EasyManua.ls Logo

Cisco 4400 Series User Manual

Cisco 4400 Series
796 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #251 background imageLoading...
Page #251 background image
5-63
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring and Applying Access Control Lists
Step 4 Check the Web Policy check box.
Step 5 From the Preauthentication ACL drop-down box, choose the desired ACL and click Apply. None is the
default value.
Note See Chapter 6 for more information on configuring WLANs.
Step 6 Click Save Configuration to save your changes.
Using the CLI to Configure Access Control Lists
Follow these steps to configure ACLs using the controller CLI.
Step 1 To see all of the ACLs that are configured on the controller, enter this command:
show acl summary
Information similar to the following appears:
ACL Counter Status Enabled
-------------------------------------
ACL Name Applied
------------------------- -----------
acl1 Yes
acl2 Yes
acl3 Yes
Step 2 To see detailed information for a particular ACL, enter this command:
show acl detailed acl_name
Information similar to the following appears:
Source Destination Source Port Dest Port
I Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action Counter
- --- ------------------ ------------------ ---- ----------- -------- ----- ------ -------
1 Any 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 0 Deny 0
2 In 0.0.0.0/0.0.0.0 200.200.200.0/ 6 80-80 0-65535 Any Permit 0
255.255.255.0
DenyCounter : 0
The Counter field increments each time a packet matches an ACL rule, and the DenyCounter field
increments each time a packet does not match any of the rules.
Step 3 To enable or disable ACL counters for your controller, enter this command:
config acl counter {start | stop}
Note If you want to clear the current counters for an ACL, enter this command:
clear acl counters acl_name

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Cisco 4400 Series and is the answer not in the manual?

Cisco 4400 Series Specifications

General IconGeneral
Product TypeWireless LAN Controller
ManageableYes
Management PortYes
Power over Ethernet (PoE)No
Operating Temperature32 to 104°F (0 to 40°C)
SecurityWPA, WPA2, 802.1X, AES, TKIP
Power SupplyAC Power Supply
Wireless LAN StandardIEEE 802.11a/b/g/n
Form FactorRack-mountable
RedundancyYes
Operating Humidity10% to 90% non-condensing

Summary

CHAPTER 1 Overview

Cisco Unified Wireless Network Solution Overview

Operating System Software

Operating System Security

Explains the Layer 1, 2, and 3 security components and policies.

Layer 2 and Layer 3 Operation

Cisco Wireless LAN Controllers

Controller Platforms

Cisco UWN Solution WLANs

Identity Networking

Describes how to apply parameters to clients based on their profile.

Startup Wizard

Cisco Wireless LAN Controller Failover Protection

Describes how access points associate with backup controllers if the primary fails.

CHAPTER 2 Using the Web-Browser and CLI Interfaces

Using the Web-Browser Interface

Describes the GUI for configuring parameters and monitoring status.

Using the CLI

Explains how to use the text-based interface for configuration and monitoring.

Enabling Wireless Connections to the Web-Browser and CLI Interfaces

CHAPTER 3 Configuring Ports and Interfaces

Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces

Details how to configure controller interfaces.

Configuring Dynamic Interfaces

Configuring Ports

CHAPTER 4 Configuring Controller SettingsWireless Device Access

Using the Configuration Wizard

Describes configuring basic settings for the first time or after a reset.

Using the AutoInstall Feature for Controllers Without a Configuration

Configuring 802.11 Bands

Configuring 802.11n Parameters

Configuring DHCP Proxy

Explains enabling/disabling DHCP proxy globally or per WLAN.

Configuring Administrator Usernames and Passwords

Instructions for setting admin credentials to prevent unauthorized access.

Configuring Client Roaming

Configuring IP-MAC Address Binding

Enforces strict IP-to-MAC binding in client packets.

Configuring Quality of Service

Explains providing better service for selected network traffic.

Configuring Voice and Video Parameters

CHAPTER 5 Configuring Security Solutions

Cisco UWN Solution Security

Includes overview, Layer 1, 2, 3, and integrated security solutions.

Configuring RADIUS

Explains RADIUS as a client/server protocol for centralized security.

Configuring TACACS+

Details TACACS+ as a protocol for centralized security.

Configuring Local Network Users

Explains adding local users to the controller database.

Configuring LDAP

Describes configuring LDAP server as a backend database.

Configuring Local EAP

Explains local EAP authentication for users and clients.

Configuring and Applying Access Control Lists

Explains rules to limit interface access.

Configuring Management Frame Protection

Provides security for unprotected 802.11 management messages.

Configuring Client Exclusion Policies

Configuring Identity Networking

Describes how to apply policies based on user profiles.

Managing Rogue Devices

Describes security solutions for rogue devices.

Configuring IDS

Explains configuring intrusion detection system sensors and signatures.

Configuring wIPS

Details the adaptive wireless intrusion prevention system.

Detecting Active Exploits

CHAPTER 6 Configuring WLANsWireless Device Access

WLAN Overview

Describes controlling up to 512 WLANs and AP groups.

Configuring WLANs

Lists sections on creating WLANs, DHCP, security, QoS, etc.

CHAPTER 7 Controlling Lightweight Access Points

Access Point Communication Protocols

Configuring Global Credentials for Access Points

Details setting global username/password for APs.

Configuring Authentication for Access Points

Explains 802.1X authentication between AP and switch.

Autonomous Access Points Converted to Lightweight Mode

Configuring Backup Controllers

Details configuring primary, secondary, tertiary controllers for APs.

Configuring Failover Priority for Access Points

Explains assigning priorities for AP failover.

Dynamic Frequency Selection

CHAPTER 8 Controlling Mesh Access Points

Cisco Aironet Mesh Access Points

Architecture Overview

Adding Mesh Access Points to the Mesh Network

Details connecting APs to the controller and managing settings.

Configuring Advanced Features

Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)

CHAPTER 9 Managing Controller Software and Configurations

Upgrading Controller Software

Details the process and guidelines for upgrading controller software.

Transferring Files to and from a Controller

Explains uploading/downloading device certificates, CA certificates, PACs, and config files.

Saving Configurations

Editing Configuration Files

Clearing the Controller Configuration

Steps to clear the active configuration in NVRAM.

Erasing the Controller Configuration

Steps to reset the controller configuration to default settings.

Resetting the Controller

Describes methods to reset the controller via CLI or console.

CHAPTER 10 Managing User Accounts

Creating Guest User Accounts

Explains creating lobby administrator and guest user accounts.

Web Authentication Process

Describes the web authentication process and security alerts.

Choosing the Web Authentication Login Page

Provides instructions for specifying the content and appearance of the login page.

Configuring Wired Guest Access

Details configuring wired guest access on a network.

CHAPTER 11 Configuring Radio Resource ManagementWireless Device Access

Overview of Radio Resource Management

Explains RRM software's role in RF management.

Overview of RF Groups

Configuring an RF Group

Instructions for configuring RF groups via GUI or CLI.

Configuring RRM

Details how to modify RRM configuration parameters.

Overriding RRM

Enabling Rogue Access Point Detection in RF Groups

Configures APs to detect rogue APs within RF groups.

CHAPTER 12 Configuring Mobility GroupsWireless Device Access

Overview of Mobility Groups

Configuring Mobility Groups

Provides instructions for configuring mobility groups via GUI or CLI.

Configuring Auto-Anchor Mobility

CHAPTER 13 Configuring Hybrid REAPWireless Device Access

Overview of Hybrid REAP

Configuring Hybrid REAP

Provides instructions for configuring Hybrid REAP on controllers and APs.

Configuring Hybrid-REAP Groups

APPENDIX A Safety Considerations and Translated Safety Warnings

Safety Considerations

General guidelines for installing Cisco UWN Solution products.

Warning Definition

Explains the meaning of warning symbols and safety instructions.

Ground Conductor Warning

Chassis Warning for Rack-Mounting and Servicing

Battery Handling Warning for 4400 Series Controllers

Equipment Installation Warning

APPENDIX D Troubleshooting

Interpreting LEDs

System Messages

Using the CLI to Troubleshoot Problems

Provides CLI commands for gathering information and debugging.

Configuring System and Message Logging

Uploading Logs and Crash Files

Uploading Core Dumps from the Controller

Monitoring Memory Leaks

Troubleshooting CCXv5 Client Devices

Using the Debug Facility

Related product manuals