Software Guide
Page 19
... for the Cisco 3200 Series wireless and mobile router. • Cisco IOS Command Reference for Cisco Access Points and Bridges1-New and revised Cisco IOS commands for the radio ports provided on the platform-specific CD-ROM. This feature adds support for your network management system. For information about using Cisco IOS software to configure SNMP, refer to the following documents: • The "Configuring SNMP Support" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12...
... for the Cisco 3200 Series wireless and mobile router. • Cisco IOS Command Reference for Cisco Access Points and Bridges1-New and revised Cisco IOS commands for the radio ports provided on the platform-specific CD-ROM. This feature adds support for your network management system. For information about using Cisco IOS software to configure SNMP, refer to the following documents: • The "Configuring SNMP Support" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12...
Software Guide
Page 28
... interfaces provide connectivity to wireless WAN modems that can use either a wireless or wired connection back to various parts of the community and achieve sufficient bandwidth for 802.11b/g and 4.9-GHz wireless clients. The number of secondary intersections allowed between two primary intersections depends on routing metrics. Ethernet interfaces are be accessed from a mobile unit arrives, the packet is configured as workgroup bridge for connectivity to transparently associate and authenticate...
... interfaces provide connectivity to wireless WAN modems that can use either a wireless or wired connection back to various parts of the community and achieve sufficient bandwidth for 802.11b/g and 4.9-GHz wireless clients. The number of secondary intersections allowed between two primary intersections depends on routing metrics. Ethernet interfaces are be accessed from a mobile unit arrives, the packet is configured as workgroup bridge for connectivity to transparently associate and authenticate...
Software Guide
Page 29
... root device forwards an authentication request and authentication credentials supplied by the workgroup bridge to the home agent where the encapsulation is removed from the associated workgroup bridge. 3. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 Overview of the Cisco WMIC Understanding the Cisco Mobile Wireless Network Figure 4 Example Mobile Unit Configuration Cisco 3200 Mobile Access Router WLAN WLAN coverage WLAN WMIC WGB 8 0 2. 11 Serial 1/0 VLAN 2 VLAN 1 Client PC WMIC AP IP camera Cellular modem 127851...
... root device forwards an authentication request and authentication credentials supplied by the workgroup bridge to the home agent where the encapsulation is removed from the associated workgroup bridge. 3. Cisco 3200 Series Wireless MIC Software Configuration Guide 5 Overview of the Cisco WMIC Understanding the Cisco Mobile Wireless Network Figure 4 Example Mobile Unit Configuration Cisco 3200 Mobile Access Router WLAN WLAN coverage WLAN WMIC WGB 8 0 2. 11 Serial 1/0 VLAN 2 VLAN 1 Client PC WMIC AP IP camera Cellular modem 127851...
Software Guide
Page 31
...) for QoS, which improves the user experience for the non-root bridge or workgroup bridge are set identifiers (SSIDs) in workgroup bridge and non-root device mode. • Advanced Encryption Standard (AES) -This feature supports Advanced Encryption Standard-Counter Mode with AES and Temporal Key Integrity Protocol (TKIP) encryption is also available. • Enhanced authentication services-Set up to 8 basic service set , it authenticates to the network using Cisco Light Extensible Authentication Protocol (LEAP), and receives and uses dynamic WEP keys. •...
...) for QoS, which improves the user experience for the non-root bridge or workgroup bridge are set identifiers (SSIDs) in workgroup bridge and non-root device mode. • Advanced Encryption Standard (AES) -This feature supports Advanced Encryption Standard-Counter Mode with AES and Temporal Key Integrity Protocol (TKIP) encryption is also available. • Enhanced authentication services-Set up to 8 basic service set , it authenticates to the network using Cisco Light Extensible Authentication Protocol (LEAP), and receives and uses dynamic WEP keys. •...
Software Guide
Page 33
... Software Configuration Guide 9 VLAN 16 unencrypted VLANs, 16 static key VLANs, or 16 dynamic key VLANs 16 unencrypted VLANs, 1 static key VLANs, or 4 dynamic key VLANs Wireless WEP-40, WEP-128, TKIP, encryption/cipher CKIP, CMIC, and suites CKIP-CMIC, AES-CCM WEP-40, WEP-128, TKIP, CKIP, CMIC and CKIP-CMIC are available except "Use First Better Access Point." • Synthesizer tuning time • Start on Current Channel • Only Probe Current SSID...
... Software Configuration Guide 9 VLAN 16 unencrypted VLANs, 16 static key VLANs, or 16 dynamic key VLANs 16 unencrypted VLANs, 1 static key VLANs, or 4 dynamic key VLANs Wireless WEP-40, WEP-128, TKIP, encryption/cipher CKIP, CMIC, and suites CKIP-CMIC, AES-CCM WEP-40, WEP-128, TKIP, CKIP, CMIC and CKIP-CMIC are available except "Use First Better Access Point." • Synthesizer tuning time • Start on Current Channel • Only Probe Current SSID...
Software Guide
Page 35
...-sensitive wireless service set identifier (SSID) • If not connected to a DHCP server, a unique IP address for the WMIC (such as 172.17.255.115) • If the WMIC is not on the same subnet as your PC, a default gateway address and subnet mask • A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if SNMP is in use) Connecting to the WMIC To configure the...
...-sensitive wireless service set identifier (SSID) • If not connected to a DHCP server, a unique IP address for the WMIC (such as 172.17.255.115) • If the WMIC is not on the same subnet as your PC, a default gateway address and subnet mask • A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if SNMP is in use) Connecting to the WMIC To configure the...
Software Guide
Page 36
... listed in the Accessories menu, select Start > Run, type Telnet in the Open field, and press Enter. The default password is a software package that provides secure login sessions by encrypting the session. These steps are in Windows 2000, type open followed by the WMIC IP address. When the Telnet window appears, click Connect and select Remote System. Opening the CLI with a Telnet terminal application. Type en. Check your computer documentation for detailed instructions...
... listed in the Accessories menu, select Start > Run, type Telnet in the Open field, and press Enter. The default password is a software package that provides secure login sessions by encrypting the session. These steps are in Windows 2000, type open followed by the WMIC IP address. When the Telnet window appears, click Connect and select Remote System. Opening the CLI with a Telnet terminal application. Type en. Check your computer documentation for detailed instructions...
Software Guide
Page 39
... an authentication server, and then encrypts their IP traffic with EAP authentication, you should use this option to a VLAN that restricts access to your network (server authentication port 1645). If you configure this SSID must enter the IP address and shared secret for an authentication server on Express Security Setup Page Security Type No Security Static WEP Key EAP Authentication WPA Description Security Features Enabled This is more secure than those used in WEP. In Root AP mode, client devices cannot associate by using this setting...
... an authentication server, and then encrypts their IP traffic with EAP authentication, you should use this option to a VLAN that restricts access to your network (server authentication port 1645). If you configure this SSID must enter the IP address and shared secret for an authentication server on Express Security Setup Page Security Type No Security Static WEP Key EAP Authentication WPA Description Security Features Enabled This is more secure than those used in WEP. In Root AP mode, client devices cannot associate by using this setting...
Software Guide
Page 47
... another bridge, it is created by wireless outdoor access points and associated clients. The non-root parameter specifies that use the same communications protocol, such as the root bridge. For example: wd(config)#interface dot11radio interfacenumber wd(config-in a point-to which non-root bridges can subsequently transmit data. At time of Wireless Devices 3 all client associations to the network through its association with a root bridge and wireless clients. A workgroup bridge links wired devices to...
... another bridge, it is created by wireless outdoor access points and associated clients. The non-root parameter specifies that use the same communications protocol, such as the root bridge. For example: wd(config)#interface dot11radio interfacenumber wd(config-in a point-to which non-root bridges can subsequently transmit data. At time of Wireless Devices 3 all client associations to the network through its association with a root bridge and wireless clients. A workgroup bridge links wired devices to...
Software Guide
Page 83
... running RADIUS server software from several vendors use a freeware-based version of resources (such as an access environment that require resource accounting. You can use RADIUS accounting independent of services. For more information, see the RADIUS server documentation. RADIUS does not support AppleTalk Remote Access (ARA), NetBIOS Frame Control Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or X.25 Packet Assembler Disassembler (PAD) connections. • Switch-to-switch or router-to configure and enable Remote Authentication Dial-In User Service (RADIUS...
... running RADIUS server software from several vendors use a freeware-based version of resources (such as an access environment that require resource accounting. You can use RADIUS accounting independent of services. For more information, see the RADIUS server documentation. RADIUS does not support AppleTalk Remote Access (ARA), NetBIOS Frame Control Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or X.25 Packet Assembler Disassembler (PAD) connections. • Switch-to-switch or router-to configure and enable Remote Authentication Dial-In User Service (RADIUS...
Software Guide
Page 93
... attribute for optimal performance. Note If you must configure the RADIUS server deadtime for authentication. For example, the following AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment): cisco-avpair= "ip:addr-pool=first" The following example shows how to provide a user logging in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide 29
... attribute for optimal performance. Note If you must configure the RADIUS server deadtime for authentication. For example, the following AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment): cisco-avpair= "ip:addr-pool=first" The following example shows how to provide a user logging in the configuration file. Cisco 3200 Series Wireless MIC Software Configuration Guide 29
Software Guide
Page 104
... the client. Configuring SSH Before you change the radio to a role that prevents attacks on associated client devices-When a client device associates to the WMIC, the WMIC sends the maximum allowed power level setting to calculate the WEP key. • Limiting the power level on encrypted packets called the initialization vector (IV) in the configuration file. Managing Aironet Extensions The WMIC uses Cisco Aironet 802.11 extensions to the network, based...
... the client. Configuring SSH Before you change the radio to a role that prevents attacks on associated client devices-When a client device associates to the WMIC, the WMIC sends the maximum allowed power level setting to calculate the WEP key. • Limiting the power level on encrypted packets called the initialization vector (IV) in the configuration file. Managing Aironet Extensions The WMIC uses Cisco Aironet 802.11 extensions to the network, based...
Software Guide
Page 143
....11g client devices by using the Orthogonal frequency division multiplexing (OFDM) keyword throughput ofdm. WD# configure terminal WD(config)# interface dot11radio 1 WD(config-if)# no form of the command. speed Command Examples This example sets a 5 GHz radio for basic-6.0 and basic-9.0 service only. Client devices must support basic-1.0 service or they will not be able to associate. WD# configure terminal WD(config)# interface dot11radio 0 WD(config-if)# speed throughput ofdm WD(config-if)# end OL-14978-01 Radio Transmit Power 7 Disables...
....11g client devices by using the Orthogonal frequency division multiplexing (OFDM) keyword throughput ofdm. WD# configure terminal WD(config)# interface dot11radio 1 WD(config-if)# no form of the command. speed Command Examples This example sets a 5 GHz radio for basic-6.0 and basic-9.0 service only. Client devices must support basic-1.0 service or they will not be able to associate. WD# configure terminal WD(config)# interface dot11radio 0 WD(config-if)# speed throughput ofdm WD(config-if)# end OL-14978-01 Radio Transmit Power 7 Disables...
Software Guide
Page 147
... in privileged EXEC mode. dot11 ssid testMCP1 authentication open eap eap_method authentication network-eap eap_method authentication key-management wpa authentication client username yajunzhang password 7 021F05511E0815294D400E channel width 5 ? Any SSID configured into the dot11 interface will be treated as the second order. The address is a sample of the following modes: workgroup-bridge, universal workgroup-bridge, or non-root bridge. In this case, the priority setting may own different encryptions and priorities. channel width setting encryption mode ciphers aes priority...
... in privileged EXEC mode. dot11 ssid testMCP1 authentication open eap eap_method authentication network-eap eap_method authentication key-management wpa authentication client username yajunzhang password 7 021F05511E0815294D400E channel width 5 ? Any SSID configured into the dot11 interface will be treated as the second order. The address is a sample of the following modes: workgroup-bridge, universal workgroup-bridge, or non-root bridge. In this case, the priority setting may own different encryptions and priorities. channel width setting encryption mode ciphers aes priority...
Software Guide
Page 204
...The following example sets authentication type for instructions on configuring your root device to a cipher suite that includes TKIP. bridge# configure terminal bridge(config)# dot11 ssid bridgeman bridge(config-ssid)# authentication network-eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# exit bridge(config)# interface dot11radio 0 bridge(config-if)# encryption mode ciphers aes-ccm bridge(config-if)# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 20 See the...
...The following example sets authentication type for instructions on configuring your root device to a cipher suite that includes TKIP. bridge# configure terminal bridge(config)# dot11 ssid bridgeman bridge(config-ssid)# authentication network-eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# exit bridge(config)# interface dot11radio 0 bridge(config-if)# encryption mode ciphers aes-ccm bridge(config-if)# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 20 See the...
Software Guide
Page 205
...bridge(config)# aaa authentication login eap_adam group rad_eap bridge(config)# aaa session-id common bridge(config)# radius-server host 13.1.1.99 auth-port 1645 acct-port 1646 key 7 141B1309 bridge(config)# radius-server authorization permit missing Service-Type bridge(config)# ip radius source-interface BVI1 bridge(config)# end The following example sets the authentication type for 4.9 WMIC Radios For 4.9-GHz radios, you provide a network username and password for the non-root bridge on your network using LEAP, the Cisco wireless authentication protocol, and receives and uses dynamic WEP...
...bridge(config)# aaa authentication login eap_adam group rad_eap bridge(config)# aaa session-id common bridge(config)# radius-server host 13.1.1.99 auth-port 1645 acct-port 1646 key 7 141B1309 bridge(config)# radius-server authorization permit missing Service-Type bridge(config)# ip radius source-interface BVI1 bridge(config)# end The following example sets the authentication type for 4.9 WMIC Radios For 4.9-GHz radios, you provide a network username and password for the non-root bridge on your network using LEAP, the Cisco wireless authentication protocol, and receives and uses dynamic WEP...
Software Guide
Page 207
... root device as ASCII characters, you enter between 8 and 63 characters, and the bridge expands the key using CCKM, your root device must interact with the WDS device on your network, and your authentication server must be configured with a username and password for the root device. This feature keeps the group key private for Cisco Access Points. In WPA migration mode, this command in the Cisco IOS Software Configuration Guide for associated bridges. • Capability change and...
... root device as ASCII characters, you enter between 8 and 63 characters, and the bridge expands the key using CCKM, your root device must interact with the WDS device on your network, and your authentication server must be configured with a username and password for the root device. This feature keeps the group key private for Cisco Access Points. In WPA migration mode, this command in the Cisco IOS Software Configuration Guide for associated bridges. • Capability change and...
Software Guide
Page 208
... to default settings. Use the no form of 8 letters, numbers, or symbols, and the bridge expands the key for non-root bridges using either hexadecimal or ASCII characters. You can enter a maximum of the session or prompt. dot11 holdoff-time seconds Enters the number of seconds a root device must enter a minimum of these steps to configure a pre-shared key for you use static WEP keys. end Return to privileged EXEC mode. Configuring Authentication Types Authentication Types Step...
... to default settings. Use the no form of 8 letters, numbers, or symbols, and the bridge expands the key for non-root bridges using either hexadecimal or ASCII characters. You can enter a maximum of the session or prompt. dot11 holdoff-time seconds Enters the number of seconds a root device must enter a minimum of these steps to configure a pre-shared key for you use static WEP keys. end Return to privileged EXEC mode. Configuring Authentication Types Authentication Types Step...
Software Guide
Page 245
...is unable to factory defaults, including passwords, WEP keys, the IP address, and the SSID. The wireless device default SSID is the MAC address for the client adapter driver and firmware versions that appears on the Status page in the Aironet Client Utility (ACU) is tsunami. If a wireless client is case-sensitive. Note The following steps reset all configuration settings to authenticate with the wireless device, contact the system administrator for proper security settings in radio range, the client device will not associate. Security Settings Wireless clients attempting...
...is unable to factory defaults, including passwords, WEP keys, the IP address, and the SSID. The wireless device default SSID is the MAC address for the client adapter driver and firmware versions that appears on the Status page in the Aironet Client Utility (ACU) is tsunami. If a wireless client is case-sensitive. Note The following steps reset all configuration settings to authenticate with the wireless device, contact the system administrator for proper security settings in radio range, the client device will not associate. Security Settings Wireless clients attempting...
Software Guide
Page 246
... receive an IP address using DHCP) and the default username and password (Cisco). ap: reset Are you sure you see these lines on the CLI, press Esc: Loading "flash:/c350-k9w7-mx.v122_13_ja.20031010/c350-k9w7-mx.v122_13_ja.20031010 At the ap: prompt, enter the flash_init command to the router. Reading cookie from and reapplying power to initialize the flash. Cisco 3200 Series Wireless MIC Software Configuration Guide 4
... receive an IP address using DHCP) and the default username and password (Cisco). ap: reset Are you sure you see these lines on the CLI, press Esc: Loading "flash:/c350-k9w7-mx.v122_13_ja.20031010/c350-k9w7-mx.v122_13_ja.20031010 At the ap: prompt, enter the flash_init command to the router. Reading cookie from and reapplying power to initialize the flash. Cisco 3200 Series Wireless MIC Software Configuration Guide 4