- Preface
- Overview of Access Point Features
- Using the Web-Browser Interface
- Using the Command-Line Interface
- Configuring the Access Point for the First Time
- Administering the Access Point
- Configuring Radio Settings
- Configuring Multiple SSIDs
- Configuring Spanning Tree Protocol
- Configuring an Access Point as a Local Authenticator
- Configuring WLAN Authentication and Encryption
- Configuring Authentication Types
- Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
- Configuring RADIUS and TACACS+ Servers
- Configuring VLANs
- Configuring QoS
- Configuring Filters
- Configuring CDP
- Configuring SNMP
- Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
- Managing Firmware and Configurations
- Configuring L2TPv3 Over UDP/IP
- Configuring System Message Logging
- Troubleshooting
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
Overview of Access Point Features
Cisco Aironet Access Points (hereafter called access points, or abbreviated as APs) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco Aironet access points are Wi-Fi certified, and depending on the specific model are 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, 802.11n-compliant, and 802.11ac-compliant wireless LAN transceivers.
Note
When booting up a 1530, 1700, or a 2700 series AP for the first time, it will boot up with a unified mode software image. To deploy the AP in an autonomous network, use following command from the AP console or telnet to force AP to reboot using autonomous mode software image.
capwap ap autonomous
For more information on software images on the AP, see Working with Software Images.
You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP).
Radios in Access Points
An access point serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within the radio range of an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the network.
Each access point platform contains one, two, or three radios. For more information on the radios supported by each access point model, see the corresponding Access Point Data Sheet.
New Features and Platforms in this Release
For full information on the new features and updates to existing features in this release, see the Release Notes for Autonomous Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.3(3)JA.
For the full list of CLI commands supported in this release, see the Cisco IOS Command Reference for Autonomous Cisco Aironet Access Points and Bridges, Cisco IOS Release 15.3(3)JA.
Note The proxy Mobile-IP feature is not supported in Cisco IOS Release 12.3(2)JA and later.
New Access Point Platforms Supported
This release supports the following new access point platforms:
Support for Cisco Aironet 3700 Series access point
Support for Cisco Aironet 2700 Series access point
- This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, with integrated and external antenna options, and supports 802.11a,b,g,n,ac. This access point has both primary and secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port. The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access port. You can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id
- Supported models are 2700E and 2700I
- Supported operating modes are:
Support for Cisco Aironet 1700 Series access point
- This access point is built on 3x4:3(2.4GHz), 4x4:3(5GHz) MIMO technology, and comes with integrated antennas, and supports 802.11a,b,g,n,ac. This access point has both primary and secondary gigabit Ethernet ports. The primary port is gigabit Ethernet 0 and is the backhaul port. The primary port can be set as trunk port. The secondary port is gigabitEthernet 1, and is the access port. You can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id
- Supported model is 1700I
- Supported operating modes are:
New Features
Multiple Port Support for Cisco Aironet 1550 Series Outdoor Access Points
The 1550 series has four Ethernet ports – PoE-In port, PoE-Out port, Auxiliary port, and SFP Port. All four ports are supported in the current release. This series also has an internal cable modem in the 1552C and 1552CU models. The cable modem connects to the Auxiliary port.
You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You can set the primary Ethernet port using the configuration command: dot11 primary-ethernet-port port-number-0to3
You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary ports can be set as access ports only. To configure the vlan-id in secondary ports, use the interface configuration command bridge multiple-port client-vlan vlan-id
Automatic Configuring of the Access Point
The Autoconfig feature of autonomous access points allows the AP to download its configuration, periodically, from a Secure Copy Protocol (SCP) server. For more information, see Automatic Configuring of the Access Point
Support for L2TPv3
Layer 2 Tunneling Protocol (L2TPv3), is a tunneling protocol that enables tunneling of Layer 2 packets over IP core networks.
For detailed information, see Chapter21, “Configuring L2TPv3 Over UDP/IP”
Configuration and CLI Changes in this Release
The following updates and new additions have been made:
- For Cisco Aironet 2700 series access points, you can configure the secondary port to a VLAN ID using the interface configuration command bridge multiple-port client-vlan vlan-id
- For Cisco Aironet 1550 series outdoor access points:
– You can set the PoE-In port, SFP port, or the Auxiliary port as the primary Ethernet port. You can set the primary Ethernet port using the configuration command: dot11 primary-ethernet-port port-number-0to3
– You can set the primary Ethernet port as a trunk and handle multiple VLANs, but the secondary ports can be set as access ports only. To configure the vlan-id in secondary ports, use the interface configuration command bridge multiple-port client-vlan vlan-id
- Removal of WPA/TKIP Configuration—Wi-Fi certified access points no longer support a WPA/TKIP configuration. TKIP is only allowed in combination with WPA2/AES for backward compatibility to allow older TKIP-only devices to associate.
– Authentication key-management WPA version 1 will be changed to authentication key-management WPA. The following message will be displayed:
– WPA version 1 option has been removed from the authentication key-management WPA CLI and configuring TKIP only under this interface is not supported. It will be changed to aes-ccm tkip to work on mixed mode with the following message on the ap console:
Management Options
You can use the wireless device management system through the following interfaces:
- The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode. Most of the examples in this manual are taken from the CLI. “Using the Command-Line Interface,” provides a detailed description of the CLI.
- A web-browser interface, which you use through a Web browser. “Using the Web-Browser Interface,” provides a detailed description of the web-browser interface.
- Simple Network Management Protocol (SNMP). “Configuring SNMP,” explains how to configure the wireless device for SNMP management.
Roaming Client Devices
If you have more than one wireless device in your wireless LAN, wireless client devices can roam seamlessly from one wireless device to another. The roaming functionality is based on signal quality, not proximity. When signal quality drops from a client, it roams to another access point.
Wireless LAN users are sometimes concerned when a client device stays associated to a distant access point instead of roaming to a closer access point. However, if a client signal to a distant access point remains strong and the signal quality is high, the client will not roam to a closer access point. Checking constantly for closer access points would be inefficient, and the extra radio traffic would slow throughput on the wireless LAN.
Using Cisco Centralized Key Management (CCKM) or 802.11r, with a device providing wireless distribution system (WDS), client devices can roam from one access point to another so quickly that there is no perceptible delay in voice or other time-sensitive applications.
Network Configuration Examples
This section describes the role of an access point in common wireless network configurations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as repeater access points, bridges, and workgroup bridges. These roles require specific configurations.
Root Access Point
An access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.
Figure 1-1 Access Points as Root Units on a Wired LAN
Repeater Access Point
An access point can be configured as a stand-alone repeater to extend the range of your infrastructure or to overcome an obstacle that blocks radio communication. The repeater forwards traffic between wireless users and the wired LAN by sending packets to either another repeater or to an access point connected to the wired LAN. The data is sent through the route that provides the best performance for the client. Figure 1-2 shows an access point acting as a repeater. Consult the “Configuring a Repeater Access Point” for instructions on setting up an access point as a repeater.
Note Non-Cisco client devices might have difficulty communicating with repeater access points.
Figure 1-2 Access Point as Repeater
Bridges
Access points can be configured as root or non-root bridges. In this role, an access point establishes a wireless link with a non-root bridge. Traffic is passed over the link to the wired LAN. Access points in root and non-root bridge roles can be configured to accept associations from clients. Figure 1-3 shows an access point configured as a root bridge with clients. Figure 1-4 shows two access points configured as a root and non-root bridge, both accepting client associations. Consult the “Configuring the Role in Radio Network” section for instructions on setting up an access point as a bridge.
When wireless bridges are used in a point-to-multipoint configuration the throughput is reduced depending on the number of non-root bridges that associate with the root bridge. With a link data rate at 54 Mbps, the maximum throughput is about 25 Mbps in a point-to-point link. The addition of three bridges to form a point-to-multipoint network reduces the throughput to about 12.5 Mbps.
Figure 1-3 Access Point as a Root Bridge with Clients
Figure 1-4 Access Points as Root and Non-root Bridges with Clients
Workgroup Bridge
You can configure access points as workgroup bridges. In workgroup bridge mode, the unit associates to another access point as a client and provides a network connection for the devices connected to its Ethernet port. For example, if you need to provide wireless connectivity for a group of network printers, you can connect the printers to a hub or to a switch, connect the hub or switch to the access point Ethernet port, and configure the access point as a workgroup bridge. The workgroup bridge associates to an access point on your network.
If your access point has multiple radios, either radio can function in workgroup bridge mode..
Figure 1-5 shows an access point configured as a workgroup bridge. Consult the “Understanding Workgroup Bridge Mode” section and the “Configuring Workgroup Bridge Mode” section for information on configuring your access point as a workgroup bridge.
Figure 1-5 Access Point as a Workgroup Bridge
Central Unit in an All-Wireless Network
In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users. Figure 1-6 shows an access point in an all-wireless network.
Figure 1-6 Access Point as Central Unit in All-Wireless Network
Feedback