Cisco Aironet 350 (DS) AP IOS Software This document details the specifications for configuring the Cisco Aironet 350 series access points (APs) using the IOS software with NetLink Wireless Telephones. Summary Manufacturer: Approved product(s): RF technology: Cisco Aironet 350, - IOS Operating System Spread spectrum direct sequence (DS), 2.4 GHz Required AP software version: Firmware version 12.3.7 JA Telephone calls per access point (maximum): 12 * Access point configuration parameters: Indoor range (typical): Required network topology: Network constraints: WEP capability: Yes * ESSID auto-learn function: Yes * See Access Point Configuration below See vendor specifications for AP Switched Ethernet Dedicated segment for wireless, single subnet Earlier and later software versions have not been tested for the NetLink SVP Server compliance, except as noted. Refer to NetLink Wireless Telephone WLAN Compatibility List for field verified AP software versions. * Telephone calls per AP must be configured in the system per documentation provided by SpectraLink. WEP and Automatic Learn are programmed into each handset in addition to being configured in the AP. NetLink Wireless Telephones NetLink Wireless Telephones use voice over IP technology on IEEE 802.11bcompatible wireless local area networks (WLANs). Access points utilize radio frequencies to transmit signals to and from the NetLink Wireless Telephones. Access Point Capacity and Positioning Each site is unique in its AP requirements. Please take the following points into account when determining how many APs are needed and where they should be placed in the facility. Handset range There must be wireless LAN coverage wherever NetLink Wireless Telephones will be used. The typical range for a NetLink Wireless Telephone is comparable to that of a laptop computer utilizing a wireless LAN PC card. However, NetLink Wireless Telephones are likely to be used in areas where data devices are not typically used, such as stairwells and outdoor areas. NetLink Wireless Telephones have a Site Survey mode that displays dbm levels to determine adequate WLAN coverage. Refer to the NetLink Copyright 2006 SpectraLink Corporation. All rights reserved. PN: 72-9975-00-E.doc Page 1
Wireless Telephone Configuration and Administration document for details about this feature. Number of handsets per access point Estimate the number of NetLink Wireless Telephones and their anticipated call volume per AP area to ensure that the maximum number of calls per AP will not be exceeded. In this estimate, consider the data rates at which the handsets will operate. Higher data rates can only be sustained while well within the range of the AP. If the NetLink Wireless Telephones will be operating near the limits of the RF coverage from the AP, they will automatically drop to 1 Mb/s operation. NetLink Wireless Telephones require approximately 15% of the available bandwidth per call for 1 Mb/s operation, approximately 10% of the available bandwidth per call for 2 Mb/s operation, approximately 7% of the available bandwidth per call for 5.5 Mb/s operation, and approximately 5% of the available bandwidth per call for 11Mb/s operation. Note: the maximum number of telephone calls per AP quoted in the Summary table above is based on 11 Mb/s operation, and will be reduced if some or all NetLink Wireless Telephones are operating at 1, 2, or 5.5 Mb/s. LAN bandwidth Estimate anticipated peak call volume to ensure that the LAN has enough bandwidth available to handle the network traffic generated by all of the wireless devices. Network traffic can be monitored/analyzed using a network sniffer or a simple network management protocol (SNMP) workstation. Number of other wireless devices per AP The NetLink Wireless Telephones share bandwidth with other wireless devices. To ensure adequate RF bandwidth availability, consider the number of wireless data devices in use per AP. VLAN Support The Cisco Aironet 350 series access points with the IOS software have the ability to manage different VLANs, each with a unique ESSID. Many times, customers will choose to place voice devices on a separate VLAN from data devices or they may choose to segment their network based on security policies. When VLANs are enabled, the AP uses 802.1Q tags on traffic entering onto the wired network. A VLAN-capable switch must remove these tags before the packets reach the NetLink Telephony Gateway or NetLink SVP Server. On Cisco switches, the switch port to which the NetLink Telephony Gateway or NetLink SVP Server is connected must be configured as a non-trunked, or access port dedicated to the voice VLAN. If the port is set to trunked, the NetLink equipment will not recognize the packet. If you are using a switch that is not capable of removing these 802.1Q tags, the NetLink Wireless Telephones must reside on the Native (or management) VLAN. PN: 72-9975-00-E.doc Page 2
NetLink Wireless Telephones with Fast Secure Roaming (FSR) In traditional wireless LAN authentication protocols, the data stream at Layer 2 is interrupted whenever a handoff occurs from one AP to another as the user moves through the facility. This interruption can last anywhere from 600ms to several seconds depending on the network topology and the location of the authentication server. This interruption has little or no impact on wireless data applications as wireless data users rarely move throughout a facility while active. However, the effects of data stream interruption during handoff on voice applications can have negative effects, such as dead air, on the user experience. With FSR, authenticated NetLink Wireless Telephone users are able to move through a facility with secure handoff from one AP to another without any perceptible delay during re-authentication. To improve re-authentication, Cisco APs and NetLink Wireless Telephones use advanced key management enhancements (Cisco Centralized Key Management or CCKM) to speed up LEAP (Lightweight Extensible Authentication Protocol) authentication. FSR Requirements Cisco IOS firmware version 12.2-13JA3 FSR is introduced in the newer Cisco IOS versions of AP firmware. APs using the VxWorks operating system will not support FSR SpectraLink s NetLink e340/i640 Wireless Telephone handsets using FSR compatible software Contact SpectraLink Customer Service to determine which version supports FSR. Previous versions of NetLink Wireless Telephone handsets will not support FSR. WDS One AP on the wireless network must perform the Wireless Domain Services function. WDS acts as a central authentication entity that supports a fast client re-key, rather than requiring a full RADIUS re-authentication each time a client roams. The WDS (running on a Cisco AP) supports a single Layer 2 (L2) subnet with up to 30 APs. The 30 AP limitation is not a physical limitation, it is the maximum recommended by Cisco, and the maximum number supported by the Cisco Technical Assistance Center. RADIUS authentication server SpectraLink has tested FSR with the following products: Cisco Secure Access Control (ACS) Server Funk Software Steel-Belted Radius Cisco Aironet 350 series access points using the local authentication service (supports up to 50 clients) PN: 72-9975-00-E.doc Page 3
Notes on Configuration The AP must support SpectraLink Voice Priority (SVP). Contact your AP vendor if you need to upgrade the AP software. If you encounter difficulties or have questions regarding the configuration process, please contact the Customer Support Hotline at (800) 775-5330. The hotline is open Monday through Friday, 6 a.m. to 6 p.m. Mountain time. PN: 72-9975-00-E.doc Page 4
Access Point Configuration 1. Connect to the AP via Netscape or Internet Explorer by navigating to the URL: http://<ip_addr> (where <IP_Addr> is the IP address of the AP). 2. The following table shows additional settings for the AP Radio configuration. This configuration screen can be reached from the main menu by clicking Network Interfaces, then click Radio-80211b, and then click the Settings link to the right of AP Radio. Parameter Setting Criticality Data rates: 1.0 Require Required 2.0 Require Required 5.5 Enable/Require* Required 11 Enable/Require* Required Transmit power Max Recommended Fragmentation threshold 600 or higher Required RTS threshold 600 or higher Required Beacon period (Kusec) 100 Required Data beacon rate (DTIM) 2 Recommended Receive antenna Diversity Required Transmit antenna Diversity Required Use Aironet extensions No Required Radio preamble Long Required * For optimum capacity, set Require if the NetLink Wireless Telephones are all operating at 11 Mb/s and the NetLink SVP Server is installed. 3. Enter the correct settings and click Apply to save the changes. 4. Quality of service (QoS) Setup: Please visit www.cisco.com and refer to the document entitled Configuring QoS for a detailed description of QoS setup in the Cisco Aironet 350 series access points. a. Click SERVICES from the main menu on the left side of the screen, and then click QOS from the sub menu. Create and name a new QoS policy. b. Go to the drop down menu under Apply Class of Service next to IP Protocol 119and click Voice <10ms Latency (6). Click ADD to add this classification to your new QoS policy. c. Click Apply to save your changes. d. Go to Apply Policies to Interface/VLANs. Use the drop down menus to apply the new QoS policy to Outgoing-FastEthernet and Incoming and Outgoing 802.11b Radio for the appropriate Interfaces of VLAN. PN: 72-9975-00-E.doc Page 5
e. Go to the tab for RADIO TRAFFIC CLASSES, go to Voice <10ms Latency, and set the Min Contention Window and Max Contention Window to 0. Next, set the Fixed time slot field to 2. These can also be configured from a Telnet Session by entering the following commands: i. interface Dot11Radio0 (enters into radio configuration mode, and changes the prompt) ii. traffic-class 6 cw-min 0 cw-max 0 fixed-slot 2 iii. exit (back to global configuration mode) Under Advanced Tab, QoS Element for Wireless Phones does not apply to NetLink Wireless Telephones. 5. Continue to the next section if FSR must be configured. If not, restart the AP. FSR Setup The following is a summary of the minimum steps required to configure Fast Secure Roaming on the Cisco Aironet 350 series APs using version 12.3.7JA. Web GUI commands change often and the steps below may be affected. Cisco Configuration Guides may be found at the web addresses listed below. Please see the Cisco Fast Secure Roaming Application Note for screenshots and IOS commands necessary for FSR configuration: http://www.cisco.com/en/us/products/hw/wireless/ps430/prod_technical_reference 09186a00801c5223.html For complete configuration details please refer to the Cisco Aironet Installation and Configuration guides and release notes at: http://www.cisco.com/en/us/products/hw/wireless/prod_category_positioning_pape r0900aecd8009298f.html 1. If not already connected to the AP, connect via Netscape or Internet Explorer by navigating to the URL: http://<ip_addr> (where <IP_Addr> is the IP address of the AP). 2. Enable encryption. All APs, including the WDS need to enable encryption. a. Select SECURITY Encryption Manager; under Encryption Modes, select Cipher. b. Use the drop down menu and select TKIP. 3. Enable Cisco LEAP for your SSID. LEAP must be enabled on all APs, including the WDS for the ESSID where the NetLink Wireless Telephones will be used. a. Select SECURITY SSID Manager and select the appropriate SSID corresponding to the VLAN using NetLink Wireless Telephones. b. Go to the Authentication Settings section; under Methods Accepted, check the Network EAP checkbox (this is the authentication type used by LEAP). PN: 72-9975-00-E.doc Page 6
c. Go to the Authenticated Key Management section; beside Key Management, select Mandatory from the drop down menu. Next check the CCKM check box (It is possible to select Optional if a mix of CCKM and non-cckm devices are connected to this VLAN). 4. Configure AP with user name and password for authentication to WDS. Cisco LEAP is used by all APs in the subnet to authenticate to the WDS. To perform the LEAP authentication each AP must be statically configured with a LEAP username and password. Each AP authenticates to the WDS using this password. a. Select WIRELESS SERVICES AP; select Enabled next to WIRELESS SERVICES. b. Enter the LEAP username and password as entered in your RADIUS server. 5. Configuring an AP as the WDS. One AP on the network must be configured as a WDS. This is the key to enabling Cisco FSR. This AP will act as a proxy between the AP and clients on your subnet and the RADIUS authentication server. Due to processing requirements, it is advisable to disable the radio on this AP and use it solely for WDS functions. a. Select WIRELESS SERVICES WDS and proceed to the SETTINGS tab. b. Check the check box labeled Use this AP as Wireless Domain Services. 6. Restart the AP. The AP is now ready for use with NetLink Wireless Telephones. PN: 72-9975-00-E.doc Page 7