Software Guide
Page 5
...5-2 Setting or Changing a Static Enable Password 5-3 Protecting Enable and Enable Secret Passwords with Encryption 5-4 Configuring Username and Password Pairs 5-5 Configuring Multiple Privilege Levels 5-6 Setting the Privilege Level for a Command 5-6 Logging Into and Exiting a Privilege Level 5-7 Controlling Bridge Access with RADIUS 5-7 Default RADIUS Configuration 5-8 Configuring RADIUS Login Authentication 5-8 Defining AAA Server Groups 5-9 Configuring RADIUS Authorization for User Privileged Access and Network Services 5-11 Displaying the RADIUS Configuration 5-12 Controlling Bridge Access...
...5-2 Setting or Changing a Static Enable Password 5-3 Protecting Enable and Enable Secret Passwords with Encryption 5-4 Configuring Username and Password Pairs 5-5 Configuring Multiple Privilege Levels 5-6 Setting the Privilege Level for a Command 5-6 Logging Into and Exiting a Privilege Level 5-7 Controlling Bridge Access with RADIUS 5-7 Default RADIUS Configuration 5-8 Configuring RADIUS Login Authentication 5-8 Defining AAA Server Groups 5-9 Configuring RADIUS Authorization for User Privileged Access and Network Services 5-11 Displaying the RADIUS Configuration 5-12 Controlling Bridge Access...
Software Guide
Page 9
...CW-min and CW-max Settings for Point-to-Point and Point-to-Multipoint Bridge Links 13-9 QoS Configuration Examples 13-10 Giving Priority to Voice Traffic 13-10 Giving Priority to Video Traffic 13-12 Configuring Filters 14-1 Understanding Filters 14-2 Configuring Filters Using the CLI 14-2 Configuring Filters Using the Web-Browser Interface 14-2 Configuring and Enabling MAC Address Filters 14-3 Creating a MAC Address Filter 14-4 Configuring and Enabling IP Filters 14-5 Creating an IP Filter 14-7 Configuring and Enabling Ethertype Filters 14-8 Creating an Ethertype Filter 14-9 Configuring CDP 15...
...CW-min and CW-max Settings for Point-to-Point and Point-to-Multipoint Bridge Links 13-9 QoS Configuration Examples 13-10 Giving Priority to Voice Traffic 13-10 Giving Priority to Video Traffic 13-12 Configuring Filters 14-1 Understanding Filters 14-2 Configuring Filters Using the CLI 14-2 Configuring Filters Using the Web-Browser Interface 14-2 Configuring and Enabling MAC Address Filters 14-3 Creating a MAC Address Filter 14-4 Configuring and Enabling IP Filters 14-5 Creating an IP Filter 14-7 Configuring and Enabling Ethertype Filters 14-8 Creating an Ethertype Filter 14-9 Configuring CDP 15...
Software Guide
Page 13
... command-line interface (CLI) to configure basic settings on the web-based interface pages. This guide does not provide field-level descriptions of the bridge and describes the bridge's role in your bridge. For information about these chapters: Chapter 1, "Overview," lists the software and hardware features of the web-based windows nor does it provide the procedures for the networking professional who installs and manages Cisco Aironet 1400 Series Bridges. On the Cisco Product Documentation...
... command-line interface (CLI) to configure basic settings on the web-based interface pages. This guide does not provide field-level descriptions of the bridge and describes the bridge's role in your bridge. For information about these chapters: Chapter 1, "Overview," lists the software and hardware features of the web-based windows nor does it provide the procedures for the networking professional who installs and manages Cisco Aironet 1400 Series Bridges. On the Cisco Product Documentation...
Software Guide
Page 14
... C, "Supported MIBs," lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that runs on your bridge. Client devices use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation. Chapter 14, "Configuring Filters," describes how to configure and manage MAC address, IP, and Ethertype filters on your bridge. Chapter 15, "Configuring CDP," describes how to configure Cisco Discovery Protocol (CDP) on the bridge using the web-browser interface. Appendix A, "Channels...
... C, "Supported MIBs," lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that runs on your bridge. Client devices use authenticated key management, Wired Equivalent Privacy (WEP), and WEP features including MIC, CMIC, TKIP, CKIP, and broadcast key rotation. Chapter 14, "Configuring Filters," describes how to configure and manage MAC address, IP, and Ethertype filters on your bridge. Chapter 15, "Configuring CDP," describes how to configure Cisco Discovery Protocol (CDP) on the bridge using the web-browser interface. Appendix A, "Channels...
Software Guide
Page 20
...gain access to your bridge. • Enhanced security-Enable three advanced security features to protect against sophisticated attacks on your network. • TACACS+ adminstrator authentication-Enable TACACS+ for server-based, detailed accounting information and flexible administrative control over authentication and authorization processes. Chapter 4, "Using the Command-Line Interface," provides a detailed description of the CLI. • A web-browser interface, which you provide a network username and password for SNMP management. Cisco Aironet 1400 Series Wireless Bridges Software...
...gain access to your bridge. • Enhanced security-Enable three advanced security features to protect against sophisticated attacks on your network. • TACACS+ adminstrator authentication-Enable TACACS+ for server-based, detailed accounting information and flexible administrative control over authentication and authorization processes. Chapter 4, "Using the Command-Line Interface," provides a detailed description of the CLI. • A web-browser interface, which you provide a network username and password for SNMP management. Cisco Aironet 1400 Series Wireless Bridges Software...
Software Guide
Page 26
.... Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 2-2 OL-4059-01 Wait until the Status LED on the power injector turns amber (approximately 3 to factory default settings using the web-browser interface: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Open your PC, a default gateway address and subnet mask • A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if SNMP is configured with a static IP address, the IP address does not change. Click the Reset to Default Settings If you reconnect the power cable. You...
.... Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 2-2 OL-4059-01 Wait until the Status LED on the power injector turns amber (approximately 3 to factory default settings using the web-browser interface: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Open your PC, a default gateway address and subnet mask • A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if SNMP is configured with a static IP address, the IP address does not change. Click the Reset to Default Settings If you reconnect the power cable. You...
Software Guide
Page 31
... or group of the SNMP data (also provided by unplugging the power cable from the power injector and plugging it back in Beacon-Use this manual for the information you select Range, the bridge sets the 6-Mbps rate to basic and the other . • Broadcast SSID in while holding down the power injector Mode button for a few seconds, or until the power injector Status LED turns amber. it is enabled...
... or group of the SNMP data (also provided by unplugging the power cable from the power injector and plugging it back in Beacon-Use this manual for the information you select Range, the bridge sets the 6-Mbps rate to basic and the other . • Broadcast SSID in while holding down the power injector Mode button for a few seconds, or until the power injector Status LED turns amber. it is enabled...
Software Guide
Page 37
...Interface, page 3-2 • Using Online Help, page 3-5 The web-browser interface contains management pages that you use to change bridge settings, upgrade firmware, and monitor and configure other wireless devices on the network. It contains these browsers: Microsoft Internet Explorer versions 5.0, 5.01, 5.5 and 6.0; CH A P T E R 3 Using the Web-Browser Interface This chapter describes the web-browser interface that you can use to configure the bridge. and Netscape Navigator versions 4.79 and 7.0. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration...
...Interface, page 3-2 • Using Online Help, page 3-5 The web-browser interface contains management pages that you use to change bridge settings, upgrade firmware, and monitor and configure other wireless devices on the network. It contains these browsers: Microsoft Internet Explorer versions 5.0, 5.01, 5.5 and 6.0; CH A P T E R 3 Using the Web-Browser Interface This chapter describes the web-browser interface that you can use to configure the bridge. and Netscape Navigator versions 4.79 and 7.0. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration...
Software Guide
Page 55
... file. The password is Cisco. Default password is written to the configuration file. Define a new password or change a static enable password: Step 1 Step 2 Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enter Crtl-V. 3. you create the password; Setting or Changing a Static Enable Password The enable password controls access to privileged EXEC mode. When the system prompts you need not precede the question mark with a number, is not...
... file. The password is Cisco. Default password is written to the configuration file. Define a new password or change a static enable password: Step 1 Step 2 Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enter Crtl-V. 3. you create the password; Setting or Changing a Static Enable Password The enable password controls access to privileged EXEC mode. When the system prompts you need not precede the question mark with a number, is not...
Software Guide
Page 58
Configuring Multiple Privilege Levels By default, the IOS software has two modes of password security: user EXEC and privileged EXEC. For example, if you want to restrict access. Set the privilege level for a command. • For mode, enter configure for global configuration mode, exec for EXEC mode, interface for interface configuration mode, or line for normal user EXEC mode privileges. Level 1 is for line configuration mode. • For level, the range is the level of access permitted by the enable password. • For...
Configuring Multiple Privilege Levels By default, the IOS software has two modes of password security: user EXEC and privileged EXEC. For example, if you want to restrict access. Set the privilege level for a command. • For mode, enter configure for global configuration mode, exec for EXEC mode, interface for interface configuration mode, or line for normal user EXEC mode privileges. Level 1 is for line configuration mode. • For level, the range is the level of access permitted by the enable password. • For...
Software Guide
Page 70
... (that device through NTP. Managing the System Time and Date Chapter 5 Administering the Bridge • User show commands • Logging and debugging messages The system clock determines time internally based on Universal Time Coordinated (UTC), also known as well. 5-18 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL-4059-01 The communications between each device can configure information about the local time zone and summer time (daylight saving time) so...
... (that device through NTP. Managing the System Time and Date Chapter 5 Administering the Bridge • User show commands • Logging and debugging messages The system clock determines time internally based on Universal Time Coordinated (UTC), also known as well. 5-18 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL-4059-01 The communications between each device can configure information about the local time zone and summer time (daylight saving time) so...
Software Guide
Page 77
... bridge(config)# access-list 99 permit 172.20.130.5 bridge(config)# access list 42 permit 172.20.130.6 Disabling NTP Services on a Specific Interface NTP services are enabled on an interface, use the no ntp access-group {query-only | serve-only | serve | peer} global configuration command. This example shows how to configure the bridge to disable NTP packets from being received on the interface. By default, all NTP packets. Beginning in the configuration file. To remove access control to the address of NTP packets on all access types are granted. Use...
... bridge(config)# access-list 99 permit 172.20.130.5 bridge(config)# access list 42 permit 172.20.130.6 Disabling NTP Services on a Specific Interface NTP services are enabled on an interface, use the no ntp access-group {query-only | serve-only | serve | peer} global configuration command. This example shows how to configure the bridge to disable NTP packets from being received on the interface. By default, all NTP packets. Beginning in the configuration file. To remove access control to the address of NTP packets on all access types are granted. Use...
Software Guide
Page 106
... LAN segment. The bridge priority value occupies the most significant bits of time the bridge stores protocol information received on an interface. Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 8-4 OL-4059-01 Understanding Spanning Tree Protocol Chapter 8 Configuring Spanning Tree Protocol Election of the Spanning-Tree Root All bridges in the Layer 2 network participating in STP gather information about the sending bridge and its ports, including bridge and MAC addresses, bridge priority, port...
... LAN segment. The bridge priority value occupies the most significant bits of time the bridge stores protocol information received on an interface. Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 8-4 OL-4059-01 Understanding Spanning Tree Protocol Chapter 8 Configuring Spanning Tree Protocol Election of the Spanning-Tree Root All bridges in the Layer 2 network participating in STP gather information about the sending bridge and its ports, including bridge and MAC addresses, bridge priority, port...
Software Guide
Page 170
... 5 Command Purpose configure terminal Enter global configuration mode. Use the values in Table 13-2 to enter settings that applies voice class of the command to reset the setting to defaults. Concatenation is enabled, you can apply a QoS policy to wireless phone traffic. copy running-config startup-config (Optional) Save your wireless network's voice VLAN to give priority to your entries in the configuration file. QoS Configuration Examples These sections describe two common uses for QoS: • Giving Priority to Voice Traffic, page...
... 5 Command Purpose configure terminal Enter global configuration mode. Use the values in Table 13-2 to enter settings that applies voice class of the command to reset the setting to defaults. Concatenation is enabled, you can apply a QoS policy to wireless phone traffic. copy running-config startup-config (Optional) Save your wireless network's voice VLAN to give priority to your entries in the configuration file. QoS Configuration Examples These sections describe two common uses for QoS: • Giving Priority to Voice Traffic, page...
Software Guide
Page 174
...example, an SNMP filter on the bridge's radio port prevents SNMP access through the bridge's Ethernet and radio ports. IP address and MAC address filters allow the use access control lists (ACLs) and bridge groups. Refer to specific IP or MAC addresses. Enable the filter using the web-browser interface or by entering commands in the CLI. Tip You can set up and enabling three filter types: • Configuring and Enabling MAC Address Filters, page 14-3 • Configuring and Enabling IP Filters, page 14-5 • Configuring and Enabling Ethertype Filters, page 14-8 14-2 Cisco...
...example, an SNMP filter on the bridge's radio port prevents SNMP access through the bridge's Ethernet and radio ports. IP address and MAC address filters allow the use access control lists (ACLs) and bridge groups. Refer to specific IP or MAC addresses. Enable the filter using the web-browser interface or by entering commands in the CLI. Tip You can set up and enabling three filter types: • Configuring and Enabling MAC Address Filters, page 14-3 • Configuring and Enabling IP Filters, page 14-5 • Configuring and Enabling Ethertype Filters, page 14-8 14-2 Cisco...
Software Guide
Page 209
... of Flash memory. In this case, the resulting configuration file is used during system startup to several access points that have been set on a server, copy the configuration file directly to the startup configuration (by using the copy running configuration but not save the configuration by using the copy {ftp: | rcp: | tftp:} nvram:startup-config privileged EXEC command), and reload the bridge. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 17-9 For example...
... of Flash memory. In this case, the resulting configuration file is used during system startup to several access points that have been set on a server, copy the configuration file directly to the startup configuration (by using the copy running configuration but not save the configuration by using the copy {ftp: | rcp: | tftp:} nvram:startup-config privileged EXEC command), and reload the bridge. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 17-9 For example...
Software Guide
Page 213
... password password (Optional) Change the default password. or copy ftp:[[[//[username[:password]@]location]/directory] /filename] nvram:startup-config This example shows how to copy a configuration file named host1-confg from the netadmin1 directory on the remote server with Configuration Files Preparing to Download or Upload a Configuration File by Using FTP Before you begin downloading or uploading a configuration file by using the ping command. • If you are accessing the bridge through a Telnet session and you have a valid username, this username, create...
... password password (Optional) Change the default password. or copy ftp:[[[//[username[:password]@]location]/directory] /filename] nvram:startup-config This example shows how to copy a configuration file named host1-confg from the netadmin1 directory on the remote server with Configuration Files Preparing to Download or Upload a Configuration File by Using FTP Before you begin downloading or uploading a configuration file by using the ping command. • If you are accessing the bridge through a Telnet session and you have a valid username, this username, create...
Software Guide
Page 250
... on the wired Ethernet link, the bridge Ethernet link, and the bridge status. Radio not detected-contact technical support for assistance. Radio did not flash its firmware-contact technical support for assistance. Radio did not start-contact technical support for assistance. Upon successfully loading the IOS image, the bridge initializes and tests the radio. 19-4 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL-4059-01 This error might also indicate a problem with a long pause...
... on the wired Ethernet link, the bridge Ethernet link, and the bridge status. Radio not detected-contact technical support for assistance. Radio did not flash its firmware-contact technical support for assistance. Radio did not start-contact technical support for assistance. Upon successfully loading the IOS image, the bridge initializes and tests the radio. 19-4 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL-4059-01 This error might also indicate a problem with a long pause...
Software Guide
Page 255
... from an active Trivial File Transfer Protocol (TFTP) server on a PC connected directly to the power injector Ethernet port. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 19-9 Chapter 19 Troubleshooting Reloading the Bridge Image Using the Web Browser Interface Follow the steps below to delete the current configuration and return all configuration settings to factory defaults, including passwords, WEP keys, the bridge IP address, and SSIDs. Enter the bridge's IP address in the Password field and press...
... from an active Trivial File Transfer Protocol (TFTP) server on a PC connected directly to the power injector Ethernet port. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 19-9 Chapter 19 Troubleshooting Reloading the Bridge Image Using the Web Browser Interface Follow the steps below to delete the current configuration and return all configuration settings to factory defaults, including passwords, WEP keys, the bridge IP address, and SSIDs. Enter the bridge's IP address in the Password field and press...
Software Guide
Page 283
... services accessed by user 11-12 rate limit, logging 18-9 RCP configuration files downloading 17-16 overview 17-15 preparing the server 17-16 uploading 17-17 image files deleting old image 17-30 downloading 17-29 preparing the server 17-27 uploading 17-31 regulatory domains A-2 reloading bridge image 19-9 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP restricting access NTP services 5-23 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide...
... services accessed by user 11-12 rate limit, logging 18-9 RCP configuration files downloading 17-16 overview 17-15 preparing the server 17-16 uploading 17-17 image files deleting old image 17-30 downloading 17-29 preparing the server 17-27 uploading 17-31 regulatory domains A-2 reloading bridge image 19-9 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP restricting access NTP services 5-23 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide...