Configuring FlexConnect Groups
|
|
- Liliana Warner
- 1 years ago
- Views:
Transcription
1 Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points, you can create FlexConnect Groups and assign specific access points to them. All of the FlexConnect access points in a group share the same backup RADIUS server, CCKM, and local authentication configuration information. This feature is helpful if you have multiple FlexConnect access points in a remote office or on the floor of a building and you want to configure them all at once. For example, you can configure a backup RADIUS server for a FlexConnect rather than having to configure the same server on each access point. The following figure shows a typical FlexConnect deployment with a backup RADIUS server in the branch office. Figure 1: FlexConnect Group Deployment OL
2 FlexConnect Groups and Backup RADIUS Servers For more information about FlexConnect deployment considerations, see the FlexConnect chapter of the Enterprise Mobility Design Guide. FlexConnect Groups and Backup RADIUS Servers You can configure the controller to allow a FlexConnect access point in standalone mode to perform full 802.1X authentication to a backup RADIUS server. You can configure a primary backup RADIUS server or both a primary and secondary backup RADIUS server. These servers can be used when the FlexConnect access point is in of these two modes: standalone or connected. FlexConnect Groups and CCKM FlexConnect Groups are required for CCKM fast roaming to work with FlexConnect access points. CCKM fast roaming is achieved by caching a derivative of the master key from a full EAP authentication so that a simple and secure key exchange can occur when a wireless client roams to a different access point. This feature prevents the need to perform a full RADIUS EAP authentication as the client roams from one access point to another. The FlexConnect access points need to obtain the CCKM cache information for all the clients that might associate so they can process it quickly instead of sending it back to the controller. If, for example, you have a controller with 300 access points and 100 clients that might associate, sending the CCKM cache for all 100 clients is not practical. If you create a FlexConnect that includes a limited number of access points (for example, you create a group for four access points in a remote office), the clients roam only among those four access points, and the CCKM cache is distributed among those four access points only when the clients associate to one of them. CCKM fast roaming among FlexConnect and non-flexconnect access points is not supported. FlexConnect Groups is needed for CCKM to work. Flex group needs to be created for CCKM, 11r, and OKC, only then the caching can happen on an AP. The group name must be same between APS for a fast roaming to happen for 11r/CCKM. The group can be different for OKC as final check is done at Cisco WLC. FlexConnect Groups and Opportunistic Key Caching Starting with the Cisco Wireless LAN Controller Release , FlexConnect groups accelerate Opportunistic Key Caching (OKC) to enable fast roaming of clients. OKC facilitates fast roaming by using PMK caching in access points that are in the same FlexConnect group. OKC prevents the need to perform a full authentication as the client roams from one access point to another. FlexConnect groups store the cached key on the APs of the same group, accelerating the process. However, they are not required, as OKC will still happen between access points belonging to different FlexConnect groups and will use the cached key present on the Cisco WLC, provided that Cisco WLC is reachable and APs are in connected mode. 2 OL
3 FlexConnect Groups and Local Authentication To see the PMK cache entries at the FlexConnect access point, use the show capwap reap pmk command. This feature is supported on Cisco FlexConnect access points only. The PMK cache entries cannot be viewed on Non-FlexConnect access points. The FlexConnect access point must be in connected mode when the PMK is derived during WPA2/802.1x authentication. When using FlexConnect groups for OKC or CCKM, the PMK-cache is shared only across the access points that are part of the same FlexConnect group and are associated to the same controller. If the access points are in the same FlexConnect group but are associated to different controllers that are part of the same mobility group, the PMK cache is not updated and CCKM roaming will fail but OKC roaming will still work. Fast roaming works only if the APs are in the same FlexConnect group for APs in FlexConnect mode, r. FlexConnect Groups and Local Authentication You can configure the controller to allow a FlexConnect access point in standalone mode to perform LEAP, EAP-FAST authentication for up to 100 statically configured users. The controller sends the static list of usernames and passwords to each FlexConnect access point when it joins the controller. Each access point in the group authenticates only its own associated clients. This feature is ideal for customers who are migrating from an autonomous access point network to a lightweight FlexConnect access point network and are not interested in maintaining a large user database or adding another hardware device to replace the RADIUS server functionality available in the autonomous access point. This feature can be used with the FlexConnect backup RADIUS server feature. If a FlexConnect is configured with both a backup RADIUS server and local authentication, the FlexConnect access point always attempts to authenticate clients using the primary backup RADIUS server first, followed by the secondary backup RADIUS server (if the primary is not reachable), and finally the FlexConnect access point itself (if the primary and secondary are not reachable). For information about the number of FlexConnect groups and access point support for a Cisco WLC model, see the data sheet of the respective Cisco WLC model. (GUI) Step 1 Choose Wireless > FlexConnect Groups to open the FlexConnect Groups page. This page lists any FlexConnect groups that have already been created. OL
4 (GUI) Step 2 Step 3 Step 4 Step 5 If you want to delete an existing group, hover your cursor over the blue drop-down arrow for that group and choose Remove. Click New to create a new FlexConnect Group. On the FlexConnect Groups > New page, enter the name of the new group in the Group Name text box. You can enter up to 32 alphanumeric characters. Click Apply. The new group appears on the FlexConnect Groups page. To edit the properties of a group, click the name of the desired group. The FlexConnect Groups > Edit page appears. Step 6 If you want to configure a primary RADIUS server for this group (for example, the access points are using 802.1X authentication), choose the desired server from the Primary RADIUS Server drop-down list. Otherwise, leave the text box set to the default value of None. IPv6 RADIUS Server is not configurable. Only IPv4 configuration is supported. Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 If you want to configure a secondary RADIUS server for this group, choose the server from the Secondary RADIUS Server drop-down list. Otherwise, leave the field set to the default value of None. Configure the RADIUS server for the FlexConnect group by doing the following: a) Enter the RADIUS server IP address. b) Choose the server type as either Primary or Secondary. c) Enter a shared secret to log on to the RADIUS server and confirm it. d) Enter the port number. e) Click Add. To add an access point to the group, click Add AP. Additional fields appear on the page under Add AP. Perform one of the following tasks: To choose an access point that is connected to this controller, select the Select APs from Current Controller check box and choose the name of the access point from the AP Name drop-down list. If you choose an access point on this controller, the MAC address of the access point is automatically entered in the Ethernet MAC text box to prevent any mismatches from occurring. To choose an access point that is connected to a different controller, leave the Select APs from Current Controller check box unselected and enter its MAC address in the Ethernet MAC text box. If the FlexConnect access points within a group are connected to different controllers, all of the controllers must belong to the same mobility group. Click Add to add the access point to this FlexConnect group. The access point s MAC address, name, and status appear at the bottom of the page. If you want to delete an access point, hover your cursor over the blue drop-down arrow for that access point and choose Remove. Click Apply. Enable local authentication for a FlexConnect Group as follows: a) Ensure that the Primary RADIUS Server and Secondary RADIUS Server parameters are set to None. b) Select the Enable AP Local Authentication check box to enable local authentication for this FlexConnect Group. The default value is unselected. c) Click Apply. d) Choose the Local Authentication tab to open the FlexConnect > Edit (Local Authentication > Local Users) page. e) To add clients that you want to be able to authenticate using LEAP, EAP-FAST, perform one of the following: 4 OL
5 (GUI) f) Upload a comma-separated values (CSV) file by selecting the Upload CSV File check box, clicking the Browse button to browse to an CSV file that contains usernames and passwords (each line of the file needs to be in the following format: username, password), and clicking Add to upload the CSV file. The clients names appear on the left side of the page under the User Name heading. g) Add clients individually by entering the client s username in the User Name text box and a password for the client in the Password and Confirm Password text boxes, and clicking Add to add this client to the list of supported local users. The client name appears on the left side of the page under the User Name heading. You can add up to 100 clients. h) Click Apply. i) Choose the Protocols tab to open the FlexConnect > Edit (Local Authentication > Protocols) page. j) To allow a FlexConnect access point to authenticate clients using LEAP, select the Enable LEAP Authentication check box. k) To allow a FlexConnect access point to authenticate clients using EAP-FAST, select the Enable EAP-FAST Authentication check box. The default value is unselected. l) Perform one of the following, depending on how you want protected access credentials (PACs) to be provisioned: To use manual PAC provisioning, enter the server key used to encrypt and decrypt PACs in the Server Key and Confirm Server Key text boxes. The key must be 32 hexadecimal characters. To allow PACs to be sent automatically to clients that do not have one during PAC provisioning, select the Enable Auto Key Generation check box Step 14 Step 15 m) In the Authority ID text box, enter the authority identifier of the EAP-FAST server. The identifier must be 32 hexadecimal characters. n) In the Authority Info text box, enter the authority identifier of the EAP-FAST server in text format. You can enter up to 32 hexadecimal characters. o) To specify a PAC timeout value, select the PAC Timeout check box and enter the number of seconds for the PAC to remain viable in the text box. The default value is unselected, and the valid range is 2 to 4095 seconds when enabled. p) Click Apply. In the WLAN-ACL mapping tab, you can do the following: a) Under Web Auth ACL Mapping, enter the WLAN ID, choose the WebAuth ACL, and click Add to map the web authentication ACL and the WLAN. b) Under Local Split ACL Mapping, enter the WLAN ID, and choose the Local Split ACL, and click Add to map the Local Split ACL to the WLAN. You can configure up to 16 WLAN-ACL combinations for local split tunneling. Local split tunneling does not work for clients with static IP address. In the Central DHCP tab, you can do the following: a) In the WLAN Id box, enter the WLAN ID with which you want to map Central DHCP. b) Select or unselect the Central DHCP check box to enable or disable Central DHCP for the mapping. c) Select or unselect the Override DNS check box to enable or disable overriding of DNS for the mapping. d) Select or unselect the NAT-PAT check box to enable or disable network address translation and port address translation for the mapping. e) Click Add to add the Central DHCP - WLAN mapping. When the overridden interface is enabled for the FlexConnect Group DHCP, the DHCP broadcast to unicast is optional for locally switched clients. OL
6 (CLI) Step 16 Step 17 Click Save Configuration. Repeat this procedure if you want to add more FlexConnects. To see if an individual access point belongs to a FlexConnect Group, you can choose Wireless > Access Points > All APs > the name of the desired access point in the FlexConnect tab. If the access point belongs to a FlexConnect, the name of the group appears in the FlexConnect Name text box. (CLI) Step 1 Step 2 Step 3 Step 4 Add add or delete a FlexConnect Group by entering this command: config flexconnect group group_name {add delete} Configure a primary or secondary RADIUS server for the FlexConnect group by entering this command: config flexconect group group-name radius server auth {{add {primary secondary} ip-addr auth-port secret} {delete {primary secondary}}} Add an access point to the FlexConnect Group by entering this command: config flexconnect group_name ap {add delete} ap_mac Configure local authentication for a FlexConnect as follows: a) Make sure that a primary and secondary RADIUS server are not configured for the FlexConnect Group. b) To enable or disable local authentication for this FlexConnect group, enter this command: config flexconnect group group_name radius ap {enable disable} c) Enter the username and password of a client that you want to be able to authenticate using LEAP, EAP-FAST by entering this command: config flexconnect group group_name radius ap user add username password password You can add up to 100 clients. d) Allow a FlexConnect access point group to authenticate clients using LEAP or to disable this behavior by entering this command: config flexconnect group group_name radius ap leap {enable disable} e) Allow a FlexConnect access point group to authenticate clients using EAP-FAST or to disable this behavior by entering this command: config flexconnect group group_name radius ap eap-fast {enable disable} f) To download EAP Root and Device certificate to AP, enter this command: config flexconnect group group_name radius ap eap-cert download g) Allow a FlexConnect access point group to authenticate clients using EAP-TLS or to disable this behavior by entering this command: config flexconnect group group_name radius ap eap-tls {enable disable} h) Allow a FlexConnect access point group to authenticate clients using PEAP or to disable this behavior by entering this command: config flexconnect group group_name radius ap peap {enable disable} 6 OL
7 (CLI) i) Enter one of the following commands, depending on how you want PACs to be provisioned: config flexconnect group group_name radius ap server-key key Specifies the server key used to encrypt and decrypt PACs. The key must be 32 hexadecimal characters. config flexconnect group group_name radius ap server-key auto Allows PACs to be sent automatically to clients that do not have one during PAC provisioning. j) To specify the authority identifier of the EAP-FAST server, enter this command: config flexconnect group group_name radius ap authority id id where id is 32 hexadecimal characters. k) To specify the authority identifier of the EAP-FAST server in text format, enter this command: config flexconnect group group_name radius ap authority info info where info is up to 32 hexadecimal characters. l) To specify the number of seconds for the PAC to remain viable, enter this command: config flexconnect group group_name radius ap pac-timeout timeout where timeout is a value between 2 and 4095 seconds (inclusive) or 0. A value of 0, which is the default value, disables the PAC timeout. Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Configure a Policy ACL on a FlexConnect group by entering this command: config flexconnect group group-name acl {add delete} acl-name Configure local split tunneling on a per-flexconnect group basis by entering this command: config flexconnect group group_name local-split wlan wlan-id acl acl-name flexconnect-group-name {enable disable} To set multicast/broadcast across L2 broadcast domain on overridden interface for locally switched clients, enter this command: config flexconnect group group_name multicast overridden-interface {enable disable} Configure central DHCP per WLAN by entering this command: config flexconnect group group-name central-dhcp wlan-id {enable override dns disable delete} Configure the DHCP overridden interface for FlexConnect group, use the configflexconnectgroupflexgroupdhcpoverridden-interfaceenablecommand. Configure policy acl on FlexConnect group by entering this command: config flexconnect group group_name policy acl {add delete} acl-name Configure web-auth acl on flexconnect group by entering this command: config flexconnect group group_name web-auth wlan wlan-id acl acl-name {enable disable} Configure wlan-vlan mapping on flexconnect group by entering this command: config flexconnect group group_name wlan-vlan wlan wlan-id{add delete}vlan vlan-id To set efficient upgrade for group, enter this command: config flexconnect group group_name predownload {enable disable master slave} ap-name retry-count maximum retry count ap-name ap-name Save your changes by entering this command: save config See the current list of flexconnect groups by entering this command: show flexconnect group summary OL
8 Configuring VLAN-ACL Mapping on FlexConnect Groups Step 16 See the details for a specific FlexConnect Groups by entering this command: show flexconnect group detail group_name Configuring VLAN-ACL Mapping on FlexConnect Groups Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Choose Wireless > FlexConnect Groups. The FlexConnect Groups page appears. This page lists the access points associated with the controller. Click the Group Name link of the FlexConnect Group for which you want to configure VLAN-ACL mapping. Click the VLAN-ACL Mapping tab. The VLAN-ACL Mapping page for that FlexConnect group appears. Enter the Native VLAN ID in the VLAN ID text box. From the Ingress ACL drop-down list, choose the Ingress ACL. From the Egress ACL drop-down list, choose the Egress ACL. Click Add to add this mapping to the FlexConnect Group. The VLAN ID is mapped with the required ACLs. To remove the mapping, hover your mouse over the blue drop-down arrow and choose Remove. The Access Points inherit the VLAN-ACL mapping on the FlexConnect groups if the WLAN VLAN mapping is also configured on the groups. Configuring VLAN-ACL Mapping on FlexConnect Groups (CLI) config flexconnect group group-name vlan add vlan-id acl ingress-acl egress acl Add a VLAN to a FlexConnect group and map the ingress and egress ACLs by entering this command: Viewing VLAN-ACL Mappings (CLI) show flexconnect group detail group-name View FlexConnect group details. show ap config general ap-name View VLAN-ACL mappings on the AP. 8 OL
Configuring OfficeExtend Access Points
Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security
Editing WLAN SSID or Profile Name for WLANs (CLI), page 6
Prerequisites for WLANs, page 1 Restrictions for WLANs, page 2 Information About WLANs, page 3 Creating and Removing WLANs (GUI), page 3 Enabling and Disabling WLANs (GUI), page 4 Editing WLAN SSID or
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer BRKEWN-2016 Abstract This session focuses on the architecture concepts of the branch office
Configuring Local EAP
Information About Local EAP, page 1 Restrictions on Local EAP, page 2 (GUI), page 3 (CLI), page 6 Information About Local EAP Local EAP is an authentication method that allows users and wireless clients
Mobility Groups. Information About Mobility
Information About Mobility, page 1 Information About, page 5 Prerequisites for Configuring, page 10 Configuring (GUI), page 12 Configuring (CLI), page 13 Information About Mobility Mobility, or roaming,
Architecting Network for Branch Offices with Cisco Unified Wireless
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth - Sr. Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 2 Agenda Learn
Web Authentication Proxy on a Wireless LAN Controller Configuration Example
Web Authentication Proxy on a Wireless LAN Controller Configuration Example Document ID: 113151 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Proxy on
Configuring AP Groups
Prerequisites for, page 1 Restrictions for Configuring Access Point Groups, page 2 Information About Access Point Groups, page 2 Configuring Access Point Groups, page 3 Creating Access Point Groups (GUI),
Configuring Backup Controllers
Information About, page 1 Restrictions for, page 2 (GUI), page 2 (CLI), page 3 Information About A single controller at a centralized location can act as a backup for access points when they lose connectivity
DHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy
Proxy, page 1 Link Select and VPN Select, page 4 Option 82, page 7 Internal Server, page 10 for WLANs, page 13 Proxy Information About Configuring Proxy When proxy is enabled on the controller, the controller
Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3
Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3 Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Configuration Declare RADIUS Server on WLC Create
Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5
Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN Information About Multicast Optimization Prior to the 7.0.116.0 release, multicast
Configuring a WLAN for Static WEP
Restrictions for Configuring Static WEP, page 1 Information About WLAN for Static WEP, page 1 Configuring WPA1+WPA2, page 3 Restrictions for Configuring Static WEP The OEAP 600 series does not support
Configuring DHCP. Restrictions for Configuring DHCP for WLANs. Information About the Dynamic Host Configuration Protocol. Internal DHCP Servers
Restrictions for for WLANs, page 1 Information About the Dynamic Host Configuration Protocol, page 1 (GUI), page 3 (CLI), page 4 Debugging DHCP (CLI), page 5 DHCP Client Handling, page 5 Restrictions for
Verify Radius Server Connectivity with Test AAA Radius Command
Verify Connectivity with Test AAA Radius Command Contents Introduction Prerequisites Requirements Components Used Background Information How The Feature Works Command Syntax Scenario 1. Passed Authentication
Converting Autonomous Access Points to Lightweight Mode, page 2
Converting Autonomous Access Points to Lightweight Mode Information About, page 2 Restrictions for, page 2, page 2 Reverting from Lightweight Mode to Autonomous Mode, page 3 Authorizing Access Points,
Wireless LAN Controller (WLC) Mobility Groups FAQ
Wireless LAN Controller (WLC) Mobility Groups FAQ Document ID: 107188 Contents Introduction What is a Mobility Group? What are the prerequisites for a Mobility Group? How do I configure a Mobility Group
Configuring NAC Out-of-Band Integration
Prerequisites for NAC Out Of Band, page 1 Restrictions for NAC Out of Band, page 2 Information About NAC Out-of-Band Integration, page 2 (GUI), page 3 (CLI), page 5 Prerequisites for NAC Out Of Band CCA
Configuring DHCP. Restrictions for Configuring DHCP for WLANs. Information About the Dynamic Host Configuration Protocol. Internal DHCP Servers
Restrictions for for WLANs, page 1 Information About the Dynamic Host Configuration Protocol, page 1 (GUI), page 3 (CLI), page 4 Debugging DHCP (CLI), page 4 DHCP Client Handling, page 5 Restrictions for
Software-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
Converting Autonomous Access Points to Lightweight Mode
Converting Autonomous Access Points to Lightweight Mode Finding Feature Information, page 1 Prerequisites for Converting Autonomous Access Points to Lightweight Mode, page 1 Information About Autonomous
Securing Wireless LAN Controllers (WLCs)
Securing Wireless LAN Controllers (WLCs) Document ID: 109669 Contents Introduction Prerequisites Requirements Components Used Conventions Traffic Handling in WLCs Controlling Traffic Controlling Management
LAB: Configuring LEAP. Learning Objectives
LAB: Configuring LEAP Learning Objectives Configure Cisco ACS Radius server Configure a WLAN to use the 802.1X security protocol and LEAP Authenticate with an access point using 802.1X security and LEAP
Configuring Auto-Anchor Mobility
Information About Auto-Anchor Mobility, page 1 Guest Anchor Priority, page 5 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing
Wireless LAN Controller Web Authentication Configuration Example
Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process
Configuring Management Frame Protection
Information About Management Frame Protection, page 1 Restrictions for Management Frame Protection, page 3 (GUI), page 3 Viewing the Management Frame Protection Settings (GUI), page 3 (CLI), page 4 Viewing
Configuring Auto-Anchor Mobility
Information About Auto-Anchor Mobility, page 1 Information About Auto-Anchor Mobility You can use auto-anchor mobility (also called guest tunneling) to improve load balancing and security for roaming clients
Configuring Layer2 Security
Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring
Configure Flexconnect ACL's on WLC
Configure Flexconnect ACL's on WLC Contents Introduction Prerequisites Requirements Components Used ACL Types 1. VLAN ACL ACL Directions ACL Mapping Considerations Verify if ACL is Applied on AP 2. Webauth
AP Connectivity to Cisco WLC
CAPWAP, page 1 Discovering and Joining Cisco WLC, page 12 Authorizing Access Points, page 23 AP 802.1X Supplicant, page 29 Infrastructure MFP, page 34 Troubleshooting the Access Point Join Process, page
VOCOM II. WLAN Instructions. VOCOM II Tough
WLAN Instructions VOCOM II Tough 88894000 1 Please make sure the VOCOM II is connected to the computer via USB. Open the VOCOM II Configuration Application. Located under the START menu. The VOCOM II should
Configuring Settings on the Cisco Unified Wireless IP Phone
CHAPTER 5 Configuring Settings on the Cisco Unified Wireless IP Phone The Settings menu on the Cisco Unified Wireless IP Phone 7921G provides access to view and change network profile settings and several
Identity Services Engine Guest Portal Local Web Authentication Configuration Example
Identity Services Engine Guest Portal Local Web Authentication Configuration Example Document ID: 116217 Contributed by Marcin Latosiewicz, Cisco TAC Engineer. Jun 21, 2013 Contents Introduction Prerequisites
Wireless LAN Controller (WLC) Design and Features FAQ
Wireless LAN Controller (WLC) Design and Features FAQ Document ID: 118833 Contents Introduction Design FAQ Features FAQ Related Information Introduction This document provides information on the most frequently
WLAN Roaming and Fast-Secure Roaming on CUWN
802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP
Configuring 802.1X Settings on the WAP351
Article ID: 5078 Configuring 802.1X Settings on the WAP351 Objective IEEE 802.1X authentication allows the WAP device to gain access to a secured wired network. You can configure the WAP device as an 802.1X
What Is Wireless Setup
What Is Wireless Setup Wireless Setup provides an easy way to set up wireless flows for 802.1x, guest, and BYOD. It also provides workflows to configure and customize each portal for guest and BYOD, where
WLAN Timeouts. Timeouts. Configuring a Timeout for Disabled Clients. Configuring Session Timeout
Timeouts, page 1 Authentication for Sleeping Clients, page 4 Timeouts Configuring a Timeout for Disabled Clients Information About Configuring a Timeout for Disabled Clients You can configure a timeout
8.5 Identity PSK Feature Deployment Guide
8.5 Identity PSK Feature Deployment Guide Product or Feature Overview 2 IPSK solution 3 Configurations Steps for IPSK in 8.5 release 3 Controller Configuration Steps 6 WLC Local Policies Combined with
Configuring Cipher Suites and WEP
10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast
HPE IMC BYOD WLAN 802.1X Authentication and Security Check Using inode Configuration Examples
HPE IMC BYOD WLAN 802.1X Authentication and Security Check Using inode Configuration Examples Part Number: 5200-1385 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document
Configuring a Wireless LAN Connection
CHAPTER 9 The Cisco Secure Router 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required
Multicast/Broadcast Setup
Configuring Multicast Mode, page 1 Mediastream, page 9 Configuring Multicast Domain Name System, page 14 Configuring Multicast Mode Information About Multicast/Broadcast Mode If your network supports packet
Per-WLAN Wireless Settings
DTIM Period, page 1 Off-Channel Scanning Deferral, page 3 Cisco Client Extensions, page 10 Client Profiling, page 12 Client Count per WLAN, page 15 DTIM Period Information About DTIM Period In the 802.11
Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)
Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN
WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide
WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide Document ID: 112932 Contents Introduction Prerequisites Requirements Platforms Supported Conventions VLAN Select Feature
Clear Commands: a to l
clear advanced, page 2 clear acl counters, page 3 clear ap config, page 4 clear ap eventlog, page 5 clear ap join stats, page 6 clear arp, page 7 clear ap tsm, page 8 clear atf, page 9 clear avc statistics,
Configuring WLANs CHAPTER
CHAPTER 6 This chapter describes how to configure up to 16 wireless LANs for your Cisco Wireless LAN Solution. This chapter contains these sections: Wireless LAN Overview, page 6-2 Configuring Wireless
Managing APs. Converting Autonomous APs to Lightweight Mode. Information About Converting Autonomous Access Points to Lightweight Mode
Converting Autonomous APs to Lightweight Mode, page 1 Global Credentials for APs, page 6 Embedded APs, page 10 AP Modules, page 12 Access Points with Dual-Band Radios, page 20 Link Latency, page 21 Converting
Wireless Domain Services FAQ
Wireless Domain Services FAQ Document ID: 65346 Contents Introduction What is WDS? How do I configure my AP as a WDS? On what platforms does Cisco Structured Wireless Aware Network (SWAN) WDS run? How
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) Document ID: 70333 Introduction Prerequisites Requirements Components Used Conventions Background Information Register the LAP with
Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
CHAPTER 11 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access point/bridges for wireless domain services
Wireless LAN Controller Mesh Network Configuration Example
Wireless LAN Controller Mesh Network Configuration Example Document ID: 70531 Introduction Prerequisites Requirements Components Used Conventions Background Information Cisco Aironet 1510 Series Lightweight
Ports and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10
Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports Information About Ports A port is a physical entity that is used for connections on the Cisco WLC platform. Cisco WLCs have two types of
Cisco Unified Wireless Technology and Architecture
CHAPTER 2 Cisco Unified Wireless Technology and Architecture The purpose of this chapter is to discuss the key design and operational considerations in an enterprise Cisco Unified Wireless Deployment.
Cisco 8500 Series Wireless Controller Deployment Guide
Cisco 8500 Series Wireless Controller Deployment Guide Document ID: 113695 Contents Introduction Prerequisites Requirements Components Used Conventions Product Overview Product Specifications Features
Cisco Exam Questions & Answers
Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access
Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]
s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers
High Availability (AP SSO) Deployment Guide
High Availability (AP SSO) Deployment Guide Document ID: 113681 Contents Introduction Prerequisites Requirements Components Used Conventions Topology New HA Overview HA Connectivity Using Redundant Port
Using the Cisco Unified Wireless IP Phone 7921G Web Pages
CHAPTER 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages You can use the Cisco Unified Wireless IP Phone 7921G web pages to set up and configure settings for the phone. This chapter describes
Configuring the Client Adapter through the Windows XP Operating System
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
Searching for Access Points
Information About, page 1 Searching the AP Filter (GUI), page 1 Monitoring the Interface Details, page 4 Searching for Access Point Radios, page 6 Information About You can search for specific access points
Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide
Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide The Cisco Structured Wireless-Aware Network (SWAN) provides the framework to integrate and extend wired and wireless networks to deliver
Wireless LAN Profile Setup
Wireless LAN Profiles, page 1 Network Access Profile Settings, page 2 Wireless LAN Profile Settings, page 3 Wireless LAN Profile Group Settings, page 6 Create Network Access Profile, page 6 Create Wireless
Cisco 440X Series Wireless LAN Controllers Deployment Guide
Cisco 440X Series Wireless LAN Controllers Deployment Guide Cisco customers are rapidly adopting the Cisco Unified Wireless Network architecture for next generation wireless LAN performance and advanced
ISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
Lesson Overview & Objectives
Cisco Unified Wireless Network Administration: AP Association Finding a Controller Cisco Unified Wireless Network Administration: AP Association - Finding a Controller 2010 Cisco Systems, Inc. All rights
Securing a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
TrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points
TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless
Managing Rogue Devices
Information About Rogue Devices, page 1 Configuring Rogue Detection (GUI), page 5 Configuring Rogue Detection (CLI), page 8 Information About Rogue Devices Rogue access points can disrupt wireless LAN
Configuring Link Aggregation
Information About Link Aggregation, page 1 Restrictions for Link Aggregation, page 1 (GUI), page 3 (CLI), page 4 Verifying Link Aggregation Settings (CLI), page 4 Configuring Neighbor Devices to Support
RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions
RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions MERUNETWORKS.COM February 2013 1. OVERVIEW... 3 2. AUTHENTICATION AND ACCOUNTING... 4 3. 802.1X, CAPTIVE PORTAL AND MAC-FILTERING...
Configuring the Client Adapter
CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,
Pulse Policy Secure. Guest Access Solution Configuration Guide. Product Release 5.2. Document Revision 1.0 Published:
Pulse Policy Secure Guest Access Solution Configuration Guide Product Release 5.2 Document Revision 1.0 Published: 2015-03-31 2015 by Pulse Secure, LLC. All rights reserved Guest Access Solution Configuration
The information in this document is based on these software and hardware versions:
Introduction This document describes how to configure a Lightweight Access Point as a 802.1x supplicant to authenticate against a RADIUS Server such as ACS 5.2. Prerequisites Requirements Ensure that you
Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide
Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide Table of Contents INTRODUCTION... 4 DISCOVER AND PAIR GWN76XX ACCESS POINTS... 5 Discover GWN76xx... 5 Method 1: Discover
Mesh Deployment Modes
This chapter describes the mesh deployment modes and contains the following sections: Wireless Mesh Network, page 1 Wireless Backhaul, page 1 Point-to-Multipoint Wireless Bridging, page 2 Point-to-Point
Configuring Controller Settings
CHAPTER 4 This chapter describes how to configure settings on the controller. It contains these sections: Installing and Configuring Licenses, page 4-2 Configuring 802.11 Bands, page 4-26 Configuring 802.11n
Aruba Instant
Aruba Instant 6.1.3.1-3.0.0.2 Release Notes Aruba Instant 6.1.3.1-3.0.0.2 is a patch software release that introduces fixes to many previously outstanding issues. For details on all of the features described
Cisco Systems, Inc. Aironet Access Point
RSA SecurID Ready Implementation Guide Partner Information Last Modified: November 18, 2013 Product Information Partner Name Web Site Product Name Version & Platform Product Description Cisco Systems,
The Wireless LAN Controller (WLC) supports two modes of DHCP operations in case an external DHCP server is used:
Contents Introduction External DHCP Server Comparison of DHCP Proxy and Bridging Modes DHCP Proxy Mode Proxy Packet flow Proxy Packet Capture Proxy Configuration Example Troubleshoot Caveats DHCP Bridging
Cisco Mobility Express User Guide for Release 8.2
First Published: 2015-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE
DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL)
[Type a quote from the document or the summary of an interesting point. You can position the text box anywhere in the document. Use the Drawing Tools tab to change the formatting of the pull quote text
Readme for ios 7 WebAuth on Cisco Wireless LAN Controller, Release 7.4 MR 2
Readme for ios 7 WebAuth on Cisco Wireless LAN Controller, Release 7.4 MR 2 September, 2013 1 Contents This document includes the following sections: 1 Contents 1 2 Background 1 2.1 Captive Bypassing on
Configuring DHCP for WLANs
Finding Feature Information, page 1 Prerequisites for, page 1 Restrictions for, page 1 Information About the Dynamic Host Configuration Protocol, page 2 How to Configure DHCP for WLANs, page 4 Additional
Network Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
Security Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
Use Plug and Play to Deploy New Devices
About Plug and Play, page 1 Prerequisites for Using Plug and Play, page 2 Plug and Play Workflow, page 2 Use the Plug and Play Dashboard to Monitor New Device Deployments, page 4 Create Plug and Play Profiles
Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)
Troubleshooting Web Authentication on a Wireless LAN Controller (WLC) Document ID: 108501 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Web Authentication
802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
Using the Cisco Unified Wireless IP Phone 7921G Web Pages
4 CHAPTER Using the Cisco Unified Wireless IP Phone 7921G Web Pages This chapter describes how to set up your PC to configure a Cisco Unified Wireless IP Phone 7921G by using a USB connector and how to
Managing Rogue Devices
Finding Feature Information, page 1 Information About Rogue Devices, page 1 How to Configure Rogue Detection, page 6 Monitoring Rogue Detection, page 8 Examples: Rogue Detection Configuration, page 9 Additional
Web and MAC Authentication
3 Web and MAC Authentication Contents Overview..................................................... 3-2 Client Options.............................................. 3-3 General Features............................................
Spectralink VIEW Certified Configuration Guide. Aruba Networks. Aruba Instant APs IAP-11x, 20x, 21x, 22x
Spectralink VIEW Certified Configuration Guide Aruba Networks Aruba Instant APs IAP-11x, 20x, 21x, 22x 721-1008-000 Rev: B May 2016 Copyright Notice 2015-2016 Spectralink Corporation All rights reserved.
CCNA-Wireless. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exam
CCNA-Wireless Number: 640-722 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ Exam 640-722 Exam A QUESTION 1 The IEEE 802.11n standard provides 40-MHz channels, improved
Configuring WEP and WEP Features
CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding
MSM320, MSM410, MSM422, MSM430,
Polycom VIEW Certified Configuration Guide Hewlett-Packard MSM710/720/760/765 Wireless LAN Controller With MSM310, MSM320, MSM410, MSM422, MSM430, MSM46x APs September 2012 1725-36068-001 Rev H Trademarks
Configuring the WMIC for the First Time
Configuring the WMIC for the First Time This document describes how to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. Before You Start Before you install
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
Configuring WLAN Security
Finding Feature Information, page 1 Prerequisites for Layer 2 Security, page 1 Information About AAA Override, page 2 How to Configure WLAN Security, page 3 Additional References, page 11 Feature Information