EasyManua.ls Logo

Cisco 4400 Series User Manual

Cisco 4400 Series
796 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #670 background imageLoading...
Page #670 background image
13-22
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 13 Configuring Hybrid REAPWireless Device Access
Configuring Hybrid-REAP Groups
Using the CLI to Configure Hybrid-REAP Groups
Follow these steps to configure hybrid-REAP groups using the controller CLI.
Step 1 To add or delete a hybrid-REAP group, enter this command:
config hreap group group_name {add | delete}
Step 2 To configure a primary or secondary RADIUS server for the hybrid-REAP group, enter this command:
config hreap group group_name radius server {add | delete} {primary | secondary} server_index
Step 3 To add an access point to the hybrid-REAP group, enter this command:
config hreap group group_name ap {add | delete} ap_mac
Step 4 To configure local authentication for a hybrid-REAP group, follow these steps:
a. Make sure that a primary and secondary RADIUS server are not configured for the hybrid-REAP
group.
b. To enable or disable local authentication for this hybrid-REAP group, enter this command:
config hreap group group_name radius ap {enable | disable}
c. To enter the username and password of a client that you want to be able to authenticate using LEAP
or EAP-FAST, enter this command:
config hreap group group_name radius ap user add username password password
Note You can add up to 100 clients.
d. To allow a hybrid-REAP access point to authenticate clients using LEAP or to disable this behavior,
enter this command:
config hreap group group_name radius ap leap {enable | disable}
e. To allow a hybrid-REAP access point to authenticate clients using EAP-FAST or to disable this
behavior, enter this command:
config hreap group group_name radius ap eap-fast {enable | disable}
f. Enter one of the following commands, depending on how you want PACs to be provisioned:
config hreap group group_name radius ap server-key key—Specifies the server key used to
encrypt and decrypt PACs. The key must be 32 hexadecimal characters.
config hreap group group_name radius ap server-key autoAllows PACs to be sent
automatically to clients that do not have one during PAC provisioning.
g. To specify the authority identifier of the EAP-FAST server, enter this command:
config hreap group group_name radius ap authority id id
where id is 32 hexadecimal characters.
h. To specify the authority identifier of the EAP-FAST server in text format, enter this command:
config hreap group group_name radius ap authority info info
where info is up to 32 hexadecimal characters.

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Cisco 4400 Series and is the answer not in the manual?

Cisco 4400 Series Specifications

General IconGeneral
Product TypeWireless LAN Controller
ManageableYes
Management PortYes
Power over Ethernet (PoE)No
Operating Temperature32 to 104°F (0 to 40°C)
SecurityWPA, WPA2, 802.1X, AES, TKIP
Power SupplyAC Power Supply
Wireless LAN StandardIEEE 802.11a/b/g/n
Form FactorRack-mountable
RedundancyYes
Operating Humidity10% to 90% non-condensing

Summary

CHAPTER 1 Overview

Cisco Unified Wireless Network Solution Overview

Operating System Software

Operating System Security

Explains the Layer 1, 2, and 3 security components and policies.

Layer 2 and Layer 3 Operation

Cisco Wireless LAN Controllers

Controller Platforms

Cisco UWN Solution WLANs

Identity Networking

Describes how to apply parameters to clients based on their profile.

Startup Wizard

Cisco Wireless LAN Controller Failover Protection

Describes how access points associate with backup controllers if the primary fails.

CHAPTER 2 Using the Web-Browser and CLI Interfaces

Using the Web-Browser Interface

Describes the GUI for configuring parameters and monitoring status.

Using the CLI

Explains how to use the text-based interface for configuration and monitoring.

Enabling Wireless Connections to the Web-Browser and CLI Interfaces

CHAPTER 3 Configuring Ports and Interfaces

Configuring the Management, AP-Manager, Virtual, and Service-Port Interfaces

Details how to configure controller interfaces.

Configuring Dynamic Interfaces

Configuring Ports

CHAPTER 4 Configuring Controller SettingsWireless Device Access

Using the Configuration Wizard

Describes configuring basic settings for the first time or after a reset.

Using the AutoInstall Feature for Controllers Without a Configuration

Configuring 802.11 Bands

Configuring 802.11n Parameters

Configuring DHCP Proxy

Explains enabling/disabling DHCP proxy globally or per WLAN.

Configuring Administrator Usernames and Passwords

Instructions for setting admin credentials to prevent unauthorized access.

Configuring Client Roaming

Configuring IP-MAC Address Binding

Enforces strict IP-to-MAC binding in client packets.

Configuring Quality of Service

Explains providing better service for selected network traffic.

Configuring Voice and Video Parameters

CHAPTER 5 Configuring Security Solutions

Cisco UWN Solution Security

Includes overview, Layer 1, 2, 3, and integrated security solutions.

Configuring RADIUS

Explains RADIUS as a client/server protocol for centralized security.

Configuring TACACS+

Details TACACS+ as a protocol for centralized security.

Configuring Local Network Users

Explains adding local users to the controller database.

Configuring LDAP

Describes configuring LDAP server as a backend database.

Configuring Local EAP

Explains local EAP authentication for users and clients.

Configuring and Applying Access Control Lists

Explains rules to limit interface access.

Configuring Management Frame Protection

Provides security for unprotected 802.11 management messages.

Configuring Client Exclusion Policies

Configuring Identity Networking

Describes how to apply policies based on user profiles.

Managing Rogue Devices

Describes security solutions for rogue devices.

Configuring IDS

Explains configuring intrusion detection system sensors and signatures.

Configuring wIPS

Details the adaptive wireless intrusion prevention system.

Detecting Active Exploits

CHAPTER 6 Configuring WLANsWireless Device Access

WLAN Overview

Describes controlling up to 512 WLANs and AP groups.

Configuring WLANs

Lists sections on creating WLANs, DHCP, security, QoS, etc.

CHAPTER 7 Controlling Lightweight Access Points

Access Point Communication Protocols

Configuring Global Credentials for Access Points

Details setting global username/password for APs.

Configuring Authentication for Access Points

Explains 802.1X authentication between AP and switch.

Autonomous Access Points Converted to Lightweight Mode

Configuring Backup Controllers

Details configuring primary, secondary, tertiary controllers for APs.

Configuring Failover Priority for Access Points

Explains assigning priorities for AP failover.

Dynamic Frequency Selection

CHAPTER 8 Controlling Mesh Access Points

Cisco Aironet Mesh Access Points

Architecture Overview

Adding Mesh Access Points to the Mesh Network

Details connecting APs to the controller and managing settings.

Configuring Advanced Features

Converting Indoor Access Points to Mesh Access Points (1130AG, 1240AG)

CHAPTER 9 Managing Controller Software and Configurations

Upgrading Controller Software

Details the process and guidelines for upgrading controller software.

Transferring Files to and from a Controller

Explains uploading/downloading device certificates, CA certificates, PACs, and config files.

Saving Configurations

Editing Configuration Files

Clearing the Controller Configuration

Steps to clear the active configuration in NVRAM.

Erasing the Controller Configuration

Steps to reset the controller configuration to default settings.

Resetting the Controller

Describes methods to reset the controller via CLI or console.

CHAPTER 10 Managing User Accounts

Creating Guest User Accounts

Explains creating lobby administrator and guest user accounts.

Web Authentication Process

Describes the web authentication process and security alerts.

Choosing the Web Authentication Login Page

Provides instructions for specifying the content and appearance of the login page.

Configuring Wired Guest Access

Details configuring wired guest access on a network.

CHAPTER 11 Configuring Radio Resource ManagementWireless Device Access

Overview of Radio Resource Management

Explains RRM software's role in RF management.

Overview of RF Groups

Configuring an RF Group

Instructions for configuring RF groups via GUI or CLI.

Configuring RRM

Details how to modify RRM configuration parameters.

Overriding RRM

Enabling Rogue Access Point Detection in RF Groups

Configures APs to detect rogue APs within RF groups.

CHAPTER 12 Configuring Mobility GroupsWireless Device Access

Overview of Mobility Groups

Configuring Mobility Groups

Provides instructions for configuring mobility groups via GUI or CLI.

Configuring Auto-Anchor Mobility

CHAPTER 13 Configuring Hybrid REAPWireless Device Access

Overview of Hybrid REAP

Configuring Hybrid REAP

Provides instructions for configuring Hybrid REAP on controllers and APs.

Configuring Hybrid-REAP Groups

APPENDIX A Safety Considerations and Translated Safety Warnings

Safety Considerations

General guidelines for installing Cisco UWN Solution products.

Warning Definition

Explains the meaning of warning symbols and safety instructions.

Ground Conductor Warning

Chassis Warning for Rack-Mounting and Servicing

Battery Handling Warning for 4400 Series Controllers

Equipment Installation Warning

APPENDIX D Troubleshooting

Interpreting LEDs

System Messages

Using the CLI to Troubleshoot Problems

Provides CLI commands for gathering information and debugging.

Configuring System and Message Logging

Uploading Logs and Crash Files

Uploading Core Dumps from the Controller

Monitoring Memory Leaks

Troubleshooting CCXv5 Client Devices

Using the Debug Facility

Related product manuals