Approved APs: AP 1121, 1131, 1231, 1232, 1242, BR 1310

Similar documents
Field Verified. Configuration Guide. Cisco. 1100, 1200 and 1300 Series APs using the Wireless LAN Services Module (WLSM)

Configuring the WMIC for the First Time

VIEW Configuration Guide. Cisco. 1131, 1232 and 1242 Autonomous APs. June 2010 Edition Version D

Configuring the Access Point/Bridge for the First Time

Integration Guide. Trakker Antares 2400 Family and Cisco Aironet 123X

EAP FAST with the Internal RADIUS Server on the Autonomous Access Point Configuration Example

TACACS+ on an Aironet Access Point for Login Authentication Configuration Example

Integration Guide. CK30/CK31 and Cisco Aironet 1231/1242

Cisco Aironet 350 (DS) AP IOS Software

Configuring a Wireless LAN Connection

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

CONFIGURATION DU SWITCH

Cisco Unified Communications Manager Express 7921 Push-to-talk

VIEW Certified Configuration Guide. Cisco

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Cisco Systems, Inc , 1200, 1300 Series AP (Autonomous mode) Product sw version 12.3(11)JA4 I75 Handset sw version 1.4.

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Console Server. Con. Cisco Aironet Port Figure 1: Aironet configuration

Siemens HiPath Wireless: Configuration and Deployment Guide

3Com Wireless LAN Mobility System Configuration and Deployment Guide

AP firmware version tested: NetLink Wireless Telephone software version tested: Maximum telephone calls per AP: 8

Extreme Networks Summit WM-Series Wireless Controller and Altitude APs Configuration and Deployment Guide

Siemens HiPath Wireless: Configuration and Deployment Guide

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

LEAP Authentication on a Local RADIUS Server

Configuring Hybrid REAP

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Securing a Wireless LAN

Configuring Spanning Tree Protocol

Configuring VLANs CHAPTER

Lab - Troubleshooting VLAN Configurations (Instructor Version Optional Lab)

Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3

Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION

INTRODUCTION...2 SOLUTION DETAILS...3 NOTES...3 HOW IT WORKS...4

Configuring a Basic Wireless LAN Connection

3. What could you use if you wanted to reduce unnecessary broadcast, multicast, and flooded unicast packets?

Wireless Domain Services FAQ

Configuring Catalyst Switches for Polycom Conference Phones

1 of :22

MSM320, MSM410, MSM422, MSM430,

Catalyst 4500 Series IOS Commands

Configuring Multiple SSIDs

Device Interface IP Address Subnet Mask Default Gateway. Ports Assignment Network

VIEW Certified Configuration Guide. Nortel. WLAN Security Switch 2300 Series with AP January 2008 Edition Version F

Catalyst 4500 Series IOS Commands

Cisco Press CCIE Practical Studies CCIE Practice Lab: Enchilada Solutions

Exam : Cisco Title : Update : Demo. Composite Exam

Wireless LAN Controller Module Configuration Examples

Table of Contents. isco Configuring 802.1q Trunking Between a Catalyst 3550 and Catalyst Switches Running Integrated Cisco IOS (Nativ

Contents. Introduction

accounting (SSID configuration mode) through encryption mode wep

Configuring VLANs CHAPTER

Catalyst Switches for Microsoft Network Load Balancing Configuration Example

Oct 2007 Version 1.01

CERIO Corporation OW-310N2

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

Configuring Authentication Types

ISR Wireless Configuration Example

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

PowerStation2 LiteStation2 LiteStation5 User s Guide

Configuring VLANs. Finding Feature Information. Prerequisites for VLANs

!! Last configuration change at 16:04:19 UTC Tue Feb by zdrillin! NVRAM config last updated at 21:07:18 UTC Thu Feb ! version 12.

Quality of Service WMM, U-APSD, DSCP, CoS (802.1p/q), TSPEC Other IEEE Standards d

FlexConnect. Information About FlexConnect

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

IEEE a/ac/n/b/g Outdoor Stand-Alone Access Point. Management Guide. ECWO Series. Software Release v1.0.1.

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing (Instructor Version Optional Lab)

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

VIEW Certified Configuration Guide. Extreme Networks. Summit WM 100, 1000 Wireless Controllers with Altitude AP

WH-9200AP a/b/g Dual Radio Wireless Base Station. User s Manual

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Chapter 5 Lab 5-1 Inter-VLAN Routing INSTRUCTOR VERSION

Symbols. Numerics INDEX

Switches running the LAN Base feature set support only static routing on SVIs.

Configuring VLANs. Finding Feature Information. Prerequisites for VLANs

PrepKing. PrepKing

VIEW Certified Configuration Guide. Trapeze Networks. Mobility System for MP-422 Access Points. June 2008 Edition Version D

Configuring Cipher Suites and WEP

Configuring Virtual Private LAN Services

QUESTION/SOLUTION SET LAB 4

MLDP In-Band Signaling/Transit Mode

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

User Guide LAPN300. Wireless-N300. Access Point with POE. Model # LAPN300

2100/2500/4400/5500/7500/8500 Series WLC (Wireless LAN Controller),

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through

Document ID: Contents. Introduction. Prerequisites. Requirements. Components Used. Conventions. Background Information.

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Viewing Status and Statistics

Configuring a VAP on the WAP351, WAP131, and WAP371

IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 Ports

VIEW Certified Configuration Guide. Colubris Networks Series MultiService Controllers with MAP-320/330 MultiService Access Points

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

NSF SSO ISSU Support for VPLS

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Design and Implementation Plan for Network Based on the ALOHA Point of Sale System. Proposed by Jedadiah Casey. Introduction

Configuring WLANsWireless Device Access

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Configuring the Xirrus Array

WAP9112/9114 Quick Start Guide

Transcription:

Cisco 1100 and 1200 Series APs Using the Wireless LAN Services Module (WLSM) Configuration and Deployment Guide This document describes the required settings and configuration for Cisco 1100 and 1200 Series access points (APs) using the Wireless LAN Services Module (WLSM) to support wireless IP telephones. Product Summary Manufacturer: Cisco: www.cisco.com Approved APs: AP 1121, 1131, 1231, 1232, 1242, BR 1310 WLSM framework: Catalyst 6503-E Switch, Supervisor Engine 720, WLSM Module External network components: RADIUS Server * Cisco 2940 1g Switch RF technology: Radio: QoS Security: AP firmware version tested: 802.11b/g 2.4 2.484 GHz SpectraLink Voice Priority (SVP) WPA-PSK, WPA2-PSK 12.3.7-JA4 Wireless IP telephone software version tested: SRP Version 2.0 (89.124) Handset models 3616/3620/3626 3641/3645 Radio mode 802.11b 802.11b Maximum telephone calls per AP: 8 8 Auto-learn function: Yes * No Recommended network topology: Denotes products directly used in testing Switched Ethernet (recommended) * RADIUS Server used in place of a WLSE Module Network Topology The following topology was tested during lab testing. It is important to note that these do not necessarily represent all tested configurations. Copyright 2007 Avaya, Inc. All rights reserved 21-601643, Issue 1, May 2007 Page 1

Page 2

Known Limitations 1. Wi-Fi Multimedia (WMM) must be disabled in this configuration (default is on ). WMM is a global setting, therefore WMM may not be used for any Wi-Fi devices on this network. 2. Avaya's push-to-talk (PTT) functionality, available in wireless IP telephones, does not work in this configuration because of limitations with the way that multicast traffic is passed through the WLSM. 3. Cisco Fast Secure Roaming (FSR) has limited functionality in this configuration, therefore, it is not recommended. Avaya recommends WPA-PSK and WPA2-PSK for this configuration. Notes on Configuration Initial Setup The AP must support SpectraLink Voice Priority (SVP). Contact your AP vendor if you need to upgrade the AP software. Go to the Cisco Download site at www.cisco.com and download the latest version of firmware for the access point (AP) and WLSM modules. If you encounter difficulties or have questions regarding the configuration process, please contact your local Cisco's customer service at www.cisco.com. WLSM Setup For an introduction and set up guide for Cisco s Catalyst 6500 Switch, go to the following links: http://www.cisco.com/univercd/cc/td/doc/product/wireless/wlsmdig.htm and http://www.cisco.com/en/us/products/sw/cscowork/ps3915/products_white_paper09186a008 01d8630.shtml The minimum components required are a Catalyst 6500 chassis, Supervisory 720 module and a Wireless LAN Services Module (WLSM). Either a Wireless LAN Solution Engine (WLSE ) or a RADIUS server are required for AAA Authentication. The 6500 chassis has only one Ethernet port connection, which is a gigabit port. An Ethernet Module can be added to the 6500 chassis or an external switch used. An external switch must support 802.1Q VLAN s and have at least one Gigabit port. Two 20 amp wall circuits are required for powering the unit. Sample configuration files for the Sup 720 and WLSM modules are shown at the end of this document. AP Setup The APs have to be configured to work within the WLSM environment. The settings shown in the examples in this document correspond to the settings in the configuration files for the WLSM setup. Page 3

Mapping The table below shows how the different modules map to each other. Page 4

Assigning an IP address to a new AP 1. Connect the PC s serial port to the AP via the command line interface (CLI) cable. Run a terminal program set to 9600 baud. 2. At the prompt, type enable. 3. Type the password, default password is Cisco. 4. Type the command configure terminal. 5. Type the command interface BVI 1. 6. Type ip address <ip address> <net mask>. 7. Type end and then type write mem to save configuration. Connecting to the AP Connect to the AP via Netscape or Internet Explorer by navigating to the URL: http://<ip_addr> (where <IP_Addr> is the IP address of the AP). Installing software on the AP 1. Download the appropriate firmware for your model AP from the Cisco IOS Software Downloads Web site. 2. Connect to the AP via a web browser, preferably IE. Turn off pop-up blocking. 3. Click SYSTEM SOFTWARE. 4. Click Software Upgrade 5. Click the HTTP UPGRADE tab. 6. Use the Browse button to select the target image. 7. Click the Upgrade button. 8. Allow for at least five minutes for the upgrade to complete. The progress of the upgrade can be tracked via the AP s LEDs. Center LED RED means image is being downloaded. All LEDs ON means AP is decompressing the image, rebooting, etc. Top LED GREEN, radio and status LEDs blinking means Ethernet connectivity OK, normal operation. 9. The Web browser opens a window indicating the amount of time since the upgrade started. After the upgrade is completed, this window may stay open. The user will need to close these window(s) and refresh the Web browser s connection to the AP. The rest of the configuration can easily be done through the browser interface. Log into the AP via a Web browser using the IP address assigned in the above step. Page 5

Configuring Security Main Security screen The Security Summary screen below shows the configurations of three VLANS. VLANs are set up to work with different encryptions and SSIDs. Network IDs are assigned to the corresponding tunnel ID on the SUP 720. Note that the configurations shown below depict the configuration of three different SSIDs with three different encryption types. For example: BBK VLAN 1 WPA-PSK/AES ADG VLAN2 WPA-PSK/TKIP FSR VLAN3 CCKM/TKIP (which was not used during this testing) Page 6

Configuring VLANs The following screen shows the set-up for creating a VLAN. Note that if your deployment uses only a single encryption type, it is not necessary to configure VLANs. Click Security in the navigation pane, and select Encryption Manager to configure a single encryption type. See the Configuring Encryption section below for an example of the Encryption Manager screen. 1. In the navigation pane, click SERVICES. 2. Select VLAN from the sub-menu. 3. Under Current VLAN List, select the proper VLAN from list box, or create a new one if necessary. 4. Assign a VLAN ID number to the VLAN. 5. Make sure Radio0-802.11G is selected. 6. One VLAN has to be set as the Native VLAN. 7. Click the Apply to button. Page 7

Configuring Encryption Set Security: Encryption manager 1. In the navigation pane, click SECURITY. 2. Select Encryption Manager from the sub-menu. 3. For Set Encryption Mode and Keys for VLAN, select the proper VLAN that corresponds to the SSID. 4. Under Encryption Modes, click the Cipher option. 5. For WPA-PSK, select TKIP from the drop-down list. For WPA2-PSK, select AES CCMP from the drop-down list. 6. Under Encryption Keys, clear all Encryption Key fields. 7. Under Global Properties, click the Disable Rotation option. 8. Click the Apply button. The following example shows the SECURITY screen with WPA2-PSK settings. Page 8

Configuring SSIDs The following screen shows the set-up for WPA2-PSK and VLAN1. 1. In the navigation pane, click SECURITY. 2. Select SSID Manager from the sub-menu. 3. Under SSID Properties, select the proper SSID from the list box, or create a new one if necessary. Make sure Radio0-802.11G is selected. 4. Select the proper VLAN and Network ID number. The Network ID number matches a Mobility Network ID of a Tunnel Interface on the Sup720. 5. Under Authentication Settings, select the Open Authentication check box and select No Addition from the drop-down list. Page 9

6. Use default settings for Server Priorities. 7. Under Authenticated Key Management: a. Select Mandatory from the Key Management drop-down list. b. Select the WPA check box. c. In the WPA Pre-shared Key field, type in the key code used in the phones. Characters are case sensitive. d. Select the ASCII option. 8. Click the Apply button. 9. At the bottom of the page, under Guest Mode/Infrastructure SSID Settings, select the Single BSSID option and select the SSID that was used in step 5. 10. Click the Apply button. Page 10

Configuring QoS Quality of service policies must be set up to enable voice packets to be prioritized properly. Two policies are created, one for downstream traffic and one for upstream traffic. Page 11

Configuring SRP for downstream traffic 1. In the navigation pane, click SERVICES. 2. Select QoS from the sub-menu. 3. Create the downstream QoS policy: a. Under Create/Edit Policy, select the proper Policy Name from the drop-down list, or create a new one if necessary. b. Select Voice <10ms Latency (6) from the third drop-down list under Apply Class of Service. c. Click the Add button to add this classification to your new QoS policy. 4. Click the Apply button. Page 12

Configuring SRP for upstream traffic 1. Create the upstream QoS policy: a. Under Create/Edit Policy, select the proper Policy Name from the drop-down list, or create a new one if necessary. b. Select Video <100ms Latency (5) from the third drop-down list under Apply Class of Service. c. Click the Add button to add this classification to your new QoS policy. 2. Click the Apply button. Page 13

Apply policies to interfaces 1. Scroll down to Apply Policies to Interface/ VLANs. 2. Apply the new QoS policies to Incoming and Outgoing Radio0-802.11G for the appropriate interfaces for each VLAN by selecting them from the applicable drop-down lists: a. Apply the downstream policy to the Incoming traffic for Radio0-802.11G. b. Apply the upstream policy to the Outgoing traffic for Radio0-802.11G. 3. No policies are applied to the Fast Ethernet interface. 4. Click the Apply button. Page 14

Radio0-80211G access categories 1. Click the RADIO0 802.11G ACCESS CATEGORIES tab. 2. At Voice (CoS 6-7): a. Set the Min Contention Window and Max Contention Window fields to 0. b. Set the Fixed Slot Time field to 2. c. Set the Transmit Opportunity field to 0. 3. Click the Apply button. Page 15

QOS advanced settings 1. Click the Advanced tab. 2. At QoS Element for Wireless Phones, click the Enable option. 3. Under IGMP Snooping, click the Enable option. 4. At Map Ethernet Packets with Cos5 to Cos6, click the Yes option. 5. Important Under WMM, under Enable on Radio Interfaces, make sure the check boxes are cleared. 6. Click the Apply button. Page 16

Radio Settings 1. In the navigation pane, click NETWORK INTERFACES. 2. Select Radio0-802.11G from the sub-menu. 3. Click the SETTINGS tab. 4. Set Enable Radio to Enable. 5. For setting up the Data Rates there are two options, Best Range or Best Throughput. a. For Best Throughput select Enable for 1.0, 2.0 and 5.5 Mb/sec, and select Require for 11.0 Mb/sec. To support this data rate set, signal strength of -60 dbm or stronger is required wherever the handsets are to be used. The screen shot below shows the settings for Best Throughput. b. For Best Range select Require for 1.0 Mb/sec, and select Enable for 2.0, 5.5 and 11.0 Mb/sec. To support this data rate set, signal strength of -70 dbm or stronger is required wherever the handsets are to be used. Page 17

6. Power level and Channel selection will vary according to the environment. Page 18

7. At Aironet Extensions, select the Disable option. 8. Set the Data Beacon Rate (DTIM) field to 3. 9. Set the Max. Data Retries and RTS Max. Retries fields to 20. 10. Click the Apply button. Page 19

Wireless Services The AP needs to be configured to access the WDS service on the WLSM module. The IP address is assigned to the WLSM module (under wlan vlan configuration) in its configuration file. 1. In the navigation pane, click WIRELESS SERVICES. 2. Select AP from the sub-menu. Page 20

3. At Participate in SWAN Infrastructure, click the Enable option. 4. At WDS Discovery, click the Specified Discovery option, and enter the IP Address assigned to the WLSM module. 5. Enter the Username assigned to the RADIUS server and WDS. 6. Enter the Password assigned to the RADIUS server and WDS. 7. Click the Apply button. Page 21

Assigning a Different IP Address to a Configured AP 1. In the navigation pane, click NETWORK INTERFACES. 2. Select IP Address from the sub-menu. 3. Enter the new IP Address and IP Subnet Mask as required. 4. Enter a Default Gateway IP Address if required. 5. Click the Apply button. Page 22

Example Configuration File for SUP720 Building configuration... Current configuration : 3940 bytes version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service counters max age 10 hostname Cat6503-E boot system flash sup-bootflash:s72033-pk9sv-mz.122-18.sxd5.bin logging snmp-authfail enable password cisco no aaa new-model wlan module 3 allowed-vlan 100 vtp mode transparent ip subnet-zero no ip domain-lookup ip dhcp excluded-address 192.168.115.1 ip dhcp excluded-address 192.168.116.1 ip dhcp excluded-address 192.168.112.1 192.168.112.6 ip dhcp excluded-address 192.168.114.1 192.168.114.2 ip dhcp pool mobilnet1 ip dhcp pool mobilenet1 network 192.168.114.0 255.255.255.0 default-router 192.168.114.1 option 151 ip 192.168.110.5 option 66 ip 192.168.110.6 ip dhcp pool mobilenet2 network 192.168.115.0 255.255.255.0 option 66 ip 192.168.110.6 option 151 ip 192.168.110.5 default-router 192.168.115.1 ip dhcp pool mobilenet3 network 192.168.116.0 255.255.255.0 option 151 ip 192.168.110.5 option 66 ip 192.168.110.6 default-router 192.168.116.1 ip dhcp pool aironet-vlan2 Page 23

network 192.168.112.0 255.255.255.0 default-router 192.168.112.1 ip dhcp snooping ip multicast-routing mls ip multicast flow-stat-timer 9 no mls flow ip no mls flow ipv6 mls qos mls cef error action freeze power redundancy-mode combined spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe cisco.cns.device.diag_commands redundancy mode sso main-cpu auto-sync running-config auto-sync standard vlan internal allocation policy ascending vlan access-log ratelimit 2000 vlan 2-3,100 class-map match-all DSCP match any policy-map upstream class DSCP trust cos interface Loopback10 ip address 192.168.117.2 255.255.255.255 interface Loopback11 ip address 192.168.117.1 255.255.255.255 interface Loopback12 ip address 192.168.117.0 255.255.255.255 Page 24

interface Loopback33 ip address 33.33.33.33 255.255.255.255 ip pim sparse-dense-mode interface Tunnel10 description WPA-PSK WPA2 ip address 192.168.114.1 255.255.255.0 no ip redirects ip mtu 1476 ip dhcp snooping packets ip pim sparse-dense-mode tunnel source Loopback10 tunnel mode gre multipoint mobility network-id 10 mobility trust mobility broadcast service-policy input upstream interface Tunnel11 description WPA-LEAP_EAP ip address 192.168.115.1 255.255.255.0 no ip redirects ip mtu 1476 ip dhcp snooping packets ip pim sparse-dense-mode tunnel source Loopback11 tunnel mode gre multipoint mobility network-id 11 mobility trust mobility broadcast service-policy input upstream interface Tunnel12 description CCKM-TKIP-FSR ip address 192.168.116.1 255.255.255.0 no ip redirects ip mtu 1476 ip pim dense-mode tunnel source Loopback12 tunnel mode gre multipoint mobility network-id 12 mobility trust mobility broadcast service-policy input upstream interface GigabitEthernet1/1 ip address 192.168.104.1 255.255.255.0 interface GigabitEthernet1/2 no ip address Page 25

media-type rj45 switchport switchport trunk encapsulation dot1q switchport mode trunk service-policy input upstream interface Vlan1 ip address 192.168.110.1 255.255.255.0 ip pim dense-mode ip igmp join-group 224.0.1.116 ip igmp static-group 224.0.1.116 interface Vlan2 description AP group 1 ip address 192.168.112.1 255.255.255.0 ip pim dense-mode ip igmp static-group 224.0.1.116 interface Vlan3 description AP group 2 ip address 192.168.113.1 255.255.255.0 ip pim dense-mode ip igmp static-group 224.0.1.116 interface Vlan100 ip address 192.168.111.1 255.255.255.0 ip pim dense-mode ip igmp static-group 224.0.1.116 ip classless no ip http server ip pim rp-address 33.33.33.33 control-plane line con 0 line vty 0 4 password cisco login end Cat6503-E# Page 26

Example Configuration File for WLSM version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname wlsm enable password cisco username cisco password 0 cisco spd headroom 512 aaa new-model aaa authentication login leap-devices group radius aaa authentication login client-auth group radius aaa session-id common ip subnet-zero ip tftp source-interface Ethernet0/0.100 no ip domain lookup wlan vlan 100 ipaddr 192.168.111.2 255.255.255.0 gateway 192.168.111.1 admin ip classless ip route 0.0.0.0 0.0.0.0 192.168.111.1 ip http server no ip http secure-server logging snmp-trap emergencies logging snmp-trap alerts logging snmp-trap critical logging snmp-trap errors logging snmp-trap warnings no cdp run radius-server host 192.168.110.7 auth-port 1645 acct-port 1646 radius-server key spectralink Page 27

wlccp authentication-server infrastructure leap-devices wlccp authentication-server client any client-auth line con 0 password cisco transport preferred all transport output all line 1 3 no exec transport preferred all transport input all transport output all flowcontrol software line vty 0 4 password cisco transport preferred all transport input all transport output all end Page 28

Example Configuration File for 2940 Switch version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Switch enable secret 5 $1$nJJr$yba1.cqtPZvuk91xKLuQ01 ip subnet-zero vtp mode transparent spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id vlan 2-3 interface FastEthernet0/1 switchport access vlan 2 switchport mode access interface FastEthernet0/2 switchport access vlan 2 switchport mode access interface FastEthernet0/3 interface FastEthernet0/4 interface FastEthernet0/5 interface FastEthernet0/6 interface FastEthernet0/7 switchport access vlan 3 switchport mode access interface FastEthernet0/8 switchport access vlan 3 switchport mode access Page 29

interface GigabitEthernet0/1 switchport mode trunk interface Vlan1 ip address 192.168.110.2 255.255.255.0 no ip route-cache ip default-gateway 192.168.110.1 ip http server line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 login end Page 30

Example Configuration File for 1130 AP Building configuration... Current configuration : 5525 bytes version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname ap enable secret 5 $1$HhzS$AETmoXfrVtIvD6SqHanZi. ip subnet-zero aaa new-model aaa group server radius rad_eap server 192.168.110.7 auth-port 1645 acct-port 1646 aaa group server radius rad_mac aaa group server radius rad_acct aaa group server radius rad_admin server 192.168.110.7 auth-port 1645 acct-port 1646 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache aaa group server tacacs+ tac_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache aaa group server radius rad_pmip aaa group server radius dummy aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all Page 31

aaa session-id common dot11 ssid ADG vlan 2 authentication open authentication key-management wpa mobility network-id 11 wpa-psk ascii 7 03267E28575D72181B5F4E dot11 ssid BBK vlan 1 authentication open authentication key-management wpa mobility network-id 10 wpa-psk ascii 7 0529232C701E1D5D4C5340 dot11 ssid FSR vlan 3 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management cckm mbssid guest-mode dtim-period 3 mobility network-id 12 information-element ssidl dot11 priority-map avvid dot11 phone power inline negotiation prestandard source username Cisco password 7 0802455D0A16 class-map match-all _class_srp0 match ip protocol 119 class-map match-all _class_srp-up0 match ip protocol 119 policy-map SRP class _class_srp0 set cos 6 policy-map SRP-UP class _class_srp-up0 set cos 5 bridge irb interface Dot11Radio0 Page 32

no ip address no ip route-cache encryption mode ciphers aes-ccm encryption vlan 1 mode ciphers aes-ccm encryption vlan 3 mode ciphers tkip encryption vlan 2 mode ciphers tkip ssid ADG ssid BBK ssid FSR no short-slot-time traffic-class background cw-min 5 cw-max 10 fixed-slot 7 traffic-class best-effort cw-min 5 cw-max 10 fixed-slot 3 traffic-class video cw-min 4 cw-max 5 fixed-slot 3 traffic-class voice cw-min 0 cw-max 0 fixed-slot 2 speed 1.0 2.0 5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 power local cck -1 power local ofdm -1 power client -1 packet retries 20 no preamble-short channel 2417 station-role root rts retries 20 beacon dtim-period 3 no dot11 qos mode dot11 qos class video transmit-op 0 dot11 qos class voice transmit-op 0 no dot11 extension aironet interface Dot11Radio0.1 encapsulation dot1q 1 native service-policy input SRP service-policy output SRP-UP no ip route-cache bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled interface Dot11Radio0.2 encapsulation dot1q 2 service-policy input SRP Page 33

service-policy output SRP-UP no ip route-cache bridge-group 2 bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled interface Dot11Radio0.3 encapsulation dot1q 3 service-policy input SRP service-policy output SRP-UP no ip route-cache bridge-group 3 bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 3 spanning-disabled interface Dot11Radio1 no ip address no ip route-cache shutdown traffic-class voice cw-min 0 cw-max 0 fixed-slot 2 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root no dot11 qos mode dot11 qos class voice transmit-op 1504 bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto interface FastEthernet0.1 encapsulation dot1q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled interface FastEthernet0.2 encapsulation dot1q 2 no ip route-cache bridge-group 2 no bridge-group 2 source-learning bridge-group 2 spanning-disabled Page 34

interface FastEthernet0.3 encapsulation dot1q 3 no ip route-cache bridge-group 3 no bridge-group 3 source-learning bridge-group 3 spanning-disabled interface BVI1 ip address 192.168.113.2 255.255.255.0 no ip route-cache ip default-gateway 192.168.113.1 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.110.7 auth-port 1645 acct-port 1646 key 7 13160717081 8162B272D2638 radius-server vsa send accounting control-plane bridge 1 route ip wlccp ap username spectralink password 7 071C31494D1D0B041B1B0507 wlccp ap wds ip address 192.168.111.2 line con 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all end Page 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback