Cisco 2504 Wireless Controller
Contents
1. 04 Disabled Call Admission Control CAC configuration Voice AC Admission control ACM Enabled Voice max RF bandwidth 75 Voice reserved roaming bandwidth 6 Voice load based CAC mode Disabled Voice tspec inactivity timeout Disabled Video AC Admission control ACM Enabled Voice Stream Size ee ee ee ee eee 84000 Voice Max StreamS cee eee eee ee wee 2 Video max RF bandwidth Infinite Video reserved roaming bandwidth 0 ntroller Configuration Guide Cisco Wireless LAN Co OL 21524 02 Chapter4 Configuring Controller Settings Configuring 802 11h Parameters W Configuring 802 11h Parameters 802 11h informs client devices about channel changes and can limit the transmit power of those client devices You can configure the 802 11h parameters using the controller GUI or CLI Using the GUI to Configure 802 11h Parameters To configure 802 11h parameters using the controller GUI follow these steps Step 1 Disable the 802 11a band as follows a Choose Wireless gt 802 11a n gt Network to open the 802 11a Global Parameters page b Unselect the 802 11a Network Status check box c Click Apply to commit your change Step2 Choose Wireless gt 802 11a n gt DFS 802 11h to open the 802 11h Global Parameters page see Figure 4 13 Figure 4 13 802 11h Global2. All controllers that will communicate must have the same DHCP proxy setting See Chapter 7 Configuring WLANs for information on configuring DHCP servers Using the GUI to Configure DHCP Proxy Step 1 Step 2 Step 3 Step 4 To configure DHCP proxy using the controller GUI follow these steps Choose Controller gt Advanced gt DHCP to open the DHCP Parameters page see Figure 4 14 Figure 4 14 DHCP Parameters Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Controller DHCP Parameters Apply General Inventory Enable DHCP Proxy v Interfaces DHCP Option 82 Remote Id field format AP MAC Multicast 274691 Select the Enable DHCP Proxy check box to enable DHCP proxy on a global basis Otherwise unselect the check box The default value is selected Click Apply to commit your changes Click Save Configuration to save your changes Using the CLI to Configure DHCP Proxy Step 1 Step 2 To configure DHCP proxy using the controller CLI follow these steps Enable or disable DHCP proxy by entering this command config dhcp proxy enable disable View the DHCP proxy configuration by entering this command show dhcp proxy Information similar to the following appears OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings HZ Configuring
3. Client Roaming video EDCA Parameters High Throughput 802 11n 212224 Choose one of the following options from the EDCA Profile drop down list WMM nables the Wi Fi Multimedia WMM default parameters This is the default value Choose this option when voice or video services are not deployed on your network Spectralink Voice Priority Enables SpectraLink voice priority parameters Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls Voice Optimized Enables EDCA voice optimized profile parameters Choose this option when voice services other than SpectraLink are deployed on your network Voice amp Video Optimized Enables EDCA voice and video optimized profile parameters Choose this option when both voice and video services are deployed on your network amp Note If you deploy video services admission control ACM must be disabled Custom Voice Enables custom voice EDCA parameters for 802 1 1a The EDCA parameters under this option also match the 6 0 WMM EDCA parameters when this profile is applied If you want to enable MAC optimization for voice select the Enable Low Latency MAC check box Otherwise leave this check box unselected which is the default value This feature enhances voice performance by controlling packet retransmits and appropriately aging out voice packets on lightweight access points which improves the number of voice calls serviced
4. 207718 Step2 From the Action drop down list choose Install License The Install License from a File section appears see Figure 4 3 Figure 4 3 License Commands Install License Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMM 5 HELP Management License Commands Summary gt SNMP Action Install License x HUR Install license from a file Telnet SSH Serial Port File name to install tp urt e g tftp 172 32 45 22 cmm standard lic Local Management Install License Users User Sessions gt Logs Mgmt Yia Wireless Y Software Activation Licenses Commands License Agent 274697 Cisco Wireless LAN Controller Configuration Guide ee E Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses Step 3 Step 4 Step 5 Step 6 Step7 Step 8 Step 9 In the File Name to Install text box enter the path to the license lic on the TFTP server Click Install License A message appears to show whether the license was installed successfully If the installation fails the message provides the reason for the failure such as the license is an existing license the path was not found the license does not belong to this device you do not have correct permissions for the license and so on If the end user license agreement EULA acceptance dialog box appears read the agreement and click Accept to accept the terms of the
5. Information similar to the following appears RFID Tag data Collection 0 2000 Enabled REED TMOG Ute oie a sc shoo te age esac eres as ane essua avecaue eudcaue eutewde aes 1200 seconds REID MOWIE VEY Foss hektene eae lie ere ea aa adara Meet ede Oui 00 14 7e Vendor pango State Disabled See detailed information for a specific RFID tag by entering this command show rfid detail mac_address where mac_address is the tag s MAC address Information similar to the following appears REID addres Srii Vania tein Vanesa Sahn Varte ahha a n Sea EE TAE 00 12 b8 00 20 52 Vendors aeaa Sasso nae eee ise baie wae we ACR ATS Ra E ROR S G2 Last Hears sc sccscs esse Ss Sis Era BO we SUS ees OER OSU O 51 seconds ago Packets RECEIVE eure ie ete de ate te ele eb ee els ee eb Pek eb 2 Bytes Received orou a eee ee eee ee eee 324 Cisco Types sidor ete ade Stele ete late eel e RS a Sda oe So RRS Content Header WSU SION Gk a RAE ROR OEE ES SA ASS 1 Me POW SI oa ark oe cece dire catch a sel als ce ae as el cos a fe Mines Bo Bae Bd Say Sd Bas E 12 dBm Channels roes pine aoe regs tie athe Sees enc ae aaa ee sara Bahar a ae as 1 REG MCL ASS E E E A EE ren sae voces eu siseadtensnsus enaientiets 12 BuUeS EW KENGER ous Sass can Ses EREE ovo tas econ SANAAA EAA rE AE 1 CCX Payload Last Sequence Control eee ee ee ee ee ee eee 0 Payload Lengel e ie Ree ewe Rees hee eee eRe eek ou 127 Payload Data Hex Dump 01 09 0
6. The Per AP limits are as follows e For 16 MB APs the limit is 128 clients per AP This limit is applicable to 1100 and 1200 series APs e For 32 MB and higher APs there is no per AP limit The per radio limits are as follows e For all Cisco IOS APs the limit is 200 associations per radio e For all 1000 and 1500 series APs which are not supported beyond release 4 2 the limit is 250 associations per radio With 32 MB and higher lightweight Cisco IOS APs with two radios up to 200 200 400 associations are supported Client Association Limits for Autonomous Cisco IOS Access Points The client association limits for autonomous Cisco IOS access points are as follows The limit is around 80 to 127 clients per AP This number varies depending on the following factors e AP model whether it is 16 MB or 32 MB or higher e Cisco IOS version Cisco Wireless LAN Controller Configuration Guide oL 21524 02 a aas Chapter4 Configuring Controller Settings WE Configuring Aggressive Load Balancing e Hardware configuration two radios use more memory than one e Enabled features WDS functionality in particular The per radio limits are as follows The per radio limit is about 200 associations One association will likely hit the per AP limit first Unlike Cisco Unified Wireless Network autonomous Cisco IOS supports per SSID per AP association limits This limit is configured using the max associations CLI under dot 1
7. packet enable disable Enables or disables debugging for NMSP packet events e Enable or disable debugging for NMSP interface events by entering this command debug dot11 nmsp enable disable e Enable or disable debugging for APP NMSP events by entering this command debug iapp nmsp enable disable e Enable or disable debugging for RFID NMSP messages by entering this command debug rfid nmsp enable disable e Enable or disable debugging for access point monitor NMSP events by entering this command debug service ap monitor nmsp enable disable e Enable or disable debugging for wIPS NMSP events by entering this command debug wips nmsp enable disable Configuring the Supervisor 720 to Support the WiSM When you install a WiSM in a Cisco Catalyst 6500 series switch or a Cisco 7600 series router you must configure the Supervisor 720 to support the WiSM When the supervisor detects the WiSM the supervisor creates ten Gigabit Ethernet interfaces ranging from Gigs ot 1 to Gigs ot 8 For example if the WiSM is in slot 9 the supervisor creates interfaces Gig9 1 through Gig9 8 The first eight Gigabit Ethernet interfaces must be organized into two EtherChannel bundles of four interfaces each The remaining two Gigabit Ethernet interfaces are used as service port interfaces one for each controller on the WiSM You must manually create VLANs to communicate with the ports on the WiSM Cisco Wireless LAN Controller Configuration G
8. CHAPTER i Configuring Controller Settings This chapter describes how to configure settings on the controller It contains these sections Installing and Configuring Licenses page 4 2 Configuring 802 11 Bands page 4 26 Configuring 802 11n Parameters page 4 30 Configuring 802 11h Parameters page 4 35 Configuring DHCP Proxy page 4 36 Configuring Administrator Usernames and Passwords page 4 38 Configuring SNMP page 4 39 Changing the Default Values of SNMP Community Strings page 4 40 Changing the Default Values for SNMP v3 Users page 4 42 Configuring Aggressive Load Balancing page 4 44 Configuring Band Selection page 4 48 Configuring Fast SSID Changing page 4 51 Enabling 802 3X Flow Control page 4 51 Configuring 802 3 Bridging page 4 52 Configuring Multicast Mode page 4 54 Configuring Client Roaming page 4 59 Configuring IP MAC Address Binding page 4 64 Configuring Quality of Service page 4 65 Configuring Voice and Video Parameters page 4 72 Configuring Voice Prioritization Using Preferred Call Numbers page 4 90 Configuring EDCA Parameters page 4 91 Configuring the Cisco Discovery Protocol page 4 94 Configuring Authentication for the Controller and NTP Server page 4 105 Configuring RFID Tag Tracking page 4 106 Configuring and Viewing Location Settings page 4 110 Configuring the Supervisor 720 to Support the WiSM page 4 118 Using the Wireless LAN Controller Network Module page 4 119 Cisco Wirele
9. Step 6 Step 7 To remove a preferred call hover your cursor over the blue drop down arrow and choose Remove Click Add Number to add a new preferred call In the Call Index text box enter the index that you want to assign to the call Valid values are from 1 through 6 In the Call Number text box enter the number Cisco Wireless LAN Controller Configuration Guide M400 OL 21524 02 Chapter 4 Configuring Controller Settings Step 8 Configuring EDCA Parameters W Click Apply to add the new number Using the CLI to Configure a Preferred Call Number Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 To configure voice prioritization using the controller CLI follow these steps Set the voice to the platinum QoS level by entering this command config wlan qos wlan id Platinum Enable the ACM to this radio by entering this command config 802 11a 802 11b cac voice video acm enable Enable the call snooping feature for a particular WLAN by entering this command config wlan call snoop enable wlan id Add a new preferred call by entering this command config advanced sip preferred call no call_index call_number none Remove a preferred call by entering this command config advanced sip preferred call no call_index none View the preferred call statistics by entering the following command show ap stats 802 11 a b wlan ap_name Enter the following command to list the preferred
10. Traffic Metrics Neighbor Address Neighbor Port GigabitEthernet0 17 gt Rogues i Advt Version v2 Clients TTL 180 Multicast P Capability Switch IGMP Platform cisco WS C3560G 24PS Software Yersion Cisco IOS Software C3560 Software C3560 IPBASE M Version 12 2 25 SEB4 RELEASE EE 212205 This page shows the following information e The name of the access point e The MAC address of the access point s radio e The IP address of the access point e The interface on which the CDP packets were received e The name of the CDP neighbor e The IP address of the CDP neighbor e The port used by the CDP neighbor I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings WE Configuring the Cisco Discovery Protocol Step 6 e The CDP version being advertised v1 or v2 e The time left in seconds before the CDP neighbor entry expires e The functional capability of the CDP neighbor defined as follows R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater or M Remotely Managed Device e The hardware platform of the CDP neighbor device e The software running on the CDP neighbor Choose Traffic Metrics to see CDP traffic information The CDP gt Traffic Metrics page appears see Figure 4 47 Figure 4 47 CDP gt Traffic Metrics Page Saye Configuration Ping Logout Refresh AEL MONITOR WLANs CONTROLLER WIRELE
11. Cisco Wireless LAN Controller Configuration Guide M432 By OL 21524 02 Chapter 4 Configuring Controller Settings Step 5 Step 6 Configuring 802 11n Parameters W Aggregation is the process of grouping packet data frames together rather than transmitting them separately Two aggregation methods are available Aggregated MAC Protocol Data Unit A MPDU and Aggregated MAC Service Data Unit A MSDU Both A MPDU and A MSDU are performed in the software You can specify the aggregation method for various types of traffic from the access point to the clients Table 4 2 defines the priority levels 0 7 assigned per traffic type Table 4 2 Traffic Type Priority Levels User Priority Traffic Type 0 Best effort 1 Background 2 Spare 3 Excellent effort 4 Controlled load 5 Video less than 100 ms latency and jitter 6 Voice less than 10 ms latency and jitter 7 Network control You can configure each priority level independently or you can use the all parameter to configure all of the priority levels at once When you use the enable command the traffic associated with that priority level uses A MPDU transmission When you use the disable command the traffic associated with that priority level uses A MSDU transmission Configure the priority levels to match the aggregation method used by the clients By default A MPDU is enabled for priority level 0 4 and 5 and the rest are disabled By default A M
12. Information similar to the following appears Authorize APs against AAA ee eee eee eee disabled Allow APs with Self Signed Certificate SSC disabled Mac Addr Cert Type Key Hash 00 16 36 91 9a 27 LBS SSC 593 34e7cb151997a28cc7da2a6cac040b329636 Synchronizing the Controller and Location Appliance For controller software release 4 2 or later releases if a location appliance release 3 1 or later releases is installed on your network the time zone must be set on the controller to ensure proper synchronization between the two systems Also the times must be synchronized on the two devices We recommend that you set the time even for networks that do not have location appliances See the Configuring 802 11 Bands section on page 4 26 for instructions on setting the time and date on the controller Note The time zone can be different for the controller and the location appliance but the time zone delta must be configured accordingly based on GMT Configuring Location Settings The controller determines the location of client devices by gathering received signal strength indication RSSI measurements from access points all around the client of interest The controller can obtain location reports from up to 16 access points for clients RFID tags and rogue access points Improve location accuracy by configuring the path loss measurement S60 request for normal clients or calibrating clients by entering this c
13. e CDP is disabled on radio interfaces on indoor nonindoor mesh access points e Nonmesh access points have CDPs disabled on radio interfaces when they join the controller The persistent CDP configuration is used for the APs that had CDP support in its previous image e CDP is enabled on radio interfaces on indoor mesh and mesh access points e Mesh access points will have CDP enabled on their radio interfaces when they join the controller The persistent CDP configuration is used for the access points that had CDP support in a previous image The CDP configuration for radio interfaces is applicable only for mesh APs oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring the Cisco Discovery Protocol Figure 4 39 Sample Network Illustrating CDP Cisco 4400 Series Wireless LAN Controller MODEL 4402 W5 C6506 E Devy sw 2 GigE 0 1 10 24 111 10 INTERNET WS C3750 24 BSE SW 1 WS C3750 24 NASDAQ SW 1 10243444 FastE0 13 FastEO 1 10 76 34 37 AP12 AP13 aah 10 76 34 155 10 24 34 233 3 Using the GUI to Configure the Cisco Discovery Protocol To configure CDP using the controller GUI follow these steps Step1 Choose Controller gt CDP gt Global Configuration to open the CDP gt Global Configuration page see Figure 4 40 Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 _ Chapter 4 Configuring Cont
14. that is reserved for roaming voice clients The controller reserves this bandwidth from the maximum allocated bandwidth for roaming voice clients The range is 0 to 25 The default is 6 To enable expedited bandwidth requests select the Expedited Bandwidth check box By default this text box is disabled To enable SIP CAC support select the SIP CAC Support check box By default SIP CAC this check box is disabled From the SIP Codec drop down list choose one of the following options to set the codec name The default value is G 711 The options are as follows e User Defined e G 711 e G 729 In the SIP Bandwidth kbps text box enter the bandwidth in kilo bits per second The possible range is 8 to 64 The default value is 64 Note Step 13 Step 14 amp The SIP Bandwidth kbps text box is highlighted only when you select the SIP codec as User Defined If you choose the SIP codec as G 711 the SIP Bandwidth kbps text box is set to 64 If you choose the SIP codec as G 729 the SIP Bandwidth kbps text box is set to 8 In the SIP Voice Sample Interval msecs text box enter the value for the sample interval In the Maximum Calls text box enter the maximum number of calls that can be made to this radio The maximum call limit includes both direct and roaming in calls If the maximum call limit is reached new or roaming in calls will fail The possible range is 0 to 25 The default value is 0 which indic
15. the controller ignores all expedited requests and processes TSPEC requests as normal TSPEC requests See Table 4 3 for examples of TSPEC request handling for normal TSPEC requests and expedited bandwidth requests Table 4 3 TSPEC Request Handling Examples Reserved bandwidth for Normal TSPEC TSPEC with Expedited CAC Mode voice calls Usage Request Bandwidth Request Bandwidth 75 default setting Less than 75 Admitted Admitted based CAC Between 75 and 90 Rejected Admitted reserved bandwidth for voice calls exhausted More than 90 Rejected Rejected Load based Less than 75 Admitted Admitted CAC Between 75 and 85 Rejected Admitted reserved bandwidth for voice calls exhausted More than 85 Rejected Rejected 1 For bandwidth based CAC the voice call bandwidth usage is per access point and does not take into account co channel access points For load based CAC the voice call bandwidth usage is measured for the entire channel 2 Bandwidth based CAC consumed voice and video bandwidth or load based CAC channel utilization Pb amp Note amp Controller software release 6 0 or later releases support admission control for TSPEC g711 40ms codec type Note When video ACM is enabled the controller rejects a video TSPEC if the non MSDU size in the TSPEC is greater than 149 or the mean data rate is greater than 1 Kbps OL 21524 02 Cisco Wireless LAN Controller C
16. 02 Chapter4 Configuring Controller Settings Configuring and Viewing Location Settings W tags threshold Configures the NMSP notification threshold in dB for RFID tags The valid range for the threshold parameter is 0 to 10 dB and the default value is 0 dB rogue aps threshold Configures the NMSP notification threshold in dB for rogue access points The valid range for the threshold parameter is 0 to 10 dB and the default value is 0 dB amp Note We recommend that you do not use or modify the config location notify threshold command Configure the algorithm used to average RSSI and signal to noise ratio SNR values by entering this command config location algorithm where is one of the following simple Specifies a faster algorithm that requires low CPU overhead but provides less accuracy rssi average Specifies a more accurate algorithm but requires more CPU overhead amp Note We recommend that you do not use or modify the config location algorithm command Viewing Location Settings To view location information use these CLI commands View the current location configuration values by entering this command show location summary Information similar to the following appears Location Summary Algorithm used Average Client RSSI expiry timeout 5 sec Half life 0 sec Notify Threshold 0 db Calibrating Client RSSI expiry timeout 5 sec Half life 0 sec Rog
17. 802 11a band by entering this command config 802 11a enable network The default value is enabled Enable the 802 11b band by entering this command config 802 11b enable network The default value is enabled Enable or disable 802 11g network support by entering this command config 802 11b 11gSupport enable disable The default value is enabled You can use this command only if the 802 11b band is enabled If you disable this feature the 802 11b band is enabled without 802 11g support Save your changes by entering this command save config View the configuration settings for the 802 11a or 802 11b g band by entering this command show 802 11a 802 11b Information similar to the following appears 802 Tra NSC WOR Kia hve boo dons tt te ates otal hs he LI ote so a ee Enabled I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring 802 11n Parameters STS TD OIE Gnu a E E emda E casei aceees Enabled 802 11a Low B nd eseese 2 2 ee eee eee Enabled SOO 1S Mid Band seat eet wee Ce we ae Caw Enabled B02 116 High Band ss cete eme eae ane are ee eee Enabled 802 11la Operational Rates 802 11a 6M 5 I 2 srera aa miaa iiaea aa a ana a E Mandatory 802 TIa IM RAEE hea saa sei ai asr eh ay a ar er ar PRSTE S Ea s Supported 802 11a 12M RACG 2 cicadas coe Oe SA el eee ee a Mandatory BOD tla TBM RAC Cis oksogog i ari berated AOE ve eee a
18. Administrator Usernames and Passwords DHCP Proxy Behavior enabled Using the GUI to Configure a DHCP Timeout To configure a DHCP timeout using the controller GUI follow these steps Step1 Choose Controller gt Advanced gt DHCP to open the DHCP Parameters page Step2 Select the DHCP Timeout 5 120 seconds check box to enable a DHCP timeout on a global basis Otherwise unselect the check box The valid range is 5 through 120 seconds Step3 Click Apply to commit your changes Step4 Click Save Configuration to save your changes Using the CLI to Configure DHCP Timeout To configure a DHCP timeout using the controller CLI use the following command config dhcp timeout seconds Configuring Administrator Usernames and Passwords You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the controller and viewing configuration information This section provides instructions for initial configuration and for password recovery Configuring Usernames and Passwords To configure administrator usernames and passwords using the controller CLI follow these steps Step 1 Configure a username and password by entering one of these commands e config mgmtuser add username password read write Creates a username password pair with read write privileges e config mgmtuser add username password read only Creates a username password pair with read only privileges Usernames and password
19. Controller Configuration Guide Chapter 4 Configuring Controller Settings WE Configuring 802 11n Parameters IMCS AD A dicted m ote Bugie sec Oo sas ee See Soe Soe sk Bae eS es eae eS as Supported MCG E P E E A E A E A E E E E Supported MOS Ae oes EE E E EE EEEE oO SS Supported i O S UE PEE AOA AE AAEE E A EEA EA EAEE E A Supported LESIN ON N EN ea aed E E E Supported MCG oe farcanier lE EET EE E E E A ds Supported IMCS 18 SE social NE E E E eae te E AE nucleate is catiens Supported IMCS AEE EERE of ross eho otan at ovetion st awe tena erotawadorteds Supported MCG Oe ete Siatene a ee eS Wis ele ele ee io ee bie Manes eviews Supported MCS Th 6 see ee PR ESOS SREB OMA ESOS ERE HOE Supported MCS LD ote sis scsi aS SASS BS TOLER SES BRE S eA AA Supported IMG ES A E Saree aide AE A oc teeu tte toc Warde sree arene cared Supported MCG LAr Salas se cc AE O EO E E Supported IMCS eB eres xe bene s stn See sina Seah Sexo salen tse vee ese pha cen awe Sue EA S Supported 802 11n Status ASMPDU US Faas eR Pee ER eee Pca eae ae Enabled PET OE LEY Omi ve vest Gantt aches a N a tate Meet Pal ay Enabled PDO CY es ee Pee adi eh e ace Saag ate HRS aE Enabled PEDO EY Di ote a Pe eai tants Blot Gate Saar Ste Beet Sate hear Sales a a Enabled PHT OPCs Snog E SAE SURES BASES GCSE AE Enabled PETOL LEY Ais wave auelte Sasdcs Sethe Gates Roe tdee Bees E Enabled PIOC DEVS ee Ah aA eA hn wie AT aa araa Disabled PYPOLTEY
20. Data Rates cirera vse hie Bio eso See ee Soe E 10 Burst Data Rates iedere eese a Se te be Se ee 10 Average Realtime Rate 2 2 02 eee 100 Burst Realtime Ratase si pianie paa eea cc eee eee 100 RODE NAME ra cies eceseceyetis rede agticeds E a oes ea a e a a ea aE Vendor Average Data Rate ennie ee eee unconfigured Burst Data Rater see oe eee 4 dS ah ees aes unconfigured Average Realtime Rate 2 2 02 ee eee unconfigured Burst Realtime Rate 2 2002 unconfigured Cisco Wireless LAN Controller Configuration Guide oL 21524 02 Chapter4 Configuring Controller Settings W Configuring Voice and Video Parameters Configuring Voice and Video Parameters Three parameters on the controller affect voice and or video quality e Call admission control e Expedited bandwidth requests e Unscheduled automatic power save delivery Each of these parameters is supported in Cisco Compatible Extensions CCX v4 and v5 See the Configuring Access Point Groups section on page 7 55 for more information on CCX Note CCX is not supported on the AP1030 Traffic stream metrics TSM can be used to monitor and report issues with voice quality Call Admission Control Call admission control CAC enables an access point to maintain controlled quality of service QoS when the wireless LAN is experiencing congestion The Wi Fi Multimedia WMM protocol deployed in CCXv3 ensures sufficient QoS as lo
21. LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring Voice and Video Parameters Step 1 Step 2 Step 3 Set the voice to the platinum QoS level by entering this command config wlan qos wlan id Platinum Enable the call snooping feature for a particular WLAN by entering this command config wlan call snoop enable wlan id Enable the ACM to this radio by entering this command config 802 11a 802 11b cac voice video acm enable Using the CLI to Configure Voice Parameters amp Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Make sure that you perform the Using the CLI to Configure SIP Based CAC procedure on page 4 83 before you do this procedure To configure voice parameters using the controller CLI follow these steps See all of the WLANs configured on the controller by entering this command show wlan summary Make sure that the WLAN that you are planning to modify is configured for WMM and the QoS level is set to Platinum by entering this command show wlan wlan_id Disable all WLANs with WMM enabled prior to changing the voice parameters by entering command config wlan disable wlan_id Disable the radio network by entering this command config 802 11a 802 11b disable network Save your settings by entering this command save config Enable or disable bandwidth based voice CAC for the 802 11a or 802 11b g networ
22. Parameters Page Il tet Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Mesh a 802 11h Global Parameters Apply HREAP Groups 802 11a n Network Power Constraint RRM ay Sadat Power Constraint v Local Power Constraint dBm Channel Switch Announcement Channel Announcement EDCA Parameters DFS 802 11h Channel Quiet Mode ivi High Throughput 802 11n Cleandir gt 802 11b q n gt Media Stream vv 207755 Step3 Select the Channel Announcement check box if you want the access point to announce when it is switching to a new channel and the new channel number or unselect this check box to disable the channel announcement The default value is disabled Step4 If you enabled the channel announcement in Step 3 the Channel Quiet Mode check box appears Select this check box if you want the access point to stop transmitting on the current channel or unselect this check box to disable quiet mode The default value is disabled Step5 Click Apply to commit your changes Step 6 Reenable the 802 1 1a band as follows a Choose Wireless gt 802 11a n gt Network to open the 802 11a Global Parameters page b Select the 802 11a Network Status check box c Click Apply to commit your change Cisco Wireless LAN Controller Configuration Guide oL 21524 02 a 435 Chapter4 Configuring Controller Settings WE Co
23. Password R aj Select the Enable Default Authentication check box to enable the license agent or leave it unselected to disable this feature The default value is unselected In the Maximum Number of Sessions text box enter the maximum number of sessions for the license agent The valid range is 1 to 25 sessions inclusive Configure the license agent to listen for requests from the CLM as follows Select the Enable Listener check box to enable the license agent to receive license requests from the CLM or unselect this check box to disable this feature The default value is unselected In the Listener Message Processing URL text box enter the URL where the license agent receives license requests for example http 209 165 201 30 licenseAgent custom The Protocol parameter indicates whether the URL requires HTTP or HTTPS amp Note You can specify the protocol to use on the HTTP Configuration page See the Enabling Web and Secure Web Modes section on page 2 18 for more information Select the Enable Authentication for Listener check box to enable authentication for the license agent when it is receiving license requests or unselect this check box to disable this feature The default value is unselected In the Max HTTP Message Size text box enter the maximum size for license requests The valid range is 0 to 9999 bytes and the default value is 0 Configure the license agent to send license notifications
24. Permission Ticket File Name text box enter the TFTP path and filename lic for the rehost permission ticket that you generated in Step 4 In the Rehost Ticket File Name text box enter the TFTP path and filename lic for the ticket that will be used to rehost this license on another controller Click Generate Rehost Ticket When the end user license agreement EULA acceptance dialog box appears read the agreement and click Accept to accept the terms of the agreement Step6 Use the rehost ticket generated in Step 5 to obtain a license installation file which can then be installed on another controller as follows a b c Click Cisco Licensing On the Product License Registration page click Upload Rehost Ticket under Manage Licenses On the Upload Ticket page enter the rehost ticket that you generated in Step 5 in the Enter Rehost Ticket text box and click Continue On the Validate Features page verify that the license information for your controller is correct enter the rehost quantity and click Continue On the Designate Licensee page enter the product ID and serial number of the controller on which you plan to use the license read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Continue On the Review and Submit page verify that all information is correct and click Submit When a message appears indicating that the registration is
25. Proxy When DHCP proxy is enabled on the controller the controller unicasts DHCP requests from the client to the configured servers Consequently at least one DHCP server must be configured on either the interface associated with the WLAN or the WLAN itself When DHCP proxy is disabled on the controller those DHCP packets transmitted to and from the clients are bridged by the controller without any modification to the IP portion of the packet Packets received from the client are removed from the CAPWAP tunnel and transmitted on the upstream VLAN DHCP packets directed to the client are received on the upstream VLAN converted to 802 11 and transmitted through a CAPWAP tunnel toward the client As a result the internal DHCP server cannot be used when DHCP proxy is disabled The ability to disable DHCP proxy allows organizations to use DHCP servers that do not support Cisco s native proxy mode of operation It should be disabled only when required by the existing infrastructure Cisco Wireless LAN Controller Configuration Guide M436 OL 21524 02 _ Chapter 4 Configuring Controller Settings Configuring DHCP Proxy W You can use the controller GUI or CLI to enable or disable DHCP proxy on a global basis rather than on a WLAN basis DHCP proxy is enabled by default DHCP proxy must be enabled in order for DHCP option 82 to operate correctly See the Configuring DHCP section on page 7 10 for information on DHCP option 82
26. Server IP Address field Select the Enable NTP Authentication check box to enable NTP Authentication Enter the Key index Click Apply Using the CLI to Configure the NTP Server for Authentication To configure NTP server authentication using the CLI use the following commands e config time ntp auth enable server index key index Enables NTP authentication on a given NTP server e config time ntp key auth addkey index md5 key format key Adds an authentication key By default MDS is used The key format can be ascii or hex e config time ntp key auth delete key index Deletes authentication keys e config time ntp auth disable server index Disables NTP authentication e show ntp keys Displays the NTP authentication related parameter I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring RFID Tag Tracking Configuring RFID Tag Tracking The controller enables you to configure radio frequency identification RFID tag tracking RFID tags are small wireless devices that are affixed to assets for real time location tracking They operate by advertising their location using special 802 11 packets which are processed by access points the controller and the location appliance To know more about the tags supported by controller see http www cisco com web partners pr46 pr147 ccx_wifi_tags html See Table 4 5 for details The location applianc
27. Step3 Choose Wireless and then Network under 802 1 1a n or 802 11b g n unselect the 802 11a or 802 11b g Network Status check box and click Apply to disable the radio network Step4 Choose Wireless gt 802 11a n or 802 11b g n gt Media The 802 11a or 802 11b gt Media gt Parameters page appears see Figure 4 37 Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 Chapter 4 Configuring Controller Settings Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Configuring Voice and Video Parameters W Figure 4 37 802 11a gt Media Parameters Page Saye Configurabon Ping Logout Refresh IANAGEMENT COMMANDS HELP FEEDBACK Access Points a a AAE 802 11a 5 GHz gt Media Apply Radios 802 11a n 802 11b o t _ Voice Video Media Global Configuration gt Advanced 3 General Mesh Unicast Video Redirect v RF Profiles FlexConnect Groups Multicast Direct Admission Control 802 11a n i Maximum Media Bandwidth 0 85 85 Client Minimum Phy Rate 6000 Maximum Retry Percent 0 100 80 Media Media Stream Multicast Direct Parameters EDCA P DFS 8 Multicast Direct Enable 2 High Throughput 602 11n Max Streams per Radio No limit Cleandir Max Streams per Client No limit gt 802 11b g n py Best Effort QoS Admission O Enabled gt Media Stream v J Choose the Media tab to open the Media page
28. Total Total Maximum Average ume Wed Feb 21 12 16 11 2007 0 o o o o o o 0 o WORE Wed Feb 21 12 07 11 2007 o o o o o o o o o gt Qos Wed Feb 21 12 08 41 2007 o o o o o o o o o Wed Feb 21 12 10 11 2007 0 o o o o o 0 o o Wed Feb 21 12 11 41 2007 o o o o lo o o o o Wed Feb 21 12 13 11 2007 o o o o o o o o o Wed Feb 21 12 14 41 2007 0 o o o o fo o 0 o Downlink Statistics Packets that experienced Delay Packets Lost Packets Timestamp Average lt 10ms 10ms 20ms 20ms 40ms gt 40ms Total Total Maximum Average Wed Feb 21 12 16 11 2007 2 2859 eva 13 a 3744 749 131 124 Wed Feb 21 12 07 11 2007 0 4468 z0 15 o 4503 0 o 0 Wed Feb 21 12 08 41 2007 o a3 7 16 2 4502 o o o Wed Feb 21 12 10 11 2007 o a921 549 14 o 4484 it 7 3 Wed Feb 21 12 11 41 2007 o a277 154 15 lo 4446 57 25 o Wed Feb 21 12 13 11 2007 o aga6 las 12 o 4503 o o o Q ti j N Wed Feb 21 12 14 41 2007 o 4341 150 12 o 4503 o o o x This page shows the TSM statistics for this access point and a client associated to it The statistics are shown in 90 second intervals The timestamp text box shows the specific interval when the statistics were collected Using the GUI to Configure Media Parameters To configure Media parameters using the controller GUI follow these steps Step1 Make sure that the WLAN is configured for WMM and the Gold QoS level Step2 Disable all WLANs with WMM enabled and click Apply
29. and the downlink measurements on an access point basis and maintains an hour s worth of historical data To store this data the controller requires 32 MB of additional memory for uplink metrics and 4 8 MB for downlink metrics TSM can be configured through either the GUI or the CLI on a per radio band basis for example all 802 1 1a radios The controller saves the configuration in flash memory so that it persists across reboots After an access point receives the configuration from the controller it enables TSM on the specified radio band amp Note Access points support TSM in both local and hybrid REAP modes Table 4 4 shows the upper limit for TSM in different controller series Table 4 4 Upper Limit for TSM in controller series TSM Entries 5500 4400 2100 7500 MAX AP TSM entries 100 40 10 100 MAX Client TSM entries 250 200 50 250 MAX TSM entries 100 250 25000 40 200 8000 10 50 500 100 250 25000 amp Note Once the upper limit is reached additional TSM entries cannot be stored and sent to WCS If client TSM entries are full and AP TSM entries are available then only the AP entries are stored and vice versa This leads to partial output TSM cleanup occurs every one hour Entries are removed only for those APs and clients that are not in the system Cisco Wireless LAN Controller Configuration Guide Ez OL 21524 02 _ Chapter 4 Configuring Controller Settings Configu
30. by entering this command debug pm pki enable Information similar to the following appears Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Calculate SHA1 hash on Public Key Data Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Key Data 30820122 300d0609 2a864886 70d0101 Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Key Data 01050003 82010f00 3082010a 02820101 Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Key Data 009a98b5 d2b7c77b 036cdb87 5bd20e5a Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Key Data 894c66f4 dflcbcfb fe2fcf01 09b723aa Thu Oct 11 08 52 26 2007 sshpmGetIssuerHandles Key Data 5c0917f1 ec1d5061 2d386351 573 2c5e Thu Oct 11 08 52 30 2007 sshpmGetIssuerHandles Key Data 69020301 0001 Thu Oct 11 08 52 30 2007 sshpmGetIssuerHandles SSC Key Hash is 4869b32638c00ffca88abe9b1a8e0525b9344b8b Install the location appliance certificate on the controller by entering this command config auth list add Ibs sse bs_mac lbs_key where e Jbs_mac is the MAC address of the location appliance e lbs_key is the 20 byte key hash value of the certificate Save your changes by entering this command save config Cisco Wireless LAN Controller Configuration Guide cau OL 21524 02 Chapter 4 Configuring Controller Settings Step 4 Configuring and Viewing Location Settings W Verify that the location appliance certificate is installed on the controller by entering this command show auth list
31. changes by entering this command save config Using the CLI to View Cisco Discovery Protocol Information Step 1 Step 2 To obtain information about CDP neighbors on the controller using the controller CLI follow these steps See the status of CDP and to view CDP protocol information by entering this command show cdp See a list of all CDP neighbors on all interfaces by entering this command show cdp neighbors detail The optional detail command provides detailed information for the controller s CDP neighbors Note This command shows only the CDP neighbors of the controller It does not show the CDP neighbors of the controller s associated access points Additional commands are provided below to show the list of CDP neighbors per access point I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Configuring the Cisco Discovery Protocol Step 3 Step 4 Step 5 Step 6 Step7 See all CDP entries in the database by entering this command show cdp entry all See CDP traffic information on a given port for example packets sent and received CRC errors and so on by entering this command show cdp traffic See the CDP status for a specific access point by entering this command show ap cdp ap name Cisco_AP See the CDP status for all access points that are connected to the controller by entering this command show ap cdp all See a lis
32. delete this community Click New to create a new community The SNMP v1 v2c Community gt New page appears see Figure 4 16 Figure 4 16 SNMP v1 v2c Community gt New Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS Management SNMP v1 v2c Community gt New lt Back Apply Summary Community Name Y SNMP General IP Address SNMP V3 Users Communities Trap Receivers IP Mask Trap Controls ee Access Mode Read Only HTTP Telnet SSH Status Disable g Serial Port 8 In the Community Name text box enter a unique name containing up to 16 alphanumeric characters Do not enter public or private In the next two text boxes enter the IP address from which this device accepts SNMP packets with the associated community and the IP mask Choose Read Only or Read Write from the Access Mode drop down list to specify the access level for this community Choose Enable or Disable from the Status drop down list to specify the status of this community Click Apply to commit your changes Click Save Configuration to save your settings Repeat this procedure if a public or private community still appears on the SNMP v1 v2c Community page Using the CLI to Change the SNMP Community String Default Values To change the SNMP community string default values using the controller CLI follow these steps OL 21524 02 Cisco Wirel
33. ee eee 2 DownLink Stats Average Delay 5sec intervalsS 0 ee ee ee eee ee eee 35 Delay less than 10 mS ee ee eee 20 Delay bet 10 BO MS was ake ee ee ce ee ee eee a ane 20 Detay Der 2 CO MS see eo ee ee S54 656 E ESERIES BOO 20 Delay greater than 40 6 4 24 25e5 eae WE ee Reed HESS RES wees 20 Tarar Of Kool y eR COET ee ge E E ae ee a ar 80 Total packet Lost count A 5S60 esence ee eee et Ree oe ee Ee 10 Maximum Lost Packet count 5SEC cee ee ee ee ee eee 5 Average Lost Packet count Ssecs 6 44444 46a deh eee 8 ews 2 Note The statistics are shown in 90 second intervals The timestamp text box shows the specific interval when the statistics were collected amp Note To clear the TSM statistics for a particular access point or all the access points to which this client is associated enter the clear client tsm 802 11a 802 11b client_mac ap_mac all command Step5 See the TSM statistics for a particular access point and a particular client associated to this access point by entering this command Cisco Wireless LAN Controller Configuration Guide oL 21524 02 E 487 Chapter4 Configuring Controller Settings HZ Configuring Voice and Video Parameters show ap stats 802 11a 802 11b ap_name tsm client_mac all The optional all command shows all clients associated to this access point Information similar to the following appears AP Interface Mac 00
34. grace period or extension as a license type The license status will always show evaluation even if a grace period or an extension evaluation license is installed amp Note If you ever want to remove a license from the controller hover your cursor over the blue drop down arrow for the license and click Remove For example you might want to delete an expired evaluation license or any unused license You cannot delete unexpired evaluation licenses the permanent base image license or licenses that are in use by the controller Step2 Click the link for the desired license to view more details for a particular license The License Detail page appears see Figure 4 5 m Cisco Wireless LAN Controller Configuration Guide OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 3 Step 4 Installing and Configuring Licenses W Figure 4 5 License Detail Page Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Management License Detail lt Back Apply Summary Name wplus A sale Type Permanent UU ILS Version 1 0 Telnet SSH r Serial Port Comnian Local Management Users s Status Not in Use User Sessions Eoss Expires No Expiry a a Built In Li N Mgmt Via Wireless Spel teense 4 v Software Activation Maximum Count Not Counted Licenses Counts Used Not Counted License Le Priority Medium License Agent Tec
35. per access point amp Note Clic We do not recommend you to enable low latency MAC You should enable low latency MAC only if the WLAN allows WMM clients If WMM is enabled then low latency MAC can be used with any of the EDCA profiles See the Configuring QoS Enhanced BSS section on page 7 39 for instructions on enabling WMM k Apply to commit your changes To reenable the radio network choose Network under 802 1 1a n or 802 11b g n select the 802 11a or 802 Clic 11b g Network Status check box and click Apply k Save Configuration to save your changes Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 _ Chapter 4 Configuring Controller Settings Configuring EDCA Parameters W Using the CLI to Configure EDCA Parameters Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 To configure EDCA parameters using the controller CLI follow these steps Disable the radio network by entering this command config 802 11a 802 11b disable network Save your settings by entering this command save config Enable a specific EDCA profile by entering this command config advanced 802 11a 802 11b edca parameters where is one of the following e wmm default Enables the Wi Fi Multimedia WMM default parameters This is the default value Choose this option when voice or video services are not deployed on your network e svp voice Enables SpectraLink voi
36. point to which it is associated The statistics are shown in 90 second intervals The timestamp text box shows the specific interval when the statistics were collected Step5 See the TSM statistics for a particular access point and a particular client associated to this access point as follows a Choose Wireless gt Access Points gt Radios gt 802 11a n or 802 11b g n The 802 11a n Radios or 802 11b g n Radios page appears see Figure 4 34 Cisco Wireless LAN Controller Configuration Guide oe Chapter4 Configuring Controller Settings Configuring Voice and Video Parameters i Figure 4 34 802 11a n Radios Page Saye Configuration Ping Logout Refresh apalie MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Wireless 802 11a n Radios Entries 1 2 of 2 Access Points Current Filter None Change Filter Clear Filter 802 11b g n Clean Air Clean Air EA Radio Admin Operational Admin Oper i ae i Slot Base Radio MAC Sub Band Status Status Channel Status Status Radio Role 1 00 1f 26 2b 77 a0 Enable up 60 NA NA N A Mesh 1 00 1f 26 2b 75 00 Enable 60 NA NA N A HREAP Groups gt 802 11a n gt 802 11b g n gt Media Stream gt Advanced global assignment Country 207758 b Hover your cursor over the blue drop down arrow for the desired access point and choose 802 11aTSM or 802 11b g TSM The AP gt Clients page appears see Figure 4 35 Figure 4 35 AP gt Clients Pa
37. save config I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Configuring the Cisco Discovery Protocol Configuring the Cisco Discovery Protocol amp The Cisco Discovery Protocol CDP is a device discovery protocol that runs on all Cisco manufactured equipment A device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighboring devices The default value for the frequency of periodic transmissions is 60 seconds and the default advertised time to live value is 180 seconds The second and latest version of the protocol CDPv2 introduces new time length values TLV s and provides a reporting mechanism that allows for more rapid error tracking which reduces downtime CDPv1 and CDPv2 are supported on the following devices e Cisco 5500 4400 2500 and 2100 Series Controllers amp Note CDP is not supported on the controllers that are integrated into Cisco switches and routers including those inthe Catalyst 3750G Integrated Wireless LAN Controller Switch the Cisco WiSM and the Cisco 28 37 38xx Series Integrated Services Router However you can use the show ap cdp neighbors detail Cisco_AP all command on these controllers in order to see the list of CDP neighbors for the access points that are connected to the controller e CAPWAP enabled access points e An access point connected directly
38. the router stops the RBCP heartbeat exchange and does not restart it until the CNM boots up To reset the CNM from the router enter one of these commands on the router CLI service module wlan controller 1 0 reset for Fast Ethernet CNM versions service module integrated service engine 1 0 reset for Gigabit Ethernet CNM versions e Gigabit Ethernet versions of the Controller Network Module are supported on Cisco 28 37 38xx Series Integrated Services Routers running Cisco IOS Release 12 4 11 T2 or later Resetting the Controller to Default Settings If you want to return the controller to its original configuration you can use the controller GUI or CLI to reset the controller to factory default settings Using the GUI to Reset the Controller to Default Settings Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 Step 9 To return the controller to factory default setting using the controller GUI follow these steps Open your Internet browser Enter the controller IP address in the browser address line and press Enter An Enter Network Password dialog box appears Enter your username in the User Name text box The default username is admin Enter the wireless device password in the Password text box and press Enter The default password is admin Choose Commands gt Reset to Factory Default Click Reset When prompted confirm the reset Reboot the controller without saving the configuration Use the configur
39. throughput The minimum VoIP telephone requirement of 20 millisecond or shorter latency time for the roaming handover is easily met by the Cisco UWN Solution which has an average handover latency of 5 or fewer milliseconds when open authentication is used This short latency period is controlled by controllers rather than allowing independent access points to negotiate roaming handovers The Cisco UWN Solution supports 802 11 VoIP telephone roaming across lightweight access points managed by controllers on different subnets as long as the controllers are in the same mobility group This roaming is transparent to the VoIP telephone because the session is sustained and a tunnel between controllers allows the VoIP telephone to continue using the same DHCP assigned IP address as long as the session remains active The tunnel is torn down and the VoIP client must reauthenticate when the VoIP telephone sends a DHCP Discover with a 0 0 0 0 VoIP telephone IP address or a 169 254 VoIP telephone auto IP address or when the operator set user timeout is exceeded CCX Layer 2 Client Roaming The controller supports five CCX Layer 2 client roaming enhancements e Access point assisted roaming This feature helps clients save scanning time When a CCXv2 client associates to an access point it sends an information packet to the new access point listing the characteristics of its previous access point Roaming time decreases when the client recognizes and use
40. timeout value is the amount of time that the controller maintains tags before expiring them For example if a tag is configured to beacon every 30 seconds we recommend that you set the timeout value to 90 seconds approximately three times the beacon value The default value is 1200 seconds Enable or disable RFID tag mobility for specific tags by entering these commands e config rfid mobility vendor_name enable Enables client mobility for a specific vendor s tags When you enter this command tags are unable to obtain a DHCP address for client mode when attempting to select and or download a configuration e config rfid mobility vendor_name disable Disables client mobility for a specific vendor s tags When you enter this command tags can obtain a DHCP address If a tag roams from one subnet to another it obtains a new address rather than retaining the anchor state amp Note These commands can be used only for Pango tags Therefore the only valid entry for vendor_name is pango in all lowercase letters OL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring RFID Tag Tracking Using the CLI to View RFID Tag Tracking Information Step 1 Step 2 Step 3 To view RFID tag tracking information using the controller CLI follow these steps See the current configuration for RFID tag tracking by entering this command show rfid config
41. to a Cisco 5500 4400 or 2100 Series Controller Note amp To use the Intelligent Power Management feature ensure that CDPv2 is enabled on the Cisco 2100 and 2500 Series Controllers CDP v2 is enabled by default Note The OEAP 600 access points do not support CDP This support enables network management applications to discover Cisco devices These TLVs are supported by both the controller and the access point e Device ID TLV 0x0001 The host name of the controller the access point or the CDP neighbor e Address TLV 0x0002 The IP address of the controller the access point or the CDP neighbor e Port ID TLV 0x0003 The name of the interface on which CDP packets are sent out e Capabilities TLV 0x0004 The capabilities of the device The controller sends out this TLV with a value of Host 0x10 and the access point sends out this TLV with a value of Transparent Bridge 0x02 e Version TLV 0x0005 The software version of the controller the access point or the CDP neighbor e Platform TLV 0x0006 The hardware platform of the controller the access point or the CDP neighbor e Power Available TLV 0x001a The amount of power available to be transmitted by power sourcing equipment to permit a device to negotiate and select an appropriate power setting e Full Half Duplex TLV 0x000b The full or half duplex mode of the Ethernet link on which CDP packets are sent out These TLVs are supported onl
42. to save your changes Perform one of the following e To enable or disable CDP on a specific access point follow these steps a Choose Wireless gt Access Points gt All APs to open the All APs page b Click the link for the desired access point c Choose the Advanced tab to open the All APs gt Details for Advanced page see Figure 4 41 OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings WE Configuring the Cisco Discovery Protocol Figure 4 41 All APs gt Details for Advanced Page Saye Configuration Ping Logout Refres MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Wireless All APs gt Details for AP2 lt Back Apply Advanced Regulatory Domains 802 11bq A Power Over Ethernet Settings Mesh Country Code US United States X eee een REAR Gronni Mirror Mode Disable Bi Pre Standard gt 802 11a n Cisco Discovery Protocol V State m 802 11b g n MFP Frame Validation al Global MFP Disabled Rower Injector o Country AP Group Name default group Timers Statistics Timer 180 E a g gt Qos Data Encryption AP Core Dump C Enabled N d Select the Cisco Discovery Protocol check box to enable CDP on this access point or unselect it to disable this feature The default value is enabled amp Note If CDP is disabled in Step 2 a message indicating that the Controller CDP is disabled app
43. want to revoke from this controller and click Start License Transfer On the Rehost Quantities page enter the number of licenses that you want to revoke in the To Rehost text box and click Continue On the Designate Licensee page enter the product ID and serial number of the controller for which you plan to revoke the license read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Continue On the Review and Submit page verify that all information is correct and click Submit When a message appears indicating that the registration is complete click Download Permission Ticket The rehost permission ticket is e mailed within 1 hour to the address that you specified After the e mail arrives copy the rehost permission ticket to your TFTP server Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows c To revoke the license from the controller enter this command license revoke permission_ticket_url where permission_ticket_url is tftp server_ip path filename To generate the rehost ticket enter this command license revoke rehost rehost_ticket_url where rehost_ticket_url is tftp server_ip path filename If prompted read and accept the terms of the end user license agreement EULA Use the rehost ticket generated in Step 3 to obtain a license installation file which can then be install
44. your changes Step9 Reenable all WMM WLANs and click Apply Step10 Choose Network under 802 1 1a n or 802 11b g n select the 802 11a or 802 11b g Network Status check box and click Apply to reenable the radio network Step11 Click Save Configuration to save your changes Step12 Repeat this procedure if you want to configure video parameters for another radio band 802 11a or 802 11b g Using the GUI to View Voice and Video Settings To view voice and video settings using the controller GUI follow these steps Step1 Choose Monitor gt Clients to open the Clients page see Figure 4 31 Figure 4 31 Clients Page Saye Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Monitor Clients Entries 1 8 of 8 Current Filter None Change Filter Clear Filter Summary gt Access Points Rar Client MAC Addr AP Name WLAN Profile Protocol Status Auth Port WGB Statistics gt CDP 00 11 a3 04 b6 40 devesh 82 b4 80 Unknown 802 11b Probing No 1 No B A 00 40 96 30 b5 29 Maria 1242 Unknown 802 11b Probing No 1 No B ogues 00 40 96 ac 44 13 Maria 1242 Unknown 802 11b Probing No 4 No B Clients 00 40 96 ad 0a 01 devesh 82 b4 80 Unknown 802 11b Probing No Ei No B Multicast 00 40 96 b1 be e3 rootap2 Unknown 802 11b Probing No 1 No amp 00 40 96 b1 fcibc devesh 82 b4 80 Unknown 802 114 Probing No 1 No B 00 40 96 b1 fe 09 Srinath 70 9d 70 Unknown 802 114 Probing No 1 No 00 40 96 b4
45. 0 00 00 00 Ob 85 52 52 52 02 07 4b ff ff 7 ff ff ff 03 14 00 12 7b 10 48 53 c1 f7 51 4b 50 ba 5b 97 27 80 00 67 00 01 03 05 01 42 34 00 00 03 05 02 42 5c 00 00 03 05 03 42 82 00 00 03 05 04 42 96 00 00 03 05 05 00 00 00 55 03 05 06 42 be 00 00 03 02 07 05 03 12 08 10 00 01 02 03 04 05 06 07 08 09 Oa Ob Oc Od Oe Of 03 Od 09 03 08 05 07 a8 02 00 10 00 23 b2 4e 03 02 Oa 03 Nearby AP Statistics lap1242 2 slot 0 chan 1 50 seconds ag 76 dBm lap1242 slot 0 chan 1 50 seconds ago 65 dBm See a list of all RFID tags currently connected to the controller by entering this command show rfid summary Information similar to the following appears Total Number of RFID 24 Cisco Wireless LAN Controller Configuration Guide 4 108 OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 4 Configuring RFID Tag Tracking W RFID ID VENDOR Closest AP RSSI Time Since Last Heard 00 04 1 00 00 03 Wherenet HReap 70 151 seconds ago 00 04 1 00 00 05 Wherenet HReap 66 251 seconds ago 00 0c cc 5b 8 le Aerosct HReap 40 5 seconds ago 00 0c cc 5c 05 10 Aerosct HReap 68 25 seconds ago 00 0c cc 5c 06 69 Aerosct HReap 54 7 seconds ago 00 0c cc 5c 06 6b Aerosct HReap 68 245 seconds ago 00 0c cc 5c 06 b5 Aerosct ciscol242 67 70 seconds ago 00 0c cc 5c 5a 2b Aerosct ciscol242 68 31 seconds ago 00 0c cc 5c 87 34 Aerosct HReap 40 5 seconds ago 00 14 7e 00 05 4d Pango ciscol242 66 298 seconds ago See a list o
46. 0b6 85 01 02 03 Client Interface Mac 00 01 02 03 04 05 Measurement Duration 90 seconds Timestamp 1st Jan 2006 06 35 80 UpLink Stats Average Delay 5sec intervalS 2 eee ee eee eee 35 Delay tees than L 0s 345 44 a Sa SSSR eee 20 Delay bet 10 20 MS we cde edie ob See kb deed e E bo Sand iia naa 4 5 a 20 Delay Det 20 40 MBs aes eas Re eRe Se RNS E SRE SR Raw 20 Delay greater than 40 MmS cee eee ee ee ee ee ee eee 20 Tatar packet COUN ter ee Saesea te casera ra EE EE acral taverns E eter eu 80 Total packet lost count 5s60 ceros emes aaea SG ESSA SEES 10 Maximum Lost Packet count 5SEC cee ee eee ee ee eee 5 Average Lost Packet count 5SeECS 2 2 2 eee ee ee eee 2 DownLink Stats Average Delay 5sec intervals 2 eee ee eee ee eee 35 Delay Tress than lO tes a5 en bE eee eee eh CHEE OES CEES EER OEE SS 20 Delay bet HOM 2 0 MSk aa e ee e des gee tve E e Eaa axel a 20 Delay bet 20 40 MSi nen eee aed ee dee ede ee dee E EE ae gee aa aa 20 Delay greater than 40 M6i 0 sias nese niea naaa KE Ee HESS eS ep OS 20 TOES L packet CONG i eani ee ASS SAE ae ES Sales Baw Bs a 80 Total packet lest count S8e c c sass aad nde RATE eee SHES 10 Maximum Lost Packet count 5SeC 2 ee eee ee eee eee eee 5 Average Lost Packet count SsecsS 6 ib ese eek eee ee Oe a ee es 2 Note The statistics are shown in 90 second intervals The timestamp text bo
47. 10 10 10 10 3 days 1 hrs 12 mins 42 secs Permanent Commercial 0 ta 65 40 C Enabled Enabled 0 to 40 C 00 1A 6D DD 1E 40 Absent Absent Absent Present OK 12 Note Flex 7500 Series Controllers The Operating Environment and Internal temp Alarm Limits data are not displayed for Cisco e See a brief summary of all active licenses installed on the controller by entering this command show license summary Information similar to the following appears Index 1 Feature wplus Period left 0 minute 0 second Feature wplus ap count Period left 0 minute 0 second Feature base Period left License Type Permanent State Active In Use License Count Non Counted License Priority Medium Feature base ap count Period left 6 weeks 4 days License Type Evaluation State Active In Use Count 250 250 0 Priority High Index 2 Index3 Life time License Index 4 License License License e See all of the licenses installed on the controller by entering this command show license all Information similar to the following appears License Store StoreIndex 1 License License License License Primary License Storage Feature base Version 1 0 Type Permanent State Active Not in Use Count Non Counted Priority Medium Cisco Wireless LAN Controller Configuration Guide OL 21524 02 _ Chapter 4 Configuring Contro ller Settings Installing and Configuring License
48. 13 Ma Note The access point sends CDP neighbor information to the controller only when the information changes Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02 Chapter 4 Configuring Controller Settings Step 1 Step 2 Configuring Authentication for the Controller and NTP Server W To obtain CDP debug information for the controller using the controller CLI follow these steps Obtain debug information related to CDP packets by entering by entering this command debug cdp packets Obtain debug information related to CDP events by entering this command debug cdp events Configuring Authentication for the Controller and NTP Server Starting in release 7 0 116 0 the controller software is now compliant with RFC 1305 As per this requirement controllers must synhronize time with an NTP server by authentication By default an MD5 checksum is used Using the GUI to Configure the NTP Server for Authentication Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 To configure NTP Server Authentication using the controller GUI follow these steps Choose Controller gt NTP gt Severs to open the NTP Severs page Click New to add a new NTP Server In the Server Index Priority text box enter the NTP server index The controller tries Index 1 first then Index 2 through 3 in a descending order Set this to 1 if your network is using only one NTP server Enter the server IP address in the
49. 5508 250A 250 AP Adder License for the 5508 Controller eDelivery L LIC CT2504 UPG Primary upgrade SKU Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key L LIC CT2504 5A 5 AP Adder License for Cisco 2504 Wireless Controller e Delivery L LIC CT2504 25A 25 AP Adder License for Cisco 2504 Wireless Controller e Delivery paper LIC CT5508 UPG Primary upgrade SKU Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key LIC CT5508 25A 25 AP Adder License for the 5508 Controller LIC CT5508 50A 50 AP Adder License for the 5508 Controller LIC CT5508 100A 100 AP Adder License for the 5508 Controller LIC CT5508 250A 250 AP Adder License for the 5508 Controller LIC CT2504 UPG Primary upgrade SKU Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key LIC CT2504 5A 5 AP Adder License for Cisco 2504 Controller Paper Certificate US Mail LIC CT2504 25A 25 AP Adder License for Cisco 2504 Controller Paper Certificate US Mail To obtain and register a PAK certificate follow these steps Step 1 Order the PAK certificate for an upgrade license through your Cisco channel partner or your Cisco s
50. 5f 8d rootAP2 Unknown 802 11b Probing No Z No 212212 Step2 Click the MAC address of the desired client to open the Clients gt Detail page see Figure 4 32 Cisco Wireless LAN Controller Configuration Guide P48 E OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 3 Figure 4 32 cisco Monitor Summary Access Points Statistics CDP vvv v Rogues Clients Multicast Clients gt Detail Page MONITOR Clients gt Detail Client Properties CONTROLLER Configuring Voice and Video Parameters W WIRELESS SECURITY MANAGEMENT nfiguration Ping Logout Refres lt Back Apply Link Test Remove AP Properties MAC Address IP Address Client Type User Name Port Number Interface VLAN ID CCX Version E2E Version Mobility Role Mobility Peer IP Address Policy Manager State Mirror Mode Management Frame Protection Security Information Security Policy Completed Policy Type Encryption Cipher EAP Type 00 40 96 a0 b5 29 AP Address 209 165 200 225 AP Name Regular AP Type WLAN Profile 1 Status Management Association ID 0 802 11 Authentication Not Supported Reason Code Not Supported Status Code Unassociated CF Pollable NZA CF Poll Request START Short Preamble No Channel Agility Timeout WEP State No N A None N A Quality of Service Properties WMM State QoS Level Diff Serv Code Point DSCP 802 1p Tag Average Data Rate Average R
51. 69 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings Installing and Configuring Licenses SVSteMm Location msc te eee ei e we Rik g mel eE ea Ei System Contact eee ee ee ee ee ee eens System ObJe ctID ooi oes eee pete a a T ida Bae a evade BORG TP Add re S tenets smenscate ene tatiananaten ater a a ae a da deny System Up TIMEs disa e biet ots eo e ae ec bees Bole a a eke ae aa System Timezone Location 0 2 eee ee see CurrentBoot License Level 2005 CurrentBoot License Type 2 2 eee eee NextBoot License Level 2 i eee eee eee NextBoot License Type 2 ccc eee eee eee eee Operating Environment osses iaa i ii ea Internal Temp Alarm Limits Internal Temperature ee ee ee ee eee eee eee State of 802 11b Network 2 04k ceed ewe wen ewes State of S02 71a Networks 2 eb wn eee ce ee cee ee es Numb Of WLANS Fo isos ne aa ai iii iii Number of Active Clients 00 Burned in MAC AddresSs ee ee eee ee ee ee eee Crypto Accelerator 1 ee ee ee ee ee Crypto ACcelerator 22 os 65 6 0 tio oe St one A ae oes Power Supply Wisi ics Gin Bea ei as Hes as he ease le od ae Power Supply iss ites e 6 2 we ee SU AS DMS Maximum number of APs supported amp na abc cisco com 1 3 6 1 4 1 14179 1 1 4 3
52. 84605 56 oe ea eee ES 20 seconds Aae Out Dual Bandis c wicca wkwnes lt 6440445044 ea es 20 seconds aa te neta a ace tne Hla ee eae lait Ree ca er ee rte a 30 dBm Cisco Wireless LAN Controller Configuration Guide M450 OL 21524 02 Chapter4 Configuring Controller Settings Configuring Fast SSID Changing Wl Step9 Save your changes by entering this command save config Configuring Fast SSID Changing When fast SSID changing is enabled the controller allows clients to move between SSIDs When the client sends a new association for a different SSID the client entry in the controller connection table is cleared before the client is added to the new SSID When fast SSID changing is disabled the controller enforces a delay before clients are allowed to move to a new SSID Using the GUI to Configure Fast SSID Changing To configure fast SSID changing for mobile clients using the controller GUI follow these steps Step 1 Choose Controller to open the General page Step2 From the Fast SSID Change drop down list choose Enabled to enable this feature or Disabled to disable it The default value is disabled Step3 Click Apply to commit your changes Step4 Click Save Configuration to save your changes Using the CLI to Configure Fast SSID Changing To configure fast SSID changing for mobile clients using the controller CLI follow these steps Step 1 Enable or disable fast SSID changing by entering this command config netwo
53. ANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Monitor Clients gt AP gt Traffic Stream Metrics lt Back Simanties Client Mac Address 00 1a a1 7b 10 f0 gt Access Points Radio Type 802 11b 9 gt Statistics AP Interface Mac 00 0b 85 7a a7 40 gt CDP Measurement Duration 90 sec gt Rogues Clients Uplink Statistics Multicast r Packets that experienced Delay Packets Lost Packets Timestamp Average lt 10ms 10ms 20ms 20ms 40ms gt 40ms Total Total Maximum Average Wed Feb 21 12 05 40 2007 lo 0 o fo 0 lo lo 0 0 Wed Feb 21 12 07 10 2007 a a o o a a a a o Wed Feb 21 12 08 40 2007 0 0 0 0 0 0 0 0 0 Wed Feb 21 12 10 10 2007 j 0 0 j 0 o 0 0 j 0 0 o Wed Feb 21 12 11 40 2007 0 oO oO o 0 0 0 0 o Wed Feb 21 12 02 40 2007 0 0 0 0 0 0 0 0 0 Wed Feb 21 12 04 10 2007 0 0 0 Q 0 0 0 0 0 Downlink Statistics Packets that experienced Delay Packets Lost Packets Timestamp Average lt 10ms 10ms 20ms 20ms 40ms gt 40ms Total Total Maximum Average Wed Feb 21 12 05 40 2007 0 3191 491 5 4 3691 805 142 o Wed Feb 21 12 07 10 2007 o a468 20 as o 4503 o o o Wed Feb 21 12 08 40 2007 0 4413 71 16 2 4502 0 0 io Wed Feb 21 12 10 10 2007 o a921 549 o i4 0 4484011 7 3 Wed Feb 21 12 11 40 2007 0 4277 154 15 0 4446 57 25 0 Wed Feb 21 12 02 40 2007 2 4435 63 s a 4503 o o o a Wed Feb 21 12 04 10 2007 3 3994 497 6 6 4503 0 0 o N This page shows the TSM statistics for this client and the access
54. Choose Monitor gt CDP gt Interface Neighbors to open the CDP gt Interface Neighbors page appears see Figure 4 42 Figure 4 42 CDP gt Interface Neighbors Page onfiguration Ping Logout Refresh MONITOR CONTROLLER WIRELESS Monitor CDP gt Interface Neighbors Summary Local Neighbor r Interface Neighbor Name Address Neighbor Port TTL Capability Platform gt Access Points A Port 1 sanity2950 2 209 165 200 225 FastEthernet0 24 130 SI cisco WS C2950 24 gt isti m SELES Port 1 WCS Beringer Dev 209 165 200 225 Unit 0 Slot 0 Port 1 147 H WLC4402 12 pay Port 1 Coneannon3 209 165 200 225 Unit 0 Slot 0 Port 1 154 H WLC4402 12 Interface Neighbors AP Neighbors Port 1 kit 4402 209 165 200 225 Unit 0 Slot O Port 1 130 H WLC4402 12 Traffic Metrics Port 1 auzhao4402 209 165 200 225 Unit 0 Slot O Port 1 162 H AIR WLC4402 12 K9 P Rogues Port 1 C l 4402 209 165 200 225 Unit 0 Slot 0 Port 2 121 H WLC4402 12 Clients Port 1 Switch GigabitEthernet0 1 180 SI cisco WS C3560G 24P Multicast Port 1 srinath 4400 209 165 200 225 Unit 0 Slot 0 Port 1 153 H WLC4404 100 Port 1 Maria 4404 209 165 200 225 Unit 0 Slot 0 Port 1 162 H AIR WLC4402 12 K9 Capability Code R Router T Trans Bridge B Source Route Bridge Ye S Switch H Host I IGMP r Repeater 9 M Remotely Managed Device N a N This page shows the following information e The controller port on which the CDP packets were received e T
55. ER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Monitor Multicast Groups Layer3 MGID Mapping Summary gt Access Points Group address Ylan MGID gt Statistics 239 255 255 250 0 550 aac Layer2 MGID M i aye appin gt Rogues y pping InterfaceName vlanId MGID Clients management 0 0 Multicast test 0 9 N wired 20 8 x oO N This page shows all the multicast groups and their corresponding MGIDs Click the link for a specific MGID such as MGID 550 to see a list of all the clients joined to the multicast group in that particular MGID Using the CLI to Enable Multicast Mode Step 1 Step 2 To enable multicast mode using the controller CLI follow these steps Enable or disable multicasting on the controller by entering this command config network multicast global enable disable The default value is disabled amp Note The config network broadcast enable disable command allows you to enable or disable broadcasting without enabling or disabling multicasting as well This command uses the multicast mode currently on the controller to operate Perform one of the following a Configure the controller to use the unicast method to send multicast packets by entering this command config network multicast mode unicast b Configure the controller to use the multicast method to send multicast packets to a CAPWAP multicast group by entering this command config network multicast mode multicast multicast_gr
56. ES PIX Firewall 3DES AES and DES Dynamic Configuration Tool Encryption Cisco Services for IPS and Cisco Unified Communications Manager Version Upgrade licenses TAC Service Request Tool Product Authorization Key PAK Enter the Product Authorization Key PAK below exactly as it appears on the label that accompanied the Cisco Information Packet Product Authorization Key PAK Enter one value at a time including dashes Example 1 4XCD R VARAR UNT RMA License Transfer Click on following link to obtain an RMA license for the following products Catalyst 3560E 3750E CBS30xxICBSH1 xx Gatekeeper and AMR 800 Fixed Cisco Services for IPS service license Register for an RMA License Register for an CISCO Blocker RMA License Manage Licenses Click on following links to lookup and resend rehost licenses for the following products Gatekeeper and AMR 800 Fixed Look Up a License Upload Rehost Ticket Migration License Click on following link to obtain a migration license for Gatekeeper Register for an Migration License Contacts Feedback Help Site Map 1992 2009 Cisco Systems Inc All rights reserved Terms amp Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems Inc 274708 Under Manage Licenses click Look Up a License Enter the product ID and serial number for your controller amp Note To find the controller s product ID and seria
57. Gee ie feces Supported 802 11a DAM RAC Sr scsi cede canara ed ene ahead wine yas N lees Mandatory B02 tia SGM RAC Es ssie is ggg iasewend ead yeee send vend AEAEE E Supported 802 PL a ABM Ra EEaren aise lorie eye ty br Sr ny larity tories Supported 802 114 54M RACs c eaciae cS kl od wie es EEEE Supported Beacon INCE Valissen nena name ua E Me as Ai hie i A a 100 Default CHANNEL 6 56 erge easgann sd ete Heke oe 36 Default Tx Power Level cee eee ee eee L DIPC SSA CUS r e a EEEE EEEE EEEE ie a atiati at aia ai ls Enabled Fragmentation Threshold 00e ee eee 2346 Configuring 802 11n Parameters This section provides instructions for managing 802 11n devices such as the Cisco Aironet 1140 and 1250 Series Access Points on your network The 802 11n devices support the 2 4 and 5 GHz bands and offer high throughput data rates S Note The 802 11n high throughput rates are available on 1140 1250 1260 and 3500 series access points for WLANs using WMM with no Layer 2 encryption or with WPA2 AES encryption enabled amp Note For information on configuring radio resource management RRM parameters or statically assigning radio parameters for 802 1 1n access points see Chapter 13 Configuring Radio Resource Management Using the GUI to Configure 802 11n Parameters To configure 802 11n parameters using the controller GUI follow these steps Step1 Choose Wireless gt 802 11a n or 802 11b g n g
58. IM Period in beacon intervals P2P Blocking Action Disabled i 802 11 1 255 1 Client Exclusion 3 Enabled E2 ana 25s Timeout Value secs 802 11b g n 1 255 1 Off Channel Scanning Defer NAC Scan Defer Priority 1 234567 State Flienabied alja al alaaa al Load Balancing and Band Select Scan Defer Time 100 Client Load Balancing o msecs Client Band Select o laar Passive Client H REAP Local Switching 2 Enabled Passive Client 4 Learn Client IP Address Enabled voice Media Session Snooping C Enabled Re anchor Roamed Voice Clients Enabled 248957 lt lt Click Apply to commit your changes Click Save Configuration to save your settings Using the CLI to Configure Aggressive Load Balancing Step 1 Step 2 Step 3 Step 4 Step 5 To configure aggressive load balancing using the controller CLI follow these steps Set the client window for aggressive load balancing by entering this command config load balancing window client_count You can enter a value between 0 and 20 for the client_count parameter Set the denial count for load balancing by entering this command config load balancing denial denial_count You can enter a value between 1 and 10 for the denial_count parameter Save your changes by entering this command save config Enable or disable aggressive load balancing on specific WLANs by entering this command config wlan load balance allow enable disable w an
59. License Priority Medium StoreIndex 2 Feature base Version 1 0 License Type Evaluation License State Inactive Evaluation total period 8 weeks 4 days Evaluation period left 8 weeks 4 days License Count Non Counted License Priority Low StoreIndex 3 Feature base ap count Version 1 0 License Type Evaluation License State Inactive Evaluation total period 8 weeks 4 days Evaluation period left 8 weeks 4 days License Count 250 0 0 Cisco Wireless LAN Controller Configuration Guide Ca OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 2 Step 3 Installing and Configuring Licenses W License Priority Low The License State text box shows the licenses that are in use and the License Priority text box shows the current priority of each license Activate an ap count evaluation license as follows a To raise the priority of the base ap count evaluation license enter this command license modify priority license_name high S Note You can set the priority only for ap count evaluation licenses AP count permanent licenses always have a medium priority which cannot be configured b To reboot the controller in order for the priority change to take effect enter this command reset system c To verify that the ap count evaluation license now has a high priority and is in use enter this command show license all You can use the evaluation license until it expires If you decide to s
60. Multicast 4 2 39 25 RTOS Version 4 2 39 25 Bootloader Version 4 1 121 0 Build Type DATA WPS 212207 This page shows the following information e The controller port on which the CDP packets were received e The name of the CDP neighbor e The IP address of the CDP neighbor e The port used by the CDP neighbor for transmitting CDP packets e The CDP version being advertised v1 or v2 e The time left in seconds before the CDP neighbor entry expires e The functional capability of the CDP neighbor defined as follows Router Trans Bridge Source Route Bridge Switch Host IGMP Repeater or Remotely Managed Device e The hardware platform of the CDP neighbor device e The software running on the CDP neighbor Step3 Choose AP Neighbors to see a list of CDP neighbors for all access points connected to the controller The CDP AP Neighbors page appears see Figure 4 44 Figure 4 44 CDP AP Neighbors Page Saye Configuration Ping Logout Refresh MONITOR V 5 CONTROLLER WIRELESS SECURITY i GEMENT COMMANDS HELP Monitor CDP AP Neighbors Summary AP Name CDP Neighbors gt Access Points Srinath 70 9d 70 CDP Neighbors gt Statistics rootAP2 CDP Neighbors v CDP Interface Neighbors AP Neighbors Traffic Metrics gt Rogues Clients Multicast 212203 Step4 Click the CDP Neighbors link for the desired access point to see a list of CDP neighbors for a specific access point The CDP gt AP Neighbors page appears see Figure 4 45 Cisc
61. Oe eee eee ek Bok are aoe hk ao arb aa os Disabled PH MO UE Jud ote da ate te LOS se de Ab oad ho le ele ek dala lorcet bred Enabled PS MS UE as tat Ree EE EEE OE ERA Ee eg Enabled REES Ue ooo eeaeee arnese ee eae cies cc s Cueshe te touches tsi NE Nesans Enabled Gu ard Interval imi 45 45 44 4 Ga 5 44 aa wo a aac egee Short Beacon Tn terial sanane aad ae NR Oe ee 100 CF Pollable mandatory 2 eee eee Disabled CF POL Request ManGat OLY runaku kuku Bee ser Sheed EEN Disabled GFP Periods iii Siete tats Beer iria e oe ater atlas arise ET ECET eb e E 4 CFP Maxim m Duration eusteen s hse a a 60 DeTta lt Channels ede ee e ie hele dela sew wa a 36 Default Tx Power Level s 0s ess cee eee ee ceee cece ee T DTPC SCIC S R e eee La EE Sw SE E E E be bed ae a ob Enabled Fragmentation Threshold 2 26 2346 Long Retry LiMibessciece esee s ra s e ce ee eens 4 Mastin R Life TIM ea woe me mae ee eo EE OEK 512 Max Tx MSDU Life Tims sirsie sedate Sse sa Send 512 Medium Occupancy Limit 0 0 2 eee ee ee esee 100 RUS Threshold is wk dae we a ee Se EEE AEE Pe ek 2347 Short Retty LIM Ci ese eee ee OU SE 4 OGRA 7 TE Threshord Ariea pte lg Se piety Sie el ge gh Nc Sr BAS Bc BARB RAE BS 50 Traffic Stream Metrics Status Enabled Expedited BW Request StatuS 2000 Disabled EDCA profile EV pes ok bee be Sud See ee Se Se ee ee le 8 default wmm Voice MAC optimization statuS
62. P traffic per user by entering this command config qos average data rate bronze silver gold platinum rate S Note For the rate parameter you can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS profile Define the peak data rate in Kbps for TCP traffic per user by entering this command config qos burst data rate bronze silver gold platinum rate Define the average real time rate in Kbps for UDP traffic per user by entering this command config qos average realtime rate bronze silver gold platinum rate Define the peak real time rate in Kbps for UDP traffic per user by entering this command config qos burst realtime rate bronze silver gold platinum rate Specify the maximum percentage of RF usage per access point by entering this command I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring Quality of Service Step 8 Step 9 Step 10 config qos max rf usage bronze silver gold platinum usage_percentage Define the maximum value 0 7 for the priority tag associated with packets that fall within the profile by entering these commands config qos protocol type bronze silver gold platinum dot1p config qos dot1p tag bronze silver gold platinum tag The tagged packets include CAPWAP data packets between access points and the controlle
63. PDU is enabled for all priorities except 6 and 7 Reenable the network by entering this command config 802 11a 802 11b enable network Save your changes by entering this command save config View the configuration settings for the 802 11a n or 802 11b g n band by entering this command show 802 11a 802 11b Information similar to the following appears 8024 ila Network iy bid raiou a a GEE gates Enabled AM e tensia Elea a seein rac tect inter Nucla ide E fax cer cdc aan ta tae EREET T Enabled B02 Ua LOW B nd e creck rumaa silent E sien aie Enabled 802 Tta Mid Band lt u sedi cede ba wae oda a dee a oe Enabled 602 116 High Band 4 ce ee aa ae ae aa ara ee Enabled 802 11la Operational Rates 802 L LGM RAEE is Ae Vd 0 dite OE aE OE AE EOE EOE Wns les doses Mandatory gO IIa OM RACE gow oie Sake R E R Supported 802 11a VAM Rabe sess 656s lenecie se ehayloueeiuk a a a a aa Mandatory S02 11a LOM Rat Gs veg tens as Se ee we whee eae when ep A Supported BODE ELA 2AM Ra EE iinei ara scene edd vee ind seed ange EEEIEE Mandatory 802 1 La SOM RATE odie ec er oue Sos Soe God Soe Goa Gua Gos Sua Sos Supported B02 Lac ASM RAGS iss seensa ia 3 diese ce Wipe ie de Spel ene eye Rice age Supported B02 1 a SAM PAES ERE EIEEE EA AA A Supported 802 11n MCS Settings CS SO oe pie ovis A E E vec ever sete nee ale eye teow lee Supported MCS Li weaS ae wae 4 GRASS SST eA OOS Supported I oL 21524 02 Cisco Wireless LAN
64. Periodic iesenii e eai di ei ia eee eee 0 RFID Measurement Immediate 26 0 SSL Handshake farleder e ariadna e auto s erates 0 NMSP Rx detected con failure 0 0 NMSP Tx detected con failure 6 0 NMSP Tx buf size exceeded 2 22 02 eee 0 Reconnect Before Conn Timeout 0 Information similar to the following appears for each active connection when you enter the show nmsp statistics connection command NMSP Connection Counters MSE IP 171 71 132 107 Connection status UP Tx message count Rx message count WLC Capability 1 MSE Capability 0 Service Subscr Rsp 1 Service Subscr Req 1 Measure Rsp 0 Measure Req 0 Measure Notify 0 Info Rsp 0 Info Req 0 Info Notify 0 Stats Rsp 0 Stats Req 0 Stats Notify 0 Loc Req 0 Loc Rsp 0 Loc Subscr Req 0 Loc Subscr Rsp 0 Loc Notify 0 Loc Unsubscr Req 0 Loc Unsubscr Rsp 0 AP Monitor Rsp 0 AP Monitor Req 0 AP Monitor Notify 64677 IDS Get Rsp 0 IDS Get Req 0 IDS Notif 0 IDS Set Rsp 0 IDS Set Req 0 See the mobility services that are active on the controller by entering this command show nmsp subscription summary detail detail ip_addr where summary shows all of the mobility services to which the controller is subscribed detail shows details for all of the mobility services to which the controller is subscribed detail ip_addr shows details only for the mobility services
65. SS SECURITY MANAGEMENT COMMANDS HELP Monitor CDP gt Traffic Metrics Summary Packets In 288115 gt Access Points Packets Out 25797 gt Statistics Checksum Errors 0 CDP No Memory Errors 0 Interface Neighbors Invalid Packets 0 AP Neighbors Traffic Metrics 212208 This page shows the following information e The number of CDP packets received by the controller e The number of CDP packets sent from the controller e The number of packets that experienced a checksum error e The number of packets dropped due to insufficient memory e The number of invalid packets Using the CLI to Configure the Cisco Discovery Protocol Step 1 Step 2 Step 3 To configure CDP using the controller CLI follow these steps Enable or disable CDP on the controller by entering this command config cdp enable disable CDP is enabled by default Specify the interval at which CDP messages are to be generated by entering this command config cdp timer seconds The range is 5 to 254 seconds and the default value is 60 seconds Specify the amount of time to be advertised as the time to live value in generated CDP packets by entering this command config cdp holdtime seconds mi Cisco Wireless LAN Controller Configuration Guide OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 4 Step 5 Configuring the Cisco Discovery Protocol Mil The range is 10 to 255 seconds and the default value is 180 seconds Specify
66. SSID The maximum number is 255 associations which is also the default number Using the GUI to Configure Aggressive Load Balancing Step 1 Step 2 Step 3 To configure aggressive load balancing using the controller GUI follow these steps Choose Wireless gt Advanced gt Load Balancing to open the Load Balancing page see Figure 4 19 Figure 4 19 Wireless gt Advanced gt Load Balancing Page 1 A 4 Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK I Wireless Load Balancing Apply v Access Points Client Window Size 5 Maximum Denial Count 3 Load Balancing Statistics Total Denied Client Count 0 v Advanced Total Denial Message Sent a pad Balancing Exceeded Denial Max Limit Count 0 Band Select None 5G Candidate Count 0 Mesh None 2 4G Candidate Count 0 HREAP Groups 802 11a n 802 11b g n toad Balancing is configurable per WLAN Yv v v Media Stream Country Timers gt Qos 207776 Done In the Client Window Size text box enter a value between 1 and 20 The window size becomes part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations load balancing window client associations on AP with highest load load balancing threshold In the group of access points accessible to a client device each access point has a different number of client associat
67. Select the Unicast Video Redirect check box to enable Unicast Video Redirect The default value is disabled In the Maximum Media Bandwidth 0 85 text box enter the percentage of the maximum bandwidth to be allocated for media applications on this radio band Once the client reaches the specified value the access point rejects new calls on this radio band The default value is 85 valid values are from 0 to 85 In the Client Phy Rate text box enter the value for the rate in kilobits per second at which the client operates In the Maximum Retry Percent 0 100 text box enter the percentage of the maximum retry The default value is 80 Select the Multicast Direct Enable check box to enable the Multicast Direct Enable text box The default value is enabled From the Max Streams per Radio drop down list choose the maximum number of allowed multicast direct streams per radio Choose a value betweeen to 20 or No Limit The default value is set to No Limit From the Max Streams per Client drop down list choose the maximum number of allowed clients per radio Choose a value betweeen to 20 or No Limit The default value is set to No Limit If you want to enable the best radio queue for this radio select the Best Effort QoS Admission check box The default value is disabled Using the CLI to Configure SIP Based CAC To configure the SIP based CAC using the controller CLI follow these steps I oL 21524 02 Cisco Wireless
68. Settings W Configuring and Viewing Location Settings MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data 171 71 132 107 39046 39046 103742 1 e See the NMSP capabilities by entering this command show nmsp capability Information similar to the following appears Service Subservice RSSI Mobile Station Tags Rogue Info Mobile Station Rogue Statistics Mobile Station Tags IDS Services WIPS e See the NMSP counters by entering this command show nmsp statistics summary connection where summary shows the common NMSP counters connection shows the connection specific NMSP counters Information similar to the following appears for the show nmsp statistics summary command NMSP Global Counters Client Measure Send Fail 0 66 0 Send RSSI with no entry cee eee ee eee 0 APP MSG COO DIG 2 6 eretet os a ele ees SSE ES OR SSSR i 0 Failed Select on Accept Socket 000 0 Failed SSL write ee ee ee ee ee eee eee 0 PARE VAL SSD WEICS a ogee arias te a aloe atte latte E 0 SSL write returned Zeros sssini a ia e E ee eee eee 0 SSL write attempts to want read 0 SSL write attempts to want write 0 SSL write got default error eee ee eee ee 0 SSL write max data length sent 0 SSL write max attempts to write in loop 0 SSL read returned Zero es s web mes ees ae ee eee eee 0 SSL read attempts to want rea
69. _ID You can enter a value between 1 and 512 for wlan_ID parameter Verify your settings by entering this command I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide j Chapter4 Configuring Controller Settings W Configuring Band Selection Step 6 show load balancing Information similar to the following appears Aggressive Load Balancing 2 2000 Enabled Aggressive Load Balancing Window 1 clients Aggressive Load Balancing Denial Count 3 Statistics Total Denied Count iea whee Sw ig Wp els nin r EATA dae eed 5 clients TOtad D nrak Gentra i nee a EN ayes aaa Baa Sea 10 messages Exceeded Denial Max Limit Count 0 times None 5G Candidate Count ccc week 6k esses soeces sss 0 times None 2 4G Candidate COuUnt sss sses socre sess 0 times Save your changes by entering this command save config Configuring Band Selection Band selection enables client radios that are capable of dual band 2 4 and 5 GHz operation to move to a less congested 5 GHz access point The 2 4 GHz band is often congested Clients on this band typically experience interference from Bluetooth devices microwave ovens and cordless phones as well as co channel interference from other access points because of the 802 11b g limit of three nonoverlapping channels To combat these sources of interference and improve overall network performance you can configure band select
70. agreement a Note Typically you are prompted to accept the EULA for evaluation extension and rehost licenses The EULA is also required for permanent licenses but it is accepted during license generation Save a backup copy of all installed licenses as follows a From the Action drop down list choose Save License b In the File Name to Save text box enter the path on the TFTP server where you want the licenses to be saved S Note You cannot save evaluation licenses c Click Save Licenses Reboot the controller Follow the instructions in the Viewing Licenses section on page 4 9 to see the status of the license that you installed If the desired license is not being used by the controller follow the instructions in the Activating an AP Count Evaluation License section on page 4 14 or the Activating an AP Count Evaluation License section on page 4 14 to change the license that is used by the controller Using the CLI to Install a License Step 1 Step 2 To install a license on the controller using the controller CLI follow these steps Install a license on the controller by entering this command license install url where url is tftp server_ip path filename amp Note To remove a license from the controller enter the license clear license _name command For example you might want to delete an expired evaluation license or any unused license You cannot delete unexpired eval
71. ales representative or order it online at this URL I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses http www cisco com go ordering Step2 If you are ordering online begin by choosing the primary upgrade SKU L LIC CT5508 UPG or LIC CT5508 UPG Then choose any number of the following options to upgrade one or more controllers under one PAK Table 4 1 lists the capacity adder licenses available through e mail or on paper After you receive the certificate use one of two methods to register the PAK Cisco License Manager CLM This method automates the process of obtaining licenses and deploying them on Cisco devices For deployments with more than five controllers we recommend using CLM to register PAKs and install licenses You can also use CLM to rehost or RMA a license amp Note You cannot use CLM to change the licensed feature set or activate an ap count evaluation license To perform these operations you must follow the instructions in the Activating an AP Count Evaluation License section on page 4 14 and the Activating an AP Count Evaluation License section on page 4 14 Because you can use CLM to perform all other license operations you can disregard the remaining licensing information in this chapter except these two sections and the Configuring the License Agent section on page 4 23 if you want yo
72. appliance communicate over must be open not blocked on any firewall that exists between the controller and the location appliance for NMSP to function To modify the NMSP notification interval value on the controller using the controller CLI follow these steps Step 1 Set the NMSP notification interval value for clients RFID tags and rogue clients and access points by entering these commands where interval is a value between 1 and 180 seconds e config nmsp notification interval rssi clients interval e config nmsp notification interval rssi rfid interval e config nmsp notification interval rssi rogues interval Step2 See the NMSP notification intervals by entering this command show nmsp notification interval Information similar to the following appears NMSP Notification Interval Summary RSSI Interval ITT lca ee ek oak Ot SOs deca at at GA Meet Bas Grae ae ara aE ata 2 sec REED eis tive ice aus Buel Ae ade de de Rcd ide RES eee oan een Sees 0 sec Hogue AP ais eee tee seu te ie ce feted seve Weel wo te tou ete acd E E ede 4 2 sec ROGUE WC ITIET Cierdeks costae ts EVEA EOE lata Ne A Yard Sao dete aa Lays 2 sec Viewing NMSP Settings To view NMSP information use these CLI commands e See the status of active NMSP connections by entering this command show nmsp status Information similar to the following appears Cisco Wireless LAN Controller Configuration Guide oL 21524 02 watts Chapter4 Configuring Controller
73. ates that there is no check for maximum call limit Note Step 15 Step 16 If SIP CAC is supported and the CAC method is static the Maximum Possible Voice Calls and Maximum Possible Roaming Reserved Calls fields appear Select the Metrics Collection check box to collect Traffic Stream Metrics By default this box is unselected That is the traffic stream metrics is not collected by default Click Apply to commit your changes Cisco Wireless LAN Controller Configuration Guide a76 E OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 17 Step 18 Step 19 Step 20 Configuring Voice and Video Parameters Reenable all WMM WLANs and click Apply Choose Network under 802 1 1a n or 802 11b g n select the 802 11a or 802 11b g Network Status check box and click Apply to reenable the radio network Click Save Configuration to save your changes Repeat this procedure if you want to configure voice parameters for another radio band 802 1 1a or 802 11b g Using the GUI to Configure Video Parameters Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 To configure video parameters using the controller GUI follow these steps Make sure that the WLAN is configured for WMM and the Gold QoS level Disable all WLANs with WMM enabled and click Apply Choose Wireless and then Network under 802 1 1a n or 802 11b g n unselect the 802 11a or 802 11b g Network Status check box and click App
74. ation wizard to enter configuration settings See the Using the Configuration Wizard section on page 2 1 for instructions Using the CLI to Reset the Controller to Default Settings To return the controller to factory default settings using the controller CLI follow these steps Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02 Chapter4 Configuring Controller Settings Resetting the Controller to Default Settings W Step 1 Enter the reset system command At the prompt that asks whether you need to save changes to the configuration enter N The unit reboots Step2 When you are prompted for a username enter the recover config command to restore the factory default configuration The controller reboots and displays this message Welcome to the Cisco WLAN Solution Wizard Configuration Tool Step3 Use the configuration wizard to enter configuration settings See the Using the Configuration Wizard section on page 2 1 for instructions Cisco Wireless LAN Controller Configuration Guide oL 21524 02 MEEN Chapter 4 Configuring Controller Settings HZ Resetting the Controller to Default Settings Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02
75. by entering this command config wlan enable wlan_id Reenable the radio network by entering this command config 802 11a 802 11b enable network To view the TSM voice metrics by entering this command show 802 11a 802 11b cu metrics AP_Name The command also displays the channel utilization metrics Save your changes by entering this command save config Using the CLI to Configure Video Parameters amp Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Make sure that the Using the CLI to Configure SIP Based CAC procedure on page 4 83 are met To configure video parameters using the controller CLI follow these steps See all of the WLANs configured on the controller by entering this command show wlan summary Make sure that the WLAN that you are planning to modify is configured for WMM and the QoS level is set to Gold by entering this command show wlan wlan_id Disable all WLANs with WMM enabled prior to changing the video parameters by entering this command config wlan disable wlan_id Disable the radio network by entering this command config 802 11a 802 11b disable network Save your settings by entering this command save config Enable or disable video CAC for the 802 1 1a or 802 11b g network by entering this command config 802 11a 802 11b cac video acm enable disable Set the percentage of maximum bandwidth allocated to clients for video applications on
76. call numbers show advanced sip preferred call no Configuring EDCA Parameters Enhanced distributed channel access EDCA parameters are designed to provide preferential wireless channel access for voice video and other quality of service QoS traffic Follow the instructions in this section to configure EDCA parameters using the controller GUI or CLI Using the GUI to Configure EDCA Parameters Step 1 Step 2 To configure EDCA parameters using the controller GUI follow these steps Choose Wireless and then Network under 802 1 1a n or 802 11b g n unselect the 802 11a or 802 11b g Network Status check box and click Apply to disable the radio network Choose EDCA Parameters under 802 1 1a n or 802 11b g n The 802 11a or 802 11b g gt EDCA Parameters page appears see Figure 4 38 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring EDCA Parameters Step 3 Step 4 Step 5 Step 6 Step 7 Figure 4 38 802 11a gt EDCA Parameters Page HREAP Groups gt 802 11a n 802 11b g n Network gt RRM Turn this ON only if OSCP marking is correct for media RTP and signaling packets Saye Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless 802 11 big gt EDCA Parameters Apply gt Access Points General Mesh EDCA Profile WMM v Enable Low Latency MAC 4
77. ce priority parameters Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls e optimized voice Enables EDCA voice optimized profile parameters Choose this option when voice services other than SpectraLink are deployed on your network e optimized video voice Enables EDCA voice and video optimized profile parameters Choose this option when both voice and video services are deployed on your network amp Note If you deploy video services admission control ACM must be disabled e custom voice Enables custom voice EDCA parameters for 802 11a The EDCA parameters under this option also match the 6 0 WMM EDCA parameters when this profile is applied View the current status of MAC optimization for voice by entering this command show 802 11a 802 11b Information similar to the following appears Voice mac optimization 626 Disabled Enable or disable MAC optimization for voice by entering this command config advanced 802 11a 802 11b voice mac optimization enable disable This feature enhances voice performance by controlling packet retransmits and appropriately aging out voice packets on lightweight access points which improves the number of voice calls serviced per access point The default value is disabled Reenable the radio network by entering this command config 802 11a 802 11b enable network Save your settings by entering this command
78. cense using the controller GUI follow these steps Step 1 Choose Management gt Software Activation gt Licenses to open the Licenses page see Figure 4 6 Cisco Wireless LAN Controller Configuration Guide Pais OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 2 Installing and Configuring Licenses W Figure 4 6 Licenses Page A Sy Sa a Befresh cisco OMMANDS HELP Management Licenses Summary Current License Level base gt SNMP HTTP License Type Time expires Count Priority Status Telnet SSH base ap count evaluation 8 weeks 4 days 48 Low Inactive o Serial Port base ap count permanent No Expiry 12 Medium Inactive a ap base permanent No Expiry NA Medium In Use Users base evaluation 8 weeks 4 days NA Low Inactive User Sessions base sp count evaluation 6 weeks 4 days 250 High In Use gt Logs Mgmt Via Wireless Software Activation c Commands Ucense Agent gt Tech Support 3 iemet far Rios oO The Status column shows which licenses are currently in use and the Priority column shows the current priority of each license Activate an ap count evaluation license as follows a Click the link for the ap count evaluation license that you want to activate The License Detail page appears see Figure 4 7 Figure 4 7 License Detail Page il et li Save Configuration Ping Logout Refr Appie cisco MONITOR WLANs CONTROLLER WIRELESS CURITY MANAGEMENT COMMANDS HELP FEEDBA Manageme
79. cess points supported by the controller up to a maximum of 500 access points The capacity adder licenses are available in access point capacities of 10 25 50 100 and 250 access points You can add these licenses to any of the base capacity licenses of 12 25 50 100 and 250 access points For example if your controller was initially ordered with support for 100 access points base license AIR CT5508 100 K9 you could increase the capacity to 500 access points by purchasing a 250 access point 100 access point and a 50 access point additive capacity license LIC CT5508 250A LIC CT5508 100A and LIC CT5508 50A You can find more information on ordering capacity adder licenses at this URL http www cisco com en US products ps 103 15 products_data_sheets_list html If you skip any tiers when upgrading for example if you do not install the 25U and 50U licenses along with the 100U the license registration for the upgraded capacity fails FFor a single controller you can order different upgrade licenses in one transaction for example 25U 50U 100U and 250U for which you receive one PAK with one license Then you have only one license instead of four to install on your controller If you have multiple controllers and want to upgrade all of them you can order multiple quantities of each upgrade license in one transaction for example you can order 10 each of the 25U 50U 100U and 250 upgrade licenses for which y
80. check box The default value is enabled Client devices using dynamic transmit power control DTPC receive the channel and power level information from the access points and adjust their settings automatically For example a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings WE Configuring 802 11 Bands Step7 Step 8 Step 9 amp Note On access points that run Cisco IOS software this feature is called world mode amp Note DTPC and 801 11h power constraint cannot be enabled simultaneously Use the Data Rates options to specify the rates at which data can be transmitted between the access point and the client These data rates are available e 802 1la 6 9 12 18 24 36 48 and 54 Mbps e 802 11b g 1 2 5 5 6 9 11 12 18 24 36 48 or 54 Mbps For each data rate choose one of these options e Mandatory Clients must support this data rate in order to associate to an access point on the controller e Supported Any associated clients that support this data rate may communicate with the access point using that rate However the clients are not required to be able to use this rate in order to associate e Disabled The clients specify the data rates used for communica
81. complete click Download License The rehost license key is e mailed within 1 hour to the address that you specified After the e mail arrives copy the rehost license key to your TFTP server Follow the instructions in the Installing a License section on page 4 7 to install this license on another controller Using the CLI to Rehost a License To rehost a license using the controller CLI follow these steps Step 1 Save device credential information to a file by entering this command Cisco Wireless LAN Controller Configuration Guide a20 i OL 21524 02 Chapter 4 Configuring Controller Settings Step 2 Step 3 Step 4 Installing and Configuring Licenses W license save credential url where url is tftp server_ip path filename Obtain a permission ticket to revoke the license as follows k Go to https tools cisco com S WIFT Licensing PrivateRegistrationServlet The Product License Registration page appears see Figure 4 9 Under Manage Licenses click Look Up a License Enter the product ID and serial number for your controller S Note To find the controller s product ID and serial number enter the show license udi command on the controller CLI Open the device credential information file that you saved in Step 1 and copy and paste the contents of the file into the Device Credentials text box Enter the security code in the blank box and click Continue Choose the licenses that you
82. d 0 SSL read attempts to want write 0 SSL read got default error ee ee eee 0 Failed SSL read Con Rx buf freed 0 Failed SSL read Con SSL freed 0 Max records read before exiting SSL read 0 Normal Prio Te O PGU iy a oc ee eee oe a Ree ee eee 0 Highest Prio TX Q counte eie ie ee eke ee ES 0 Normal Prio Tx Q count cee eee ee ee eee 0 Messages sent by APPs to Highest Prio TxQ 0 Max Measure Notify Msg seses eee eee eee eee 0 Max info Notify MSGi hf aa ies aeons ee we E 0 Max Highest Prio Tx Q Size ee ee eee eee 0 Max Normal Prio Tx Q Size eee ee ee 0 Max RSG SZ Si 5 terete r tel adept a Jah plaka o gt gener a ner seerer Seer 1 Max Info Notify Q Size eee eee 0 Max Client Info Notify Delay 0 Max Rogue AP Info Notify Delay 0 Max Rogue Client Info Notify Delay 0 Max Client Measure Notify Delay 0 Max Tag Measure Notify Delay 0 Max Rogue AP Measure Notify Delay 0 Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02 _ Chapter 4 Configuring Controller Settings Configuring and Viewing Location Settings W Max Rogue Client Measure Notify Delay 0 Max Client Stats Notify Delay 0 Max Client Stats Notify Delay 0 RFID Measurement
83. d numbers the controller does not check on the maximum call limit It invokes the CAC to allocate bandwidth for the preferred call The bandwidth allocation is 85 percent of the entire bandwidth pool not just from the maximum configured voice pool The bandwidth allocation is the same even for roaming calls You must configure the following before configuring voice prioritization e Set WLAN QoS to platinum e Enable ACM for the radio e Enable SIP call snoopint on the WLAN Note Cisco 4400 5500 and 2106 Series Controllers and all nonmesh access points do not support voice prioritization This section cotains the followig topics e Using the GUI to Configure a Preferred Call Number page 4 90 e Using the CLI to Configure a Preferred Call Number page 4 91 Using the GUI to Configure a Preferred Call Number Step 1 Step 2 Step 3 Step 4 To configure voice prioritization using the controller GUI follow these steps Set the WLAN QoS profile to Platinum See the Using the GUI to Assign a QoS Profile to a WLAN section on page 7 38 Enable ACM for the WLAN radio See the Using the GUI to Configure Voice Parameters section on page 4 75 Enable SIP call snooping for the WLAN See the Using the GUI to Configure Media Session Snooping section on page 7 43 Choose Wireless gt Advanced gt Preferred Call to open the Preferred Call page All calls configured on the controller appear Note Step 5
84. d does not allow more than the number of access points to associate to it The Cisco 5500 Series Controller is shipped with both permanent and evaluation base and base ap count licenses If desired you can activate the evaluation licenses which are designed for temporary use and set to expire after 60 days Note See the Activating an AP Count Evaluation License section on page 4 14 for instructions on activating an image based evaluation license and the Activating an AP Count Evaluation License section on page 4 14 for instructions on activating an ap count evaluation license No licensing steps are required after you receive your Cisco 5500 Series Controller because the licenses you ordered are installed at the factory In addition licenses and product authorization keys PAKs are preregistered to serial numbers However as your wireless network evolves you might want to add support for additional access points or upgrade from the standard software set to the base software set To do so you need to obtain and install an upgrade license Obtaining an Upgrade or Capacity Adder License A certificate with a product authorization key PAK is required before you can obtain an upgrade license Cisco Wireless LAN Controller Configuration Guide oL 21524 02 EN Chapter4 Configuring Controller Settings Installing and Configuring Licenses Note You can use the capacity adder licenses to increase the number of ac
85. d generate Rehost ticket Enter Saved Permission Ticket File Name x P from step2 e g tftp 209 165 201 30 cmm permit_ticket lic Rehost Ticket File Name output I a e g tftp 209 165 201 30 cmm rehost_ticket lic gt lt gt Is Step3 In the File Name to Save Credentials text box enter the path on the TFTP server where you want the device credentials to be saved and click Save Credentials Step4 To obtain a permission ticket to revoke the license follow these steps a Click Cisco Licensing https tools cisco com SWIFT Licensing PrivateRegistrationServlet The Product License Registration page appears see Figure 4 9 m Cisco Wireless LAN Controller Configuration Guide OL 21524 02 _ Chapter 4 Configuring Controller Settings Installing and Configuring Licenses W Figure 4 9 Product License Registration Page Worldwide change Logged In Account About Cisco abafi cisco Search Go Solutions Products amp Services Ordering Support Training amp Events Partner Central HOME Support Product License Registration Product License Registration Enter a PAK Validate Designate Finish and Toolkit Roll over tools below Number Features Licensee Submit u Feedback Help Licenses Not Requiring a PAK If you do not have a Product Authorization Key PAK please click here for available licenses Related Tools Available licenses include Evaluation Demo Licenses Cisco ASA 3DES A
86. e Advanced Encryption Standard 128 The default value is CFB AES 128 wy Note In order to configure CBC DES or CFB AES 128 encryption you must have selected either HMAC MDS5 or HMAC SHA as the authentication protocol in Step 6 In the Priv Password and Confirm Priv Password text boxes enter the shared secret key to be used for encryption You must enter at least 12 characters Click Apply to commit your changes I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings HZ Configuring Aggressive Load Balancing Step 11 Step 12 Click Save Configuration to save your settings Reboot the controller so that the SNMP v3 user that you added takes effect Using the CLI to Change the SNMP v3 User Default Values Step 1 Step 2 Step 3 Step 4 Step 5 To change the SNMP v3 user default values using the controller CLI follow these steps See the current list of SNMP v3 users for this controller by entering this command show snmpv3user If default appears in the SNMP v3 User Name column enter this command to delete this user config snmp v3user delete username The username parameter is the SNMP v3 username in this case default Create a new SNMP v3 user by entering this command config snmp v3user create username ro rw none hmacmd5 hmacsha none des aescfb128 auth_key encrypt_key where e username is the SNMP v3 username
87. e mobility group and on the same subnet This roaming is also transparent to the client because the session is sustained and a tunnel between controllers allows the client to continue using the same DHCP or client assigned IP address as long as the session remains active The tunnel is torn down and the client must reauthenticate when the client sends a DHCP Discover with a 0 0 0 0 client IP address or a 169 254 client auto IP address or when the operator set session timeout is exceeded I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring Client Roaming Inter Subnet Roaming Multiple controller deployments support client roaming across access points managed by controllers in the same mobility group on different subnets This roaming is transparent to the client because the session is sustained and a tunnel between the controllers allows the client to continue using the same DHCP assigned or client assigned IP address as long as the session remains active The tunnel is torn down and the client must reauthenticate when the client sends a DHCP Discover with a 0 0 0 0 client IP address or a 169 254 client auto IP address or when the operator set user timeout is exceeded Voice over IP Telephone Roaming 802 11 voice over IP VoIP telephones actively seek out associations with the strongest RF signal to ensure the best quality of service QoS and the maximum
88. e receives telemetry and chokepoint information from tags that are compliant with this CCX specification Table 4 5 Cisco Compatible Extensions for RFID Tags Summary Partners AeroScout WhereNet Pango InnerWireless Product Name T2 T3 Wheretag IV V3 Telemetry Temperature X X X Pressure Humidity Status Fuel Quantity Distance Motion Detection X X X Number of Panic 1 2 0 1 Buttons Tampering X X X Battery Information X X X X Multiple Frequency Tags X X X 1 For chokepoint systems note that the tag can work only with chokepoints coming from the same vendor amp Note The Network Mobility Services Protocol NMSP runs on location appliance software release 3 0 or later releases In order for NMSP to function properly the TCP port 16113 over which the controller and location appliance communicate must be open not blocked on any firewall that exists between these two devices See the Cisco Location Appliance Configuration Guide for additional information on NMSP and RFID tags The Cisco approved tags support these capabilities e Information notifications Enable you to view vendor specific and emergency information e Information polling Enables you to monitor battery status and telemetry data Many telemetry data types provide support for sensory networks and a large ra
89. e ro is read only mode and rw is read write mode e none hmacmd5 and hmacsha are the authentication protocol options e none des and aescfb128 are the privacy protocol options e auth_key is the authentication shared secret key e encrypt_key is the encryption shared secret key Do not enter default for the username auth_key and encrypt_key parameters Save your changes by entering the save config command Reboot the controller so that the SNMP v3 user that you added takes effect by entering reset system command Configuring Aggressive Load Balancing Enabling aggressive load balancing on the controller allows lightweight access points to load balance wireless clients across access points You can enable aggressive load balancing using the controller GUI or CLI Note Clients are load balanced between access points on the same controller Load balancing does not occur between access points on different controllers Cisco Wireless LAN Controller Configuration Guide naaa OL 21524 02 Chapter4 Configuring Controller Settings Configuring Aggressive Load Balancing W When a wireless client attempts to associate to a lightweight access point association response packets are sent to the client with an 802 11 response packet including status code 17 This code indicates whether the access point can accept any more associations If the access point is too busy the client attempts to associate to a different access
90. e steps in the Using the GUI to Configure Local Network Users section on page 6 32 Using the CLI to Configure QoS Roles Step 1 Step 2 To configure QoS roles using the controller CLI follow these steps Create a QoS role for a guest user by entering this command config netuser guest role create role_name amp Note If you want to delete a QoS role enter this command config netuser guest role delete role_name Configure the bandwidth contracts for a QoS role by entering these commands e config netuser guest role qos data rate average data rate role_name rate Configures the average data rate for TCP traffic on a per user basis e config netuser guest role qos data rate burst data rate role_name rate Configures the peak data rate for TCP traffic on a per user basis amp Note The Burst Data Rate should be greater than or equal to the Average Data Rate Otherwise the QoS policy may block traffic to and from the wireless client Cisco Wireless LAN Controller Configuration Guide a70 OL 21524 02 Chapter4 Configuring Controller Settings Configuring Quality of Service Hil e config netuser guest role qos data rate average realtime rate role_name rate Configures the average real time rate for UDP traffic on a per user basis e config netuser guest role qos data rate burst realtime rate role_name rate Configures the peak real time rate for UDP traffic on a per user basis amp No
91. eal Time Rate Burst Data Rate Burst Real Time Rate Client Statistics Bytes Received Bytes Sent Packets Received Packets Sent Policy Errors RSSI SNR Sample Time Excessive Retries Retries Success Count Fail Count Tx Filtered Disabled Silver disabled disabled disabled disabled disabled disabled o oc o Unavailable Unavailable Wed Sep 5 12 40 41 2007 0 0 0 00 0b 85 82 b4 80 devesh 82 b4 80 802 11b N A Probing 0 Open System 0 0 Not Implemented Not Implemented Not Implemented Not Implemented Not Implemented 0 WEP Disable 212215 This page shows the U APSD status if enabled for this client under Quality of Service Properties Click Back to return to the Clients page OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings HZ Configuring Voice and Video Parameters Step4 See the TSM statistics for a particular client and the access point to which this client is associated as follows a Hover your cursor over the blue drop down arrow for the desired client and choose 802 11aTSM or 802 11b g TSM The Clients gt AP page appears b Click the Detail link for the desired access point to open the Clients gt AP gt Traffic Stream Metrics page see Figure 4 33 Figure 4 33 Clients gt AP gt Traffic Stream Metrics Page Saye Configuration Ping Logout Refresh cisco MONITOR WL
92. ears e Enable CDP for a specific Ethernet interface radio or slot as follows a Choose Wireless gt Access Points gt All APs to open the All APs page b Click the link for the desired access point a Choose the Interfaces tab and select the corresponding check boxes for the radios or slots from the CDP Configuration section amp Note Configuration for radios is only applicable for mesh access points b Click Apply to commit your changes e To enable or disable CDP on all access points currently associated to the controller follow these steps a Choose Wireless gt Access Points gt Global Configuration to open the Global Configuration page b Select the CDP State check box to enable CDP on all access points associated to the controller or unselect it to disable CDP on all access points The default value is selected You can enable CDP on a specific Ethernet interface radio or slot by selecting the corresponding check box This configuration will be applied to all access points associated with the controller c Click Apply to commit your changes Step9 Click Save Configuration to save your changes Using the GUI to View Cisco Discovery Protocol Information To view CDP information using the controller GUI follow these steps Cisco Wireless LAN Controller Configuration Guide _ Chapter 4 Configuring Controller Settings Step 1 Step 2 Configuring the Cisco Discovery Protocol W
93. ed on another controller as follows a b c Go to https tools cisco com SWIFT Licensing PrivateRegistrationServlet On the Product License Registration page click Upload Rehost Ticket under Manage Licenses On the Upload Ticket page enter the rehost ticket that you generated in Step 3 in the Enter Rehost Ticket text box and click Continue On the Validate Features page verify that the license information for your controller is correct enter the rehost quantity and click Continue OL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses e On the Designate Licensee page enter the product ID and serial number of the controller on which you plan to use the license read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Continue f On the Review and Submit page verify that all information is correct and click Submit g When a message appears indicating that the registration is complete click Download License The rehost license key is e mailed within 1 hour to the address that you specified h After the e mail arrives copy the rehost license key to your TFTP server i Follow the instructions in the Installing a License section on page 4 7 to install this license on another controller Transferring Licenses to a Replacement Controlle
94. enabled the 802 11b g band in Step 2 select the 802 11g Support check box if you want to enable 802 11g network support The default value is enabled If you disable this feature the 802 11b band is enabled without 802 11g support Specify the rate at which the SSID is broadcast by the access point by entering a value between 100 and 600 milliseconds inclusive in the Beacon Period text box The default value is 100 milliseconds The beacon period in controllers is listed in terms of milliseconds The beacon period can also be measured in time units where one time unit equals 1024 microseconds or 102 4 milliseconds If a beacon interval is listed as 100 milliseconds in a controller it is only a rounded off value for 102 4 milliseconds Due to hardware limitation in certain radios even though the beacon interval is say 100 time units it is adjusted to 102 time units which roughly equals 1044 48 milliseconds When the beacon period is to be represented in terms of time units the value is adjusted to the nearest multiple of 17 Specify the size at which packets are fragmented by entering a value between 256 and 2346 bytes inclusive in the Fragmentation Threshold text box Enter a low number for areas where communication is poor or where there is a great deal of radio interference Make access points advertise their channel and transmit power level in beacons and probe responses Select the DTPC Support check box Otherwise unselect this
95. er 2 client roaming using the controller CLI follow these steps View the current RF parameters configured for client roaming for the 802 11a or 802 11b g network by entering this command show 802 11a 802 11b 12roam rf param View the CCX Layer 2 client roaming statistics for a particular access point by entering this command show 802 11a 802 11b 12roam statistics ap_mac This command provides the following information e The number of roam reason reports received e The number of neighbor list requests received e The number of neighbor list reports sent e The number of broadcast neighbor updates sent View the roaming history for a particular client by entering this command show client roam history client_mac This command provides the following information e The time when the report was received e The MAC address of the access point to which the client is currently associated e The MAC address of the access point to which the client was previously associated e The channel of the access point to which the client was previously associated e The SSID of the access point to which the client was previously associated e The time when the client disassociated from the previous access point e The reason for the client roam I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring IP MAC Address Binding Using the CLI to Debug CCX Client Roaming Issues If you exp
96. erience any problems with CCX Layer 2 client roaming enter this command debug 12roam detail error packet all enable disable Configuring IP MAC Address Binding amp In controller software release 5 2 or later releases the controller enforces strict IP address to MAC address binding in client packets The controller checks the IP address and MAC address in a packet compares them to the addresses that are registered with the controller and forwards the packet only if they both match In previous releases the controller checks only the MAC address of the client and ignores the IP address Note Step 1 Step 2 Step 3 If the IP address or MAC address of the packet has been spoofed the check does not pass and the controller discards the packet Spoofed packets can pass through the controller only if both the IP and MAC addresses are spoofed together and changed to that of another valid client on the same controller To configure IP MAC address binding using the controller CLI follow these steps Enable or disable IP MAC address binding by entering this command config network ip mac binding enable disable The default value is enabled amp Note You might want to disable this binding check if you have a routed network behind a workgroup bridge WGB amp Note You must disable this binding check in order to use an access point in sniffer mode if the access point is joined to a Cisco 5500 Seri
97. es Controller a Cisco 2100 Series Controller or a controller network module that runs software release 6 0 or later releases Save your changes by entering this command save config View the status of IP MAC address binding by entering this command show network summary Information similar to the following appears RF Network Name 2 eee ee eee ee eee ctr14404 Web Modera acaat retares toes dea tdsea ties Sona E TE stu e ie Seale suas Disable Secure Web Mode 2 2 eee ee ee eee Enable Secure Web Mode Cipher Option High Disable Secure Web Mode Cipher Option SSLv2 Enable IP MAC Addr Binding Check Enabled Cisco Wireless LAN Controller Configuration Guide M464 OL 21524 02 Chapter4 Configuring Controller Settings Configuring Quality of Service W Configuring Quality of Service Quality of service QoS refers to the capability of a network to provide better service to selected network traffic over various technologies The primary goal of QoS is to provide priority including dedicated bandwidth controlled jitter and latency required by some real time and interactive traffic and improved loss characteristics The controller supports four QoS levels e Platinum Voice Ensures a high quality of service for voice over wireless e Gold Video Supports high quality video applications e Silver Best Effort Supports normal bandwidth for clients This is the defa
98. es on the controller Using the GUI to View Licenses Step 1 To view licenses on the controller using the controller GUI follow these steps Choose Management gt Software Activation gt Licenses to open the Licenses page see Figure 4 4 OL 21524 02 Cisco Wireless LAN Controller Configuration Guide E Chapter4 Configuring Controller Settings W Installing and Configuring Licenses Figure 4 4 Licenses Page Save Configuration Ping Logout Refresh cisco MONITOR TROLLER WIRELESS A Management Licenses gummy Current License Level base gt SNMP HTTP HTTPS License Type Telnet SSH base permanent Serial Port base ap count permanent Local Management base evaluation Users base ap count evaluation User Sessions v Logs Mgmt Via Wireless Software Activation Licenses License Comma License Agent gt Tech Support v lt SECURITY MANAG Time expires No Expiry No Expiry 8 weeks 4 days 8 weeks 4 days COMMANDS HELP FEEDBACK Count Priority Status Na Medium In Use 12 Medium In Use Na None Inactive 500 None Inactive 20927 1 This page lists all of the licenses installed on the controller For each license it shows the license type expiration count the maximum number of access points allowed for this license priority low medium or high and status in use not in use inactive or EULA not accepted SX Note Controller platforms do not support the status of
99. ese steps a On the Licenses page click the link for the ap count evaluation license that is in use b Choose Low from the Priority drop down list and click Set Priority amp Note You can set the priority only for ap count evaluation licenses AP count permanent licenses always have a medium priority which cannot be configured c Click OK when prompted to confirm your decision about changing the priority of the license d When the EULA appears read the terms of the agreement and then click Accept e When prompted to reboot the controller click OK f Reboot the controller in order for the priority change to take effect g Click Licenses to open the Licenses page and verify that the ap count evaluation license now has a low priority and is not in use Instead the ap count permanent license should be in use Using the CLI to Activate an AP Count Evaluation License To activate an ap count evaluation license using the controller CLI follow these steps Step 1 See the current status of all the licenses on your controller by entering this command show license all Information similar to the following appears License Store Primary License Storage StoreIndex 0 Feature base ap count Version 1 0 License Type Permanent License State Active In Use License Count 12 0 0 License Priority Medium StoreIndex 1 Feature base Version 1 0 License Type Permanent License State Active In Use License Count Non Counted
100. ess LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings WE Changing the Default Values for SNMP v3 Users Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 See the current list of SNMP communities for this controller by entering this command show snmp community If public or private appears in the SNMP Community Name column enter this command to delete this community config snmp community delete name The name parameter is the community name in this case public or private Create a new community by entering this command config snmp community create name Enter up to 16 alphanumeric characters for the name parameter Do not enter public or private Enter the IP address from which this device accepts SNMP packets with the associated community by entering this command config snmp community ipaddr ip_address ip_mask name Specify the access level for this community by entering this command where ro is read only mode and rw is read write mode config snmp community accessmode ro rw name Enable or disable this SNMP community by entering this command config snmp community mode enable disable name Save your changes by entering save config Repeat this procedure if you still need to change the default values for a public or private community string Changing the Default Values for SNMP v3 Users Note The cont
101. etail link for the desired client and look at the E2E Version text box under Client Properties e Roam reason report This feature enables CCXv4 clients to report the reason why they roamed to a new access point It also allows network administrators to build and monitor a roam history e Directed roam request This feature enables the controller to send directed roam requests to the client in situations when the controller can better service the client on an access point different from the one to which it is associated In this case the controller sends the client a list of the best access points that it can join The client can either honor or ignore the directed roam request Non CCX clients and clients running CCXv3 or below must not take any action No configuration is required for this feature Controller software release 4 2 or later releases support CCX versions 1 through 5 CCX support is enabled automatically for every WLAN on the controller and cannot be disabled The controller stores the CCX version of the client in its client database and uses it to generate and respond to CCX frames appropriately Clients must support CCXv4 or v5 or CCXv2 for access point assisted roaming in order to utilize these roaming enhancements See the Configuring Cisco Client Extensions section on page 7 52 for more information on CCX The roaming enhancements mentioned above are enabled automatically with the appropriate CCX support N
102. f RFID tags that are associated to the controller as clients by entering this command show rfid client When the RFID tag is in client mode information similar to the following appears Heard RFID Mac VENDOR Sec Ago Associated AP Chn1 Client State 00 14 7e 00 0b b1 Pango 3 5 AP0019 e75c fef4 il Probing When the RFID tag is not in client mode the above text boxes are blank Using the CLI to Debug RFID Tag Tracking Issues If you experience any problems with RFID tag tracking use these debug commands e Configure MAC address debugging by entering this command debug mac addr mac_address amp Note We recommend that you perform the debugging on a per tag basis If you enable debugging for all of the tags the console or Telnet screen is inundated with messages e Enable or disable debugging for the 802 11 RFID tag module by entering this command debug dot11 rfid enable disable e Enable or disable RFID debug options by entering this command debug rfid all detail error nmsp receive enable disable where all configures debugging of all RFID messages detail configures debugging of RFID detailed messages error configures debugging of RFID error messages nmsp configures debugging of RFID NMSP messages receive configures debugging of incoming RFID tag messages I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configu
103. figuration Guide oL 21524 02 g 425 Chapter4 Configuring Controller Settings W Configuring 802 11 Bands Information similar to the following appears for the show license agent counters command License Agent Counters Request Messages Received 10 Messages with Errors 1 Request Operations Received 9 Operations with Errors 0 Notification Messages Sent 12 Transmission Errors 0 Soap Errors 0 Information similar to the following appears for the show license agent sessions command License Agent Sessions 1 open maximum is 9 amp Note To clear the license agent s counter or session statistics enter the clear license agent counters sessions command Configuring 802 11 Bands You can configure the 802 1 1b g n 2 4 GHz and 802 1 1a n 5 GHz bands for the controller to comply with the regulatory requirements in your country By default both 802 11b g n and 802 1 1a n are enabled Using the GUI to Configure 802 11 Bands To configure 802 11 bands using the controller GUI follow these steps Step1 Choose Wireless gt 802 11a n or 802 11b g n gt Network to open the 802 11a or 802 11b g Global Parameters page see Figure 4 11 Cisco Wireless LAN Controller Configuration Guide M426 E OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 2 Step 3 Step 4 Note Step 5 Step 6 Configuring 802 11 Bands W Figure 4 11 802 11a Global Parameters Page Configura
104. fine the average real time rate for UDP traffic on a per user basis by entering the rate in Kbps in the Average Real Time Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the profile Define the peak real time rate for UDP traffic on a per user basis by entering the rate in Kbps in the Burst Real Time Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the profile amp Note The Burst Real Time Rate should be greater than or equal to the Average Real Time Rate Otherwise the QoS policy may block traffic to and from the wireless client In the Maximum RF Usage Per AP text box enter the maximum percentage of bandwidth given to a user class For example if you set 50 for Bronze QoS all the Bronze WLAN users combined will not get more than 50 of the available RF bandwidth Actual throughput could be less than 50 but it will never be more than 50 In the Queue Depth text box enter the maximum number of packets that access points keep in their queues Any additional packets are dropped Cisco Wireless LAN Controller Configuration Guide M466 OL 21524 02 Chapter 4 Configuring Controller Settings Step 11 Step 12 Step 13 Step 14 Step 15 Configuring Quality of Service W Choose 802 1p from the Protocol Type drop down list and enter the maximum priority value in
105. ge h tet l ts Ping Logout Refresh CISCO MONITOR WLANs ILLER WIREL CURITY AENT C gt HELP Wireless AP gt Clients lt Back 4 AP Interface Mac 00 0b 85 7a a7 40 Access Points All APs Radio Type 802 11b g v Radios k 802 11a n Client Mac Address 802 11b g n 00 1a a1 7b 10 de Detail AP Configuration Mesh HREAP Groups gt 802 11a n gt 802 11b g n Country 00 14 a1 7b 10 f0 Detail Timers gt QoS 212249 c Click the Detail link for the desired client to open the AP gt Clients gt Traffic Stream Metrics page see Figure 4 36 Cisco Wireless LAN Controller Configuration Guide I OL 21524 02 EEN Chapter4 Configuring Controller Settings HZ Configuring Voice and Video Parameters Figure 4 36 AP gt Clients gt Traffic Stream Metrics Page i tet nn Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless AP gt Clients gt Traffic Stream Metrics lt Back a AP Interface Mac 00 0b 85 7a a7 40 Y Access Points All APs Radio Type 802 11b g Radios p 802 11a n Client Mac Address 00 1a a1 7b 10 f0 802 11b g n Measurement Duration 90 sec AP Configuration Mesh HREAP Groups Uplink Statistics gt 802 11a fn Packets that experienced Delay Packets Lost Packets gt 802 11 a F TE ETE Te e Na a b g n Timestamp Average lt 10ms 10ms 20ms 20ms 40ms gt 40ms
106. ghboring access point to roam to and to complete the roam whenever the RSSI from the client s associated access point is below the scan threshold The Scan Threshold and Transition Time parameters guarantee a minimum level of client roaming performance Together with the highest expected client speed and roaming hysteresis these parameters make it possible to design a wireless LAN network that supports roaming simply by ensuring a certain minimum overlap distance between access points The range is to 10 seconds The default is 5 seconds Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 Chapter4 Configuring Controller Settings Step7 Step 8 Step 9 Configuring Client Roaming W Click Apply to commit your changes Click Save Configuration to save your changes Repeat this procedure if you want to configure client roaming for another radio band 802 1 1a or 802 11b g Using the CLI to Configure CCX Client Roaming Parameters Configure CCX Layer 2 client roaming parameters by entering this command config 802 11a 802 11b 12roam rf params default custom min_rssi roam_hyst scan_thresh trans_time amp Note See the description range and default value of each RF parameter in the Using the GUI to Configure CCX Client Roaming Parameters section on page 4 61 Using the CLI to Obtain CCX Client Roaming Information Step 1 Step 2 Step 3 To view information about CCX Lay
107. gs Using these standard values presents a security risk If you use the default community names and since these are known the community names could be used to communicate to the controller using the SNMP protocol Therefore we strongly advise that you change these values Using the GUI to Change the SNMP Community String Default Values Step 1 To change the SNMP community string default values using the controller GUI follow these steps Choose Management and then Communities under SNMP The SNMP v1 v2c Community page appears see Figure 4 15 Cisco Wireless LAN Controller Configuration Guide aao OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Changing the Default Values of SNMP Community Strings W Figure 4 15 SNMP v1 v2c Community Page Save Configuration Ping Logout Refresh MONITOR V s CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Management SNMP v1 v2c Community New Summary Community Name IP Address IP Mask Access Mode Status SNMP public 209 165 200 225 255 255 255 224 Read Only Enable z General E SNMP V3 Users private 209 165 200 225 255 255 255 224 Read Write Enable iw Communities Trap Receivers Trap Controls Trap Logs 210912 If public or private appears in the Community Name column hover your cursor over the blue drop down arrow for the desired community and choose Remove to
108. h Support E 207720 This page shows the following additional information for the license e The license type permanent evaluation or extension e The license version e The status of the license in use not in use inactive or EULA not accepted e The length of time before the license expires N Note Permanent licenses never expire e Whether the license is a built in license e The maximum number of access points allowed for this license e The number of access points currently using this license If you want to enter a comment for this license type it in the Comment text box and click Apply Click Save Configuration to save your changes Using the CLI to View Licenses To view licenses on the controller use these commands e See the license level license type and number of access points licensed on the controller by entering this command show sysinfo Information similar to the following appears Manufacturer s Namei i i 6 gb die dis eis Bese dos Ge dow oad gw eed Cisco Systems Inc Product NAME a ao cin ow mon din mmm on mim hn eR RR Oe mm Oe Cisco Controller Product VERS BOT oi s ssw esasa ince eaea a aae Sagas nad EET E wep os 70 RTOS MSI S a Trig sasini naie na evs aa ob i EO a a E ap emer ees 70 Bootloader VersiONn se sakei aea ene a sae es bee Soe Ea ari re Emergency Image VerSion 2 cc eee eee ee nee N A Build ay ee er ee ae er DATA WPS System Name ee eee eens Cisco
109. he name of each CDP neighbor e The IP address of each CDP neighbor e The port used by each CDP neighbor for transmitting CDP packets e The time left in seconds before each CDP neighbor entry expires e The functional capability of each CDP neighbor defined as follows R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater or M Remotely Managed Device e The hardware platform of each CDP neighbor device Click the name of the desired interface neighbor to see more detailed information about each interface s CDP neighbor The CDP gt Interface Neighbors gt Detail page appears see Figure 4 43 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings WE Configuring the Cisco Discovery Protocol Figure 4 43 CDP gt Interface Neighbors gt Detail Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY ANAGEMENT COMMANDS HELP Monitor CDP gt Interface Neighbors gt Detail lt Back Summary Local Interface Port 1 gt Access Points Neighbor Name CJ 4402 gt Statistics Neighbor Address 1 100 163 48 CDP Neighbor Port Unit 0 Slot 0 Port 2 Interface Neighbors Advt Version vi AP Neighbors Traffic Metrics TE 17 Capability Host gt Rogues aian Platform WLC4402 12 ients Software Yersion Manufacturer s Name Cisco Systems Inc Product Name Cisco Controller Product Version
110. iguration Guide Chapter4 Configuring Controller Settings W Installing and Configuring Licenses Using the GUI to Rehost a License To rehost a license using the controller GUI follow these steps Step1 Choose Management gt Software Activation gt Commands to open the License Commands page Step2 From the Action drop down list choose Rehost The Revoke a License from the Device and Generate Rehost Ticket area appears see Figure 4 8 Figure 4 8 License Commands Rehost Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Management License Commands al Summary gt SNMP Action Rehost vij buas Revoke a license from the device and generate Rehost ticket Telnet SSH Serial Port Step 1 Save Device credential information to a file Local Management i eee j PETE File Name te seveicredentals eeu e g ttp 209 165 201 30 ermm cred1345 lic User Sessions Save Credentials gt Logs Mgmt Via Wireless v Software Activation Step 2 Visit Cisco Licensing and get the permission ticket Licenses Using the Device Credential generated from Step 1 License Level a permission ticket can be obtained from Cisco Licensing www cisco com qgo license Commands Here you will get an option to choose the licenses you want to revoke from this device License Agent Save this file in the tftp path gt Tech Support Step 3 Revoke license from the device an
111. ion on the controller Band selection works by regulating probe responses to clients It makes 5 GHz channels more attractive to clients by delaying probe responses to clients on 2 4 GHz channels Band selection is enabled globally by default Note Band selection enabled WLANs do not support time sensitive applications like voice and video because of roaming delays Guidelines for Using the Band Selection Follow these guidelines when using band selection e Band selection can be used only with Cisco Aironet 1140 and 1250 Series and the 3500 series access points e Band selection operates only on access points that are connected to a controller A hybrid REAP access point without a controller connection does not perform band selection after a reboot amp Note OEAP 600 Series access points do not support band select e The band selection algorithm directs dual band clients only from the 2 4 GHz radio to the 5 GHz radio of the same access point and it only runs on an access point when both the 2 4 GHz and 5 GHz radios are up and running Cisco Wireless LAN Controller Configuration Guide OL 21524 02 Chapter4 Configuring Controller Settings Configuring Band Selection W e You can enable both band selection and aggressive load balancing on the controller They run independently and do not impact one another Using the GUI to Configure Band Selection Step 1 Step 2 Step 3 Step 4 Step 5 S
112. ions The access point with the lowest number of clients has the lightest load The client window size plus the number of clients on the access point with the lightest load forms the threshold Access points with more client associations than this threshold is considered busy and clients can associate only to access points with client counts lower than the threshold In the Maximum Denial Count text box enter a value between 0 and 10 The denial count sets the maximum number of association denials during load balancing w_ Cisco Wireless LAN Controller Configuration Guide OL 21524 02 Chapter 4 Configuring Controller Settings Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Configuring Aggressive Load Balancing W Click Apply to commit your changes Click Save Configuration to save your changes To enable or disable aggressive load balancing on specific WLANs choose WLANs gt WLAN ID The WLANs gt Edit page appears Click the Advanced tab see Figure 4 20 Figure 4 20 WLANs gt Advanced Page Saye Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK A WLANs WLANs gt Edit lt Back Apply ee _ General rity QoS Advanced Beco ie coed Management Frame Protection MFP a Advanced Diagnostic Channel Enabled IPv6 Enable Z o MFP Client Protection Optional Override Interface ACL None DT
113. iously known 802 11b g clients The default value is 20 seconds After this time elapses clients become new and are subject to probe response suppression In the Age Out Dual Band seconds text box enter a value between 10 and 300 seconds The age out period sets the expiration time for pruning previously known dual band clients The default value is 60 seconds After this time elapses clients become new and are subject to probe response suppression In the Acceptable Client RSSI dBm text box enter a value between 20 and 90 dBm This parameter sets the minimum RSSI for a client to respond to a probe The default value is 80 dBm Click Apply to commit your changes Click Save Configuration to save your changes I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings W Configuring Band Selection Step 9 Step 10 Step 11 To enable or disable aggressive load balancing on specific WLANs choose WLANs gt WLAN ID The WLANs gt Edit page appears Click the Advanced tab see Figure 4 20 Click Save Configuration to save your changes Using the CLI to Configure Band Selection Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 To configure band selection using the controller CLI follow these steps Set the probe cycle count for band select by entering this command config band select cycle count cycle_count You can enter a va
114. is disabled Step2 Specify the maximum number of sessions for the license agent by entering this command config license agent max sessions sessions The valid range for the sessions parameter is 1 to 25 inclusive and the default value is 9 Step3 Enable the license agent to receive license requests from the CLM and to specify the URL where the license agent receives the requests by entering this command config license agent listener http plaintext encrypt url authenticate none max message size acl acl The valid range for the size parameter is 0 to 65535 bytes and the default value is 0 amp Note To prevent the license agent from receiving license requests from the CLM enter the config license agent listener http disable command The default value is disabled Step4 Configure the license agent to send license notifications to the CLM and to specify the URL where the license agent sends the notifications by entering this command config license agent notify url username password amp Note To prevent the license agent from sending license notifications to the CLM enter the config license agent notify disable username password command The default value is disabled Step5 Save your changes by entering this command save config Step6 See statistics for the license agent s counters or sessions by entering this command show license agent counters sessions Cisco Wireless LAN Controller Con
115. itional bandwidth consumption resulting from PHY and channel impairment Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 Chapter4 Configuring Controller Settings amp Configuring Voice and Video Parameters W In load based CAC the access point continuously measures and updates the utilization of the RF channel that is the percentage of bandwidth that has been exhausted channel interference and the additional calls that the access point can admit The access point admits a new call only if the channel has enough unused bandwidth to support that call By doing so load based CAC prevents oversubscription of the channel and maintains QoS under all conditions of WLAN loading and interference Note Load based CAC is supported only on lightweight access points If you disable load based CAC the access points start using bandwidth based CAC Expedited Bandwidth Requests The expedited bandwidth request feature enables CCXv5 clients to indicate the urgency of a WMM traffic specifications TSPEC request for example an e911 call to the WLAN When the controller receives this request it attempts to facilitate the urgency of the call in any way possible without potentially altering the quality of other TSPEC calls that are in progress You can apply expedited bandwidth requests to both bandwidth based and load based CAC Expedited bandwidth requests are disabled by default When this feature is disabled
116. itself To do so a guest role Airespace attribute needs to be added on the RADIUS server with a datatype of string and a return value of 11 This attribute is sent to the controller when authentication occurs If a role with the name returned from the RADIUS server is found configured on the controller the bandwidth associated to that role is enforced for the guest user after authentication completes successfully Using the GUI to Configure QoS Roles amp To configure QoS roles using the controller GUI follow these steps Note Guest User role is not supported on Cisco 2106 Controller Cisco Wireless LAN Controller Configuration Guide _ Chapter 4 Configuring Controller Settings Step 1 Step 2 Step 3 Step 4 Step 5 Configuring Quality of Service Hi Choose Wireless gt QoS gt Roles to open the QoS Roles for Guest Users page see Figure 4 27 Figure 4 27 QoS Roles for Guest Users Page ot tet ls Saye Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless QoS Roles for Guest Users New gt Access Points Name Mesh Contractor 7 HREAP Groups vendor iv gt 802 11a n gt 802 11b g n Country Timers Qos g Profiles g Roles N N This page shows any existing QoS roles for guest users amp Note If you want to delete a QoS role hover your cursor over the blue drop down arrow for that role and ch
117. k by entering this command config 802 11a 802 11b cac voice acm enable disable Set the percentage of maximum bandwidth allocated to clients for voice applications on the 802 1 1a or 802 11b g network by entering this command config 802 11a 802 11b cac voice max bandwidth bandwidth The bandwidth range is 5 to 85 and the default value is 75 Once the client reaches the value specified the access point rejects new calls on this network Set the percentage of maximum allocated bandwidth reserved for roaming voice clients by entering this command config 802 11a 802 11b cac voice roam bandwidth bandwidth The bandwidth range is 0 to 25 and the default value is 6 The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming voice clients Cisco Wireless LAN Controller Configuration Guide OL 21524 02 Chapter 4 Configuring Controller Settings Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Configuring Voice and Video Parameters W Configure the codec name and sample interval as parameters and to calculate the required bandwidth per call by entering this command config 802 11a 802 11b cac voice sip codec g711 g729 sample interval number_msecs Configure the bandwidth that is required per call by entering this command config 802 11a 802 11b cac voice sip bandwidth bandwidth_kbps sample interval number_msecs Reenable all WLANs with WMM enabled
118. ket using CAPWAP and forwards the packet to the CAPWAP multicast group address The controller always uses the management interface for sending multicast packets Access points in the multicast group receive the packet and forward it to all the BSSIDs mapped to the interface on which clients receive multicast traffic From the access point perspective the multicast appears to be a broadcast to all SSIDs In controller software release 4 2 or later releases Internet Group Management Protocol IGMP snooping is introduced to better direct multicast packets When this feature is enabled the controller gathers IGMP reports from the clients processes them creates unique multicast group IDs MGIDs from the IGMP reports after selecting the Layer 3 multicast address and the VLAN number and sends the IGMP reports to the infrastructure switch The controller sends these reports with the source address as the interface address on which it received the reports from the clients The controller then updates the access point MGID table on the access point with the client MAC address When the controller receives multicast traffic for a particular multicast group it forwards it to all the access points but only those access points that have active clients listening or subscribed to that multicast group send multicast traffic on that particular WLAN IP packets are forwarded with an MGID that is unique for an ingress VLAN and the destination multicast group Layer 2
119. l number choose Controller gt Inventory on the controller GUI Open the device credential information file that you saved in Step 3 and copy and paste the contents of the file into the Device Credentials text box Enter the security code in the blank box and click Continue OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses k Choose the licenses that you want to revoke from this controller and click Start License Transfer On the Rehost Quantities page enter the number of licenses that you want to revoke in the To Rehost text box and click Continue On the Designate Licensee page enter the product ID and serial number of the controller for which you plan to revoke the license read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Continue On the Review and Submit page verify that all information is correct and click Submit When a message appears indicating that the registration is complete click Download Permission Ticket The rehost permission ticket is e mailed within 1 hour to the address that you specified After the e mail arrives copy the rehost permission ticket to your TFTP server Step5 Use the rehost permission ticket to revoke the license from this controller and generate a rehost ticket as follows In the Enter Saved
120. l reference appnote html wp394 98 Using the Wireless LAN Controller Network Module Follow these guidelines when using a wireless LAN controller network module CNM installed in a Cisco Integrated Services Router e The CNM does not support IPsec To use IPsec with the CNM configure IPsec on the router in which the CNM is installed Click this link to browse to IPsec configuration instructions for routers http www cisco com en US tech tk5 83 tk372 tech_configuration_guides_list html e The CNM does not have a battery and cannot save a time setting It must receive a time setting from an external NTP server when it powers up When you install the module the configuration wizard prompts you for NTP server information Cisco Wireless LAN Controller Configuration Guide oL 21524 02 4119 Chapter4 Configuring Controller Settings HZ Resetting the Controller to Default Settings e To access the CNM bootloader we recommend that you reset the CNM from the router If you reset the CNM from a CNM user interface the router might reset the CNM while you are using the bootloader When you reset the CNM from a CNM interface you have 17 minutes to use the bootloader before the router automatically resets the CNM The CNM bootloader does not run the Router Blade Configuration Protocol RBCP so the RBCP heartbeat running on the router times out after 17 minutes triggering a reset of the CNM If you reset the CNM from the router
121. lers is being replaced with a new forwarding plane architecture As a result Cisco 2100 Series Controller and the Cisco Wireless LAN Controller Network Module for Cisco Integrated Services Routers as well as Cisco 5500 Series Controllers bridge 802 3 packets by default Therefore 802 3 bridging can now be disabled only on 4400 series controllers the Cisco WiSM and the Catalyst 3750G Wireless LAN Controller Switch Note amp By default Cisco 2100 Series Controllers that run software release 5 2 or later releases and Cisco 5500 Series Controllers bridge all non IPv4 packets such as AppleTalk IPv6 and so on If desired you can use ACLs to block the bridging of these protocols Note You can also configure 802 3 bridging using the Cisco Wireless Control System WCS See the Cisco Wireless Control System Configuration Guide for instructions Using the GUI to Configure 802 3 Bridging Step 1 To configure 802 3 bridging using the controller GUI follow these steps Choose Controller gt General to open the General page see Figure 4 22 Cisco Wireless LAN Controller Configuration Guide M452 E OL 21524 02 Chapter4 Configuring Controller Settings Configuring 802 3 Bridging W Figure 4 22 General Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK a Controller General Apply a General Name aaoo renion 802 3x Flow Contr
122. lete 0 Null Bufhandle 0 Bad Packet 0 Bad LWAPP Data 0 Bad LWAPP Encap 0 Off Channel 0 Bad CCX Version 0 Bad AP Info 0 Above Max RSSI 0 Below Max RSSI 0 Invalid RSSI 0 Add RSSI Failed 0 Oldest Expired RSSI 0 Smallest Overwrite 0 e Clear the location based RFID statistics by entering this command clear location statistics rfid e Clear a specific RFID tag or all of the RFID tags in the entire database by entering this command clear location rfid mac_address all e See whether location presence S69 is supported on a client by entering this command show client detail client_mac When location presence is supported by a client and enabled on a location appliance the location appliance can provide the client with its location upon request Location presence is enabled automatically on CCXv5 clients Information similar to the following appears Client MAC Address eee ee ee eee eee 00 40 96 b2 a3 44 Client Username ensais eie eee a ee ee ee ee ee eens N A AP MAC AGARESS icscscs cece cen ece se canecece ends dod aa Sd es 00 18 74 c7 c0 90 Clien rsStata iie ee eiea ee Associated Wirel ss TAN Tarai Cioe ar eee ser Eaa tw E E EE E E os Oe E T BSG ED ie fork e aAA NA ia eA i n aA ea e Sie tee aS 00 18 74 c7 c0 9f Channel Seg SB ee he ed a e aia AEE Ba ae 56 TP Address aan los css deca eee dace aaa aaa a ia eaii iaiia 192 168 10 28 Ass ciatiom Tdr mpira s o eese nso ave 6 2 s a e o ae Sys 1 Authen
123. lients in the watch list and the time remaining for the diagnostics of the voice call If voice diagnostics is disabled when the following commands are invoked a message indicating that voice diagnostics is disabled appears show client voice diag tspec Displays the TSPEC information sent from the clients that are enabled for voice diagnostics show client voice diag qos map Displays information about the QoS DSCP mapping and packet statistics in each of the four queues VO VI BE BK The different DSCP values are also displayed show client voice diag avrg_rssi Display the client s RSSI values in the last 5 seconds when voice diagnostics is enabled show client voice diag roam history Displays information about the last three roaming calls The output contains the timestamp access point associated with roaming roaming reason and if there is a roaming failure reason for roaming failure show client calls active rejected 802 11a 802 11bg all This command lists the details of active TSPEC and SIP calls on the controller Use the following commands to troubleshoot video debug messages and statistics debug ap show stats 802 11b 802 11a ap name multicast Displays the access point s supported multicast rates debug ap show stats 802 11b 802 11a ap name load Displays the access point s QBSS and other statistics debug ap show stats 802 11b 802 11a ap name tx queue Displays the access point s trans
124. life Configures the RSSI half life for calibrating clients The valid range for the half_life parameter is 0 1 2 5 10 20 30 60 90 120 180 or 300 seconds and the default value is 0 seconds tags half_life Configures the RSSI half life for RFID tags The valid range for the half_life parameter is 0 1 2 5 10 20 30 60 90 120 180 or 300 seconds and the default value is 0 seconds rogue aps half_life Configures the RSSI half life for rogue access points The valid range for the half_life parameter is 0 1 2 5 10 20 30 60 90 120 180 or 300 seconds and the default value is 0 seconds Some client devices transmit at reduced power immediately after changing channels and RF is variable so RSSI values might vary considerably from packet to packet The config location rssi half life command increases accuracy by averaging nonuniformly arriving data using a configurable forget period or half life wy Note We recommend that you do not use or modify the config location rssi half life command e Configure the NMSP notification threshold for RSSI measurements by entering this command config location notify threshold where is one of the following client threshold Configures the NMSP notification threshold in dB for clients and rogue clients The valid range for the threshold parameter is 0 to 10 dB and the default value is 0 dB Cisco Wireless LAN Controller Configuration Guide ca OL 21524
125. lue between and 10 for the cycle_count parameter Set the time threshold for a new scanning cycle period by entering this command config band select cycle threshold milliseconds You can enter a value for threshold between 1 and 1000 for the milliseconds parameter Set the suppression expire to the band select by entering this command config band select expire suppression seconds You can enter a value for suppression between 10 to 200 for the seconds parameter Set the dual band expire by entering this command config band select expire dual band seconds You can enter a value for dual band between 10 and 300 for the seconds parameter Set the client RSSI threshold by entering this command config band select client rssi client_rssi You can enter a value for minimum dBm of a client RSSI to respond to a probe between 20 and 90 for the client_rssi parameter Save your changes by entering this command save config Enable or disable band selection on specific WLANs by entering this command config wlan band select allow enable disable w an_ID You can enter a value between 1 and 512 for wlan_ID parameter Verify your settings by entering this command show band select Information similar to the following appears Band Select Probe Response 220 Enabled CYCLE Count s s as eka akian win ee ea oe SSS TESS 3 cycles Cycle Threshold 8 065 008808935554 858 658 300 milliseconds Age Out SUPPFESSTON 44604440
126. ly to disable the radio network Choose Wireless gt 802 11a n or 802 11b g n gt Media The 802 1 1a or 802 11b gt Media page appears see Figure 4 30 Figure 4 30 802 11a gt Video Parameters Page As et V5 Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK A A Wireless 802 11a 5 GHz gt Media Apply Access Points Ba Video Media All APs esatokcers eee Radios Call Admission Control CAC Global Configuration pradcanced Admission Control ACM Enabled RE Mesh d Max RF Bandwidth 5 85 HREAP Groups 802 11la n Network RRM RF Grouping TPC N DCA R Coverage General M4 FIR Choose the Video tab to configure the CAC for Video parameters Select the Admission Control ACM check box to enable video CAC for this radio band The default value is disabled In the Max RF Bandwidth text box enter the percentage of the maximum bandwidth allocated to clients for video applications on this radio band Once the client reaches the value specified the access point rejects new requests on this radio band The range is 5 to 85 The sum of maximum bandwidth of voice and video should not exceed 85 The default is 0 OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings HZ Configuring Voice and Video Parameters Step8 Click Apply to commit
127. mation is correct and click Submit When a message appears indicating that the registration is complete click Download License The license is e mailed within 1 hour to the address that you specified When the e mail arrives follow the instructions provided Copy the license file to your TFTP server Cisco Wireless LAN Controller Configuration Guide mae W OL 21524 02 Chapter4 Configuring Controller Settings Installing and Configuring Licenses W j Follow the instructions in the Installing a License section below to install the license on your controller Installing a License You can use the controller GUI or CLI to install a license on a Cisco 5500 Series Controller Using the GUI to Install a License To install a license on the controller using the controller GUI follow these steps Step1 Choose Management gt Software Activation gt Commands to open the License Commands page see Figure 4 2 Figure 4 2 License Commands Page Saye Configuration Pin Logout Refresh abafi 2 sol cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK a Management _ License Commands Summary gt SNMP Action HTTP HTTPS Install License Save License Telnet SSH Save Credentials Serial Port WBehost Local Management Users User Sessions gt Logs Mgmt Via Wireless Software Activation Licenses License Level Commands License Agent gt Tech Support
128. mit queue traffic statistics debug ap show stats 802 11b 802 11a ap name client all video lt client mac gt Displays the access point s client metrics debug ap show stats 802 11b 802 11a ap name packet Displays the access point s packet statistics debug ap show stats 802 11b 802 11a ap name video metrics Displays the access point s video metrics debug ap show stats video ap name multicast mgid number Displays an access point s Layer 2 MGID database number debug ap show stats video ap name admission Displays an access point s admission control statistics debug ap show stats video ap name bandwidth Displays an access point s video bandwidth I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring Voice Prioritization Using Preferred Call Numbers Configuring Voice Prioritization Using Preferred Call Numbers You can configure a controller to support calls from clients that do not support TSPEC based calls This feature is known as voice prioritization These calls are given priority over other clients utilizing the voice pool Voice prioritization is available only for SIP based calls and not for TSPEC based calls If the bandwidth is available it takes the normal flow and allocates the bandwidth to those calls You can configure up to six preferred call numbers When a call comes to one of the configured preferre
129. multicast packets are forwarded with an MGID that is unique for the ingress interface When IGMP snooping is disabled the following is true e The controller always uses Layer 2 MGID when it sends multicast data to the access point Every interface created is assigned one Layer 2 MGID For example the management interface has an MGID of 0 and the first dynamic interface created is assigned an MGID of 8 which increments as each dynamic interface is created e The IGMP packets from clients are forwarded to the router As a result the router IGMP table is updated with the IP address of the clients as the last reporter When IGMP snooping is enabled the following is true e The controller always uses Layer 3 MGID for all Layer 3 multicast traffic sent to the access point For all Layer 2 multicast traffic it continues to use Layer 2 MGID e IGMP report packets from wireless clients are consumed or absorbed by the controller which generates a query for the clients After the router sends the IGMP query the controller sends the IGMP reports with its interface IP address as the listener IP address for the multicast group As a result the router IGMP table is updated with the controller IP address as the multicast listener Cisco Wireless LAN Controller Configuration Guide M454 E OL 21524 02 Chapter 4 Configuring Controller Settings amp Configuring Multicast Mode Wi e When the client that is listening to the multicas
130. n a per user basis by entering the rate in Kbps in the Average Data Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS role Define the peak data rate for TCP traffic on a per user basis by entering the rate in Kbps in the Burst Data Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS role amp Note The Burst Data Rate should be greater than or equal to the Average Data Rate Otherwise the QoS policy may block traffic to and from the wireless client Define the average real time rate for UDP traffic on a per user basis by entering the rate in Kbps in the Average Real Time Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS role Define the peak real time rate for UDP traffic on a per user basis by entering the rate in Kbps in the Burst Real Time Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS role amp Note The Burst Real Time Rate should be greater than or equal to the Average Real Time Rate Otherwise the QoS policy may block traffic to and from the wireless client Click Apply to commit your changes Click Save Configuration to save your changes Apply a QoS role to a guest user by following th
131. nfiguring DHCP Proxy Step7 Click Save Configuration to save your changes Using the CLI to Configure 802 11h Parameters Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To configure 802 11h parameters using the controller CLI follow these steps Disable the 802 1 1a network by entering this command config 802 11a disable network Enable or disable the access point to announce when it is switching to a new channel and the new channel number by entering this command config 802 11h channelswitch enable disable switch_mode You can enter a 0 or 1 for the switch_mode parameter to specify whether transmissions are restricted until the actual channel switch 0 or are not restricted 1 The default value is disabled Configure a new channel using the 802 11h channel announcement by entering this command config 802 11h setchannel channel channel Configure the 802 11h power constraint value by entering this command config 802 11h powerconstraint value The default value for the value parameter is 3 dB Reenable the 802 11a network by entering this command config 802 11a enable network See the status of 802 11h parameters by entering this command show 802 11h Information similar to the following appears Power Coms trait ee iedee eene e alante Sede sag alee gms Ta eee ae 0 Channel Switehie 2444444404248 bea ROR RA OR Ra Ra Oa RS Disabled Channel Switch Modes isoen ceia ee S44 EEG SESE E ESS 0 Configuring DHCP
132. ng Bandwidth 0 25 6 HREAP Groups Expedited bandwidth O 802 11a n Network RRM SIP CAC Support 4 O Enabled RF Grouping TPC ny aes DCA Per Call SIP Bandwidth coverage SIP Codec Gill General Se Client Roaming SIP Bandwidth kbps Media 20 EDCA Parameters SIP Voice Sample Interval msecs DFS 802 11h High Throughput Traffic Stream Metrics 802 11n pet ace ca Cleandir Metrics Collection Fi 3 gt 802 11b q n Mi vis Select the Admission Control ACM check box to enable bandwidth based CAC for this radio band The default value is disabled Select the Admission Control ACM you want to use by choosing from the following choices I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide gy Chapter4 Configuring Controller Settings WE Configuring Voice and Video Parameters Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 amp e Load based To enable channel based CAC This is the default option e Static To enable radio based CAC In the Max RF Bandwidth text box enter the percentage of the maximum bandwidth allocated to clients for voice applications on this radio band Once the client reaches the value specified the access point rejects new calls on this radio band The range is 5 to 85 The sum of max bandwidth of voice and video should not exceed 85 The default is 75 In the Reserved Roaming Bandwidth text box enter the percentage of maximum allocated bandwidth
133. ng as the wireless LAN is not congested However in order to maintain QoS under differing network loads CAC in CCXv4 is required Two types of CAC are available bandwidth based CAC and load based CAC Bandwidth Based CAC Bandwidth based or static CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new call and in turn enables the access point to determine whether it is capable of accommodating this particular call The access point rejects the call if necessary in order to maintain the maximum allowed number of calls with acceptable quality The QoS setting for a WLAN determines the level of bandwidth based CAC support To use bandwidth based CAC with voice applications the WLAN must be configured for Platinum QoS To use bandwidth based CAC with video applications the WLAN must be configured for Gold QoS Also make sure that WMM is enabled for the WLAN See the Configuring 802 3 Bridging section on page 4 52 for QoS and WMM configuration instructions Note Load Based CAC You must enable admission control ACM for CCXv4 clients that have WMM enabled Otherwise bandwidth based CAC does not operate properly Load based CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types including that from clients co channel access point loads and collocated channel interference for voice applications Load based CAC also covers the add
134. nge of applications for RFID tags e Measurement notifications Enable you to deploy chokepoints at strategic points within your buildings or campuses Whenever an RFID tag moves to within a defined proximity of a chokepoint the tag begins transmitting packets that advertise its location in relation to the chokepoint Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02 Chapter 4 Configuring Controller Settings Configuring RFID Tag Tracking W The number of tags supported varies depending on controller platform Table 4 6 lists the number of tags supported per controller Table 4 6 RFID Tags Supported per Controller Controller Number of RFID Tags Supported 5508 2500 Cisco WiSM 5000 4404 2500 4402 1250 Catalyst 3750G Integrated Wireless LAN 1250 Controller Switch 2106 500 Controller Network Module within the Cisco 500 28 37 38xx Series Integrated Services Routers 2500 500 You can configure and view RFID tag tracking information through the controller CLI Using the CLI to Configure RFID Tag Tracking Step 1 Step 2 Step 3 To configure RFID tag tracking parameters using the controller CLI follow these steps Enable or disable RFID tag tracking by entering this command config rfid status enable disable The default value is enabled Specify a static timeout value between 60 and 7200 seconds by entering this command config rfid timeout seconds The static
135. nt License Detail lt Back Apply Summary Name wplus Elle Type Permanent GUM Le Version 1 0 Telnet SSH _ Serial Port Garnirnierit Local Management Users 7 z Status Not in Use User Sessions Elon Expires No Expiry A Built In Li N Mgmt Via Wireless D eee ww safare Activation Maximum Count Not Counted Licenses Counts Used Not Counted License Level Commands Priority Medium License Agent v Tech Support 207720 b Choose High from the Priority drop down list and click Set Priority Note You can set the priority only for ap count evaluation licenses AP count permanent licenses always have a medium priority which cannot be configured c Click OK when prompted to confirm your decision about changing the priority of the license d When the EULA appears read the terms of the agreement and then click Accept e When prompted to reboot the controller click OK OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings HZ installing and Configuring Licenses f Reboot the controller in order for the priority change to take effect g Click Licenses to open the Licenses page and verify that the ap count evaluation license now has a high priority and is in use You can use the evaluation license until it expires Step3 If you decide to stop using the ap count evaluation license and want to revert to using an ap count permanent license follow th
136. o Wireless LAN Controller Configuration Guide P42 E OL 21524 02 Chapter4 Configuring Controller Settings Installing and Configuring Licenses W The licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases so you should be aware of these guidelines e Ifyou have a WPlus license and you upgrade from 6 0 x x to 7 0 98 0 your license file contains both Basic and WPlus license features You won t see any disruption in feature availability and operation e If you have a WPlus license and you downgrade from 7 0 98 0 to 6 0 196 0 or 6 0 188 or 6 0 182 your license file contains only base license and you will lose all WPlus features e If you have a base license and you downgrade from 6 0 196 0 to 6 0 188 or 6 0 182 when you downgrade you lose all WPlus features To view the controller trap log choose Monitor and click View All under Most Recent Traps on the controller GUI see Figure 4 1 Note You can also view traps by using SNMP based management tools Figure 4 1 Trap Logs Page Saye Configuration Ping Logout Refres otfrertes 0 Ping Logout Bi cisco WLANs SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Monitor Summary Access Points Statistics CDP gt Rogues Clients Multicast 251614 The ap count licenses and their corresponding image based licenses are installed together The controller keeps track of the licensed access point count an
137. o Wireless LAN Controller Configuration Guide cuau OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 5 Configuring the Cisco Discovery Protocol Mil Figure 4 45 CDP gt AP Neighbors Page Save Configuration Ping Logout Refresh MONITOR V s CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Monitor CDP gt AP Neighbors Summary Neighbor Ady AP Name AP IP Address Neighbor Name Address Neighbor Port er gt Access Points ERT CI AP2 209 165 200 225 Switch GigabitEthernet0 17 v2 gt Statistics v CDP Interface Neighbors 3 AP Neighbors N Traffic Metrics Fe This page shows the following information e The name of each access point e The IP address of each access point e The name of each CDP neighbor e The IP address of each CDP neighbor e The port used by each CDP neighbor e The CDP version being advertised v1 or v2 Click the name of the desired access point to see detailed information about an access point s CDP neighbors The CDP gt AP Neighbors gt Detail page appears see Figure 4 46 Figure 4 46 CDP gt AP Neighbors gt Detail Page Saye Configuration Ping Logout Refresh MONITOR s CONTROLLER WIRELESS SECURITY M SEMENT CON S HELP Monitor CDP gt AP Neighbors gt Detail lt Back Summary AP Name CJ AP2 gt Access Points Base Radio MAC 00 0b 85 57 c9 f0 gt Statistics AP IP Address 209 165 200 225 CDP Local Interface enet Interface Neighbors Neighbor Name Switch AP Neighbors
138. o the local port of a 2100 series controller I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring Multicast Mode e Cisco Flex 7500 Series Controllers do not support multicast unicast mode Using the GUI to Enable Multicast Mode Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 To enable multicast mode using the controller GUI follow these steps Choose Controller gt Multicast to open the Multicast page see Figure 4 23 Figure 4 23 Multicast Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Controller Multicast Apply General Inventory Ethernet Multicast Mode Disabled v Interfaces Enable IGMP Snooping Multicast IGMP Timeout seconds 261934 Network Routes Choose one of the following options from the Ethernet Multicast Mode drop down list e Disabled Disables multicasting on the controller This is the default value e Unicast Configures the controller to use the unicast method to send multicast packets e Multicast Configures the controller to use the multicast method to send multicast packets to a CAPWAP multicast group amp Note Hybrid REAP supports unicast mode only If you chose Multicast in Step 2 enter the IP address of the multicast group in the Multicast Group Address text box If you want to enable IGMP sno
139. ociated with the AP is on an active call After the AP is rebooted the client continues to maintain the call and during the time the AP is down the database is not refreshed by the controller Therefore we recommend that all active calls are ended before the AP is taken down Step3 See the U APSD status for a particular client by entering this command show client detail client_mac Step4 See the TSM statistics for a particular client and the access point to which this client is associated by entering this command show client tsm 802 11a 802 11b client_mac ap_mac all The optional all command shows all access points to which this client has associated Information similar to the following appears Client Interface Mac 00 01 02 03 04 05 Measurement Duration 90 seconds Timestamp 1st Jan 2006 06 35 80 UpLink Stats Average Delay 5sec intervalS 0 cece eee eee eee 35 Delay less than TO Me yee doe ened oad ale da tw daha ee a s WN AST 20 Delay bet 1 20 WS sinew ee Se ens eS K RSE R SRE Ades O SS 20 Delay Dee 20 OO Ms occ n Seco el ace A aa sl ace ee ae eel alae a OS sta Shale 20 Delay greater Chan 40 Mv wens ese eee See be 64S 6ESE Sp SSeS 20 Rotel packet COME ate ed ae ROSS EROS CROSS OSS SRS SES Ee week 80 Total packet lost count 5560 is ve decoded ede i edad ed as wae es 10 Maximum Lost Packet count 5SeC 2 eee eee ee eee eee 5 Average Lost Packet count 5secsS sesso eee eee
140. of clients per WLAN by entering this command debug ap command show capwap mcast mgid all Cisco_AP See all of the clients per MGID on the access point and the number of clients per WLAN by entering this command debug ap command show capwap mcast mgid id mgid_value Cisco_AP Configuring Client Roaming The Cisco UWN Solution supports seamless client roaming across lightweight access points managed by the same controller between controllers in the same mobility group on the same subnet and across controllers in the same mobility group on different subnets Also in controller software release 4 1 or later releases client roaming with multicast packets is supported You can adjust the default RF settings RSSI hysteresis scan threshold and transition time to fine tune the operation of client roaming using the controller GUI or CLI Intra Controller Roaming Each controller supports same controller client roaming across access points managed by the same controller This roaming is transparent to the client as the session is sustained and the client continues using the same DHCP assigned or client assigned IP address The controller provides DHCP functionality with a relay function Same controller roaming is supported in single controller deployments and in multiple controller deployments Inter Controller Roaming Multiple controller deployments support client roaming across access points managed by controllers in the sam
141. ol Mode Disabled v Interfaces e LAG Mode on next reboot Disabled v LAG Mode is currently disabled Interface Groups E 7 Broadcast Forwarding Disabled v Multicast 1 Uni NetwariRaltes AP Multicast Mode Unicast gt Internal DHCP Server P Fallback LEnabled 3 gt Mobility Management Apple Talk Bridging Disabled v Baris Fast SSID change Disabled Default Mobility Domain f NTP Name l gt CDP RF Group Name User Idle Timeout gt Advanced seconds 300 ARP Timeout seconds 300 Web Radius Authentication PAP 802 3 Bridging Disabled Operating Environment Commercial 0 to 40 C K Internal Temp Alarm WO Limits OEE R 1 H REAP supports unicast mode only FIR Step2 From the 802 3 Bridging drop down list choose Enabled to enable 802 3 bridging on your controller or Disabled to disable this feature The default value is Disabled amp Note In controller software release 5 2 or later releases you can disable 802 3 bridging only for 4400 series controllers the Cisco WiSM and the Catalyst 3750G Wireless LAN Controller Switch Step3 Click Apply to commit your changes Step4 Click Save Configuration to save your changes Using the CLI to Configure 802 3 Bridging To configure 802 3 bridging using the controller CLI follow these steps Step 1 See the current status of 802 3 bridging for all WLANs by entering this command show network Step2 Enable or disable 802 3 bridging globall
142. ommand config location plm where is one of the following e client enable disable burst_interval Enables or disables the path loss measurement request for normal noncalibrating clients The valid range for the burst_interval parameter is 1 to 3600 seconds and the default value is 60 seconds e calibrating enable disable uniband multiband Enables or disables the path loss measurement request for calibrating clients on the associated 802 11a or 802 11b g radio or on the associated 802 1 1a b g radio If a client does not send probes often or sends them only on a few channels its location cannot be updated or cannot be updated accurately The config location plm command forces clients to send more packets on all channels When a CCXv4 or higher client associates the controller sends it a path loss measurement request which instructs the client to transmit on the bands and channels that the access points are on typically channels 1 6 and 11 for 2 4 GHz only access points at a configurable interval such as 60 seconds indefinitely These four additional location CLI commands are available however they are set to optimal default values so we do not recommend that you use or modify them I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring and Viewing Location Settings e Configure the RSSI timeout value for various devices by ente
143. ommand to configure a destination for a trap Enter the config snmp trapreceiver delete name command to delete a trap Enter the config snmp trapreceiver ipaddr old ip address name new ip address command to change the destination for a trap Enter the config snmp trapreceiver mode enable command to enable traps Enter the config snmp trapreceiver mode disable command to disable traps Enter config snmp syscontact syscontact name to configure the name of the SNMP contact Enter up to 31 alphanumeric characters for the contact name Enter the config snmp syslocation sys ocation name command to configure the SNMP system location Enter up to 31 alphanumeric characters for the location Use the show snmpcommunity and the show snmptrap commands to verify that the SNMP traps and communities are correctly configured Use the show trapflags command to see the enabled and disabled trapflags If necessary use the config trapflags command to enable or disable trapflags Starting in release 7 0 116 0 you can also configure the SNMP engine ID Use the config snmp engineID engine id string command to configure the SNMP engine ID amp Note The engine ID string can be a maximum of 24 characters Use the show engineID command to view the engine ID Changing the Default Values of SNMP Community Strings The controller has commonly known default values of public and private for the read only and read write SNMP community strin
144. onfiguration Guide Chapter4 Configuring Controller Settings W Configuring Voice and Video Parameters U APSD Unscheduled automatic power save delivery U APSD is a QoS facility defined in IEEE 802 1 1e that extends the battery life of mobile clients In addition to extending battery life this feature reduces the latency of traffic flow delivered over the wireless media Because U APSD does not require the client to poll each individual packet buffered at the access point it allows delivery of multiple downlink packets by sending a single uplink trigger packet U APSD is enabled automatically when WMM is enabled Traffic Stream Metrics In a voice over wireless LAN VoWLAN deployment traffic stream metrics TSM can be used to monitor voice related metrics on the client access point air interface It reports both packet latency and packet loss You can isolate poor voice quality issues by studying these reports The metrics consist of a collection of uplink client side and downlink access point side statistics between an access point and a client device that supports CCX v4 or later releases If the client is not CCX v4 or CCXv5 compliant only downlink statistics are captured The client and access point measure these metrics The access point also collects the measurements every 5 seconds prepares 90 second reports and then sends the reports to the controller The controller organizes the uplink measurements on a client basis
145. oose Remove Click New to create a new QoS role The QoS Role Name gt New page appears In the Role Name text box enter a name for the new QoS role The name should uniquely identify the role of the QoS user such as Contractor Vendor and so on Click Apply to commit your changes Click the name of the QoS role to edit the bandwidth of a QoS role The Edit QoS Role Data Rates page appears see Figure 4 28 Figure 4 28 Edit QoS Role Data Rates Page Saye Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless Edit QoS Role data rates lt Back Apply gt Access Points QoS Role Name Contractor Mesh HREAP Groups Per User Bandwidth Contracts k gt 802 11a n Average Data Rate 0 gt 802 11b g n Burst Data Rate 0 Country Average Real Time Rate 0 Timers Burst Real Time Rate 0 Qos so Profiles X Roles a N amp Note The values that you configure for the per user bandwidth contracts affect only the amount of bandwidth going downstream from the access point to the wireless client They do not affect the bandwidth for upstream traffic from the client to the access point OL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings W Configuring Quality of Service Step 6 Step7 Step 8 Step 9 Step 10 Step 11 Step 12 Define the average data rate for TCP traffic o
146. oping select the Enable IGMP Snooping check box If you want to disable IGMP snooping leave the check box unselected The default value is disabled To set the IGMP timeout enter a value between 30 and 7200 seconds in the IGMP Timeout text box The controller sends three queries in one timeout value at an interval of timeout 3 to see if any clients exist for a particular multicast group If the controller does not receive a response through an IGMP report from the client the controller times out the client entry from the MGID table When no clients are left for a particular multicast group the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller The controller always generates a general IGMP query that is to destination address 224 0 0 1 and sends it on all WLANs with an MGID value of 1 Enter the IGMP Query Interval seconds Click Apply to commit your changes Click Save Configuration to save your changes Cisco Wireless LAN Controller Configuration Guide M456 W OL 21524 02 _ Chapter 4 Configuring Controller Settings Configuring Multicast Mode W Using the GUI to View Multicast Groups Step 1 Step 2 To view multicast groups using the controller GUI follow these steps Choose Monitor gt Multicast The Multicast Groups page appears see Figure 4 24 Figure 4 24 Multicast Groups Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLL
147. ote amp Hybrid REAP access points in standalone mode do not support CCX Layer 2 roaming Note Client roaming between 600 Series Access points is not supported Using the GUI to Configure CCX Client Roaming Parameters Step 1 To configure CCX client roaming parameters using the controller GUI follow these steps Choose Wireless gt 802 11a n or 802 11b g n gt Client Roaming The 802 11a or 802 11b gt Client Roaming page appears see Figure 4 25 OL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring Client Roaming Step 2 Step 3 Step 4 Step 5 Step 6 Figure 4 25 802 11a gt Client Roaming Page ai tet l ts Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER SECURITY MANAGEMENT COMMANDS HELP Wireless 802 11a gt Client Roaming Apply gt Access Points RF Parameters Mesh 3 hi Mode Default v HREAP Groups gt Minimum RSSI dBm 802 11a n Network Hysteresis dB P RRM REA Cell Scan Threshold dBm Client Roaming Transition Time Seconds R Voice i A oO Video N If you want to fine tune the RF parameters that affect client roaming choose Custom from the Mode drop down list and go to Step 3 If you want to leave the RF parameters at their default values choose Default and go to Step 8 In the Minimum RSSI text box enter a value for the minimum received signal streng
148. ou receive one PAK with one license You can continue to register the PAK for multiple controllers until it is exhausted Base license SKUs for the Cisco 5500 Series Controllers are as follows e AIR CT5508 12 K9 e AIR CT5508 25 K9 e AIR CT5508 50 K9 e AIR CT5508 100 K9 e AIR CT5508 250 K9 e AIR CT5508 500 K9 Base license SKUs for the Cisco 2500 Series Controllers are as follows e AIR CT2504 5 K9 e AIR CT2504 15 K9 e AIR CT2504 25 K9 e AIR CT2504 50 K9 Base license SKUs for the Cisco WiSM2 Controllers are as follows e WS SVC WISM2 1 K9 WiSM2 with 100 AP support e WS SVC WISM2 3 K9 WiSM2 with 300 AP support e WS SVC WISM2 5 K9 WiSM2 with 500 AP support Cisco Wireless LAN Controller Configuration Guide Maa E OL 21524 02 Chapter4 Configuring Controller Settings Installing and Configuring Licenses W Table 4 1 lists the available adder licenses for the 5500 and 2500 Series Controllers Table 4 1 Type Part Number Available Capacity Adder Licenses Description e mail L LIC CT5508 UPG Primary upgrade SKU Pick any number or combination of the following options under this SKU to upgrade one or many controllers under one product authorization key L LIC CT5508 25A 25 AP Adder License for the 5508 Controller eDelivery L LIC CT5508 50A 50 AP Adder License for the 5508 Controller eDelivery L LIC CT5508 100A 100 AP Adder License for the 5508 Controller eDelivery L LIC CT
149. oup_ip_address I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide jg Chapter4 Configuring Controller Settings WE Configuring Multicast Mode Step 3 Enable or disable IGMP snooping by entering this command config network multicast igmp snooping enable disable The default value is disabled Step 4 Set the IGMP timeout value by entering this command config network multicast igmp timeout timeout You can enter a timeout value between 30 and 7200 seconds The controller sends three queries in one timeout value at an interval of timeout 3 to see if any clients exist for a particular multicast group If the controller does not receive a response through an IGMP report from the client the controller times out the client entry from the MGID table When no clients are left for a particular multicast group the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller The controller always generates a general IGMP query that is to destination address 224 0 0 1 and sends it on all WLANs with an MGID value of 1 Step 5 Save your changes by entering this command save config Using the CLI to View Multicast Groups To view multicast groups using the controller CLI use these commands See all the multicast groups and their corresponding MGIDs by entering this command show network multicast mgid summary Information similar to the following appears La
150. our replacement controller the replacement controller remains up and running using the permanent base license but access points are no longer able to join the controller To transfer a license to a replacement controller after an RMA follow these steps Go to https tools cisco com S WIFT Licensing PrivateRegistrationServlet On the main Product License Registration page click Register for an RMA License under RMA License Transfer In the Select a Product drop down list choose Cisco 5500 Series Wireless Controllers Enter the security code in the blank box and click Go to RMA Portal On the RMA License Transfer page enter the product ID and serial number of the controller that you returned and your RMA service contract number and click Continue On the Validate Features page verify that the license information for your controller is correct and click Continue On the Designate Licensee page enter the product ID and serial number of the replacement controller Cisco Wireless LAN Controller Configuration Guide OL 21524 02 Chapter4 Configuring Controller Settings Step 8 Step 9 Step 10 Step 11 Installing and Configuring Licenses W Read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Submit On the Review and Submit page verify that all information is correct and click Submit A message appears indicating that your regist
151. ped addresses 239 0 0 0 through 239 255 x y 16 Limited scope addresses e When you enable multicast mode on the controller you also must configure a CAPWAP multicast group address Access points subscribe to the CAPWAP multicast group using IGMP e Cisco 1100 1130 1200 1230 and 1240 access points use IGMP versions 1 2 and 3 e Access points in monitor mode sniffer mode or rogue detector mode do not join the CAPWAP multicast group address e The CAPWAP multicast group configured on the controllers should be different for different controllers e Multicast mode does not operate across intersubnet mobility events such as guest tunneling It does however operate with interface overrides using RADIUS but only when IGMP snooping is enabled and with site specific VLANs access point group VLANs e For LWAPP the controller drops multicast packets sent to UDP control port 12223 For CAPWAP the controller drops multicast packets sent to UDP control and data ports 5246 and 5247 respectively Therefore you may want to consider not using these port numbers with the multicast applications on your network e We recommend that any multicast applications on your network not use the multicast address configured as the CAPWAP multicast group address on the controller e Cisco 2100 Series Controllers do not support multicast unicast mode They do however support multicast multicast mode except when access points are connected directly t
152. point in the area The system determines if an access point is relatively more busy than its neighbor access points that are also accessible to the client For example if the number of clients on AP1 is more than the number of clients on AP2 plus the load balancing window then AP1 is considered to be busier than AP2 When a client attempts to associate to AP1 it receives an 802 11 response packet with status code 17 indicating that the access point is busy and the client attempts to associate to a different access point You can configure the controller to deny client associations up to 10 times if a client attempted to associate 11 times it would be allowed to associate on the 11th try You can also enable or disable load balancing on a particular WLAN which is useful if you want to disable load balancing for a select group of clients such as time sensitive voice clients Note Cisco Aironet 600 Series OfficeExtend and Hybrid REAP access points do not support client load balancing Client Association Limits The maximum number of client associations that the access points can support is dependent upon the following factors e The maximum number of client associations differs for lightweight and autonomous Cisco IOS access points e There may be a limit per radio and an overall limit per AP e AP hardware the 16 MB APs have a lower limit than the 32 MB and higher APs Client Association Limits for Lightweight Access Points
153. poor or where there is a great deal of radio interference Make access points advertise their channel and transmit power level in beacons and probe responses by entering this command config 802 11a 802 11b dtpc enable disable The default value is enabled Client devices using dynamic transmit power control DTPC receive the channel and power level information from the access points and adjust their settings automatically For example a client device used primarily in Japan could rely on DTPC to adjust its channel and power settings automatically when it travels to Italy and joins a network there amp Note On access points that run Cisco IOS software this feature is called world mode Specify the rates at which data can be transmitted between the controller and the client by entering this command config 802 11a 802 11b rate disabled mandatory supported rate where e disabled Clients specify the data rates used for communication e mandatory Clients support this data rate in order to associate to an access point on the controller e supported Any associated clients that support this data rate may communicate with the access point using that rate However the clients are not required to be able to use this rate in order to associate e rate The rate at which data is transmitted 6 9 12 18 24 36 48 and 54 Mbps 802 1 1a 1 2 5 5 6 9 11 12 18 24 36 48 or 54 Mbps 802 11b g Enable the
154. r and packets sent toward the core network amp Note If a QoS profile has 802 1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller the client traffic will be blocked Reenable the 802 11a and 802 11b g networks so that you can configure the QoS profiles by entering these commands config 802 11a enable network config 802 11b enable network Follow the instructions in the Assigning a QoS Profile to a WLAN section on page 7 37 to assign a QoS profile toa WLAN Configuring Quality of Service Roles amp After you configure a QoS profile and apply it to a WLAN it limits the bandwidth level of clients associated to that WLAN Multiple WLANs can be mapped to the same QoS profile which can result in bandwidth contention between regular users such as employees and guest users In order to prevent guest users from using the same level of bandwidth as regular users you can create QoS roles with different and presumably lower bandwidth contracts and assign them to guest users You can use the controller GUI or CLI to configure up to ten QoS roles for guest users Note If you choose to create an entry on the RADIUS server for a guest user and enable RADIUS authentication for the WLAN on which web authentication is performed rather than adding a guest user to the local user database from the controller you need to assign the QoS role on the RADIUS server
155. r after an RMA amp If you return a Cisco 5500 Series Controller to Cisco as part of the Return Material Authorization RMA process you must transfer that controller s licenses within 60 days to a replacement controller that you receive from Cisco Replacement controllers come preinstalled with the following licenses permanent base and evaluation base base ap count No other permanent licenses are installed The SKU for replacement controllers is AIR CT5508 CA K9 Because licenses are registered to the serial number of a controller you can use the licensing portal on Cisco com to request that the license from your returned controller be revoked and authorized for use on the replacement controller After your request is approved you can install the old license on the replacement controller Before you begin you need the product ID and serial number of both the returned controller and the replacement controller This information is included in your purchase records Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 The evaluation licenses on the replacement controller are designed for temporary use and expire after 60 days To prevent disruptions in operation the controller does not switch licenses when an evaluation license expires You must reboot the controller in order to return to a permanent license If the evaluation licenses expire before you transfer the permanent licenses from your defective controller to y
156. ration request has been submitted and you will receive an e mail that contains your RMA request ID Select the status of your RMA registration request by following the instructions in the e mail After you receive another e mail notifying you that your RMA registration request is approved usually within 1 hour follow the instructions in the Installing a License section on page 4 7 to install the license on the replacement controller Configuring the License Agent amp If your network contains various Cisco licensed devices you might want to consider using the Cisco License Manager CLM to manage all of the licenses using a single application CLM is a secure client server application that manages Cisco software licenses network wide The license agent is an interface module that runs on the controller and mediates between CLM and the controller s licensing infrastructure CLM can communicate with the controller using various channels such as HTTP Telnet and so on If you want to use HTTP as the communication method you must enable the license agent on the controller The license agent receives requests from CLM and translates them into license commands It also sends notifications to CLM It uses XML messages over HTTP or HTTPS to receive the requests and send the notifications For example CLM sends a license install command and the agent notifies CLM after the license expires Note You can download the CLM softwa
157. re 4 26 Edit QoS Profile Page Saye Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Wireless Edit QoS Profile lt Back Apply Access Points All APs QoS Profile Name bronze Radios fa n Description For Background Global Configuration Per User Bandwidth Contracts k gt Advanced Mesh Average Data Rate jo HREAP Groups F Burst Data Rate o f gt 802 11a n Average Real Time Rate 0 gt 802 11b g n Burst Real Time Rate 0 gt Media Stream Wired QoS Protocol Country Protocol Type None v Timers The value zero 0 indicates the feature is disabled vy Qos Profiles Roles 209199 Change the description of the profile by modifying the contents of the Description text box Define the average data rate for TCP traffic per user by entering the rate in Kbps in the Average Data Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the profile Define the peak data rate for TCP traffic per user by entering the rate in Kbps in the Burst Data Rate text box You can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the profile N Note The Burst Data Rate should be greater than or equal to the Average Data Rate Otherwise the QoS policy may block traffic to and from the wireless client De
158. re and access user documentation at this URL http www cisco com go clm Using the GUI to Configure the License Agent Step 1 To configure the license agent on the controller using the controller GUI follow these steps Choose Management gt Software Activation gt License Agent to open the License Agent Configuration page see Figure 4 10 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Installing and Configuring Licenses Step 2 Step 3 Step 4 Step 5 Figure 4 10 License Agent Configuration Page Saye Configuration Ping Logout Refresh An a oe CISCO MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Management License Agent Configuration Apply Summary gt SNMP General HTTP HTTPS Enable Default Authentication Telnet SSH Maximum number of sessions o Serial Port Local Management License Agent Listener Users Enable Listener User Sessions Listener Message Processing URL aena gt Logs s a e g http 209 165 201 30 licenseAgent custom Mgmt Via Wireless Protocol 2 HTTP HTTPS encrypted y Software Activation Enable Authentication for Listener Max HTTP message size 0 License Agent gt Tech Support License Agent Notification Enable Notification URL to send the Notifications e g http www cisco com license natify User Name Password se SSS S Confirm
159. ring Voice and Video Parameters W Using the GUI to Configure Voice Parameters To configure voice parameters using the controller GUI follow these steps SIPs are available only on the Cisco 4400 Series and Cisco 5500 Series Controllers and on the 1240 1130 and 11n access points Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 SIP CAC should only be used for phones that support status code 17 and do not support TSPEC based admission control SIP CAC will be supported only if SIP snooping is enabled Make sure that the WLAN is configured for WMM and the Platinum QoS level Disable all WLANs with WMM enabled and click Apply Choose Wireless and then Network under 802 1 1a n or 802 11b g n unselect the 802 11a or 802 11b g Network Status check box and click Apply to disable the radio network Choose Wireless gt 802 11a n or 802 11b g n gt Media The 802 1 1a or 802 11b gt Media page appears see Figure 4 29 The Voice tab is displayed by default Figure 4 29 802 11a n gt Voice Parameters Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP FEEDBACK Wireless Voice Access Points Call Admission Control CAC 802 11b g n Admission Control ACM M Enabled Global Configuration ee CAC Method Static x gt Advanced Max RF Bandwidth 5 85 75 Mesh i i a V a Reserved Roami
160. ring and Viewing Location Settings Configuring and Viewing Location Settings amp This section provides instructions for configuring and viewing location settings from the controller CLI Note Access points in monitor mode should not be used for location purposes Installing the Location Appliance Certificate Note Step 1 Step 2 Step 3 A self signed certificate SSC is required on the location appliance This certificate which is comprised of the location appliance MAC address and a 20 byte key hash must be present on the controller Otherwise the controller cannot authenticate the location appliance and they can never establish a connection WCS usually pushes the certificate to the controller automatically but you can install the certificate on the controller using the controller CLI if necessary for example if the controller is not connected to WCS or if an error or certificate mismatch occurs on WCS If an error occurs on WCS and prevents the location appliance certificate from being pushed to the controller make sure that the time zone has been synchronized on the controller and the location appliance before following this procedure Follow the instructions in the Viewing Location Settings section on page 4 113 to do so To install the location appliance certificate on the controller using the controller CLI follow these steps Obtain the key hash value of the location appliance certificate
161. ring this command config location expiry where is one of the following client timeout Configures the RSSI timeout value for clients The valid range for the timeout parameter is 5 to 3600 seconds and the default value is 5 seconds calibrating client timeout Configures the RSSI timeout value for calibrating clients The valid range for the timeout parameter is 0 to 3600 seconds and the default value is 5 seconds tags timeout Configures the RSSI timeout value for RFID tags The valid range for the timeout parameter is 5 to 300 seconds and the default value is 5 seconds rogue aps timeout Configures the RSSI timeout value for rogue access points The valid range for the timeout parameter is 5 to 3600 seconds and the default value is 5 seconds Ensuring that recent strong RSSIs are retained by the CPU is critical to location accuracy The config location expiry command enables you to specify the length of time after which old RSSI averages expire amp Note We recommend that you do not use or modify the config location expiry command e Configure the RSSI half life for various devices by entering this command config location rssi half life where is one of the following client half_life Configures the RSSI half life for clients The valid range for the half_life parameter is 0 1 2 5 10 20 30 60 90 120 180 or 300 seconds and the default value is 0 seconds calibrating client half_
162. rk fast ssid change enable disable Step2 Save your changes by entering this command save config Enabling 802 3X Flow Control 802 3X Flow Control is disabled by default To enable it enter the config switchconfig flowcontrol enable command Cisco Wireless LAN Controller Configuration Guide oL 21524 02 EEN Chapter4 Configuring Controller Settings WE Configuring 802 3 Bridging Configuring 802 3 Bridging The controller supports 802 3 frames and the applications that use them such as those typically used for cash registers and cash register servers However to make these applications work with the controller the 802 3 frames must be bridged on the controller Support for raw 802 3 frames allows the controller to bridge non IP frames for applications not running over IP Only this raw 802 3 frame format is currently supported Destination Source Total packet Payload MAC address MAC address length l You can configure 802 3 bridging through the controller GUI in software release 4 1 or later releases and through the controller CLI in software release 4 0 or later releases Note amp In controller software release 5 2 or later releases the software based forwarding architecture for 2100 series based control
163. roller Settings Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Configuring the Cisco Discovery Protocol Mi Figure 4 40 CDP gt Global Configuration Page Saye Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Controller CDP gt Global Configuration Apply General CDP Protocol Status v Inventory Interfaces CDP Advertisement Version va Multicast Refresh time Interval seconds 60 Network Routes Internal DHCP Server Holdtime seconds 180 Mobility Management Ports NTP v CDP Global Configuration gt Advanced v 212201 Select the CDP Protocol Status check box to enable CDP on the controller or unselect it to disable this feature The default value is selected amp Note Enabling or disabling this feature is applicable to all controller ports From the CDP Advertisement Version drop down list choose v1 or v2 to specify the highest CDP version supported on the controller The default value is v1 In the Refresh time Interval text box enter the interval at which CDP messages are to be generated The range is 5 to 254 seconds and the default value is 60 seconds In the Holdtime text box enter the amount of time to be advertised as the time to live value in generated CDP packets The range is 10 to 255 seconds and the default value is 180 seconds Click Apply to commit your changes Click Save Configuration
164. roller uses a default value of default for the username authentication password and privacy password for SNMP v3 users Using these standard values presents a security risk Therefore Cisco strongly advises that you change these values SNMP V3 is time sensitive Make sure that you have configured the correct time and time zone on your controller Using the GUI to Change the SNMP v3 User Default Values Step 1 To change the SNMP v3 user default values using the controller GUI follow these steps Choose Management gt SNMP gt SNMP V3 Users to open the SNMP V3 Users page see Figure 4 17 Cisco Wireless LAN Controller Configuration Guide Ka OL 21524 02 Chapter4 Configuring Controller Settings Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Changing the Default Values for SNMP v3 Users il Figure 4 17 SNMP V3 Users Page Save Configuration Ping Logout Refresh MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Management SNMP V3 Users New Summary User Name Access Level Auth Protocol Privacy Protocol Y SNMP default Readwrite HMAC SHA AES i General SNMP V3 Users Communities Trap Receivers Trap Controls Trap Logs 232337 If default appears in the User Name column hover your cursor over the blue drop down arrow for the desired user and choose Remove to delete this SNMP v3 user Click New to add a new SNMP v3 user The SNMP V3 U
165. ross remote WAN and LAN links See the Configuring Data Encryption section on page 8 2 for more information on data encryption Note The Availability of data DTLS for the 7 0 116 0 release is as follows Cisco 5500 Series Controller The Cisco 5500 Series Controller will be available with two licensing options One with data DTLS capabilities and another image without data DTLS 2500 WiSM2 WLC2 These platforms by default will not contain DTLS To turn on data DTLS you must install a license These platforms will have a single image with data DTLS turned off To use data DTLS you will need to have a license e Support for OfficeExtend access points which are used for secure mobile teleworking See the OfficeExtend Access Points section on page 8 69 for more information on OfficeExtend access points e Support for the 1130AG and 1240AG series indoor mesh access points which dynamically establish wireless connections in locations where it might be difficult to connect to the wired network See Chapter 9 Controlling Mesh Access Points for more information on mesh access points All features included in a Wireless LAN Controller WPLUS license are now included in the base license this change is introduced in release 6 0 196 0 There are no changes to WCS BASE and PLUS licensing These WPlus license features are included in the base license e OfficeExtend AP e Enterprise Mesh e CAPWAP Data Encryption Cisc
166. s W StoreIndex 3 Feature base ap count Version 1 0 License Type Evaluation License State Active In Use Evaluation total period 8 weeks 4 days Evaluation period left 8 weeks 3 days License Count 250 0 0 License Priority High See the details for a particular license by entering this command show license detail license_name Information similar to the following appears Index 1 Feature base ap count Version 1 0 License Type Permanent License State Active Not in Use License Count 12 0 0 License Priority Medium Store Index 0 Store Name Primary License Storage Index 2 Feature base ap count Version 1 0 License Type Evaluation License State Inactive Evaluation total period 8 weeks 4 days Evaluation period left 8 weeks 4 days License Count 250 0 0 License Priority Low Store Index 3 Store Name Evaluation License Storage See all expiring evaluation permanent or in use licenses by entering this command show license expiring evaluation permanent in use Information similar to the following appears for the show license in use command StoreIndex 2 Feature base ap count Version 1 0 License Type Permanent License State Active In Use License Count 12 12 0 License Priority Medium StoreIndex 3 Feature base Version 1 0 License Type Permanent License State Active In Use License Count Non Counted License Priority Medium Note Controller platforms do not support the s
167. s an access point list built by compiling all previous access points to which each client was associated and sent unicast to the client immediately after association The access point list contains the channels BSSIDs of neighbor access points that support the client s current SSID s and time elapsed since disassociation e Enhanced neighbor list This feature focuses on improving a CCXv4 client s roam experience and network edge performance especially when servicing voice applications The access point provides its associated client information about its neighbors using a neighbor list update unicast message e Enhanced neighbor list request E2E The End 2 End specification is a Cisco and Intel joint program that defines new protocols and interfaces to improve the overall voice and roaming experience It applies only to Intel clients in a CCX environment Specifically it enables Intel clients to request a neighbor list at will When this occurs the access point forwards the request to the controller The controller receives the request and replies with the current CCX roaming sublist of neighbors for the access point to which the client is associated Cisco Wireless LAN Controller Configuration Guide M460 i OL 21524 02 Chapter4 Configuring Controller Settings amp Configuring Client Roaming W amp Note To see whether a particular client supports E2E choose Wireless gt Clients on the controller GUI click the D
168. s are case sensitive and can contain up to 24 ASCII characters Usernames and passwords cannot contain spaces amp Note If you ever need to change the password for an existing username enter the config mgmtuser password username new_password command Step2 List the configured users by entering this command Cisco Wireless LAN Controller Configuration Guide P4338 OL 21524 02 Chapter 4 Configuring Controller Settings Configuring SNMP W show mgmtuser Restoring Passwords Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To configure a new username and password at boot up using the controller CLI follow these steps After the controller boots up enter Restore Password at the User prompt amp Note For security reasons the text that you enter does not appear on the controller console At the Enter User Name prompt enter a new username At the Enter Password prompt enter a new password At the Re enter Password prompt reenter the new password The controller validates and stores your entries in the database When the User prompt reappears enter your new username When the Password prompt appears enter your new password The controller logs you in with your new username and password Configuring SNMP Step 1 Step 2 Step 3 Step 4 Step 5 To configure SNMP using the controller CLI follow these steps Enter the config samp community create name command to create an SNMP comm
169. sers gt New page appears see Figure 4 18 Figure 4 18 SNMP V3 Users gt New Page Save Configuration Ping Logout Refresh cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Management SNMP V3 Users gt New lt Back Apply Summary User Profile Name Y SNMP General Access Mode Read Only SNMP V3 Users Communities oe 7 m Trap Receivers Authentication Protocol HMAC SHA Trap Controls Trap Logs OP ag Auth Password Confirm Auth Password HTTP Telnet SSH Privacy Protocol CFB AES 128 v Serial Port g Local Management Priv Password Confirm Priv Password g oO Users N In the User Profile Name text box enter a unique name Do not enter default Choose Read Only or Read Write from the Access Mode drop down list to specify the access level for this user The default value is Read Only From the Authentication Protocol drop down list choose the desired authentication method None HMAC MDS Hashed Message Authentication Coding Message Digest 5 or HMAC SHA Hashed Message Authentication Coding Secure Hashing Algorithm The default value is HMAC SHA In the Auth Password and Confirm Auth Password text boxes enter the shared secret key to be used for authentication You must enter at least 12 characters From the Privacy Protocol drop down list choose the desired encryption method None CBC DES Cipher Block Chaining Digital Encryption Standard or CFB AES 128 Cipher Feedback Mod
170. ss LAN Controller Configuration Guide OL 21524 02 Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses e Resetting the Controller to Default Settings page 4 120 Installing and Configuring Licenses amp You can order Cisco 5500 Series Controllers with support for 12 25 50 100 250 or 500 access points as the controller s base capacity You can add additional access point capacity through capacity adder licenses available at 25 50 100 and 250 access point capacities You can add the capacity adder licenses to any base license in any combination to arrive at the maximum capacity of 500 access points The base and adder licenses are supported through both rehosting and RMAs Note amp These controller platforms do not require licenses Cisco 2100 and Cisco 4400 Series Controllers Cisco WiSMs Controller Network Modules and Catalyst 3750G Integrated Wireless LAN Controller Switches Note amp All features included in a Wireless LAN Controller Wplus license are now included in the base license this change is introduced in release 6 0 196 0 There are no changes to WCS BASE and PLUS licensing The base license supports the standard base software set and for releases 6 0196 0 and later the premium software set is included as part of the base feature set which includes this functionality e Datagram Transport Layer Security DTLS data encryption for added security ac
171. ss point and the client These data rates which are calculated for a 20 MHz channel width using a short guard interval are available e 0 7 Mbps 1 14 Mbps e 2 21 Mbps e 3 29 Mbps e 4 43 Mbps e 5 58 Mbps e 6 65 Mbps e 7 72 Mbps e 8 14 Mbps e 9 29 Mbps e 10 43 Mbps e 11 58 Mbps e 12 87 Mbps e 13 116 Mbps e 14 130 Mbps Cisco Wireless LAN Controller Configuration Guide ee EEN Chapter4 Configuring Controller Settings W Configuring 802 11n Parameters Step 4 Step 5 Step 6 e 15 144 Mbps Any associated clients that support the selected rates may communicate with the access point using those rates However the clients are not required to be able to use this rate in order to associate The MCS settings determine the number of spatial streams the modulation the coding rate and the data rate values that are used Click Apply to commit your changes Use the 802 11n data rates that you configured by enabling WMM on the WLAN as follows a Choose WLANs to open the WLANs page b Click the ID number of the WLAN for which you want to configure WMM mode c When the WLANs gt Edit page appears choose the QoS tab to open the WLANs gt Edit Qos page d From the WMM Policy drop down list choose Required or Allowed to require or allow client devices to use WMM Devices that do not support WMM cannot join the WLAN e Click Apply to commit your changes Click Save Configura
172. subscribed to by a specific IP address Information similar to the following appears for the show nmsp subscription summary command Mobility Services Subscribed Server IP Services 1 4 93 31 RSSI Info Statistics Information similar to the following appears for the show nmsp subscription detail ip_addr command Mobility Services Subscribed by 1 4 93 31 Services Sub services I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings E Configuring the Supervisor 720 to Support the WiSM RSSI Mobile Station Tags Info Mobile Station Statistics Mobile Station Tags e Clear all NMSP statistics by entering this command clear nmsp statistics Debugging NMSP Issues Use these CLI commands if you experience any problems with NMSP e Configure NMSP debug options by entering this command debug nmsp where is one of the following all enable disable Enables or disables debugging for all NMSP messages connection enable disable Enables or disables debugging for NMSP connection events detail enable disable Enables or disables debugging for NMSP detailed events error enable disable Enables or disables debugging for NMSP error messages event enable disable Enables or disables debugging for NMSP events message tx rx enable disable Enables or disables debugging for NMSP transmit or receive messages
173. t High Throughput 802 11n to open the 802 11n 5 GHz or 2 4 GHz High Throughput page see Figure 4 12 Cisco Wireless LAN Controller Configuration Guide a30 OL 21524 02 Chapter4 Configuring Controller Settings Configuring 802 11n Parameters W Figure 4 12 802 11n 2 4 GHz High Throughput Page Save Configuration Ping Logout Refreg Oe cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless 802 11n 2 4 GHz High Throughput Apply gt Access Points General MCS Data Rate 4 Settings Hesi 11n Mode Enabled 0 7 Mbps M Supported HREAP Groups 1 14 Mbps ml Supported gt 802 11a n a 2 21 Mbps vis rted 802 11b a n SERES Network 3 29 Mbps supported gt RRM Client Roaming 4 43 Mbps Supported Voice 5 58 Mbps M supported Video EDCA Parameters 6 65 Mbps E supported High Throughput 802 11n 7 72 Mbps M supported Country 8 14 Mbps Ml supported Timers 9 29 Mbps E supported gt Qos 10 43 Mbps m Supported 11 58 Mbps M Supported 12 87 Mbps V Supported 13 116Mbps M Supported 14 130Mbps Supported 15 144Mbps E supported 5 1 DataRates are calculated for 20 MHz Channel width a E Step2 Select the 11n Mode check box to enable 802 11n support on the network The default value is enabled Step3 Select the check boxes of the desired rates to specify the modulation and coding scheme MCS rates at which data can be transmitted between the acce
174. t groups roams from one controller to another the first controller transmits all the multicast group information for the listening client to the second controller As a result the second controller can immediately create the multicast group information for the client The second controller sends the IGMP reports to the network for all multicast groups to which the client was listening This process aids in the seamless transfer of multicast data to the client e Ifthe listening client roams to a controller in a different subnet the multicast packets are tunneled to the anchor controller of the client to avoid the reverse path filtering RPF check The anchor then forwards the multicast packets to the infrastructure switch Note amp The MGIDs are controller specific The same multicast group packets coming from the same VLAN in two different controllers may be mapped to two different MGIDs Note If Layer 2 multicast is enabled a single MGID is assigned to all the multicast addresses coming from an interface see Figure 4 24 Guidelines for Using Multicast Mode Follow these guidelines when you enable multicast mode on your network e The Cisco Unified Wireless Network solution uses some IP address ranges for specific purposes and you should keep these ranges in mind when configuring a multicast group 224 0 0 0 through 224 0 0 255 Reserved link local addresses 224 0 1 0 through 238 255 255 255 Globally sco
175. t of all CDP neighbors for a specific access point by entering these commands e show ap cdp neighbors ap name Cisco_AP e show ap cdp neighbors detail Cisco_AP Note Step 8 amp The access point sends CDP neighbor information to the controller only when the information changes See a list of all CDP neighbors for all access points connected to the controller by entering these commands e show ap cdp neighbors all e show ap cdp neighbors detail all Information similar to the following appears when you enter the show ap cdp neighbors all command AP Name AP IP Neighbor Name Neighbor IP Neighbor Port AP0013 601c 0a0 10 76 108 123 6500 1 10 76 108 207 GigabitEthernet1 26 AP0013 601c 0b0 10 76 108 111 6500 1 10 76 108 207 GigabitEthernet1 27 AP0013 601c 0c0 10 76 108 125 6500 1 10 76 108 207 GigabitEthernet1 28 Information similar to the following appears when you enter the show ap cdp neighbors detail all command AP Name AP0013 601c 0a0 AP IP Address 10 76 108 125 Device ID 6500 1 Entry address es 10 76 108 207 Platform cisco WS C6506 E Capabilities Router Switch IGMP Interface Port 1 Port ID outgoing port GigabitEthernet1 26 Holdtime 157 sec Version Cisco Internetwork Operating System Software IOS tm s72033_rp Software s72033_rp PSV M Version 12 2 18 SXD5 RELEASE SOFTWARE fc3 Technical Support http www cisco com techsupport Copyright c 1986 2005 by cisco Systems Inc Compiled Fri
176. tatus of grace period or extension as a license type The license status will always show evaluation even if a grace period or an extension evaluation license is installed See the maximum number of access points allowed for this license on the controller the number of access points currently joined to the controller and the number of access points that can still join the controller by entering this command show license capacity Information similar to the following appears Licensed Feature Max Count Current Count Remaining Count AP Count 250 4 246 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Installing and Configuring Licenses e See statistics for all licenses on the controller by entering this command show license statistics Information similar to the following appears Administrative statistics Install success count Install failure count Install duplicate count Comment add count Comment delete count Clear count Save count Save cred count Client status Request success count Request failure count Release count Global Notify count gt O VOO COON Noon e See a summary of license enabled features by entering this command show license feature Information similar to the following appears Feature name Enforcement Evaluation Clear Allowed Enabled base yes yes yes yes base ap count yes yes yes no Acti
177. te The Burst Real Time Rate should be greater than or equal to the Average Real Time Rate Otherwise the QoS policy may block traffic to and from the wireless client Note For the role_name parameter in each of these commands enter a name for the new QoS role The name should uniquely identify the role of the QoS user such as Contractor Vendor and so on For the rate parameter you can enter a value between 0 and 60 000 Kbps inclusive A value of 0 imposes no bandwidth restriction on the QoS role Step3 Apply a QoS role to a guest user by entering this command config netuser guest role apply username role_name For example the role of Contractor could be applied to guest user jsmith S Note If you do not assign a QoS role to a guest user the Role text box in the User Details shows the role as default The bandwidth contracts for this user are defined in the QoS profile for the WLAN amp Note If you want to unassign a QoS role from a guest user enter the config netuser guest role apply username default command This user now uses the bandwidth contracts defined in the QoS profile for the WLAN Step4 Save your changes by entering this command save config Step5 See a list of the current QoS roles and their bandwidth parameters by entering this command show netuser guest roles Information similar to the following appears Role Name s ses erecciones deei doci dia easa iada naia Contractor Average
178. tep 6 Step 7 Step 8 To configure band selection using the controller GUI follow these steps Choose Wireless gt Advanced gt Band Select to open the Band Select page see Figure 4 21 Figure 4 21 Wireless gt Advanced gt Band Select Page Save Configuration Ping Logout Refresh An a MONITOR WLANs CONTROLLER WIRELESS MANAGEMENT COMMANDS HELP FEEDBACK Wireless Band Select Apply LEXES Points Probe Cycle Count 2 Scan Cycle Period Threshold milliseconds rt Age Out Suppression seconds 20 Glo nfiguration Age Out Dual Band seconds 60 Advanced Acceptable Client RSSI dBm s0 Load Balancing Band Select is configurable per WLAN Band Select Mesh HREAP Groups gt 802 11la n v 802 11b g n Media Stream Country Timers gt Qos Done 207777 In the Probe Cycle Count text box enter a value between 1 and 10 The cycle count sets the number of suppression cycles for a new client The default cycle count is 2 In the Scan Cycle Period Threshold milliseconds text box enter a value between 1 and 1000 milliseconds for the scan cycle period threshold This setting determines the time threshold during which new probe requests from a client come from a new scanning cycle The default cycle threshold is 200 milliseconds In the Age Out Suppression seconds text box enter a value between 10 and 200 seconds Age out suppression sets the expiration time for pruning prev
179. th indicator RSSI required for the client to associate to an access point If the client s average received signal power dips below this threshold reliable communication is usually impossible Therefore clients must already have found and roamed to another access point with a stronger signal before the minimum RSSI value is reached The range is 80 to 90 dBm The default is 85 dBm In the Hysteresis text box enter a value to indicate how much greater the signal strength of a neighboring access point must be in order for the client to roam to it This parameter is intended to reduce the amount of roaming between access points if the client is physically located on or near the border between two access points The range is 3 to 20 dB The default is 3 dB In the Scan Threshold text box enter the minimum RSSI that is allowed before the client should roam to a better access point When the RSSI drops below the specified value the client must be able to roam to a better access point within the specified transition time This parameter also provides a power save method to minimize the time that the client spends in active or passive scanning For example the client can scan slowly when the RSSI is above the threshold and scan more rapidly when the RSSI is below the threshold The range is 70 to 77 dBm The default is 72 dBm In the Transition Time text box enter the maximum time allowed for the client to detect a suitable nei
180. the 802 1p Tag text box to define the maximum value 0 7 for the priority tag associated with packets that fall within the profile The tagged packets include CAPWAP data packets between access points and the controller and packets sent toward the core network amp Note Ifa QoS profile has 802 1p tagging configured and if this QoS profile is assigned to a WLAN that uses an untagged interface on the controller the client traffic will be blocked Click Apply to commit your changes Click Save Configuration to save your changes Reenable the 802 11a and 802 11b g networks To enable the radio networks choose Wireless gt 802 11a n or 802 11b g n gt Network select the 802 11a or 802 11b g Network Status check box and click Apply Follow the instructions in the Assigning a QoS Profile to a WLAN section on page 7 37 to assign a QoS profile to a WLAN Using the CLI to Configure QoS Profiles Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 To configure the Platinum Gold Silver and Bronze QoS profiles using the controller CLI follow these steps Disable the 802 1 1a and 802 11b g networks so that you can configure the QoS profiles by entering these commands config 802 11a disable network config 802 11b disable network Change the profile description by entering this command config qos description bronze silver gold platinum description Define the average data rate in Kbps for TC
181. the 802 1 1a or 802 11b g network by entering this command I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings HZ Configuring Voice and Video Parameters amp config 802 11a 802 11b cac video max bandwidth bandwidth The bandwidth range is 5 to 85 and the default value is 5 However the maximum RF bandwidth cannot exceed 85 for voice and video Once the client reaches the value specified the access point rejects new calls on this network Note Step 8 Step 9 Step 10 Step 11 If this parameter is set to zero 0 the controller assumes that you do not want to do any bandwidth allocation and therefore allows all bandwidth requests Process or ignore the TSPEC inactivity timeout received from an access point by entering this command config 802 11a 802 11b cac video tspec inactivity timeout enable ignore Reenable all WLANs with WMM enabled by entering this command config wlan enable wlan_id Reenable the radio network by entering this command config 802 11a 802 11b enable network Save your settings by entering this command save config Using the CLI to View Voice and Video Settings Step 1 Step 2 To view voice and video settings using the controller CLI follow these steps See the CAC configuration for the 802 11a or 802 11b g network by entering this command show ap stats 802 11a 802 11b See the CAC statis
182. the highest CDP version supported on the controller by entering this command config cdp advertise v1 v2 The default value is v1 Enable or disable CDP on all access points that are joined to the controller by entering the config ap cdp enable disable all command The config ap cdp disable all command disables CDP on all access points that are joined to the controller and all access points that join in the future CDP remains disabled on both current and future access points even after the controller or access point reboots To enable CDP enter the config ap cdp enable all command Note Step 6 Step7 amp After you enable CDP on all access points joined to the controller you may disable and then reenable CDP on individual access points using the command in Step 6 After you disable CDP on all access points joined to the controller you may not enable and then disable CDP on individual access points Enable or disable CDP on a specific access point by entering this command config ap cdp enable disable Cisco _AP Configure CDP on a specific or all access points for a specific interface by entering this command config ap cdp ethernet radio interface_number slot_id enable disable all Cisco _AP Note Step 8 When you use the config ap cdp command to configure CDP on radio interfaces a warning message appears indicating that the configuration is applicable only for mesh access points Save your
183. ti h a tet i Save Configuration Ping Logout Refres cisco MONITOR WLANs CONTROLLER WIRELESS SECURITY MANAGEMENT COMMANDS HELP Wireless 802 11a Global Parameters Apply gt Access Points General Data Rates Mesh ae 802 114 Network Status Enabled 6 Mbps Mandatory HREAP Groups i 802 11a n Beacon Period millisecs 100 9 Mbps Supported i RERNE 12 Mbps Mandatory v gt RRM Fragmentation Threshold m Pico Cell bytes 2346 18 Mbps Supported Y Client Roaming DTPC Support Enabled 24 Mbps Mandatory Voice Video 36 Mbps Supported w SACD ara ote Er 802 11a Band Status EDCA Parameters DFS 802 11h 48 Mbps Supported vi High ches Low Band Enabled 54 Mbps Supported x 602 n Ps i Mid Band Enabled gt 802 11b g n i High Band Enabled CCX Location Measurement Country i Mode C Enabled Timers gt Qos Data Rate Mandatory implies that clients who do not support that specific rate will not be able to associate Data Rate Supported implies that any associated client that also supports that same rate may communicate with the AP using that rate But it is not required that a client be able to use the rates marked supported in order to A associate a Select the 802 11a or 802 11b g Network Status check box to enable the 802 11a or 802 11b g band To disable the band unselect the check box The default value is enabled You can enable both the 802 11a and 802 11b g bands If you
184. tication Algorithm a i ia a a E Open System Reason Code Ddo A AN AAAA AS i ai Ei e ee a 0 Status COR is ee hy Bi hh ee ee ee erence a ee 0 Session Timeout ee ee ee ee ee eee eee 0 CLLENE COX version incre sei ce davs ae E Savers O Sa 5 GVTent EZ Vers tons 3 5 a a ceeded ed ee ae No E2E support Diagnostics Capability 0 2 2 2 eee eee Supported S69 Capabi li ey oie csse reesei 0 6 0 0 0 00 4 S60 60 6 5 0 8 6 0 5 6 SUppOrted Miseror dingy csi Moe eh EE E Oot te ol le ie Disabled OOS eyel Aiia nde ete eae te era o Bea O a a a E Silver Cisco Wireless LAN Controller Configuration Guide ca OL 21524 02 Chapter4 Configuring Controller Settings Configuring and Viewing Location Settings W amp Note See the Cisco Wireless Control System Configuration Guide or the Cisco Location Appliance Configuration Guide for instructions on enabling location presence on a location appliance Modifying the NMSP Notification Interval for Clients RFID Tags and Rogues The Network Mobility Services Protocol NMSP manages communication between the location appliance and the controller for incoming and outgoing traffic If your application requires more frequent location updates you can modify the NMSP notification interval to a value between 1 and 180 seconds for clients active RFID tags and rogue access points and clients amp Note The TCP port 16113 that the controller and location
185. tics for a particular access point by entering this command show ap stats 802 11a 802 11b ap_name Information similar to the following appears Call Admission Control CAC Stats Voice Bandwidth in use of config bw 0 Total channel MT free 2 0 Total voice MT free sos sce oe ew A Oe REG EES EGS 0 Na Ditech sa eka eee Ree Due Eie ORE EES 0 Na ROAM si o s a vs se ke sates keel we ve eee se ae wee ae eae te ede 0 Video Bandwidth in use of config bw 0 Total num of voice calls in progress 0 Num of roaming voice calls in progress 0 Total Num of voice calls since AP joined 0 Total Num of roaming calls since AP joined 0 Total Num of exp bw requests received 5 Total Num of exp bw requests admitted 2 Num of voice calls rejected since AP joined 0 Num of roam calls rejected since AP joined 0 Num of calls rejected due to insufficient bw 0 Num of calls rejected due to invalid params 0 Num of calls rejected due to PHY rate 0 Num of calls rejected due to QoS policy 0 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings Configuring Voice and Video Parameters W In the example above MT is medium time Na is the number of additional calls and exp bw is expedited bandwidth Note Suppose an AP has to be rebooted when a voice client ass
186. tion Click Apply to commit your changes Click Save Configuration to save your changes Using the CLI to Configure 802 11 Bands Step 1 Step 2 Step 3 Step 4 To configure 802 11 bands using the controller CLI follow these steps Disable the 802 11a band by entering this command config 802 11a disable network amp Note The 802 11a band must be disabled before you can configure the 802 11a network parameters in this section Disable the 802 11b g band by entering this command config 802 11b disable network amp Note The 802 11b band must be disabled before you can configure the 802 11b network parameters in this section Specify the rate at which the SSID is broadcast by the access point by entering this command config 802 11a 802 11b beaconperiod time_unit where time_unit is the beacon interval in time units TUs One TU is 1024 microseconds You can configure the access point to send a beacon every 20 to 1000 milliseconds Specify the size at which packets are fragmented by entering this command Cisco Wireless LAN Controller Configuration Guide M428 OL 21524 02 _ Chapter 4 Configuring Controller Settings Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Configuring 802 11 Bands W config 802 11a 802 11b fragmentation threshold where threshold is a value between 256 and 2346 bytes inclusive Specify a low number for areas where communication is
187. tion to save your changes S Note To determine if an access point supports 802 11n look at the 11n Supported text box on either the 802 1 1a n or 802 11b g n Cisco APs gt Configure page or the 802 1 1a n or 802 11b g n AP Interfaces gt Details page Using the CLI to Configure 802 11n Parameters Step 1 Step 2 Step 3 Step 4 To configure 802 11n parameters using the controller CLI follow these steps Enable 802 11n support on the network by entering this command config 802 11a 802 11b 11nsupport enable disable Specify the modulation and coding scheme MCS rates at which data can be transmitted between the access point and the client by entering this command config 802 11a 802 11b 11nsupport mcs tx 0 15 enable disable See the descriptions of the 0 through 15 MCS data rates in the Using the GUI to Configure 802 11n Parameters section on page 4 30 Use the 802 1 1n data rates that you configured by enabling WMM on the WLAN as follows config wlan wmm required wlan_id The required parameter requires client devices to use WMM Devices that do not support WMM cannot join the WLAN Specify the aggregation method used for 802 11n packets as follows a Disable the network by entering this command config 802 11a 802 11b disable network b Specify the aggregation method entering this command config 802 11a 802 11b 11nsupport a mpdu tx priority 0 7 all enable disable
188. to the CLM as follows Select the Enable Notification check box to enable the license agent to send license notifications to the CLM or unselect this check box to disable this feature The default value is unselected In the URL to Send the Notifications text box enter the URL where the license agent sends the notifications for example http www cisco com license notify In the User Name text box enter the username required in order to view the notification messages at this URL w_ Cisco Wireless LAN Controller Configuration Guide OL 21524 02 Chapter4 Configuring Controller Settings Installing and Configuring Licenses W d Inthe Password and Confirm Password text boxes enter the password required in order to view the notification messages at this URL Step6 Click Apply to commit your changes Step7 Click Save Configuration to save your changes Using the CLI to Configure the License Agent To configure the license agent on the controller using the controller CLI follow these steps Step 1 Enable the license agent by entering one of these commands e config license agent default authenticate Enables the license agent default listener with authentication e config license agent default authenticate none Enables the license agent default listener without authentication amp Note To disable the license agent default listener enter the config license agent default disable command The default value
189. top using the ap count evaluation license and want to revert to using an ap count permanent license follow these steps a To lower the priority of the ap count evaluation license enter this command license modify priority license_name low b To reboot the controller in order for the priority change to take effect enter this command reset system c To verify that the ap count evaluation license now has a low priority and is not in use enter this command show license all Instead the ap count permanent license should be in use Rehosting a License amp Revoking a license from one controller and installing it on another is called rehosting You might want to rehost a license in order to change the purpose of a controller For example if you want to move your OfficeExtend or indoor mesh access points to a different controller you could transfer the base license from one controller to another In order to rehost a license you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site Next you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license Evaluation licenses and the permanent base image license cannot be rehosted Note A revoked license cannot be reinstalled on the same controller OL 21524 02 Cisco Wireless LAN Controller Conf
190. uation licenses the permanent base image license or licenses that are in use by the controller If you are prompted to accept the end user license agreement EULA read and accept the terms of the agreement Cisco Wireless LAN Controller Configuration Guide mae W OL 21524 02 Chapter 4 Configuring Controller Settings Step 3 Step 4 Step 5 Step 6 Step7 Installing and Configuring Licenses W amp Note Typically you are prompted to accept the EULA for evaluation extension and rehost licenses The EULA is also required for permanent licenses but it is accepted during license generation Add comments to a license or delete comments from a license by entering this command license comment add delete license _name comment_string Save a backup copy of all installed licenses by entering this command license save url where url is tftp server_ip path filename Reboot the controller by entering this command reset system Follow the instructions in the Viewing Licenses section on page 4 9 to see the status of the license you installed If the desired license is not being used by the controller follow the instructions in the Activating an AP Count Evaluation License section on page 4 14 or the Activating an AP Count Evaluation License section on page 4 14 to change the license that is used by the controller Viewing Licenses This section describes how to view the licens
191. ue AP RSSI expiry timeout 5 sec Half life 0 sec Notify Threshold 0 db RFID Tag RSSI expiry timeout 5 sec Half life 0 sec Notify Threshold 0 db See the RSSI table for a particular client by entering this command show location detail client_mac_addr Information similar to the following appears I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings W Configuring and Viewing Location Settings 11 AP 00 00 00 00 00 00 Slot 0 inUse antenna B 0 band 0 rssi antenna A 12 AP 00 00 00 00 00 00 Slot 0 inU antenna B 0 band 0 rssi antenna A antenna B 0 snr 0 acceptable 0 13 AP 00 00 00 00 00 00 Slot 0 inU expired 0 Timestamp antenna A 0 antenna B 0 band 0 rssi antenna A 1 antenna B 0 snr 0 acceptable 0 14 AP 00 00 00 00 00 00 Slot 0 inUs expired 0 Timestamp antenna A 0 antenna B 0 band 0 rssi antenna A 0 ntenna B 0 snr 0 acceptable 0 15 AP 00 00 00 00 00 00 Slot 0 inUs expired 0 Timestamp antenna A 0 antenna B 0 band 0 rssi antenna A 0 ntenna B 0 snr 0 acceptable 0 expired 0 Timestamp antenna A 0 antenna B 0 snr 0 acceptable 0 expired 0 Timestamp antenna A 0 e 0 a 0 a e See the location based RFID statistics by entering this command show location statistics rfid Information similar to the following appears RFID Statistics Database Full 0 Failed De
192. uide ca OL 21524 02 Chapter4 Configuring Controller Settings Using the Wireless LAN Controller Network Module W amp Note The WiSM is supported on Cisco 7600 series routers running only Cisco IOS Release 12 2 18 SXF5 General WiSM Guidelines Follow these guidelines when you add a WiSM to your network e The switch or router ports leading to the controller service port are automatically configured and cannot be manually configured e The switch or router ports leading to the controller data ports should be configured as edge ports to avoid sending unnecessary BPDUs e The switch or router ports leading to the controller data ports should not be configured with any additional settings such as port channel or SPAN destination other than settings necessary for carrying data traffic to and from the controllers amp Note See Chapter 3 Configuring Ports and Interfaces for information on configuring the WiSM s ports and interfaces Configuring the Supervisor amp Note You must log into the switch or router CLI and begin in privileged EXEC mode To configure the supervisor to support the WiSM follow these steps Note The commands used for communication between the Cisco WiSM the Supervisor 720 and the 4404 controllers are documented in Configuring a Cisco Wireless Services Module and Wireless Control System at this URL http www cisco com en US docs wireless technology wism technica
193. ult setting e Bronze Background Provides the lowest bandwidth for guest services Note VoIP clients should be set to Platinum You can configure the bandwidth of each QoS level using QoS profiles and then apply the profiles to WLANs The profile settings are pushed to the clients associated to that WLAN In addition you can create QoS roles to specify different bandwidth levels for regular and guest users Follow the instructions in this section to configure QoS profiles and QoS roles Configuring Quality of Service Profiles You can use the controller GUI or CLI to configure the Platinum Gold Silver and Bronze QoS profiles Using the GUI to Configure QoS Profiles Step 1 Step 2 Step 3 To configure QoS profiles using the controller GUI follow these steps Disable the 802 11a and 802 11b g networks so that you can configure the QoS profiles To disable the radio networks choose Wireless gt 802 11a n or 802 11b g n gt Network unselect the 802 11a or 802 11b g Network Status check box and click Apply Choose Wireless gt QoS gt Profiles to open the QoS Profiles page Click the name of the profile that you want to configure to open the Edit QoS Profile page see Figure 4 26 I oL 21524 02 Cisco Wireless LAN Controller Configuration Guide Chapter4 Configuring Controller Settings WE Configuring Quality of Service Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Figu
194. unity name Enter the config samp community delete name command to delete an SNMP community name Enter the config samp community accessmode ro name command to configure an SNMP community name with read only privileges Enter config samp community accessmode rw name to configure an SNMP community name with read write privileges Enter the config samp community ipaddr ip address ip mask name command to configure an IP address and subnet mask for an SNMP community amp Note This command behaves like an SNMP access list It specifies the IP address from which the device accepts SNMP packets with the associated community The requesting entity s IP address is ANDed with the subnet mask before being compared to the IP address If the subnet mask is set to 0 0 0 0 an IP address of 0 0 0 0 matches to all IP addresses The default value is 0 0 0 0 amp Note The controller can use only one IP address range to manage an SNMP community Enter the config samp community mode enable command to enable a community name Enter the config samp community mode disable command to disable a community name OL 21524 02 Cisco Wireless LAN Controller Configuration Guide E Chapter4 Configuring Controller Settings HE Changing the Default Values of SNMP Community Strings Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Enter the config snmp trapreceiver create name ip address c
195. ur controller to use HTTP to communicate with CLM Note You can download the CLM software and access user documentation at this URL http www cisco com go clm Licensing portal This alternative method enables you to manually obtain and install licenses on your controller If you want to use the licensing portal to register the PAK follow the instructions in Step 3 Step3 Use the licensing portal to register the PAK as follows b Go to http tools cisco com S WIFT Licensing PrivateRegistrationServlet On the main Product License Registration page enter the PAK mailed with the certificate in the Product Authorization Key PAK text box and click Submit On the Validate Features page enter the number of licenses that you want to register in the Qty text box and click Update To determine the controller s product ID and serial number choose Controller gt Inventory on the controller GUI or enter the show license udi command on the controller CLI Information similar to the following appears on the controller CLI Device PID SN UDI 0 AIR CT5508 K9 FCW1308L030 AIR CT5508 K9 FCW1308L030 On the Designate Licensee page enter the product ID and serial number of the controller on which you plan to install the license read and accept the conditions of the end user license agreement EULA complete the rest of the text boxes on this page and click Submit On the Finish and Submit page verify that all infor
196. vating an AP Count Evaluation License If you are considering upgrading to a license with a higher access point count you can try an evaluation license before upgrading to a permanent version of the license For example if you are using a permanent license with a 50 access point count and want to try an evaluation license with a 100 access point count you can try out the evaluation license for 60 days AP count evaluation licenses are set to low priority by default so that the controller uses the ap count permanent license If you want to try an evaluation license with an increased access point count you must change its priority to high If you no longer want to have this higher capacity you can lower the priority of the ap count evaluation license which forces the controller to use the permanent license amp Note To prevent disruptions in operation the controller does not switch licenses when an evaluation license expires You must reboot the controller in order to return to a permanent license Following a reboot the controller defaults to the same feature set level as the expired evaluation license If no permanent license at the same feature set level is installed the controller uses a permanent license at another level or an unexpired evaluation license You can activate ap count evaluation licenses using the controller GUI or CLI Using the GUI to Activate an AP Count Evaluation License To activate an ap count evaluation li
197. x shows the specific interval when the statistics were collected Step6 Enable or disable debugging for call admission control CAC messages events or packets by entering this command debug cac all event packet enable disable where all configures debugging for all CAC messages event configures debugging for all CAC events and packet configures debugging for all CAC packets Step7 Use the following command to perform voice diagnostics and to view the debug messages between a maximum of two 802 11 clients debug client voice diag enable disable mac id mac id2 verbose The verbose mode is an optional argument When the verbose option is used all debug messages are displayed in the console You can use this command to monitor a maximum of two 802 11 clients If one of the clients is a non WiFi client only the 802 11 client is monitored for debug messages amp Note Itis implicitly assumed that the clients being monitored are on call amp Note The debug command automatically stops after 60 minutes Cisco Wireless LAN Controller Configuration Guide _ Chapter 4 Configuring Controller Settings Step 8 Step 9 Configuring Voice and Video Parameters W Use the following commands to view various voice related parameters show client voice diag status Displays information about whether voice diagnostics is enabled or disabled If enabled will also displays information about the c
198. y by the access point Cisco Wireless LAN Controller Configuration Guide M404 OL 21524 02 Chapter4 Configuring Controller Settings Note Configuring the Cisco Discovery Protocol W e Power Consumption TLV 0x0010 The maximum amount of power consumed by the access point e Power Request TLV 0x0019 The amount of power to be transmitted by a powerable device in order to negotiate a suitable power level with the supplier of the network power You can configure CDP and view CDP information using the GUI in controller software release 4 1 or later or the CLI in controller software release 4 0 or later releases Figure 4 39 shows a sample network that you can use as a reference when performing the procedures in this section Changing the CDP configuration on the controller does not change the CDP configuration on the access points that are connected to the controller You must enable and disable CDP separately for each access point You can enable or disable the CDP state on all or specific interfaces and radios This configuration can be applied to all access points or a specific access point For more information on how to configure CDP on the interfaces and radios see the Using the GUI to Configure the Cisco Discovery Protocol section on page 4 96 and the Using the CLI to Configure the Cisco Discovery Protocol section on page 4 102 The following is the behavior assumed for various interfaces and access points
199. y on all WLANs by entering this command config network 802 3 bridging enable disable The default value is disabled amp Note In controller software release 5 2 or later releases you can disable 802 3 bridging only for 4400 series controllers the Cisco WiSM and the Catalyst 3750G Wireless LAN Controller Switch Step3 Save your settings by entering this command save config Cisco Wireless LAN Controller Configuration Guide oL 21524 02 ECN Chapter4 Configuring Controller Settings WE Configuring Multicast Mode Configuring Multicast Mode If your network supports packet multicasting you can configure the multicast method that the controller uses The controller performs multicasting in two modes e Unicast mode In this mode the controller unicasts every multicast packet to every access point associated to the controller This mode is inefficient but might be required on networks that do not support multicasting e Multicast mode In this mode the controller sends multicast packets to a CAPWAP multicast group This method reduces overhead on the controller processor and shifts the work of packet replication to your network which is much more efficient than the unicast method You can enable multicast mode using the controller GUI or CLI Understanding Multicast Mode When you enable multicast mode and the controller receives a multicast packet from the wired LAN the controller encapsulates the pac
200. yer2 MGID Mapping InterfaceName vlanid MGID management 0 0 test 0 9 wired 20 8 Layer3 MGID Mapping Number of Layer3 MGIDS 2 eee eee eee ali Group address Vlan MGID 239 255 255 250 0 550 See all the clients joined to the multicast group in a specific MGID by entering this command show network multicast mgid detail mgid_value where the mgid_value parameter is a number between 550 and 4095 Information similar to the following appears Midas hai Sav iai ewe Cae a kw A eR ee EE 550 Multicast Group AddreSS cossis sadi iad diii 239 255 255 250 KYA B i a RAAEN NEEE EE EE E EE 0 Rae PACK SEs COUN Hgts telson a E ec qe SLi 807399588 NO OF lt CUTONES Anaan a A aAA wheal io Seb eh silos wh 1 Client i 8 ee ae Client MAC Cisco Wireless LAN Controller Configuration Guide OL 21524 02 _ Chapter 4 Configuring Controller Settings Configuring Client Roaming W 00 13 02 23 82 ad 0 20 Using the CLI to View an Access Point s Multicast Client Table Step 1 Step 2 Step 3 To help troubleshoot roaming events you can view an access point s multicast client table from the controller by performing a remote debug of the access point To view an access point s multicast client table using the controller CLI follow these steps Initiate a remote debug of the access point by entering this command debug ap enable Cisco_AP See all of the MGIDs on the access point and the number
Download Pdf Manuals
Related Search