of basic security. The options available are a subset of the wireless device security capabilities. Keep these limitations in mind when using the Express Security page:. This section contains these example configurations:. Example: No Security for Radio 2. Example: EAP Authentication. Example: WPA2 for Radio 2. Depending on your power source, you might need to enter the power source type in the access point configuration.
If you use the AC power adapter to provide power access point, you do not need to adjust the access point configuration. If you use a switch to provide Power over Ethernet PoE to the , , , , , and access point, and the switch supports the IEEE If you use a power injector to provide power to the , , , , , or access point, select Power Injector on the System Software: System Configuration page and enter the MAC address of the switch port to which the access point is connected.
When enabled, the dot11 extension power native shifts the power tables the radio uses from the IEEE The Native Power tables were designed specifically to configure powers as low as -1dBm for Cisco Aironet radios that support these levels.
The Cisco Aironet Series access points requires 20W of power for optimum performance of This allows you to configure one radio to operate using This allows full functionality under Once you upgrade to a powering solution that provides 20W of power to the access point, you can configure the second radio so that both radios are fully functional with 2x3 multiple input multiple output MIMO technology.
Certain radio configurations may require more power than can be provided by the inline power source. When insufficient inline power is available, you can select several options based upon your access point radio configuration as shown in Table Maximum transmit power will vary by channel and according to individual country regulations.
Refer to the product documentation for specific details. It is designed to provide high throughput and operate in the 5 GHz band. The Shutting down the However the channel widths can be independently configured with the restriction that it should be above the channel width configured on Please see Table for more details on the supported channel width combinations.
Table Supported Channel Width Combinations. Off channel scanning or transmissions are not supported. The , , and Please refer to the below table. Tip Radio configurations such as 4x imply 4 transmitters and 4 receivers capable of 3 spatial streams.
If the AP is running on reduced power, under Home:Summary Status, the following warning is displayed:. Due to insufficient inline power. Upgrade inline power source or install power injector. All access points except outdoor mesh products can be powered over Ethernet. Access points with two radios powered over Ethernet are fully functional and support all the features.
See Table for the various power management options available. This is the power required at the PSE, which is either a switch or an injector. You cannot configure power levels independently for When you connect the wireless device to the wired LAN, the wireless device links to the network using a bridge virtual interface BVI that it creates automatically.
Note If you are connected to the wireless device using a Telnet session, you lose your connection to the wireless device when you assign a new IP address to the BVI. If you need to continue configuring the wireless device using Telnet, use the new IP address to open another Telnet session to the wireless device.
Follow these steps to access the CLI by using a Telnet session. Check your PC operating instructions for detailed instructions for your operating system. Note In Windows , the Telnet window does not contain drop-down lists. To start the Telnet session in Windows , type open followed by the wireless device IP address. First, access points can be placed in public places, inviting the possibility that they could be unplugged and their network connection used by an outsider.
Second, when a repeater access point is incorporated into a wireless network, the repeater access point must authenticate to the root access point in the same way as a client does. You can complete the phases in any order, but they must be completed before the supplicant becomes operational. Beginning in privileged EXEC mode, follow these steps to create an Creates a dot1x credentials profile and enters the dot1x credentials configuration submode.
Optional —Enter the anonymous identity to be used. Optional —Enter a description for the credentials profile. Enter an unencrypted password for the credentials. Hidden passwords are used when applying a previously saved configuration. Note Unencrypted and clear text are the same.
You can enter a 0 followed by the clear text password, or omit the 0 and enter the clear text password. Optional Save your entries in the configuration file. Use the no form of the dot1x credentials command to negate a parameter. The following example creates a credentials profile named test with the username Cisco and a the unencrypted password Cisco:.
Credential profiles are applied to an interface or an SSID in the same way. Beginning in the privileged EXEC mode, follow these steps to apply the credentials to the access point wired port:. Enter the interface configuration mode for the access point Gigabit Ethernet port. Note You can also use interface fa0 to enter the Gigabit Ethernet configuration mode.
Enter the name of a previously created credentials profile. The following example applies the credentials profile test to the access point gigabit Ethernet port:.
If you have a repeater access point in your wireless network and are using the Enter the The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive. Note The first character cannot contain the! Enter the name of a preconfigured credentials profile. The following example applys the credentials profile test to the ssid testap1 on a repeater access point. IPv6 is the latest Internet protocol for IPv, developed to provide an extremely large number of addresses.
It uses bit addresses instead of the 32 bit addresses that are used in IPv4. As deployments in wireless networks use greater number of IP wireless devices and smart phones, IPv6 with its bit address format can support 3.
IPv6 addresses are represented as a series of bit hexadecimal fields separated by colons : in the format: x:x:x:x:x:x:x:x. Aggregatable global unicast addresses are globally routable and reachable on the IPv6 portion of the Internet.
These global addresses are identified by the format prefix of The interface identifier is in the modified EUI format. Table lists the IPv6 address types and formats. Table IPv6 Address Formats. Beginning in privileged EXEC mode, use these commands to enable tie ipv6 address. A link-local address, based on the Modified EUI interface ID, is automatically generated for the interface when stateless autoconfiguration is enabled.
Beginning in privileged EXEC mode, use the following command to enable stateless autoconfiguration:. Beginning in privileged EXEC mode, use the following command to configure a link local addreess without assigning any other IPv6 addressesto the interface:. Beginning in privileged EXEC mode, use the following command to assign a site-local or global address to the interface:. The DHCPv6 client obtains configuration parameters from a server either through a rapid two-message exchange solicit, reply , or through a normal four-message exchange solicit, advertise, request, reply.
By default, the four-message exchange is used. When the rapid-commit option is enabled by both client and server, the two-message exchange is used. Stateful addressing uses a DHCP server. Beginning in privileged EXEC mode, use this command to configure stateful addressing:.
Beginning in privileged EXEC mode, use this command to configure stateless addressing:. The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network. This command is available only on bridge group virtual interface BVI.
Sets the interval between IPv6 neighbor solicitation retransmissions on an interface. Sets the amount of time that a remote IPv6 node is reachable. Configures the number of consecutive neighbor solicitation messages sent when duplicate address detection is performed on the unicast IPv6 addresses.
Configures the interval between IPv6 neighbor solicit transmissions for duplicate address detection. Configures a default route to the Neighbor Discovery-derived default router. Configures router solicitation message to solicit a router advertisement to eliminate any delay in waiting for the next periodic router advertisement. Configures the length of time before the IPv6 neighbor discovery cache entry expires.
Configures a neighbor discovery cache limit on a specified interface. Configures neighbor discovery to glean an entry from an unsolicited neighbor advertisement.
Configures IPv6 neighbor discovery non-stop forwarding. You can specify the covergence time in seconds 10 to seconds , suppress duplicate address detection DAD , or set the number of resolutions to use with non-stop forwarding NSF.
Configures the number of neighbor unreachability detection NUD resends, and set a limit to the number of unresolved resends. Configures a limit to the number of data packets in queue awaiting neighbor discovery ND resolution. Inserts Neighbor Discovery-learned routes into the routing table with "ND" status and enables ND autoconfiguration behavior.
IPv6 access lists ACL are used to filter traffic and restrict access to the router. IPv6 prefix lists are used to filter routing protocol updates. Beginning in privileged EXEC mode, use these commands to to configure the access list globally and assign it to interface:.
Table IPv6 Access List configuration commands. Beginning in privileged EXEC mode, use these commands to assign the globally configured ACL to the outbound and inbound traffic on layer3 interface:. Cisco IOS Release Link-local is not used for registration.
Each CDP enabled device sends information about itself to its immediate neighbor. As part of native IPv6, the access point sends its IPv6 address as well as part of the address TLV in the cdp message; it also parses the IPv6 address information it gets from the neighboring switch.
RA filtering increases the security of the IPv6 network by dropping RAs coming from wireless clients. RA filtering prevents misconfigured or malicious IPv6 clients from connecting to the network, often with a high priority that takes precedence over legitimate IPv6 routers. In all cases, the IPv6 RA is dropped at some point, protecting other wireless devices and upstream wired network from malicious or misconfigured IPv6 devices.
However, RA filtering is not supported in the uplink direction. If the Autoconfig feaure is enabled, the AP downloads a configuration information file from the server at a pre-configured time and applies this configuration. The next configuration download is also scheduled along with this. Note The AP does not apply a configuration if it is the same as the last downloaded configuration. Step 1 Prepare a Configuration Information File. Step 2 Enable environmental variables. The configuration information file is an XML file, containing the following information:.
The configuration information file has the following format:. The xml tags used in the configuration information file are described below. A random number of seconds between 0 to this value is added to the start time, to randomize the time when next information file is downloaded. After you have the configuration information file ready and hosted on the SCP server, you need to configure the following environmental variables.
Name of the configuration information file to be fetched from the SCP server. You can configure the environmental variables by using the following command in global configuration mode:. For example:. After setting the environmental variables, you need to schedule the download of the configuration information file from the SCP server. Follow these steps:. Step 3 For instances where the download of the configuration information file from the SCP server fails, you can set a time interval after which the AP retries to download it again.
After every failed download, the retry interval doubles, but the retires stop the interval when becomes larger than MAX. To know the Autoconfig status, use the show dot11 autoconfig status command. You can use the following debugging commands as required:. Skip to content Skip to search Skip to footer.
Book Contents Book Contents. Find Matches in This Book. Updated: October 30, Configuring the Access Point for the First Time. Before You Start Before you install the wireless device, make sure you are using a computer connected to the same network as the wireless device, and obtain the following information from your network administrator: A system name for the wireless device The case-sensitive wireless service set identifier SSID for your radio network If not connected to a DHCP server, a unique IP address for the wireless device such as
0コメント