Cisco Wireless LAN Controller Configuration Guide, Release 7.6First Published: December 19, 2013

Last Modified: April 15, 2014

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-30339-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

2002-2013 Cisco Systems, Inc. All rights reserved.

C O N T E N T S

P r e f a c e Preface xlvii

Audience xlvii

Conventions xlvii

Related Documentation xlviii

Obtaining Documentation and Submitting a Service Request xlix

P A R T I System Management 1

C H A P T E R 1 Overview 3

Cisco Wireless Overview 3

Single-Controller Deployments 4

Multiple-Controller Deployments 5

Operating System Software 6

Operating System Security 6

Layer 2 and Layer 3 Operation 7

Operational Requirements 7

Configuration Requirements 7

Cisco Wireless LAN Controllers 8

Client Location 8

Controller Platforms 8

Cisco 2500 Series Controllers 8

Cisco 5500 Series Controller 9

Cisco Flex 7500 Series Controllers 9

Cisco 8500 Series Controllers 9

Cisco Virtual Wireless LAN Controllers 10

Cisco Wireless Services Module 2 10

Cisco Wireless Controller on Cisco Services-Ready Engine (SRE) 10

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 iii

Cisco UWN Solution WLANs 11

File Transfers 11

Power over Ethernet 11

Cisco Wireless LAN Controller Memory 12

Cisco Wireless LAN Controller Failover Protection 12

C H A P T E R 2 Getting Started 15

Configuring the Controller Using the Configuration Wizard 15

Connecting the Console Port of the Controller 16

Configuring the Controller (GUI) 16

Configuring the ControllerUsing the CLI Configuration Wizard 27

Using the Controller Web GUI 29

Guidelines and Limitations 30

Logging On to the Web GUI 30

Logging out of the GUI 31

Enabling Web and Secure Web Modes 31

Enabling Web and Secure Web Modes (GUI) 31

Enabling Web and Secure Web Modes (CLI) 32

Loading an Externally Generated SSL Certificate 33

Information About Externally Generated SSL Certificates 33

Loading an SSL Certificate (GUI) 34

Loading an SSL Certificate (CLI) 35

Using the Controller CLI 36

Logging on to the Controller CLI 36

Guidelines and Limitations 36

Using a Local Serial Connection 37

Using a Remote Ethernet Connection 37

Logging Out of the CLI 38

Navigating the CLI 38

Using the AutoInstall Feature for Controllers Without a Configuration 39

Information About the AutoInstall Feature 39

Guidelines and Limitations 40

Obtaining an IP Address Through DHCP and Downloading a Configuration File from

a TFTP Server 40

Selecting a Configuration File 41

Cisco Wireless LAN Controller Configuration Guide, Release 7.6iv OL-30339-01

Contents

Example: AutoInstall Operation 42

Managing the Controller System Date and Time 43

Information About Controller System Date and Time 43

Guidelines and Limitations 43

Configuring an NTP Server to Obtain the Date and Time 43

Configuring NTP Authentication (GUI) 44

Configuring NTP Authentication (CLI) 44

Configuring the Date and Time (GUI) 45

Configuring the Date and Time (CLI) 46

Configuring Telnet and Secure Shell Sessions 48

Information About Telnet and SSH 48

Restrictions for Telnet and SSH 48

Configuring Telnet and SSH Sessions (GUI) 48

Configuring Telnet and SSH Sessions (CLI) 49

Configuring Telnet Privileges for Selected Management Users (GUI) 51

Configuring Telnet Privileges for Selected Management Users (CLI) 51

Troubleshooting Access Points Using Telnet or SSH_old 51

Troubleshooting Access Points Using Telnet or SSH (GUI) 52

Troubleshooting Access Points Using Telnet or SSH (CLI) 52

Managing the Controller Wirelessly 53

Enabling Wireless Connections (GUI) 53

Enabling Wireless Connections (CLI) 53

C H A P T E R 3 Managing Licenses 55

Installing and Configuring Licenses 55

Information About Installing and Configuring Licenses 55

Restrictions for Using Licenses 56

Obtaining an Upgrade or Capacity Adder License 56

Information About Obtaining an Upgrade or Capacity Adder License 56

Obtaining and Registering a PAK Certificate 57

Installing a License 58

Installing a License (GUI) 58

Installing a License (CLI) 58

Viewing Licenses 59

Viewing Licenses (GUI) 59

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 v

Contents

Viewing Licenses (CLI) 60

Configuring the Maximum Number of Access Points Supported 62

Configuring Maximum Number of Access Points to be Supported (GUI) 62

Configuring Maximum Number of Access Points to be Supported (CLI) 63

Troubleshooting Licensing Issues 63

Activating an AP-Count Evaluation License 63

Information About Activating an AP-Count Evaluation License 63

Activating an AP-Count Evaluation License (GUI) 64

Activating an AP-Count Evaluation License (CLI) 65

Configuring Right to Use Licensing 66

Information About Right to Use Licensing 66

Configuring Right to Use Licensing (GUI) 67

Configuring Right to Use Licensing (CLI) 67

Rehosting Licenses 67

Information About Rehosting Licenses 68

Rehosting a License 68

Rehosting a License (GUI) 68

Rehosting a License (CLI) 69

Transferring Licenses to a Replacement Controller after an RMA 71

Information About Transferring Licenses to a Replacement Controller after an

RMA 71

Transferring a License to a Replacement Controller after an RMA 71

C H A P T E R 4 Configuring 802.11 Bands 73

Configuring 802.11 Bands 73

Information About Configuring 802.11 Bands 73

Configuring the 802.11 Bands (GUI) 73

Configuring the 802.11 Bands (CLI) 75

Configuring Band Selection 77

Information About Configuring Band Selection 77

Restrictions on Band Selection 77

Configuring Band Selection 78

Configuring Band Selection (GUI) 78

Configuring Band Selection (CLI) 78

Cisco Wireless LAN Controller Configuration Guide, Release 7.6vi OL-30339-01

Contents

C H A P T E R 5 Configuring 802.11 Parameters 81

Configuring the 802.11n Parameters 81

Information About Configuring the 802.11n Parameters 81

Configuring the 802.11n Parameters (GUI) 82

Configuring the 802.11n Parameters (CLI) 83

Configuring 802.11h Parameters 84

Information About Configuring 802.11h Parameters 84

Configuring the 802.11h Parameters (GUI) 85

Configuring the 802.11h Parameters (CLI) 85

Configuring the 802.11ac Parameters 86

Information About Configuring the 802.11ac Parameters 86

Restrictions for 802.11ac Support 87

Configuring the 802.11ac High-Throughput Parameters (GUI) 87

Configuring the 802.11ac High-Throughput Parameters (CLI) 88

C H A P T E R 6 Configuring DHCP Proxy 89

Information About Configuring DHCP Proxy 89

Restrictions on Using DHCP Proxy 89

Configuring DHCP Proxy (GUI) 90

Configuring DHCP Proxy (GUI) 90

Configuring DHCP Proxy (CLI) 90

Configuring DHCP Proxy (CLI) 91

Configuring a DHCP Timeout (GUI) 91

Configuring a DHCP Timeout (CLI) 91

C H A P T E R 7 Configuring SNMP 93

Configuring SNMP (CLI) 93

SNMP Community Strings 95

Changing the SNMP Community String Default Values (GUI) 95

Changing the SNMP Community String Default Values (CLI) 95

Configuring Real Time Statistics (CLI) 96

SNMP Trap Enhancements 96

C H A P T E R 8 Configuring Aggressive Load Balancing 97

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 vii

Contents

Information About Configuring Aggressive Load Balancing 97

Configuring Aggressive Load Balancing (GUI) 98

Configuring Aggressive Load Balancing (CLI) 98

C H A P T E R 9 Configuring Fast SSID Changing 101

Information About Configuring Fast SSID Changing 101

Configuring Fast SSID Changing (GUI) 101

Configuring Fast SSID Changing (CLI) 101

C H A P T E R 1 0 Configuring 802.3 Bridging 103

Configuring 802.3 Bridging 103

Information About Configuring 802.3 Bridging 103

Restrictions on 802.3 Bridging 103

Configuring 802.3 Bridging 104

Configuring 802.3 Bridging (GUI) 104

Configuring 802.3 Bridging (CLI) 104

Enabling 802.3X Flow Control 104

C H A P T E R 1 1 Configuring Multicast 105

Configuring Multicast Mode 105

Information About Multicast Mode 105

Restrictions for Configuring Multicast Mode 107

Enabling Multicast Mode (GUI) 108

Enabling Multicast Mode (CLI) 108

Viewing Multicast Groups (GUI) 109

Viewing Multicast Groups (CLI) 110

Viewing an Access Points Multicast Client Table (CLI) 110

Configuring Multicast Domain Name System 111

Information About Multicast Domain Name System 111

Restrictions for Configuring Multicast DNS 113

Configuring Multicast DNS (GUI) 113

Configuring Multicast DNS (CLI) 115

C H A P T E R 1 2 Configuring Client Roaming 119

Information About Client Roaming 119

Cisco Wireless LAN Controller Configuration Guide, Release 7.6viii OL-30339-01

Contents

Inter-Controller Roaming 119

Intra-Controller Roaming 119

Inter-Subnet Roaming 120

Voice-over-IP Telephone Roaming 120

CCX Layer 2 Client Roaming 120

Guidelines and Limitations 121

Configuring CCX Client Roaming Parameters (GUI) 121

Configuring CCX Client Roaming Parameters (CLI) 122

Obtaining CCX Client Roaming Information (CLI) 122

Debugging CCX Client Roaming Issues (CLI) 123

C H A P T E R 1 3 Configuring IP-MAC Address Binding 125

Information About Configuring IP-MAC Address Binding 125

Configuring IP-MAC Address Binding (CLI) 125

C H A P T E R 1 4 Configuring Quality of Service 127

Configuring Quality of Service 127

Information About Quality of Service 127

Configuring Quality of Service Profiles 128

Configuring QoS Profiles (GUI) 128

Configuring QoS Profiles (CLI) 129

Configuring Quality of Service Roles 130

Information About Quality of Service Roles 130

Configuring QoS Roles 131

Configuring QoS (GUI) 131

Configuring QoS Roles (CLI) 132

C H A P T E R 1 5 Configuring Application Visibility and Control 135

Information About Application Visibility and Control 135

Restrictions for Application Visibility and Control 136

Configuring Application Visibility and Control (GUI) 137

Configuring Application Visibility and Control (CLI) 138

Configuring NetFlow 139

Information About NetFlow 139

Configuring NetFlow (GUI) 139

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 ix

Contents

Configuring NetFlow (CLI) 140

C H A P T E R 1 6 Configuring Media and EDCA Parameters 141

Configuring Voice and Video Parameters 141

Information About Configuring Voice and Video Parameters 141

Call Admission Control 141

Bandwidth-Based CAC 142

Load-Based CAC 142

Expedited Bandwidth Requests 142

U-APSD 143

Traffic Stream Metrics 143

Configuring Voice Parameters 144

Configuring Voice Parameters (GUI) 144

Configuring Voice Parameters (CLI) 146

Configuring Video Parameters 147

Configuring Video Parameters (GUI) 147

Configuring Video Parameters (CLI) 148

Viewing Voice and Video Settings 149

Viewing Voice and Video Settings (GUI) 149

Viewing Voice and Video Settings (CLI) 150

Configuring SIP-Based CAC 153

Restrictions for SIP-Based CAC 153

Configuring SIP-Based CAC (GUI) 153

Configuring SIP-Based CAC (CLI) 154

Configuring Media Parameters 155

Configuring Media Parameters (GUI) 155

Configuring Voice Prioritization Using Preferred Call Numbers 155

Information About Configuring Voice Prioritization Using Preferred Call Numbers 155

Prerequisites for Configuring Voice Prioritization Using Preferred Call Numbers 156

Configuring a Preferred Call Number (GUI) 156

Configuring a Preferred Call Number (CLI) 156

Configuring EDCA Parameters 157

Information About EDCA Parameters 157

Configuring EDCA Parameters (GUI) 157

Configuring EDCA Parameters (CLI) 158

Cisco Wireless LAN Controller Configuration Guide, Release 7.6x OL-30339-01

Contents

C H A P T E R 1 7 Configuring the Cisco Discovery Protocol 161

Information About Configuring the Cisco Discovery Protocol 161

Restrictions for Configuring the Cisco Discovery Protocol 161

Configuring the Cisco Discovery Protocol 163

Configuring the Cisco Discovery Protocol (GUI) 163

Configuring the Cisco Discovery Protocol (CLI) 164

Viewing Cisco Discovery Protocol Information 165

Viewing Cisco Discovery Protocol Information (GUI) 165

Viewing Cisco Discovery Protocol Information (CLI) 167

Getting CDP Debug Information 167

C H A P T E R 1 8 Configuring Authentication for the Controller and NTP Server 169

Information About Configuring Authentication for the Controller and NTP Server 169

Configuring the NTP Server for Authentication (GUI) 169

Configuring the NTP Server for Authentication (CLI) 170

C H A P T E R 1 9 Configuring RFID Tag Tracking 171

Information About Configuring RFID Tag Tracking 171

Configuring RFID Tag Tracking (CLI) 172

Viewing RFID Tag Tracking Information (CLI) 173

Debugging RFID Tag Tracking Issues (CLI) 173

C H A P T E R 2 0 Resetting the Controller to Default Settings 175

Information About Resetting the Controller to Default Settings 175

Resetting the Controller to Default Settings (GUI) 175

Resetting the Controller to Default Settings (CLI) 176

C H A P T E R 2 1 Managing Controller Software and Configurations 177

Upgrading the Controller Software 177

Restrictions for Upgrading Controller Software 177

Upgrading Controller Software (GUI) 180

Upgrading Controller Software (CLI) 182

Predownloading an Image to an Access Point 184

Access Point Predownload Process 184

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xi

Contents

Restrictions for Predownloading an Image to an Access Point 185

Predownloading an Image to Access PointsGlobal Configuration (GUI) 186

Configuring Predownload Image to an Access Point (GUI) 187

Predownloading an Image to Access Points (CLI) 189

Transferring Files to and from a Controller 191

Downloading a Login Banner File 191

Downloading a Login Banner File (GUI) 192

Downloading a Login Banner File (CLI) 193

Clearing the Login Banner (GUI) 194

Downloading Device Certificates 194

Downloading Device Certificates (GUI) 195

Downloading Device Certificates (CLI) 196

Downloading CA Certificates 197

Download CA Certificates (GUI) 197

Downloading CA Certificates (CLI) 198

Uploading PACs 199

Uploading PACs (GUI) 199

Uploading PACs (CLI) 200

Uploading and Downloading Configuration Files 201

Uploading Configuration Files 201

Uploading the Configuration Files (GUI) 202

Uploading the Configuration Files (CLI) 202

Downloading Configuration Files 203

Downloading the Configuration Files (GUI) 203

Downloading the Configuration Files (CLI) 204

Saving Configurations 206

Editing Configuration Files 206

Clearing the Controller Configuration 207

Erasing the Controller Configuration 207

Resetting the Controller 208

C H A P T E R 2 2 Managing User Accounts 209

Configuring Guest User Accounts 209

Information About Creating Guest Accounts 209

Restrictions for Managing User Accounts 209

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xii OL-30339-01

Contents

Creating a Lobby Ambassador Account 209

Creating a Lobby Ambassador Account (GUI) 209

Creating a Lobby Ambassador Account (CLI) 210

Creating Guest User Accounts as a Lobby Ambassador (GUI) 211

Viewing Guest User Accounts 212

Viewing the Guest Accounts (GUI) 212

Viewing the Guest Accounts (CLI) 212

Configuring Administrator Usernames and Passwords 212

Information About Configuring Administrator Usernames and Passwords 212

Configuring Usernames and Passwords (GUI) 212

Configuring Usernames and Passwords (CLI) 213

Restoring Passwords 213

Changing the Default Values for SNMP v3 Users 214

Information About Changing the Default Values for SNMP v3 Users 214

Changing the SNMP v3 User Default Values (GUI) 214

Changing the SNMP v3 User Default Values (CLI) 215

Generating a Certificate Signing Request 215

Downloading Third-Party Certificate (GUI) 217

Downloading Third-Party Certificate (CLI) 218

C H A P T E R 2 3 Managing Web Authentication 219

Obtaining a Web Authentication Certificate 219

Information About Web Authentication Certificates 219

Support for Chained Certificate 219

Obtaining a Web Authentication Certificate (GUI) 219

Obtaining a Web Authentication Certificate (CLI) 220

Web Authentication Process 221

Disabling Security Alert for Web Authentication Process 222

Choosing the Default Web Authentication Login Page 224

Information About Default Web Authentication Login Page 224

Choosing the Default Web Authentication Login Page (GUI) 225

Choosing the Default Web Authentication Login Page (CLI) 225

Example: Creating a Customized Web Authentication Login Page 227

Example: Modified Default Web Authentication Login Page Example 230

Using a Customized Web Authentication Login Page from an External Web Server 230

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xiii

Contents

Information About Customized Web Authentication Login Page 230

Choosing a CustomizedWeb Authentication Login Page from an External Web Server

(GUI) 231

Choosing a CustomizedWeb Authentication Login Page from an External Web Server

(CLI) 231

Downloading a Customized Web Authentication Login Page 231

Prerequisites for Downloading a Customized Web Authentication Login Page 232

Downloading a Customized Web Authentication Login Page (GUI) 232

Downloading a Customized Web Authentication Login Page (CLI) 233

Example: Customized Web Authentication Login Page 234

Verifying the Web Authentication Login Page Settings (CLI) 234

Assigning Login, Login Failure, and Logout Pages per WLAN 235

Information About Assigning Login, Login Failure, and Logout Pages per WLAN 235

Assigning Login, Login Failure, and Logout Pages per WLAN (GUI) 235

Assigning Login, Login Failure, and Logout Pages per WLAN (CLI) 236

Configuring Authentication for Sleeping Clients 237

Information About Authenticating Sleeping Clients 237

Restrictions for Authenticating Sleeping Clients 238

Configuring Authentication for Sleeping Clients (GUI) 239

Configuring Authentication for Sleeping Clients (CLI) 239

C H A P T E R 2 4 Configuring Wired Guest Access 241

Information About Wired Guest Access 241

Prerequisites for Configuring Wired Guest Access 242

Restrictions for Configuring Wired Guest Access 242

Configuring Wired Guest Access (GUI) 243

Configuring Wired Guest Access (CLI) 244

Supporting IPv6 Client Guest Access 246

C H A P T E R 2 5 Troubleshooting 249

Interpreting LEDs 249

Information About Interpreting LEDs 249

Interpreting Controller LEDs 250

Interpreting Lightweight Access Point LEDs 250

System Messages 250

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xiv OL-30339-01

Contents

Information About System Messages 250

Viewing System Resources 253

Information About Viewing System Resources 253

Viewing System Resources (GUI) 254

Viewing System Resources (CLI) 254

Using the CLI to Troubleshoot Problems 254

Configuring System and Message Logging 255

Information About System and Message Logging 255

Configuring System and Message Logging (GUI) 256

Viewing Message Logs (GUI) 258

Configuring System and Message Logging (CLI) 258

Viewing System and Message Logs (CLI) 261

Viewing Access Point Event Logs 262

Information About Access Point Event Logs 262

Viewing Access Point Event Logs (CLI) 262

Uploading Logs and Crash Files 263

Prerequisites to Upload Logs and Crash Files 263

Uploading Logs and Crash Files (GUI) 263

Uploading Logs and Crash Files (CLI) 264

Uploading Core Dumps from the Controller 265

Information About Uploading Core Dumps from the Controller 265

Configuring the Controller to Automatically Upload Core Dumps to an FTP Server

(GUI) 265

Configuring the Controller to Automatically Upload Core Dumps to an FTP Server

(CLI) 266

Uploading Core Dumps from Controller to a Server (CLI) 267

Uploading Packet Capture Files 268

Information About Uploading Packet Capture Files 268

Restrictions for Uploading Packet Capture Files 269

Uploading Packet Capture Files (GUI) 269

Uploading Packet Capture Files (CLI) 270

Monitoring Memory Leaks 270

Monitoring Memory Leaks (CLI) 270

Troubleshooting CCXv5 Client Devices 272

Information About Troubleshooting CCXv5 Client Devices 272

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xv

Contents

Restrictions for CCXv5 Client Devices 272

Configuring Diagnostic Channel 272

Configuring the Diagnostic Channel (GUI) 272

Configuring the Diagnostic Channel (CLI) 273

Configuring Client Reporting 277

Configuring Client Reporting (GUI) 278

Configuring Client Reporting (CLI) 278

Configuring Roaming and Real-Time Diagnostics 279

Configuring Roaming and Real-Time Diagnostics (CLI) 279

Using the Debug Facility 282

Information About Using the Debug Facility 282

Configuring the Debug Facility (CLI) 283

Configuring Wireless Sniffing 287

Information About Wireless Sniffing 287

Prerequisites for Wireless Sniffing 287

Restrictions for Wireless Sniffing 287

Configuring Sniffing on an Access Point (GUI) 288

Configuring Sniffing on an Access Point (CLI) 288

Troubleshooting Access Points Using Telnet or SSH_old 289

Information About Troubleshooting Access Points Using Telnet or SSH 289

Troubleshooting Access Points Using Telnet or SSH (GUI) 290

Troubleshooting Access Points Using Telnet or SSH (CLI) 290

Debugging the Access Point Monitor Service 291

Information About Debugging the Access Point Monitor Service 291

Debugging Access Point Monitor Service Issues (CLI) 291

Troubleshooting OfficeExtend Access Points 292

Information About Troubleshooting OfficeExtend Access Points 292

Interpreting OfficeExtend LEDs 292

Positioning OfficeExtend Access Points for Optimal RF Coverage 292

Troubleshooting Common Problems 292

P A R T I I Configuring Ports and Interfaces 295

C H A P T E R 2 6 Overview of Ports and Interfaces 297

Information About Ports 297

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xvi OL-30339-01

Contents

Information About Distribution System Ports 298

Restrictions for Configuring Distribution System Ports 298

Information About Service Port 299

Information About Interfaces 299

Restrictions for Configuring Interfaces 300

Information About Dynamic AP Management 300

Information About WLANs 301

C H A P T E R 2 7 Configuring the Management Interface 303

Information About the Management Interface 303

Configuring the Management Interface (GUI) 304

Configuring the Management Interface (CLI) 305

C H A P T E R 2 8 Configuring the AP-Manager Interface 307

Information the About AP-Manager Interface 307

Restrictions for Configuring AP Manager Interfaces 307

Configuring the AP-Manager Interface (GUI) 308

Configuring the AP Manager Interface (CLI) 308

Configuration Example: Configuring AP-Manager on a Cisco 5500 Series Controller 309

C H A P T E R 2 9 Configuring Virtual Interfaces 313

Information About the Virtual Interface 313

Configuring Virtual Interfaces (GUI) 314

Configuring Virtual Interfaces (CLI) 314

C H A P T E R 3 0 Configuring Service-Port Interfaces 315

Information About Service-Port Interfaces 315

Restrictions for Configuring Service-Port Interfaces 315

Configuring Service-Port Interfaces (GUI) 315

Configuring Service-Port Interfaces (CLI) 316

C H A P T E R 3 1 Configuring Dynamic Interfaces 317

Information About Dynamic Interface 317

Pre - requisites for Configuring Dynamic Interfaces 318

Restrictions for Configuring Dynamic Interfaces 318

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xvii

Contents

Configuring Dynamic Interfaces (GUI) 318

Configuring Dynamic Interfaces (CLI) 320

C H A P T E R 3 2 Configuring Ports 323

Configuring Ports (GUI) 323

C H A P T E R 3 3 Information About Using Cisco 5500 Series Controller USB Console Port 325

USB Console OS Compatibility 325

Changing the Cisco USB Systems Management Console COM Port to an Unused Port 326

C H A P T E R 3 4 Configuring Link Aggregation 327

Information About Link Aggregation 327

Restrictions for Link Aggregation 327

Enabling Link Aggregation (GUI) 329

Enabling Link Aggregation (CLI) 330

Verifying Link Aggregation Settings (CLI) 330

Configuring Neighbor Devices to Support Link Aggregation 330

Choosing Between Link Aggregation and Multiple AP-Manager Interfaces 330

C H A P T E R 3 5 Configuring Multiple AP-Manager Interfaces 333

Information About Multiple AP-Manager Interfaces 333

Restrictions for Configuring Multiple AP Manager Interfaces 333

Creating Multiple AP-Manager Interfaces (GUI) 334

Creating Multiple AP-Manager Interfaces (CLI) 334

C H A P T E R 3 6 Configuring VLAN Select 337

Information About VLAN Select 337

Restrictions for Configuring VLAN Select 338

Configuring Interface Groups 338

Information About Interface Groups 338

Restrictions for Configuring Interface Groups 338

Creating Interface Groups (GUI) 338

Creating Interface Groups (CLI) 339

Adding Interfaces to Interface Groups (GUI) 339

Adding Interfaces to Interface Groups (CLI) 339

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xviii OL-30339-01

Contents

Viewing VLANs in Interface Groups (CLI) 340

Adding an Interface Group to a WLAN (GUI) 340

Adding an Interface Group to a WLAN (CLI) 340

C H A P T E R 3 7 Configuring Interface Groups 341

Information About Interface Groups 341

Restrictions for Configuring Interface Groups 342

Creating Interface Groups (GUI) 342

Creating Interface Groups (CLI) 342

Adding Interfaces to Interface Groups (GUI) 343

Adding Interfaces to Interface Groups (CLI) 343

Viewing VLANs in Interface Groups (CLI) 343

Adding an Interface Group to a WLAN (GUI) 343

Adding an Interface Group to a WLAN (CLI) 344

C H A P T E R 3 8 Configuring Multicast Optimization 345

Information About Multicast Optimization 345

Configuring a Multicast VLAN (GUI) 345

Configuring a Multicast VLAN (CLI) 346

P A R T I I I Configuring VideoStream 347

C H A P T E R 3 9 Configuring VideoStream 349

Information about VideoStream 349

Prerequisites for VideoStream 349

Restrictions for Configuring VideoStream 349

Configuring VideoStream (GUI) 350

Configuring VideoStream (CLI) 353

Viewing and Debugging Media Streams 354

P A R T I V Configuring Security Solutions 357

C H A P T E R 4 0 Cisco Unified Wireless Network Solution Security 359

Security Overview 359

Layer 1 Solutions 359

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xix

Contents

Layer 2 Solutions 359

Restrictions for Layer 2 Solutions 360

Layer 3 Solutions 360

Integrated Security Solutions 360

C H A P T E R 4 1 Configuring RADIUS 361

Information About RADIUS 361

Configuring RADIUS on the ACS 363

Configuring RADIUS (GUI) 364

Configuring RADIUS (CLI) 369

RADIUS Authentication Attributes Sent by the Controller 373

Authentication Attributes Honored in Access-Accept Packets (Airespace) 375

RADIUS Accounting Attributes 381

C H A P T E R 4 2 Configuring TACACS+ 383

Information About TACACS+ 383

TACACS+ VSA 385

Configuring TACACS+ on the ACS 386

Configuring TACACS+ (GUI) 388

Configuring TACACS+ (CLI) 390

Viewing the TACACS+ Administration Server Logs 391

C H A P T E R 4 3 Configuring Maximum Local Database Entries 395

Information About Configuring Maximum Local Database Entries 395

Configuring Maximum Local Database Entries (GUI) 395

Configuring Maximum Local Database Entries (CLI) 396

C H A P T E R 4 4 Configuring Local Network Users on the Controller 397

Information About Local Network Users on Controller 397

Configuring Local Network Users for the Controller (GUI) 397

Configuring Local Network Users for the Controller (CLI) 398

C H A P T E R 4 5 Configuring Password Policies 401

Information About Password Policies 401

Configuring Password Policies (GUI) 402

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xx OL-30339-01

Contents

Configuring Password Policies (CLI) 402

C H A P T E R 4 6 Configuring LDAP 405

Information About LDAP 405

Configuring LDAP (GUI) 406

Configuring LDAP (CLI) 408

C H A P T E R 4 7 Configuring Local EAP 411

Information About Local EAP 411

Restrictions for Local EAP 412

Configuring Local EAP (GUI) 413

Configuring Local EAP (CLI) 417

C H A P T E R 4 8 Configuring the System for SpectraLink NetLink Telephones 423

Information About SpectraLink NetLink Telephones 423

Configuring SpectraLink NetLink Phones 423

Enabling Long Preambles (GUI) 423

Enabling Long Preambles (CLI) 424

Configuring Enhanced Distributed Channel Access (CLI) 424

C H A P T E R 4 9 Configuring RADIUS NAC Support 427

Information About RADIUS NAC Support 427

Device Registration 428

Central Web Authentication 428

Local Web Authentication 428

Restrictions for RADIUS NAC Support 428

Configuring RADIUS NAC Support (GUI) 429

Configuring RADIUS NAC Support (CLI) 430

C H A P T E R 5 0 Using Management Over Wireless 431

Information About Management over Wireless 431

Enabling Management over Wireless (GUI) 431

Enabling Management over Wireless (CLI) 431

C H A P T E R 5 1 Using Dynamic Interfaces for Management 433

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxi

Contents

Information About Using Dynamic Interfaces for Management 433

Configuring Management using Dynamic Interfaces (CLI) 434

C H A P T E R 5 2 Configuring DHCP Option 82 435

Information About DHCP Option 82 435

Restrictions for DHCP Option 82 436

Configuring DHCP Option 82 (GUI) 436

Configuring DHCP Option 82 (CLI) 436

C H A P T E R 5 3 Configuring and Applying Access Control Lists 439

Information About Access Control Lists 439

Restrictions for Access Control Lists 439

Configuring and Applying Access Control Lists (GUI) 440

Configuring Access Control Lists 440

Applying an Access Control List to an Interface 443

Applying an Access Control List to the Controller CPU 443

Applying an Access Control List to a WLAN 443

Applying a Preauthentication Access Control List to a WLAN 444

Configuring and Applying Access Control Lists (CLI) 444

Configuring Access Control Lists 444

Applying Access Control Lists 445

Configuring Layer 2 Access Control Lists 445

Information About Configuring Layer 2 Access Control Lists 445

Restrictions for Layer 2 Access Control Lists 446

Configuring Layer 2 Access Control Lists (CLI) 447

Mapping of Layer 2 ACLs with WLANs (CLI) 447

Mapping of Layer 2 ACLs with Locally Switched WLANs Using FlexConnect

Access Points (CLI) 447

Configuring Layer 2 Access Control Lists (GUI) 448

Applying a Layer2 Access Control List to a WLAN (GUI) 449

Applying a Layer2 Access Control List to an AP on a WLAN (GUI) 449

Configuring DNS-based Access Control Lists 450

Information About DNS-based Access Control Lists 450

Restrictions for DNS-based Access Control Lists 450

Configuring DNS-based Access Control Lists (CLI) 450

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxii OL-30339-01

Contents

Configuring DNS-based Access Control Lists (GUI) 452

C H A P T E R 5 4 Configuring Management Frame Protection 453

Information About Management Frame Protection 453

Restrictions for Management Frame Protection 455

Configuring Management Frame Protection (GUI) 455

Viewing the Management Frame Protection Settings (GUI) 455

Configuring Management Frame Protection (CLI) 456

Viewing the Management Frame Protection Settings (CLI) 456

Debugging Management Frame Protection Issues (CLI) 456

C H A P T E R 5 5 Configuring Client Exclusion Policies 459

Configuring Client Exclusion Policies (GUI) 459

Configuring Client Exclusion Policies (CLI) 460

C H A P T E R 5 6 Configuring Identity Networking 463

Information About Identity Networking 463

RADIUS Attributes Used in Identity Networking 464

C H A P T E R 5 7 Configuring AAA Override 469

Information About AAA Override 469

Restrictions for AAA Override 469

Updating the RADIUS Server Dictionary File for Proper QoS Values 470

Configuring AAA Override (GUI) 471

Configuring AAA Override (CLI) 471

C H A P T E R 5 8 Managing Rogue Devices 473

Information About Rogue Devices 473

Configuring Rogue Detection (GUI) 476

Configuring Rogue Detection (CLI) 478

C H A P T E R 5 9 Classifying Rogue Access Points 483

Information About Classifying Rogue Access Points 483

Restrictions for Classifying Rogue Access Points 485

Configuring Rogue Classification Rules (GUI) 486

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxiii

Contents

Viewing and Classifying Rogue Devices (GUI) 489

Configuring Rogue Classification Rules (CLI) 492

Viewing and Classifying Rogue Devices (CLI) 494

C H A P T E R 6 0 Configuring Cisco TrustSec SXP 497

Information About Cisco TrustSec SXP 497

Restrictions for Cisco TrustSec SXP 498

Configuring Cisco TrustSec SXP (GUI) 499

Creating a New SXP Connection (GUI) 499

Configuring Cisco TrustSec SXP (CLI) 500

C H A P T E R 6 1 Configuring Local Policies 503

Information About Local Policies 503

Restrictions for Local Policy Classification 504

Configuring Local Policies (GUI) 505

Configuring Local Policies (CLI) 506

C H A P T E R 6 2 Configuring Cisco Intrusion Detection System 509

Information About Cisco Intrusion Detection System 509

Shunned Clients 509

Additional Information 510

Configuring IDS Sensors (GUI) 510

Viewing Shunned Clients (GUI) 511

Configuring IDS Sensors (CLI) 511

Viewing Shunned Clients (CLI) 512

C H A P T E R 6 3 Configuring IDS Signatures 515

Information About IDS Signatures 515

Configuring IDS Signatures (GUI) 517

Uploading or Downloading IDS Signatures 517

Enabling or Disabling IDS Signatures 518

Viewing IDS Signature Events (GUI) 520

Configuring IDS Signatures (CLI) 521

Viewing IDS Signature Events (CLI) 522

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxiv OL-30339-01

Contents

C H A P T E R 6 4 Configuring wIPS 525

Information About wIPS 525

Restrictions for wIPS 531

Configuring wIPS on an Access Point (GUI) 531

Configuring wIPS on an Access Point (CLI) 532

Viewing wIPS Information (CLI) 533

C H A P T E R 6 5 Configuring the Wi-Fi Direct Client Policy 535

Information About the Wi-Fi Direct Client Policy 535

Restrictions for the Wi-Fi Direct Client Policy 535

Configuring the Wi-Fi Direct Client Policy (GUI) 535

Configuring the Wi-Fi Direct Client Policy (CLI) 536

Monitoring and Troubleshooting the Wi-Fi Direct Client Policy (CLI) 536

C H A P T E R 6 6 Configuring Web Auth Proxy 537

Information About the Web Authentication Proxy 537

Configuring the Web Authentication Proxy (GUI) 538

Configuring the Web Authentication Proxy (CLI) 538

C H A P T E R 6 7 Detecting Active Exploits 541

Detecting Active Exploits 541

P A R T V Working with WLANs 543

C H A P T E R 6 8 Configuring WLANs 545

Prerequisites for WLANs 545

Restrictions for WLANs 546

Information About WLANs 547

Creating and Removing WLANs (GUI) 547

Enabling and Disabling WLANs (GUI) 548

Creating and Deleting WLANs (CLI) 548

Enabling and Disabling WLANs (CLI) 549

Viewing WLANs (CLI) 549

Searching WLANs (GUI) 550

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxv

Contents

Assigning WLANs to Interfaces 550

Configuring Network Access Identifier (CLI) 550

C H A P T E R 6 9 Setting the Client Count per WLAN 553

Restrictions for Setting Client Count for WLANs 553

Information About Setting the Client Count per WLAN 554

Configuring the Client Count per WLAN (GUI) 554

Configuring the Maximum Number of Clients per WLAN (CLI) 554

Configuring the Maximum Number of Clients for each AP Radio per WLAN (GUI) 555

Configuring the Maximum Number of Clients for each AP Radio per WLAN (CLI) 555

Deauthenticating Clients (CLI) 555

C H A P T E R 7 0 Configuring DHCP 557

Restrictions for Configuring DHCP for WLANs 557

Information About the Dynamic Host Configuration Protocol 557

Internal DHCP Servers 557

External DHCP Servers 558

DHCP Assignments 558

Configuring DHCP (GUI) 559

Configuring DHCP (CLI) 560

Debugging DHCP (CLI) 560

C H A P T E R 7 1 Configuring DHCP Scopes 561

Restrictions for Configuring DHCP Scopes 561

Information About DHCP Scopes 561

Configuring DHCP Scopes (GUI) 561

Configuring DHCP Scopes (CLI) 562

C H A P T E R 7 2 Configuring MAC Filtering for WLANs 565

Restrictions for MAC Filtering 565

Information About MAC Filtering of WLANs 565

Enabling MAC Filtering 565

C H A P T E R 7 3 Configuring Local MAC Filters 567

Prerequisites for Configuring Local MAC Filters 567

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxvi OL-30339-01

Contents

Information About Local MAC Filters 567

Configuring Local MAC Filters (CLI) 567

C H A P T E R 7 4 Configuring Timeouts 569

Configuring a Timeout for Disabled Clients 569

Information About Configuring a Timeout for Disabled Clients 569

Configuring Timeout for Disabled Clients (CLI) 569

Configuring Session Timeout 569

Information About Session Timeouts 569

Configuring a Session Timeout (GUI) 570

Configuring a Session Timeout (CLI) 570

Configuring the User Idle Timeout 571

Information About the User Idle Timeout Per WLAN 571

Configuring Per-WLAN User Idle Timeout (CLI) 571

C H A P T E R 7 5 Configuring the DTIM Period 573

Information About DTIM Period 573

Configuring the DTIM Period (GUI) 574

Configuring the DTIM Period (CLI) 574

C H A P T E R 7 6 Configuring Peer-to-Peer Blocking 575

Restrictions for Peer-to-Peer Blocking 575

Information About Peer-to-Peer Blocking 575

Configuring Peer-to-Peer Blocking (GUI) 576

Configuring Peer-to-Peer Blocking (CLI) 576

C H A P T E R 7 7 Configuring Layer2 Security 579

Prerequisites for Layer 2 Security 579

Configuring Static WEP Keys (CLI) 580

Configuring Dynamic 802.1X Keys and Authorization (CLI) 580

Configuring 802.11r BSS Fast Transition 581

Restrictions for 802.11r Fast Transition 581

Information About 802.11r Fast Transition 582

Configuring 802.11r Fast Transition (GUI) 584

Configuring 802.11r Fast Transition (CLI) 585

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxvii

Contents

Troubleshooting 802.11r BSS Fast Transition 586

Configuring MAC Authentication Failover to 802.1X Authentication 586

Configuring MAC Authentication Failover to 802.1x Authentication (GUI) 586

Configuring MAC Authentication Failover to 802.1X Authentication (CLI) 586

Configuring 802.11w 587

Restrictions for 802.11w 587

Information About 802.11w 587

Configuring 802.11w (GUI) 588

Configuring 802.11w (CLI) 589

C H A P T E R 7 8 Configuring a WLAN for Both Static and Dynamic WEP 591

Restrictions for Configuring Static and Dynamic WEP 591

Information About WLAN for Both Static and Dynamic WEP 591

WPA1 and WPA2 592

Configuring WPA1 +WPA2 593

Configuring WPA1+WPA2 (GUI) 593

Configuring WPA1+WPA2 (CLI) 593

C H A P T E R 7 9 Configuring Sticky Key Caching 595

Information About Sticky Key Caching 595

Restrictions for Sticky Key Caching 595

Configuring Sticky Key Caching (CLI) 596

C H A P T E R 8 0 Configuring CKIP 599

Information About CKIP 599

Configuring CKIP (GUI) 600

Configuring CKIP (CLI) 600

C H A P T E R 8 1 Configuring Layer 3 Security 603

Configuring Layer 3 Security Using VPN Passthrough 603

Restrictions for Layer 3 Security Using VPN Passthrough 603

Information About VPN Passthrough 603

Configuring VPN Passthrough 604

Configuring VPN Passthrough (GUI) 604

Configuring VPN Passthrough (CLI) 604

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxviii OL-30339-01

Contents

Configuring Layer 3 Security Using Web Authentication 604

Prerequisites for Configuring Web Authentication on a WLAN 604

Restrictions for Configuring Web Authentication on a WLAN 605

Information About Web Authentication 605

Configuring Web Authentication 606

Configuring Web Authentication (GUI) 606

Configuring Web Authentication (CLI) 606

C H A P T E R 8 2 Configuring Captive Bypassing 607

Information About Captive Bypassing 607

Configuring Captive Bypassing (CLI) 608

C H A P T E R 8 3 Configuring a Fallback Policy with MAC Filtering and Web Authentication 609

Information About Fallback Policy with MAC Filtering and Web Authentication 609

Configuring a Fallback Policy with MAC Filtering and Web Authentication (GUI) 609

Configuring a Fallback Policy with MAC Filtering and Web Authentication (CLI) 610

C H A P T E R 8 4 Assigning QoS Profiles 611

Information About QoS Profiles 611

Assigning a QoS Profile to a WLAN (GUI) 612

Assigning a QoS Profile to a WLAN (CLI) 613

C H A P T E R 8 5 Configuring QoS Enhanced BSS 615

Prerequisites for Using QoS Enhanced BSS on Cisco 7921 and 7920 Wireless IP Phones 615

Restrictions for QoS Enhanced BSS 616

Information About QoS Enhanced BSS 616

Configuring QBSS (GUI) 617

Configuring QBSS (CLI) 617

C H A P T E R 8 6 Configuring Media Session Snooping and Reporting 619

Restrictions for Media Session Snooping and Reporting 619

Information About Media Session Snooping and Reporting 619

Configuring Media Session Snooping (GUI) 620

Configuring Media Session Snooping (CLI) 620

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxix

Contents

C H A P T E R 8 7 Configuring Key Telephone System-Based CAC 625

Restrictions for Key Telephone System-Based CAC 625

Information About Key Telephone System-Based CAC 625

Configuring KTS-based CAC (GUI) 626

Configuring KTS-based CAC (CLI) 626

Related Commands 627

C H A P T E R 8 8 Configuring Reanchoring of Roaming Voice Clients 629

Restrictions for Configuring Reanchoring of Roaming Voice Clients 629

Information About Reanchoring of Roaming Voice Clients 629

Configuring Reanchoring of Roaming Voice Clients (GUI) 630

Configuring Reanchoring of Roaming Voice Clients (CLI) 630

C H A P T E R 8 9 Configuring Seamless IPv6 Mobility 631

Prerequisites for Configuring IPv6 Mobility 631

Restrictions for Configuring IPv6 Mobility 631

Information About IPv6 Mobility 632

Configuring IPv6 Globally 633

Configuring IPv6 Globally (GUI) 633

Configuring IPv6 Globally (CLI) 633

Configuring RA Gaurd for IPv6 Clients 633

Information About RA Guard 633

Configuring RA Guard (GUI) 634

Configuring RA Guard (CLI) 634

Configuring RA Throttling for IPv6 Clients 634

Information about RA Throttling 634

Configuring RA Throttling (GUI) 634

Configuring the RA Throttle Policy (CLI) 635

Configuring IPv6 Neighbor Discovery Caching 635

Information About IPv6 Neighbor Discovery 635

Configuring Neighbor Binding (GUI) 635

Configuring Neighbor Binding (CLI) 636

C H A P T E R 9 0 Configuring Cisco Client Extensions 637

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxx OL-30339-01

Contents

Prerequisites for Configuring Cisco Client Extensions 637

Restrictions for Configuring Cisco Client Extensions 637

Information About Cisco Client Extensions 638

Configuring CCX Aironet IEs (GUI) 638

Viewing a Clients CCX Version (GUI) 638

Configuring CCX Aironet IEs (CLI) 638

Viewing a Clients CCX Version (CLI) 639

C H A P T E R 9 1 Configuring Remote LANs 641

Prerequisites for Configuring Remote LANs 641

Restrictions for Configuring Remote LANs 641

Information About Remote LANs 641

Configuring a Remote LAN (GUI) 642

Configuring a Remote LAN (CLI) 642

C H A P T E R 9 2 Configuring AP Groups 645

Prerequisites for Configuring AP Groups 645

AP Groups Supported on Controller Platforms 645

Restrictions for Configuring Access Point Groups 646

Information About Access Point Groups 646

Configuring Access Point Groups 647

Creating Access Point Groups (GUI) 647

Creating Access Point Groups (CLI) 649

Viewing Access Point Groups (CLI) 649

C H A P T E R 9 3 Configuring RF Profiles 651

Prerequisites for Configuring RF Profiles 651

Restrictions for Configuring RF Profiles 651

Information About RF Profiles 652

Configuring an RF Profile (GUI) 654

Configuring an RF Profile (CLI) 655

Applying an RF Profile to AP Groups (GUI) 656

Applying RF Profiles to AP Groups (CLI) 657

C H A P T E R 9 4 Configuring Web Redirect with 8021.X Authentication 659

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxi

Contents

Information About Web Redirect with 802.1X Authentication 659

Conditional Web Redirect 659

Splash Page Web Redirect 660

Configuring the RADIUS Server (GUI) 660

Configuring Web Redirect 661

Configuring Web Redirect (GUI) 661

Configuring Web Redirect (CLI) 661

Disabling Accounting Servers per WLAN (GUI) 662

Disabling Coverage Hole Detection per WLAN 662

Disabling Coverage Hole Detection on a WLAN (GUI) 663

Disabling Coverage Hole Detection on a WLAN (CLI) 663

C H A P T E R 9 5 Configuring NAC Out-of-Band Integration 665

Prerequisites for NAC Out Of Band 665

Restrictions for NAC Out of Band 666

Information About NAC Out-of-Band Integration 666

Configuring NAC Out-of-Band Integration (GUI) 667

Configuring NAC Out-of-Band Integration (CLI) 669

C H A P T E R 9 6 Configuring Passive Clients 671

Restrictions for Passive Clients 671

Information About Passive Clients 671

Configuring Passive Clients (GUI) 672

Enabling the Multicast-Multicast Mode (GUI) 672

Enabling the Global Multicast Mode on Controllers (GUI) 673

Enabling the Passive Client Feature on the Controller (GUI) 673

Configuring Passive Clients (CLI) 674

C H A P T E R 9 7 Configuring Client Profiling 675

Prerequisites for Configuring Client Profiling 675

Restrictions for Configuring Client Profiling 675

Information About Client Profiling 676

Configuring Client Profiling (GUI) 676

Configuring Client Profiling (CLI) 676

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxii OL-30339-01

Contents

C H A P T E R 9 8 Configuring Per-WLAN RADIUS Source Support 679

Prerequisites for Per-WLAN RADIUS Source Support 679

Restrictions for Per-WLAN RADIUS Source Support 679

Information About Per-WLAN RADIUS Source Support 679

Configuring Per-WLAN RADIUS Source Support (CLI) 680

Monitoring the Status of Per-WLAN RADIUS Source Support (CLI) 680

C H A P T E R 9 9 Configuring Mobile Concierge 683

Information About Mobile Concierge 683

Configuring Mobile Concierge (802.11u) 683

Configuring Mobile Concierge (802.11u) (GUI) 683

Configuring Mobile Concierge (802.11u) (CLI) 684

Configuring 802.11u Mobility Services Advertisement Protocol 685

Information About 802.11u MSAP 685

Configuring 802.11u MSAP (GUI) 686

Configuring MSAP (CLI) 686

Configuring 802.11u HotSpot 686

Information About 802.11u HotSpot 686

Configuring 802.11u HotSpot (GUI) 686

Configuring HotSpot 2.0 (CLI) 687

Configuring Access Points for HotSpot2 (GUI) 688

Configuring Access Points for HotSpot2 (CLI) 689

Downloading the Icon File (CLI) 693

C H A P T E R 1 0 0 Configuring Assisted Roaming 695

Restrictions for Assisted Roaming 695

Information About Assisted Roaming 695

Configuring Assisted Roaming (CLI) 696

P A R T V I Controlling Lightweight Access Points 699

C H A P T E R 1 0 1 Using Access Point Communication Protocols 701

Information About Access Point Communication Protocols 701

Restrictions for Access Point Communication Protocols 702

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxiii

Contents

Configuring Data Encryption 702

Guidelines for Data Encryption 702

Upgrading or Downgrading DTLS Images for Cisco 5500 Series Controllers 703

Guidelines When Upgrading to or from a DTLS Image 704

Configuring Data Encryption (GUI) 704

Configuring Data Encryption (CLI) 704

Viewing CAPWAP Maximum Transmission Unit Information 705

Debugging CAPWAP 705

Controller Discovery Process 706

Restrictions for Controller Discovery Process 707

Verifying that Access Points Join the Controller 707

Verifying that Access Points Join the Controller (GUI) 707

Verifying that Access Points Join the Controller (CLI) 707

C H A P T E R 1 0 2 Searching for Access Points 709

Information About Searching for Access Points 709

Searching the AP Filter (GUI) 709

Monitoring the Interface Details 712

Searching for Access Point Radios 714

Information About Searching for Access Point Radios 714

Searching for Access Point Radios (GUI) 714

C H A P T E R 1 0 3 Configuring Global Credentials for Access Points 717

Information About Configuring Global Credentials for Access Points 717

Restrictions for Global Credentials for Access Points 718

Configuring Global Credentials for Access Points (GUI) 718

Configuring Global Credentials for Access Points (CLI) 719

C H A P T E R 1 0 4 Configuring Authentication for Access Points 721

Information About Configuring Authentication for Access Points 721

Prerequisites for Configuring Authentication for Access Points 721

Restrictions for Authenticating Access Points 722

Configuring Authentication for Access Points (GUI) 722

Configuring Authentication for Access Points (CLI) 723

Configuring the Switch for Authentication 724

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxiv OL-30339-01

Contents

C H A P T E R 1 0 5 Configuring Embedded Access Points 725

Information About Embedded Access Points 725

C H A P T E R 1 0 6 Converting Autonomous Access Points to Lightweight Mode 727

Information About Converting Autonomous Access Points to Lightweight Mode 727

Restrictions for Converting Autonomous Access Points to Lightweight Mode 728

Reverting from Lightweight Mode to Autonomous Mode 728

Reverting to a Previous Release (CLI) 728

Reverting to a Previous Release Using the MODE Button and a TFTP Server 729

Authorizing Access Points 729

Authorizing Access Points Using SSCs 729

Authorizing Access Points for Virtual Controllers Using SSC 729

Configuring SSC (GUI) 730

Configuring SSC (CLI) 730

Authorizing Access Points Using MICs 730

Authorizing Access Points Using LSCs 731

Configuring Locally Significant Certificates (GUI) 731

Configuring Locally Significant Certificates (CLI) 732

Authorizing Access Points (GUI) 734

Authorizing Access Points (CLI) 734

Configuring VLAN Tagging for CAPWAP Frames from Access Points 735

Information About VLAN Tagging for CAPWAP Frames from Access Points 735

Configuring VLAN Tagging for CAPWAP Frames from Access Points (GUI) 735

Configuring VLAN Tagging for CAPWAP Frames from Access Points (CLI) 735

Using DHCP Option 43 and DHCP Option 60 736

Troubleshooting the Access Point Join Process 737

Configuring the Syslog Server for Access Points (CLI) 738

Viewing Access Point Join Information 739

Viewing Access Point Join Information (GUI) 739

Viewing Access Point Join Information (CLI) 740

Sending Debug Commands to Access Points Converted to Lightweight Mode 741

Understanding How Converted Access Points Send Crash Information to the Controller 741

Understanding How Converted Access Points Send Radio Core Dumps to the Controller 741

Retrieving Radio Core Dumps (CLI) 742

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxv

Contents

Uploading Radio Core Dumps (GUI) 742

Uploading Radio Core Dumps (CLI) 743

Uploading Memory Core Dumps from Converted Access Points 743

Uploading Access Point Core Dumps (GUI) 744

Uploading Access Point Core Dumps (CLI) 744

Viewing the AP Crash Log Information 744

Viewing the AP Crash Log information (GUI) 745

Viewing the AP Crash Log information (CLI) 745

Displaying MAC Addresses for Converted Access Points 745

Disabling the Reset Button on Access Points Converted to Lightweight Mode 745

Configuring a Static IP Address on a Lightweight Access Point 746

Configuring a Static IP Address (GUI) 746

Configuring a Static IP Address (CLI) 746

Supporting Oversized Access Point Images 747

Recovering the Access PointUsing the TFTP Recovery Procedure 748

C H A P T E R 1 0 7 Configuring Packet Capture 749

Information About Packet Capture 749

Restrictions for Packet Capture 750

Configuring Packet Capture (CLI) 750

C H A P T E R 1 0 8 Configuring OfficeExtend Access Points 753

Information About OfficeExtend Access Points 753

OEAP 600 Series Access Points 754

OEAP in Local Mode 754

Supported WLAN Settings for 600 Series OfficeExtend Access Point 755

WLAN Security Settings for the 600 Series OfficeExtend Access Point 755

Authentication Settings 759

Supported User Count on 600 Series OfficeExtend Access Point 760

Remote LAN Settings 760

Channel Management and Settings 761

Additional Caveats 762

Implementing Security 762

Licensing for an OfficeExtend Access Point 763

Configuring OfficeExtend Access Points 763

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxvi OL-30339-01

Contents

Configuring OfficeExtend Access Points (GUI) 764

Configuring OfficeExtend Access Points (CLI) 765

Configuring Split Tunneling for a WLAN or a Remote LAN 768

Configuring Split Tunneling for a WLAN or a Remote LAN (GUI) 768

Configuring Split Tunneling for a WLAN or a Remote LAN (CLI) 768

Configuring a Personal SSID on an OfficeExtend Access Point 768

Viewing OfficeExtend Access Point Statistics 770

C H A P T E R 1 0 9 Using Cisco Workgroup Bridges 773

Information About Cisco Workgroup Bridges 773

Restrictions for Cisco Workgroup Bridges 775

WGB Configuration Example 776

Viewing the Status of Workgroup Bridges (GUI) 777

Viewing the Status of Workgroup Bridges (CLI) 777

Debugging WGB Issues (CLI) 778

C H A P T E R 1 1 0 Using Non-Cisco Workgroup Bridges 779

Information About Non-Cisco Workgroup Bridges 779

Restrictions for Non-Cisco Workgroup Bridges 780

C H A P T E R 1 1 1 Configuring Backup Controllers 781

Information About Configuring Backup Controllers 781

Restrictions for Configuring Backup Controllers 782

Configuring Backup Controllers (GUI) 782

Configuring Backup Controllers (CLI) 783

C H A P T E R 1 1 2 Configuring High Availability 787

Information About High Availability 787

Restrictions for High Availability 790

Configuring High Availability (GUI) 793

Configuring High Availability (CLI) 794

C H A P T E R 1 1 3 Configuring Failover Priority for Access Points 797

Information About Configuring Failover Priority for Access Points 797

Configuring Failover Priority for Access Points (GUI) 798

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxvii

Contents

Configuring Failover Priority for Access Points (CLI) 798

Viewing Failover Priority Settings (CLI) 798

C H A P T E R 1 1 4 Configuring AP Retransmission Interval and Retry Count 801

Information About Configuring the AP Retransmission Interval and Retry Count 801

Restrictions for Access Point Retransmission Interval and Retry Count 801

Configuring the AP Retransmission Interval and Retry Count (GUI) 802

Configuring the Access Point Retransmission Interval and Retry Count (CLI) 802

C H A P T E R 1 1 5 Configuring Country Codes 805

Information About Configuring Country Codes 805

Restrictions for Configuring Country Codes 806

Configuring Country Codes (GUI) 806

Configuring Country Codes (CLI) 807

C H A P T E R 1 1 6 Optimizing RFID Tracking on Access Points 809

Information About Optimizing RFID Tracking on Access Points 809

Optimizing RFID Tracking on Access Points (GUI) 809

Optimizing RFID Tracking on Access Points (CLI) 810

C H A P T E R 1 1 7 Configuring Probe Request Forwarding 811

Information About Configuring Probe Request Forwarding 811

Configuring Probe Request Forwarding (CLI) 811

C H A P T E R 1 1 8 Retrieving the Unique Device Identifier on Controllers and Access Points 813

Information About Retrieving the Unique Device Identifier on Controllers and Access

Points 813

Retrieving the Unique Device Identifier on Controllers and Access Points (GUI) 813

Retrieving the Unique Device Identifier on Controllers and Access Points (CLI) 814

C H A P T E R 1 1 9 Performing a Link Test 815

Information About Performing a Link Test 815

Performing a Link Test (GUI) 816

Performing a Link Test (CLI) 816

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xxxviii OL-30339-01

Contents

C H A P T E R 1 2 0 Configuring Link Latency 819

Information About Configuring Link Latency 819

Restrictions for Link Latency 820

Configuring Link Latency (GUI) 820

Configuring Link Latency (CLI) 820

C H A P T E R 1 2 1 Configuring the TCP MSS 823

Information About Configuring the TCP MSS 823

Configuring TCP MSS (GUI) 823

Configuring TCP MSS (CLI) 824

C H A P T E R 1 2 2 Configuring Power Over Ethernet 825

Information About Configuring Power over Ethernet 825

Configuring Power over Ethernet (GUI) 827

Configuring Power over Ethernet (CLI) 828

C H A P T E R 1 2 3 Viewing Clients 831

Viewing Clients (GUI) 831

Viewing Clients (CLI) 832

C H A P T E R 1 2 4 Configuring LED States for Access Points 833

Configuring LED States 833

Information About Configuring LED States for Access Points 833

Configuring the LED State for Access Points in a Network Globally (GUI) 833

Configuring the LED State for Access Point in a Network Globally (CLI) 833

Configuring LED State on a Specific Access Point (GUI) 834

Configuring LED State on a Specific Access Point (CLI) 834

Configuring Flashing LEDs 834

Information About Configuring Flashing LEDs 834

Configuring Flashing LEDs (CLI) 834

C H A P T E R 1 2 5 Configuring Access Points with Dual-Band Radios 837

Configuring Access Points with Dual-Band Radios (GUI) 837

Configuring Access Points with Dual-Band Radios (CLI) 838

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xxxix

Contents

P A R T V I I Configuring Radio Resource Management 839

C H A P T E R 1 2 6 Configuring RRM 841

Information About Radio Resource Management 841

Radio Resource Monitoring 842

Transmit Power Control 842

Overriding the TPC Algorithm with Minimum and Maximum Transmit Power

Settings 843

Dynamic Channel Assignment 843

Coverage Hole Detection and Correction 845

Benefits of RRM 845

Information About Configuring RRM 845

Restrictions for Configuring RRM 845

Configuring the RF Group Mode (GUI) 846

Configuring the RF Group Mode (CLI) 846

Configuring Transmit Power Control (GUI) 847

Configuring Off-Channel Scanning Defer 848

Information About Off-Channel Scanning Defer 848

Configuring Off-Channel Scanning Defer for WLANs 849

Configuring Off-Channel Scanning Defer for a WLAN (GUI) 849

Configuring Off Channel Scanning Defer for a WLAN (CLI) 849

Configuring Dynamic Channel Assignment (GUI) 850

Configuring Coverage Hole Detection (GUI) 853

Configuring RRMProfile Thresholds,Monitoring Channels, andMonitor Intervals

(GUI) 854

Configuring RRM (CLI) 855

Viewing RRM Settings (CLI) 859

Debug RRM Issues (CLI) 860

C H A P T E R 1 2 7 Configuring RRM Neighbor Discovery Packets 861

Information About RRM NDP and RF Grouping 861

Configuring RRM NDP (CLI) 861

C H A P T E R 1 2 8 Configuring RF Groups 863

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xl OL-30339-01

Contents

Information About RF Groups 863

RF Group Leader 864

RF Group Name 865

Controllers and APs in RF Groups 865

Configuring RF Groups 866

Configuring an RF Group Name (GUI) 866

Configuring an RF Group Name (CLI) 866

Viewing the RF Group Status 867

Viewing the RF Group Status (GUI) 867

Viewing the RF Group Status (CLI) 867

Configuring Rogue Access Point Detection in RF Groups 868

Information About Rogue Access Point Detection in RF Groups 868

Configuring Rogue Access Point Detection in RF Groups 868

Enabling Rogue Access Point Detection in RF Groups (GUI) 868

Configuring Rogue Access Point Detection in RF Groups (CLI) 869

C H A P T E R 1 2 9 Overriding RRM 871

Information About Overriding RRM 871

Prerequisites for Overriding RRM 871

Statically Assigning Channel and Transmit Power Settings to Access Point Radios 872

Statically Assigning Channel and Transmit Power Settings (GUI) 872

Statically Assigning Channel and Transmit Power Settings (CLI) 873

Disabling Dynamic Channel and Power Assignment Globally for a Cisco Wireless LAN

Controller 876

Disabling Dynamic Channel and Power Assignment (GUI) 876

Disabling Dynamic Channel and Power Assignment (CLI) 877

C H A P T E R 1 3 0 Configuring CCX Radio Management Features 879

Information About CCX Radio Management Features 879

Radio Measurement Requests 879

Location Calibration 880

Configuring CCX Radio Management 880

Configuring CCX Radio Management (GUI) 880

Configuring CCX Radio Management (CLI) 881

Viewing CCX Radio Management Information (CLI) 881

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xli

Contents

Debugging CCX Radio Management Issues (CLI) 882

P A R T V I I I Configuring Cisco CleanAir 885

C H A P T E R 1 3 1 Information About CleanAir 887

Information About CleanAir 887

Role of the Cisco Wireless LAN Controller in a Cisco CleanAir System 888

Interference Types that Cisco CleanAir Can Detect 888

Persistent Devices 889

Persistent Devices Detection 889

Persistent Devices Propagation 889

Detecting Interferers by an Access Point 890

C H A P T E R 1 3 2 Prerequisites and Restrictions for CleanAir 891

Prerequisites for CleanAir 891

Restrictions for CleanAir 892

C H A P T E R 1 3 3 Configuring Cisco CleanAir 893

Configuring Cisco CleanAir on the Controller 893

Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI) 893

Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (CLI) 895

Configuring Cisco CleanAir on an Access Point 899

Configuring Cisco CleanAir on an Access Point (GUI) 899

Configuring Cisco CleanAir on an Access Point (CLI) 900

C H A P T E R 1 3 4 Monitoring the Interference Devices 901

Prerequisites for Monitoring the Interference Devices 901

Monitoring the Interference Device (GUI) 901

Monitoring the Interference Device (CLI) 903

Detecting Interferers by an Access Point 903

Detecting Interferers by Device Type 903

Detecting Persistent Sources of Interference 903

Monitoring Persistent Devices (GUI) 904

Monitoring Persistent Devices (CLI) 904

Monitoring the Air Quality of Radio Bands 905

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlii OL-30339-01

Contents

Monitoring the Air Quality of Radio Bands (GUI) 905

Monitoring the Air Quality of Radio Bands (CLI) 905

Viewing a Summary of the Air Quality 905

Viewing Air Quality for all Access Points on a Radio Band 905

Viewing Air Quality for an Access Point on a Radio Band 905

Monitoring the Worst Air Quality of Radio Bands (GUI) 906

Monitoring the Worst Air Quality of Radio Bands (CLI) 906

Viewing a Summary of the Air Quality (CLI) 906

Viewing the Worst Air Quality Information for all Access Points on a Radio Band

(CLI) 906

Viewing the Air Quality for an Access Point on a Radio Band (CLI) 906

Viewing the Air Quality for an Access Point by Device Type (CLI) 907

Detecting Persistent Sources of Interference (CLI) 907

C H A P T E R 1 3 5 Configuring a Spectrum Expert Connection 909

Information About Spectrum Expert Connection 909

Configuring Spectrum Expert (GUI) 909

P A R T I X Configuring FlexConnect 913

C H A P T E R 1 3 6 Configuring FlexConnect 915

Information About FlexConnect 915

FlexConnect Authentication Process 917

Restrictions for FlexConnect 921

Configuring FlexConnect 922

Configuring the Switch at a Remote Site 922

Configuring the Controller for FlexConnect 923

Configuring the Controller for FlexConnect for a Centrally Switched WLAN Used

for Guest Access 924

Configuring the Controller for FlexConnect (GUI) 925

Configuring the Controller for FlexConnect (CLI) 926

Configuring an Access Point for FlexConnect 928

Configuring an Access Point for FlexConnect (GUI) 928

Configuring an Access Point for FlexConnect (CLI) 930

Configuring an Access Point for Local Authentication on a WLAN (GUI) 932

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xliii

Contents

Configuring an Access Point for Local Authentication on a WLAN (CLI) 932

Connecting Client Devices to WLANs 933

Configuring FlexConnect Ethernet Fallback 933

Information About FlexConnect Ethernet Fallback 933

Restrictions for FlexConnect Ethernet Fallback 933

Configuring FlexConnect Ethernet Fallback (GUI) 934

Configuring FlexConnect Ethernet Fallback (CLI) 934

C H A P T E R 1 3 7 Configuring FlexConnect ACLs 935

Information About Access Control Lists 935

Restrictions for FlexConnect ACLs 935

Configuring FlexConnect ACLs (GUI) 936

Configuring FlexConnect ACLs (CLI) 938

Viewing and Debugging FlexConnect ACLs (CLI) 939

C H A P T E R 1 3 8 Configuring FlexConnect Groups 941

Information About FlexConnect Groups 941

FlexConnect Groups and Backup RADIUS Servers 942

FlexConnect Groups and CCKM 942

FlexConnect Groups and Opportunistic Key Caching 943

FlexConnect Groups and Local Authentication 943

Configuring FlexConnect Groups 944

Configuring FlexConnect Groups (GUI) 944

Configuring FlexConnect Groups (CLI) 947

Configuring VLAN-ACL Mapping on FlexConnect Groups 949

Configuring VLAN-ACL Mapping on FlexConnect Groups (GUI) 949

Configuring VLAN-ACL Mapping on FlexConnect Groups (CLI) 949

Viewing VLAN-ACL Mappings (CLI) 949

Configuring WLAN-VLAN Mappings on FlexConnect Groups 950

Configuring WLAN-VLAN Mapping on FlexConnect Groups (GUI) 950

Configuring WLAN-VLAN Mapping on FlexConnect Groups (CLI) 951

C H A P T E R 1 3 9 Configuring AAA Overrides for FlexConnect 953

Information About Authentication, Authorization, Accounting Overrides 953

Restrictions for AAA Overrides for FlexConnect 954

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xliv OL-30339-01

Contents

Configuring AAA Overrides for FlexConnect on an Access Point (GUI) 955

Configuring VLAN Overrides for FlexConnect on an Access Point (CLI) 956

C H A P T E R 1 4 0 Configuring FlexConnect AP Upgrades for FlexConnect APs 957

Information About FlexConnect AP Upgrades 957

Restrictions for FlexConnect AP Upgrades for FlexConnect Access Points 957

Configuring FlexConnect AP Upgrades (GUI) 958

Configuring FlexConnect AP Upgrades (CLI) 958

P A R T X Configuring Mobility Groups 959

C H A P T E R 1 4 1 Configuring Mobility Groups 961

Information About Mobility 961

Information About Mobility Groups 965

Messaging Among Mobility Groups 967

Using Mobility Groups with NAT Devices 967

Prerequisites for Configuring Mobility Groups 968

Configuring Mobility Groups (GUI) 970

Configuring Mobility Groups (CLI) 971

C H A P T E R 1 4 2 Viewing Mobility Group Statistics 973

Viewing Mobility Group Statistics (GUI) 973

Viewing Mobility Group Statistics (CLI) 974

C H A P T E R 1 4 3 Configuring Auto-Anchor Mobility 975

Information About Auto-Anchor Mobility 975

Guidelines and Limitations 976

Configuring Auto-Anchor Mobility (GUI) 977

Configuring Auto-Anchor Mobility (CLI) 977

C H A P T E R 1 4 4 Validating WLANMobility Security Values 981

Information About WLAN Mobility Security Values 981

C H A P T E R 1 4 5 Using Symmetric Mobility Tunneling 983

Information About Symmetric Mobility Tunneling 983

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlv

Contents

Guidelines and Limitations 984

Verifying Symmetric Mobility Tunneling (GUI) 984

Verifying if Symmetric Mobility Tunneling is Enabled (CLI) 984

C H A P T E R 1 4 6 Running Mobility Ping Tests 985

Information About Mobility Ping Tests 985

Guidelines and Limitations 985

Running Mobility Ping Tests (CLI) 986

C H A P T E R 1 4 7 Configuring Dynamic Anchoring for Clients with Static IP Addresses 987

Information About Dynamic Anchoring for Clients with Static IP 987

How Dynamic Anchoring of Static IP Clients Works 987

Guidelines and Limitations 988

Configuring Dynamic Anchoring of Static IP Clients (GUI) 988

Configuring Dynamic Anchoring of Static IP Clients (CLI) 989

C H A P T E R 1 4 8 Configuring Foreign Mappings 991

Information About Foreign Mappings 991

Configuring Foreign Controller MAC Mapping (GUI) 991

Configuring Foreign Controller MAC Mapping (CLI) 991

C H A P T E R 1 4 9 Configuring Proxy Mobile IPv6 993

Information About Proxy Mobile IPv6 993

Restrictions for Proxy Mobile IPv6 993

Configuring Proxy Mobile IPv6 (GUI) 994

Configuring Proxy Mobile IPv6 (CLI) 995

C H A P T E R 1 5 0 Configuring New Mobility 999

Information About New Mobility 999

Restrictions for New Mobility 999

Configuring New Mobility (GUI) 1000

Configuring New Mobility (CLI) 1001

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlvi OL-30339-01

Contents

Preface

This preface describes the audience, organization, and conventions of this document. It also providesinformation on how to obtain other documentation. This chapter includes the following sections:

Audience, page xlvii

Conventions, page xlvii

Related Documentation, page xlviii

Obtaining Documentation and Submitting a Service Request, page xlix

AudienceThis publication is for experienced network administrators who configure and maintain Cisco wireless LANcontrollers and Cisco lightweight access points.

ConventionsThis document uses the following conventions:

Table 1: Conventions

IndicationConvention

Commands and keywords and user-entered text appear in bold font.bold font

Document titles, new or emphasized terms, and arguments for which you supplyvalues are in italic font.

italic font

Elements in square brackets are optional.[ ]

Required alternative keywords are grouped in braces and separated by verticalbars.

{x | y | z }

Optional alternative keywords are grouped in brackets and separated by verticalbars.

[ x | y | z ]

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlvii

IndicationConvention

A nonquoted set of characters. Do not use quotation marks around the string orthe string will include the quotation marks.

string

Terminal sessions and information the system displays appear in courier font.courier font

Nonprinting characters such as passwords are in angle brackets.

Default responses to system prompts are in square brackets.[]

An exclamation point (!) or a pound sign (#) at the beginning of a line of codeindicates a comment line.

!, #

Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.

Note

Means the following information will help you solve a problem.Tip

Means reader be careful. In this situation, you might perform an action that could result in equipmentdamage or loss of data.

Caution

Related DocumentationThese documents provide complete information about Cisco Wireless:

Cisco Wireless LAN Controller configuration guides:

http://www.cisco.com/en/US/products/ps10315/products_installation_and_configuration_guides_list.html

Cisco Wireless LAN Controller command references:

http://www.cisco.com/en/US/products/ps10315/prod_command_reference_list.html

Cisco Wireless LAN Controller System Message Guide:

http://www.cisco.com/en/US/products/ps10315/products_system_message_guides_list.html

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points:

http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html

Cisco Wireless Mesh Access Points, Design and Deployment Guide:

http://www.cisco.com/en/US/products/ps11451/products_implementation_design_guides_list.html

Cisco Prime Infrastructure documentation:

http://www.cisco.com/en/US/products/ps12239/products_documentation_roadmaps_list.html

Cisco Wireless LAN Controller Configuration Guide, Release 7.6xlviii OL-30339-01

PrefaceRelated Documentation

Cisco Mobility Services Engine documentation:

http://www.cisco.com/en/US/products/ps9806/tsd_products_support_series_home.html

Click this link to access user documentation pertaining to Cisco Wireless solution:

http://www.cisco.com/cisco/web/psa/default.html?mode=prod

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, seeWhat's New in Cisco Product Documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.

Subscribe toWhat's New in Cisco Product Documentation, which lists all new and revised Cisco technicaldocumentation, as an RSS feed and deliver content directly to your desktop using a reader application. TheRSS feeds are a free service.

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 xlix

PrefaceObtaining Documentation and Submitting a Service Request

Cisco Wireless LAN Controller Configuration Guide, Release 7.6l OL-30339-01

PrefaceObtaining Documentation and Submitting a Service Request

P A R T ISystem Management Overview, page 3

Getting Started, page 15

Managing Licenses, page 55

Configuring 802.11 Bands, page 73

Configuring 802.11 Parameters, page 81

Configuring DHCP Proxy, page 89

Configuring SNMP, page 93

Configuring Aggressive Load Balancing, page 97

Configuring Fast SSID Changing, page 101

Configuring 802.3 Bridging, page 103

Configuring Multicast, page 105

Configuring Client Roaming, page 119

Configuring IP-MAC Address Binding, page 125

Configuring Quality of Service, page 127

Configuring Application Visibility and Control, page 135

Configuring Media and EDCA Parameters, page 141

Configuring the Cisco Discovery Protocol, page 161

Configuring Authentication for the Controller and NTP Server, page 169

Configuring RFID Tag Tracking, page 171

Resetting the Controller to Default Settings, page 175

Managing Controller Software and Configurations, page 177

Managing User Accounts, page 209

Managing Web Authentication, page 219

Configuring Wired Guest Access, page 241

Troubleshooting, page 249

C H A P T E R 1Overview

Cisco Wireless Overview, page 3

Operating System Software, page 6

Operating System Security, page 6

Layer 2 and Layer 3 Operation, page 7

Cisco Wireless LAN Controllers, page 8

Controller Platforms, page 8

Cisco UWN Solution WLANs, page 11

File Transfers, page 11

Power over Ethernet, page 11

Cisco Wireless LAN Controller Memory, page 12

Cisco Wireless LAN Controller Failover Protection, page 12

Cisco Wireless OverviewCisco Wireless is designed to provide 802.11 wireless networking solutions for enterprises and serviceproviders. CiscoWireless simplifies deploying and managing large-scale wireless LANs and enables a uniquebest-in-class security infrastructure. The operating systemmanages all data client, communications, and systemadministration functions, performs radio resource management (RRM) functions, manages system-widemobility policies using the operating system security solution, and coordinates all security functions usingthe operating system security framework.

Cisco Wireless solution consists of Cisco wireless LAN controllers and their associated lightweight accesspoints controlled by the operating system, all concurrently managed by any or all of the operating system userinterfaces:

An HTTP and/or HTTPS full-featured Web User Interface hosted by Cisco wireless LAN controllerscan be used to configure and monitor individual controllers.

A full-featured command-line interface (CLI) can be used to configure and monitor individual Ciscowireless LAN controllers.

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 3

The Cisco Prime Infrastructure, which you use to configure and monitor one or more Cisco wirelessLAN controllers and associated access points. The Prime Infrastructure has tools to facilitate large-systemmonitoring and control. For more information about Cisco Prime Infrastructure, see http://www.cisco.com/en/US/products/ps12239/tsd_products_support_series_home.html.

An industry-standard SNMPV1, V2c, andV3 interface can be usedwith any SNMP-compliant third-partynetwork management system.

The Cisco Wireless solution supports client data services, client monitoring and control, and all rogue accesspoint detection, monitoring, and containment functions. It uses lightweight access points, Cisco wireless LANcontrollers, and the optional Cisco Prime Infrastructure to provide wireless services to enterprises and serviceproviders.

Unless otherwise noted in this publication, all of the Cisco wireless LAN controllers are referred to ascontrollers, and all of the Cisco lightweight access points are referred to as access points.

Note

Single-Controller DeploymentsA standalone controller can support lightweight access points across multiple floors and buildingssimultaneously and support the following features:

Autodetecting and autoconfiguring lightweight access points as they are added to the network.

Full control of lightweight access points.

Lightweight access points connect to controllers through the network. The network equipment may ormay not provide Power over Ethernet (PoE) to the access points.

Some controllers use redundant Gigabit Ethernet connections to bypass single network failures.

Some controllers can connect through multiple physical ports to multiple subnets in the network. Thisfeature can be helpful when you want to confine multiple VLANs to separate subnets.

Note

Cisco Wireless LAN Controller Configuration Guide, Release 7.64 OL-30339-01

Cisco Wireless Overview

This figure shows a typical single-controller deployment.

Figure 1: Single-Controller Deployment

Multiple-Controller DeploymentsEach controller can support lightweight access points across multiple floors and buildings simultaneously.However, full functionality of the Cisco wireless LAN solution occurs when it includes multiple controllers.A multiple-controller system has the following additional features:

Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.

Same-subnet (Layer 2) roaming and inter-subnet (Layer 3) roaming.

Automatic access point failover to any redundant controller with a reduced access point load.

The following figure shows a typical multiple-controller deployment. The figure also shows an optionaldedicatedmanagement network and the three physical connection types between the network and the controllers.

Cisco Wireless LAN Controller Configuration Guide, Release 7.6 OL-30339-01 5

Cisco Wireless Overview

Figure 2: Typical Multiple-Controller Deployment

Operating System SoftwareThe operating system software controls controllers and lightweight access points. It includes full operatingsystem security and radio resource management (RRM) features.

Operating System SecurityOperating system security bundles Layer 1, Layer 2, and Layer 3 security compone