Cisco ISR User Manual

Explains how to configure the wireless device's radio network role and fallback role when the Ethernet port is disabled or disconnected.

Describes Universal Client Mode, where a radio acts as a wireless client, detailing its features and limitations for specific Cisco routers.

Provides detailed CLI steps to configure Universal Client Mode by setting the radio interface station-role to non-root on Cisco ISR series routers.

Explains how to choose data rates for wireless transmission, detailing states like Basic, Enabled, and Disabled for optimizing range or throughput.

Guides on configuring transmit power based on radio type and regulatory domain, referencing hardware installation guides for details.

Explains how to assign static channel settings for access points for consistent performance, discussing 2.4-GHz and 5-GHz channel usage.

Defines SSIDs as unique identifiers for wireless networks and explains how to configure up to 16 SSIDs with different settings per SSID.

Contains configuration information for multiple SSIDs, including creating SSIDs globally and using RADIUS to restrict them.

Provides CLI steps to create an SSID globally in Cisco IOS Releases 12.4 and later, allowing assignment to specific radio interfaces.

Explains how to prevent unauthorized SSID use by creating an authorized SSID list on a RADIUS server for client authentication.

Explains support for multiple basic SSIDs (BSSIDs) for 802.11a/g radios, allowing unique DTIM settings and broadcasting multiple SSIDs.

Explains local authentication for wireless LANs without RADIUS servers or as a backup, allowing up to 50 client authentications per second.

Provides instructions for setting up an access point as a local authenticator, covering guidelines, overview, and configuration steps.

Details the initial CLI steps to configure an access point as a local authenticator, starting with enabling AAA and then configuring RADIUS server settings.

Explains how to add the local authenticator to the server list on other access points, emphasizing the order of server entries and RADIUS port requirements.

Discusses customizing EAP-FAST settings like credential timeout, authority ID, and server keys to match network requirements.

Describes how encryption types like WEP, AES-CCMP, and TKIP protect wireless LAN traffic and recommends full encryption.

Covers configuring encryption types such as WEP, AES-CCM, TKIP, and broadcast key rotation for wireless LAN security.

Guides on creating cipher suites, which are sets of encryption and integrity algorithms, to enable WPA and protect radio communication.

Describes authentication types configurable on access points, tied to SSIDs, and mentions Open, Shared Key, MAC Address, and EAP authentication.

Details how to configure authentication types and attach them to SSIDs, including assigning types to an SSID and configuring holdoffs.

Provides steps to configure authentication types for SSIDs, including open, shared key, MAC address, EAP, and WPA key management.

Details EAP Authentication as the highest security level, using RADIUS to perform mutual authentication and derive dynamic WEP keys.

Explains Wi-Fi Protected Access (WPA) for data protection and 802.1X for key management, detailing WPA and WPA-PSK types.

Emphasizes matching access point and client adapter security settings for successful authentication, referencing relevant guides and tables.

Describes enabling and configuring RADIUS for detailed accounting and administrative control over authentication and authorization processes.

Defines RADIUS as a distributed client/server system for network security and lists environments where it is suitable and not suitable.

Explains the sequence of events when a wireless user attempts to log in and authenticate via a RADIUS server, including EAP authentication steps.

Guides on configuring RADIUS support by identifying RADIUS server hosts and defining method lists for authentication, authorization, and accounting.

Details the components of access point-to-RADIUS server communication and how to identify RADIUS servers by hostname, IP address, and ports.

Explains how to configure AAA authentication by defining named method lists and applying them to interfaces, ensuring user authentication sequence.

Guides on configuring AAA server groups to group existing server hosts for authentication, allowing subsets for specific services.

Describes using AAA authorization to restrict user network access, specifically for privileged EXEC mode, based on user profiles.

Explains how to enable AAA accounting to track user activity and resource consumption, reporting it to the RADIUS server.

Guides on configuring global communication settings for all RADIUS servers, including key, retransmit, timeout, and deadtime values.

Provides instructions on configuring VLANs on the access point to operate with VLANs on the wired LAN, including assigning SSIDs and authentication settings.

Explains how to connect wireless devices to VLANs by configuring SSIDs to recognize specific VLAN IDs, enabling flexible network segmentation.

Details the three-step process to configure VLANs on an access point: enable VLANs, assign SSIDs to VLANs, and assign authentication settings.

Explains how a RADIUS server can assign users or groups to specific VLANs upon authentication, mapping clients based on attributes like Tunnel Type and Tunnel Private Group ID.

Explains Quality of Service (QoS) for wireless LANs, focusing on prioritizing traffic and improving network performance and bandwidth utilization.

Guides on configuring QoS on access points to provide preferential treatment to certain traffic, improving network predictability and bandwidth allocation.