Guest wireless and corporate wireless
Hello,
What would be the securest (and cheapest), way to setup a "Guest" WLAN simultaneously with the "Corporate" WLAN?
In my own opinion, the securest way isn't the cheapest by far. Because, in my own opinion, it would be best to segregate the WLAN's physically. Meaning having the WLAN's on different WLAN Controllers as well as physically different WAP's.
Any and all advice will be greatly appreciated.
Thank you in Advance.
Jay
Thank you all for your input.
I inherited this network, and there are a total of 6 WLAN's on our 5508 WLC. 5 of the WLAN's are WEP. As I said, I have no idea why. My supervisor seems to think we need to setup the 5 Guest (yes I said 5 Guest), WLAN's as WEP. All of the Guest WLAN's can only access the internet and none of our network resources. The only WPA2 WLAN is integrated with our AD so those users can access the network resources. I want to change them all to WPA2, but my supervisor seems to be not waning that done. I explained to him and our manager how the network can be compromised by that kind of setup, but the only one that agrees with me is my manager.
What I am concerned about is, even if I set them all to WPA2, can a vendor who has much Trojans and or other tools covertly installed on their device, would they be able to compromise the 5508?
Similar Messages
-
Internal Corporate wireless and guest wireless network
I need some technical information on hwo the wireless guest network is created on the Airport Extreme. We currently do not permit personal wireless devices to connect to our internal wireless network in order to protect out data. Several times users have presented us with justifiable business requests to have access to the wireless network from their own devices. We've been looking at using the Airport Extreme in order to do this, but we are bound by PCI (Payment Card Industry) requirements to keep our customer credit card data secure. PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?
Two or three of these on each floor would fit our need for such access and keep out customer data secure.
ThanksWelcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration. -
Wireless and guest network and HREAP
Hi,
I have inherited a wireless infrastructure which comprises of a head office with WCS and WLC plus LWAPP access points.
There is a sub office in another town who wishes to deploy a wireless infrastrucure and it struck me that as they only want to deploy a couple of AP's that HREAP would be good to use in this senario.
However they want to also use the guest wireless network that we have in the head office but I dont want their guest traffic to come to our DSL modem that we have set up for the HO guest wireless. The two offices are connected via an MPLS link which doesnt need anymore traffic on it.
Is there a way of configuring the HREAP and the WLC and WCS so that the sub office breaks out locally for guest and yet the lobby admin at HO can control the password?
Many thanks,Hi Nell,
the feature you are looking for is "H-REAP local switching".
So you can set the remote AP to H-REAP mode (which optimizes it for "behind a WAN link") and from there you can set several ssids as "local switching".
this means that everything about the authentication phase is handled by WLC but after authentication, the traffic is dropped locally at the AP and doesn't transit through the WLC.
The guest SSID has to be enabled for local switching and then, on the H-REAP APs, go in the AP configuration (from WLC "wireless" tab, then click on ap) and in the hreap tab, you can configure the vlan where the guest traffic will be dropped on the remote site. It must be a vlan that exists on the remote site and users will get a DHCP address on that vlan.
Regards,
Nicolas -
Guest Wireless and URL re-direct failure
Hi,
We have a successful guest wireless service with authentication via a Cisco NAC server. One MAC user is having difficulty accessing the authentication URL (https://1.1.1.1/login.html) - this is using either Safari, Firefox or Google Chrome browsers. The browsers do not automatically re-direct and when I enter the authentication URL manually, if it does appear, when entering the username/password combination, the screen just returns to the authentication URL and does not display the successful authentication sub-window.
There are no proxy settings on the browser - does anybody have any suggestions?
Many thanksWhen you say, "One MAC user" you mean every other client works except for this one MAC device? If other MAC devices work, then it must be something on the client device that is having issues. The only issue that I have ran into, is html code that might not be supported in certain browsers if you are runing a custom webauth page.
-
Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510
I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
WLC 2504
1142 LAPs
4510R+E
ASA 5510
Existing configuration as follows:
WLC management interface and APs addressed on the 192.168.126.0 /25 network
Internal WLAN mapped to the management interface
Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
4510 connected to ASA inside interface (security level 100)
Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
What is the best way to add guest wireless to our existing configuration?
Note: I need the guest wireless to be filtered by Websense as our internal wireless is
Any advice would be greatly appreciated!Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
Any input would be greatly appreciated...
JW -
VLAN Configuration for Internal and Guest Wireless
Hello,
We are using the following hardware…
SG300-52MP switch -- latest firmware
ASA 5512-X firewall -- 9.1
Aironet AP1131AG WAP
We have the following networks…
10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
Relevant parts of the WAP configuration are…
dot11 ssid GUEST
vlan 6
dot11 ssid SECURE
vlan 1
interface Dot11Radio0
no ip address
ssid GUEST
ssid SECURE
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface Dot11Radio1
no ip address
no ip route-cache
ssid GUEST
ssid SECURE
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio1.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface FastEthernet0
no ip address
no ip route-cache
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface BVI1
ip address 10.252.4.4 255.255.255.0
no ip route-cache
ip default-gateway 10.252.4.1
We can manage the WAP through it’s Internal IP address (10.252.4.4).
And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02). [Note: the VOIP DHCP and network access also works correctly.]
The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
[Note: connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.]
While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
I have a feeling that I have configured the VLANs on the ports incorrectly.
Relevant parts of the SG300 configuration are...
v1.3.0.62 / R750_NIK_1_3_647_260
vlan database
vlan 3,6
ip dhcp snooping
ip dhcp relay address 10.252.4.1
ip dhcp relay enable
bonjour interface range vlan 1
interface vlan 1
ip address 10.252.4.2 255.255.255.0
no ip address dhcp
interface vlan 3
name VOIP
interface vlan 6
name Guest
interface gigabitethernet45 -- Access mode, Untagged VLAN6
description ASA-Guest
ip dhcp snooping trust
switchport mode access
switchport access vlan 6
interface gigabitethernet46 -- Access mode, Untagged VLAN3
description ASA-VOIP
ip dhcp snooping trust
switchport mode access
switchport access vlan 3
interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
description WAP1
switchport trunk allowed vlan add 6
interface gigabitethernet48 -- Trunk mode
description ASA-Internal
ip dhcp snooping trust
ip dhcp relay enable
Can someone who understands this switch better than I do please confirm the VLAN configuration? THANK YOU!Welcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration. -
Multiple Airports with private and isolated guest wireless networks available from both
Hi,
I've been searching online for some equipment that can do what i want to do without going into the enterprise grade and spending $5000 on Cisco gear.
Consider two locations approx 80m apart - Primary is a house, and secondary location is a garage. A Cat6 run exists between the two.
The goal would be to have a wireless primary router in the house for wired and private wireless internet access, with an additional Guest wireless that is isolated from the private network that I can turn on and off if guests are coming over.
In addition, the second location should also support both wired and wireless connections.
It seems simple to me, one device in each location. The WAN port on the garage device would connect back to the house device. The two devices should be smart enough to know that one is extending the other. Someone on the guest wireless that is connected via the garage AP would not be able to see the wired devices even though it's traffic is going across the same wire back to the primary router.
Can I do this without spending a fortune?
ThanksTwo Apple AirPorts would do most....but not all...of what you want.
A few notes.....
In order for the guest network feature to work correctly on an AirPort router, the "main" AirPort in the house must connect to a simple modem......not a modem/router or gateway device. That is a deal killer for some users right there.
When the guest network is activated in the garage, it must be activated for both AirPorts....house and garage.
You could actiivate the guest network for the house and leave the guest network off in the garage if you wanted, no problem there.....but.....you could not activate the guest network in the garage without also activating it in the house first.
"Guests" can only connect to the guest network using wireless. Up to you to decide if you want to leave the guest network open or use a password that would need to be used to connect to the network.
But.....If "guests" had physical access to the AirPort in the garage....and they connected to one of the Ethernet ports on the AirPort in the garage, they would be connecting to your main or private network.
So, if something like this was a concern, you would have to either hide the AirPort in the garage and trust that users would not find it....or....find some way to limit access to the back panel of the AirPort so that users could not connect to it using an Ethernet cable.
If the features and installation limitations are acceptable, you could spend as little as $100 for each AirPort Express.
If you wanted better performance from the AirPort in the house, you could use an AirPort Extreme there...about $200 and an AirPort Express in the garage.
The deluxe option would be to use two AirPort Extremes.
Finally, you would want to make sure that you understood the store's return policy before you buy.....in case something unexpected crops up, as can sometimes be the case. -
Setting up webauth for guest wireless access
Hi there,
I'm trying to set up guest wireless access. having no experience with this at all, I'm beginning to struggle.
Equipment:
2x 3850 stacked and acting as one switch running 03.06.00E
4x 1602E AP's registered to the WLC running on the 3850
The infrastructure is sound and corporate wireless access works ok.
I need a config that allows a guest user to connect to the guest SSID, DHCP an address, then when they open a browser, they are automatically redirected to a splash screen for them to log on. Once they log on with the supplied username and password they are then forwarded to whatever site it is they wish to go to; So far my config looks like this (removed unnecessary parts for brevity);
Building configuration...
user-name test
creation-time 1414684496
privilege 0
password 7 051F031C35
type network-user description test guest-user lifetime year 0 month 0 day 0 hour 23 minute 59 second 4
aaa new-model
aaa authentication login aaa_guest_webauth local
aaa authentication login local_login local
aaa authorization exec local_authorise local
aaa authorization network guest_authorisation local
aaa authorization credential-download default local
aaa session-id common
switch 1 provision ws-c3850-24t
switch 2 provision ws-c3850-24t
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
hw-switch switch 2 logging onboard message level 3
parameter-map type webauth global
virtual-ip ipv4 1.2.3.4
parameter-map type webauth guest-webauth
type webauth
redirect on-success http://www.google.com
banner text ^CC test text test ^C
custom-page login device flash-1:login.html
custom-page failure device flash-1:failed.html
class-map match-any non-client-nrt-class
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface VlanXXX
description "Guest-Access-VLAN"
ip address 10.x.x.126 255.255.255.128
ip helper-address x.x.x.x
ip helper-address x.x.x.x
line vty 0 4
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
line vty 5 15
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wlan Wireless-Guest-Access 24 wireless-guest
client vlan Guest-Access-VLAN
ip access-group GUEST-ACCESS
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list aaa_guest_webauth
security web-auth parameter-map guest-webauth
session-timeout 1800
no shutdown
ap country GB
ap group default-group
ap group BUS-AP-Group
wlan Wireless-Corporate-Access
vlan BUS-CORP-DATA-VLAN
wlan Wireless-Guest-Access
vlan Guest-Access-VLAN
end
I carried out a wireshark trace and can see the dhcp ok, then see DNS queries to the DNS name serever and the replies, followed by a TCP SYN to the resolved IP of the website requested - but that's it, there is no SYN ACK reply or redirect to the login page which i have placed on the flash and specified under 'custom-page login'
I am under the impression that the way this should work is as follows;
1. Client connects to SSID and carries out DHCP DORA and is assigned an IP address
2. open browser on client and carry out name resolution
3. once name is resolved, carry TCP three way handshake with requested site (e.g. google)
4. once three way handshake is completed client carries out an HTTP GET request
5. WLC holds the response and redirects to the login page
6. on successful login, original requested page is forwarded to client.
I can't seem to get a response - even if I remove the ACL.
Am i heading in the right direction or am I trying to achieve something which is not possible with my setup?
Cheersalso, forgot to say, make sure your files are preceeded with webauth for your html and js and web_auth for image files
38725 -rw- 4265 Nov 4 2014 12:21:28 +00:00 webauth_login.html
38726 -rw- 6937 Nov 4 2014 12:11:03 +00:00 webauth_aup.html
38727 -rw- 1356 Nov 4 2014 12:11:30 +00:00 webauth_logout.html
38728 -rw- 662 Nov 4 2014 12:11:43 +00:00 webauth_failed.html
38729 -rw- 318 Nov 4 2014 12:11:58 +00:00 webauth_loginscript.js
38731 -rw- 82940 Nov 4 2014 12:12:28 +00:00 web_auth_image.jpg
CORE-SW01#sho run | s param
parameter-map type webauth global
type webauth
virtual-ip ipv4 1.1.1.1
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
parameter-map type webauth guest-webauth
type webauth
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
security web-auth parameter-map guest-webauth
CORE-SW01# -
Guest wireless in 7.0.98 hitting the splash page
I have set up Guest wireless before with my own customized splash screen for local authentication on version 5.xx on a 4404 controller.
I have the same task again but this time with a 2201 controller and the latest ios.
Try as hard as I can i cannot get a guest wireless user to hit the splash page where it gives the certificate warning or past that to the login box.
Is there some subtle difference in the set up with 7.0.98. I did notice that when setting up the DHCP scope for the 7.0.98 i had to use the DHCP server IP as the managment interface. On my last try with 5.x I used the 192.168.80.1 address (the guest WLAN) So there is a difference right there.
Anyway the clients get an IP address so no issue there but i cannot get the cert warning up let alone the splash page. Eveidently there is a tick box I am missing. I wouldnt mide but having done this a few times before I am really stumped. I have wiped the config and started again going through my old notes step by step plus digging out the cisco documentation.
If there any debugging I can stick on please let me know.
Thanks,
NeilThank you :-) Hopefully I have captured everything you need.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.06.27 09:22:56 =~=~=~=~=~=~=~=~=~=~=~=
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-WLC2112-K9, VID: V05, SN: JMX1520Z02W
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... GB-LON-WLC1
System Location.................................. London GHO
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.y.y.22
System Up Time................................... 2 days 20 hrs 45 mins 31 secs
System Timezone Location.........................
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +48 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. lon
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 239.0.1.1
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 100 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable N/A
4 Normal Disa Enable Auto Auto Down Enable N/A
5 Normal Disa Enable Auto Auto Down Enable N/A
6 Normal Disa Enable Auto Auto Down Enable N/A
7 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
8 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
londonap1 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
Press Enter to continue or to abort
AP Location
Site Name........................................ GUEST
Site Description................................. GUEST - WebAuth - London
WLAN ID Interface Network Admission Control
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 london-vlan10 Disabled
2 london-guest Disabled
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GB-LONdon 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
--More or (q)uit current module or to abort
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 8
Cisco AP Name.................................... Gb-london
Country code..................................... GB - United Kingdom
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. GB - United Kingdom
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:48:2b:96
IP Address Configuration......................... DHCP
IP Address....................................... 10.y.y.12
IP NetMask....................................... 255.255.254.0
Gateway IP Addr.................................. 10.y.y.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ London
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ London
Primary Cisco Switch IP Address.................. 10.y.y.22
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.98.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131G-E-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCW1244V0FQ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 2 days, 10 h 19 m 12 s
AP LWAPP Up Time................................. 0 days, 00 h 32 m 36 s
Join Date and Time............................... Mon Jun 27 07:50:18 2011
Join Taken Time.................................. 0 days, 00 h 00 m 31 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 2
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:23:5e:4a:f9:b0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ GB
--More or (q)uit current module or to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 14 dBm
Tx Power Level 2 .......................... 11 dBm
Tx Power Level 3 .......................... 8 dBm
Tx Power Level 4 .......................... 5 dBm
Tx Power Level 5 .......................... 2 dBm
Tx Power Level 6 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
--More or (q)uit current module or to abort
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
--More or (q)uit current module or to abort
CleanAir Management Information
CleanAir Capable......................... No
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Number Of Slots.................................. 2
AP Name.......................................... londonap1
MAC Address...................................... 00:21:d8:48:2b:96
Slot ID........................................ 0
Radio Type..................................... RADIO_TYPE_80211b/g
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 1.................................... -91 dBm
Channel 2.................................... -88 dBm
Channel 3.................................... -88 dBm
Channel 4.................................... -86 dBm
Channel 5.................................... -86 dBm
Channel 6.................................... -87 dBm
Channel 7.................................... -84 dBm
Channel 8.................................... -88 dBm
Channel 9.................................... -90 dBm
Channel 10................................... -85 dBm
Channel 11................................... -83 dBm
Channel 12................................... -89 dBm
Channel 13................................... -89 dBm
Interference Information
--More or (q)uit current module or to abort
Interference Profile......................... PASSED
Channel 1.................................... -63 dBm @ 1 % busy
Channel 2.................................... -128 dBm @ 0 % busy
Channel 3.................................... -63 dBm @ 2 % busy
Channel 4.................................... -46 dBm @ 8 % busy
Channel 5.................................... -44 dBm @ 2 % busy
Channel 6.................................... -64 dBm @ 1 % busy
Channel 7.................................... -46 dBm @ 4 % busy
Channel 8.................................... -128 dBm @ 0 % busy
Channel 9.................................... -70 dBm @ 4 % busy
Channel 10................................... -128 dBm @ 0 % busy
Channel 11................................... -65 dBm @ 14 % busy
Channel 12................................... -128 dBm @ 0 % busy
Channel 13................................... -128 dBm @ 0 % busy
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 9 %
Channel Utilization.......................... 14 %
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
--More or (q)uit current module or to abort
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 40 dB.................................. 0 clients
SNR 45 dB.................................. 0 clients
Nearby APs
Radar Information
Channel Assignment Information
Current Channel Average Energy............... unknown
--More or (q)uit current module or to abort
Previous Channel Average Energy.............. unknown
Channel Change Count......................... 0
Last Channel Change Time..................... Mon Jun 27 07:50:15 2011
Recommended Best Channel..................... 1
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Persistent Interference Devices
Classtype Channel DC (%%) RSSI (dBm) Last Update Time
All third party trademarks are the property of their respective owners.
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More or (q)uit current module or to abort
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
--More or (q)uit current module or to abort
SIP call bandwidth ........................... 64
SIP call bandwith sample-size ................ 20
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11a Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
DCA Sensitivity Level.......................... MEDIUM (15 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
--More or (q)uit current module or to abort
Radio RF Grouping
802.11a Group Mode............................. AUTO
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... GB-LON-WLC1 (10.44.64.22)
802.11a Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11a Last Run............................... 116 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
WiFi Inverted............................ Enabled
--More or (q)uit current module or to abort
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
--More or (q)uit current module or to abort
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
--More or (q)uit current module or to abort
CF Pollable mode................................. Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
--More or (q)uit current module or to abort
Voice AC - Admission control (ACM)............ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
SIP call bandwidth: .......................... 64
SIP call bandwidth sample-size ............... 20
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11b Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
londonap1 00:23:5e:4a:f9:b0 ENABLED UP 1* 1(*)
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
--More or (q)uit current module or to abort
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds
--More or (q)uit current module or to abort
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
DCA Sensitivity Level: ...................... MEDIUM (10 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... 0 days, 00 h 33 m 07 s
Average...................................... 0 days, 00 h 33 m 07 s
Maximum...................................... 0 days, 00 h 33 m 07 s
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... GB-LON-WLC1 (10.44.64.22)
--More or (q)uit current module or to abort
802.11b Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11b Last Run............................... 530 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
Bluetooth Link........................... Enabled
Microwave Oven........................... Enabled
802.11 FH................................ Enabled
Bluetooth Discovery...................... Enabled
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
802.15.4................................. Enabled
--More or (q)uit current module or to abort
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
Xbox..................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
Bluetooth Link........................... Disabled
Microwave Oven........................... Disabled
802.11 FH................................ Disabled
Bluetooth Discovery...................... Disabled
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
802.15.4................................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
--More or (q)uit current module or to abort
Xbox..................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
q
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... lon
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x209c
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
64:00:f1:91:76:40 10.44.64.22 lon 0.0.0.0 Up
Press Enter to continue or to abort
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 2
Probe request rate-limiting interval............. 500 msec
Aggregate Probe request interval................. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Press Enter to continue or to abort
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango State:Disabled
Press Enter to continue or to abort
Interface Configuration
Interface Name................................... ap-manager
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.23
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... guest
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 192.168.x.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.x.2
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 80
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... london-vlan10
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.x.x.149
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.x.x.20
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 10
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.44.64.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.22
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Press Enter to continue or to abort
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... corporate
Network Name (SSID).............................. corporate
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ london-vlan10
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More or (q)uit current module or to abort
WLAN Configuration
WLAN Identifier.................................. 2
Profile Name..................................... Guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ Guest-network
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.44.64.22
DHCP Address Assignment Required................. Enabled
--More or (q)uit current module or to abort
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More or (q)uit current module or to abort
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More or (q)uit current module or to abort
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Press Enter to continue or to abort
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimite -
Separate Internet service for Guest Wireless
Hi all,
I was reading about security concerns having guest wireless sharing the corporate Internet services and therefore looking towards the path where a separate basic Internet serivce can be provided for them keeping the corporate side safe.
In doing that what i was thinking would be the way:
Extend the Guest Wireless VLAN from the core switch where the SVI is currently at to the new ADSL router's Inside interface. And in doing that I will need to configure the ADSL router for the right DHCP scope and DNS entries and finally remove the SVI from the core switch so it simple does switching across to this ADSL service.
Let me know if i am on the right track or if i am missing something.
Regards!Hi George,
it is a simple setup with just one controller. and the WLC is talking to the ISE to authenticate including the web auth login for the guest.
So to ans your Q, i think No, the WLC deosnt push the guest to the DMZ. the guest VLAN is hanging off the core switch at the moment. and using their corporate Internet service.
i hope the above answered your doubts. Cheers! -
I got the task of setting up a Guest wireless network for one of our remote campuses. We already have some APs that are connecting to our WLC.
The Enviroment:
WLC Cisco 5500 is at our Corporate office. Connects to our Core Switch then to our Router
Router connects to our remote campuses over mpls
We currently already have APs at this campus that are connecting back to our WLC.
We have a DSL line at the remote campus that we want this Guest wireless routed to.
I have already created the guest network on the WLC and a guest VLAN on the Core switch
My main question is how to configure the two routers for this and have this go out the DSL modem?
Any help is very appreciated...That is fine. All you have to do is enable h-reap/FlexConnect local switching on the guest WLAN. Then change the mode on the AP to h-reap/FlexConnect and then the ap will reboot once it comes back up, you need to co figure the switch port as a dot1q trunk only allowing the vlans for the AP and guest. Set the native vlan on the trunk I the vlan the ap belongs on. On the h-reap ap, you will have another tab on the top for h-reap/FlexConnect. You enable vlan support and then put the vlan I'd the ap belongs on. Hit apply then go back to the h-reap/FlexConnect tab and click on vlan mapping. There you will see the guest SSID and then a box in which you can enter a vlan. That is where you will put your vlan for the guest. Now since this vlan your dsl is connected needs to reach all the AP's, you just need to create a layer 2 vlan and connect the dsl router to that. Users will get an ip from that dsl router etc.
Sent from Cisco Technical Support iPhone App -
Hi.
I was wondering if someone could help me with the easiest way to set up a Web Page to control Guest Wireless access on Cisco AP 1130AG.
I was using PEAP and Dot1x to Active Directory but the messing around required on some clients (namely XP and Vista) means it is not ideal for random and unexpected guests.
How can I set up an Open Authentication method (or whatever I need) that then defaults to a web page or logon page for access to the network itself? I have seen this in other companies so it must be do-able.
Just for information a standard WPA2 key for the SSID is insufficient as we want a logon page and user credentials that are changeable.
I hope someone can help.Are you using the AP with a lightweight controller, or standalone (autonomous)?
The lightweight controllers have this capability. Standalone APs do not. -
I am setting up guest wireless in my enterprise using Cisco ISE 1.3.
I have set up Authorization profiles and Authentication conditions for Guest Wireless. I am however not sure of the Authentication results (the allowed protocol section). Since I want to give Guests INTERNET-ONLY access, I have configured WLC with a ACL and tied that ACL-name to ISE. However, when it comes to Authentication results à Allowed protocols, I am unsure of what to include. For instance, I have created an allowed protocol named ‘Wireless_Access’, screenshot attached below..
Please let me know what options have to be checked to suit a guest environment. Any help would be much appreciated.. thanks!Hi,
Below you can find a configuration example for guest access using ISE1.3.
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
Hope this helps.
Regards -
Guest Wireless - procedures for support ??
Hi
We are just on the cusp of deploying Guest wireless for
external non-employee visitors to our organisation, using WLC's and the lobby
admin functionality. However the issue of support procedures for these guest
devices is sticking.
Our Desktop support dept will not support potential technically challenged
guest user and his mis configured end device (for want of a better phrase......)
Ourselves in networks by policy do not support end devices as such.
We need a completely remote 'no-remote-human-presence' way to test a user
attaching to a SSID, firing up a browser and authing thru the re-directed to
web interface. Remoting to a PC attached to the remote secure wired network
is NOT ideal as we will then be bridging secure wired corp and non-secure
guest wireless (altho it may have to end up being a variation of that.)
I would be interested to hear how people here troubleshoot their
guest wireless service availability.
thnks
martynWe have no way of easily testing on-site availibility of our guest wireless network, but the guest wireless wlan is available in our office. So, if an issue arises, basic troubleshooting steps can be taken by trying to connect to the guest ssid from the office. Otherwise, you would have to get creative with something like you're talking about.
-
ISE Custom AUP for Guest Wireless
Hi All,
I am trying to setup Guest wireless using Cisco ISE for the first time. Under Multi-Portal Configurations, i was hoping to be able to edit the DefaultGuestPortal profile so that I could change the wording of the AUP from Cisco's Blurb. Can anyone point me in the direction where I can do this? The only alternative I can see is to create a new portal from scratch.
Cheers
BrianMultiPortal Configurations
Cisco ISE provides you with the ability to host multiple guest portals in the Cisco ISE server. The Guest user portal has a default Cisco look and feel. These pages are dynamically generated to offer portal features such as change password and self-registration in the Login Screen.
You can use the Multi-portal configuration to upload set of GUI pages specific to your organization to handle the Login, AUP, Change Password and Self Registration. In order to access an uploaded client portal the guest portal URL must include the name of the portal specified during the upload.
You can design and upload HTML pages to define new guest portals or replace the default guest portal. These pages must use plain HTML code and must contain form actions that point to the guest portal backend servlets. You must define separate HTML pages for login, acceptable use policy (AUP), the change-password function, and self-registration.
For Complete Configuration Guide, Please click on below link
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.pdf -
Guest wireless - too slow to get an IP
Hi All,
I am testing our new guest wireless using anchor controllers in the DMZ. The data path and the control path are both up and I can do eping and mping. The WLAN is configured to do a web passthrough. Whenever I try connecting to this new guest SSID, it always gets a 169.254.x.x address and it takes about 60 to 90 seconds before I get the right IP.
Currently, I am using the internal DHCP server on the anchor controllers since I only have a couple of users testing it but eventually I am planning to move the DHCP services to an external server.
Does anyone know why it is taking a long time to get an IP and start working? The client's MAC address shows up on the foreign controller and shows the status as associated and the policy manager status shows "RUN". I cannot seem to find any problems other than the slowness initially. Once I am connected, everything works as I expected.
Any ideas?
MeenaWhat code are you on ? There are known issues (bugs) with 6.x and 7.x code. In fact cisco has a special TAC release 7.0.98.4 that fixes the DHCP issue.
I would however, not use the DHCP on the controller. You have problems with leases after reboot etc ... Best to put it on a real DHCP server.
Maybe you are looking for
-
Itunes wont open, windows error message
i click itunes and i get the windows error message i DONT have norton i used msconfig and disabled everything except windows and it still will not open i tried to unistall and reinstall, same problem can someone link me to a clean uninstall with itun
-
My iPod touch is not playing through my stero
My iPod touch 4g is not playing through my stero. My stero has a dock that you can plug in your iPod or iPhone and you are able to select music to listen to. My iPod used to be able to do it but now it won't. My iPod shows that it is conected, but ev
-
PSC 2355 All In One - won't scan
When I try to scan I now get this error message - "You need to install or run HP software for this feature". I un-installed the SW and re-installed but am still getting the same message. ANy suggestions?
-
Adobe photoshop album starter edition3.0 update
I recently purchased a new computer and it has this program installed on it. I have browsed through it on several occasions and started to use it, today I received a drop down box telling me that there was an update to this program I started to downl
-
Getting XP Clients to trust ACS Self sign Cert
Hi, I'm implementing ACS 4.0 to provide PEAP Security on a customers WLAN. I'd like to use the Self signed certificate feature within ACS, because it's easy to use and I don't want to 'play' with the customers Servers to install CA unless I really ha