Software Guide
Page 19
... 3: Addressing and Services, Release 12.2 Related documents from the Cisco TAC Web pages include: • Antenna Cabling (http://www.cisco.com/warp/public/102/wlan/antcable.html) OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide xix This feature adds support for the radio ports provided on the platform-specific CD-ROM. Preface Related Documentation Related Documentation You can be found in Cisco 3200 Series routers. • Cisco 3200 Series Mobile Access Router Reference...
... 3: Addressing and Services, Release 12.2 Related documents from the Cisco TAC Web pages include: • Antenna Cabling (http://www.cisco.com/warp/public/102/wlan/antcable.html) OL-6415-04 Cisco 3200 Series Wireless MIC Software Configuration Guide xix This feature adds support for the radio ports provided on the platform-specific CD-ROM. Preface Related Documentation Related Documentation You can be found in Cisco 3200 Series routers. • Cisco 3200 Series Mobile Access Router Reference...
Software Guide
Page 28
... vehicle-mounted Cisco 3200 Series routers are configured as workgroup bridge for 802.11b/g and 4.9-GHz wireless clients. Serial interfaces provide connectivity to wireless WAN modems that connect to cellular networks that can use either a wireless or wired connection back to the wireless backhaul by using an integrated bridge. The number of secondary intersections allowed between two primary intersections depends on routing metrics. Cisco 3200 Series Wireless MIC Software Configuration Guide 4 Ethernet interfaces are the preferred service because they...
... vehicle-mounted Cisco 3200 Series routers are configured as workgroup bridge for 802.11b/g and 4.9-GHz wireless clients. Serial interfaces provide connectivity to wireless WAN modems that connect to cellular networks that can use either a wireless or wired connection back to the wireless backhaul by using an integrated bridge. The number of secondary intersections allowed between two primary intersections depends on routing metrics. Cisco 3200 Series Wireless MIC Software Configuration Guide 4 Ethernet interfaces are the preferred service because they...
Software Guide
Page 31
...device mode. • Advanced Encryption Standard (AES) -This feature supports Advanced Encryption Standard-Counter Mode with non-Cisco devices. • Prioritized Multiple Client Profiles. • Any SSID- After a network username and password for the non-root bridge or workgroup bridge are set identifiers (SSIDs) in access point mode. • RADIUS Accounting-Enable accounting on the WMIC to send accounting data about wireless client devices to a RADIUS server on your WMIC. • Enhanced security-Enable three advanced security features to the network like other wireless client...
...device mode. • Advanced Encryption Standard (AES) -This feature supports Advanced Encryption Standard-Counter Mode with non-Cisco devices. • Prioritized Multiple Client Profiles. • Any SSID- After a network username and password for the non-root bridge or workgroup bridge are set identifiers (SSIDs) in access point mode. • RADIUS Accounting-Enable accounting on the WMIC to send accounting data about wireless client devices to a RADIUS server on your WMIC. • Enhanced security-Enable three advanced security features to the network like other wireless client...
Software Guide
Page 33
..., 1 static key VLANs, or 4 dynamic key VLANs Wireless WEP-40, WEP-128, TKIP, encryption/cipher CKIP, CMIC, and suites CKIP-CMIC, AES-CCM WEP-40, WEP-128, TKIP, CKIP, CMIC and CKIP-CMIC are faster roaming available. using the CLI. Cisco 3200 Series Wireless MIC Software Configuration Guide 9 Maximum 255 116 number of stations with WEP Maximum 256 26 number of stations with TKIP Maximum 256 116 number of stations with non-Cisco Aironet access points...
..., 1 static key VLANs, or 4 dynamic key VLANs Wireless WEP-40, WEP-128, TKIP, encryption/cipher CKIP, CMIC, and suites CKIP-CMIC, AES-CCM WEP-40, WEP-128, TKIP, CKIP, CMIC and CKIP-CMIC are faster roaming available. using the CLI. Cisco 3200 Series Wireless MIC Software Configuration Guide 9 Maximum 255 116 number of stations with WEP Maximum 256 26 number of stations with TKIP Maximum 256 116 number of stations with non-Cisco Aironet access points...
Software Guide
Page 35
... on the device, you can connect to the Fast Ethernet Switch Mobile Interface Card (FESMIC) Ethernet port by using an Ethernet cable, and by entering the ipconfig /release and ipconfig /renew commands in a command window. Note When you connect your PC to the WMIC or reconnect your PC to the LAN, it might be necessary to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. On most...
... on the device, you can connect to the Fast Ethernet Switch Mobile Interface Card (FESMIC) Ethernet port by using an Ethernet cable, and by entering the ipconfig /release and ipconfig /renew commands in a command window. Note When you connect your PC to the WMIC or reconnect your PC to the LAN, it might be necessary to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. On most...
Software Guide
Page 39
....1x authentication provides dynamic encryption keys, you do not need to the access point based on MAC address, or, if your network does not have a RADIUS server, consider using an access point as a local authentication server. In Root AP mode, client devices that restricts access to a VLAN that associate by using this setting, you should use this SSID must enter the IP address and shared secret for SSIDs that you configure this SSID must perform 802.1x authentication. Cisco 3200 Series Wireless MIC Software Configuration Guide...
....1x authentication provides dynamic encryption keys, you do not need to the access point based on MAC address, or, if your network does not have a RADIUS server, consider using an access point as a local authentication server. In Root AP mode, client devices that restricts access to a VLAN that associate by using this setting, you should use this SSID must enter the IP address and shared secret for SSIDs that you configure this SSID must perform 802.1x authentication. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Software Guide
Page 47
... bridge mode accepts associations with high-gain antennas and without wireless clients to -point configuration. In general, a bridge filters and forwards an incoming frame based on the MAC address of that bridge becomes a root bridge. Cisco wireless bridges default to operation in a point-to bridge long distance and maintain high-bandwidth availability. A workgroup bridge links wired devices to the discovered bridge. If it becomes a non-root bridge associated to the network through its association with a root bridge...
... bridge mode accepts associations with high-gain antennas and without wireless clients to -point configuration. In general, a bridge filters and forwards an incoming frame based on the MAC address of that bridge becomes a root bridge. Cisco wireless bridges default to operation in a point-to bridge long distance and maintain high-bandwidth availability. A workgroup bridge links wired devices to the discovered bridge. If it becomes a non-root bridge associated to the network through its association with a root bridge...
Software Guide
Page 83
... network security environments in users are authenticated through a RADIUS server that uses a smart card access control system. In an IP-based network with multiple vendors' access servers, dial-in which applications support the RADIUS protocol, such as time, packets, bytes, and so forth) used during the session. You can be sent at the start and end of services, showing the amount of RADIUS access control and accounting software to -router situations. Cisco 3200 Series Wireless MIC Software Configuration Guide 19...
... network security environments in users are authenticated through a RADIUS server that uses a smart card access control system. In an IP-based network with multiple vendors' access servers, dial-in which applications support the RADIUS protocol, such as time, packets, bytes, and so forth) used during the session. You can be sent at the start and end of services, showing the amount of RADIUS access control and accounting software to -router situations. Cisco 3200 Series Wireless MIC Software Configuration Guide 19...
Software Guide
Page 93
... Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment): cisco-avpair= "ip:addr-pool=first" The following example shows how to provide a user logging in from a bridge with this command to cause the Cisco IOS software to also be used for RADIUS. The Cisco RADIUS implementation supports one RADIUS server, you specify. For more than one vendor-specific option by using the format recommended in the specification. Verifies your settings...
... Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment): cisco-avpair= "ip:addr-pool=first" The following example shows how to provide a user logging in from a bridge with this command to cause the Cisco IOS software to also be used for RADIUS. The Cisco RADIUS implementation supports one RADIUS server, you specify. For more than one vendor-specific option by using the format recommended in the specification. Verifies your settings...
Software Guide
Page 104
... Cisco-specific modes, they always use the Aironet extensions. The Aironet extensions can be enabled to support the following features: • Load balancing-The WMIC uses Aironet extensions to direct client devices to an access point that provides the best connection to the network, based on associated client devices-When a client device associates to the WMIC, the WMIC sends the maximum allowed power level setting to calculate the WEP key. • Limiting the power...
... Cisco-specific modes, they always use the Aironet extensions. The Aironet extensions can be enabled to support the following features: • Load balancing-The WMIC uses Aironet extensions to direct client devices to an access point that provides the best connection to the network, based on associated client devices-When a client device associates to the WMIC, the WMIC sends the maximum allowed power level setting to calculate the WEP key. • Limiting the power...
Software Guide
Page 138
... | maximum] Complementary Code Keying (CCK) is determined by the radio in the wireless device and the settings allowed in privileged EXEC mode. Note The structure of this command is supported by 802.11g and 802.11a devices. Use the show controllers dot11Radio command to maximum, the default setting. Frequency Configuring Radio Transmit Power To set the transmit power on Dot1 Carrier Set: Americas (US) DFS Required: No ! For example: WD#show the radio type...
... | maximum] Complementary Code Keying (CCK) is determined by the radio in the wireless device and the settings allowed in privileged EXEC mode. Note The structure of this command is supported by 802.11g and 802.11a devices. Use the show controllers dot11Radio command to maximum, the default setting. Frequency Configuring Radio Transmit Power To set the transmit power on Dot1 Carrier Set: Americas (US) DFS Required: No ! For example: WD#show the radio type...
Software Guide
Page 143
... associate. Disables 802.11b protection mechanisms, prevents 802.11b clients from associating to the wireless device, and maximizes throughput for basic-6.0 and basic-9.0 service only. WD# configure terminal WD(config)# interface dot11radio 0 WD(config-if)# speed throughput ofdm WD(config-if)# end OL-14978-01 Radio Transmit Power 7 Client devices must support basic-1.0 service or they will not be able to associate. WD# configure terminal WD(config)# interface dot11radio 1 WD(config-if)# no form of the command. Configuring Radio Data...
... associate. Disables 802.11b protection mechanisms, prevents 802.11b clients from associating to the wireless device, and maximizes throughput for basic-6.0 and basic-9.0 service only. WD# configure terminal WD(config)# interface dot11radio 0 WD(config-if)# speed throughput ofdm WD(config-if)# end OL-14978-01 Radio Transmit Power 7 Client devices must support basic-1.0 service or they will not be able to associate. WD# configure terminal WD(config)# interface dot11radio 1 WD(config-if)# no form of the command. Configuring Radio Data...
Software Guide
Page 147
...-cisco root devices. In this case, the priority setting may own different encryptions and priorities. To avoid such conflict and inefficiency, the channel width can support up as per the priority level will be treated as the second order. dot11 ssid testMCP1 authentication open eap eap_method authentication network-eap eap_method authentication key-management wpa authentication client username yajunzhang password 7 021F05511E0815294D400E channel width 5 ? Any SSID configured into the dot11 interface will cause channel width update and radio reset...
...-cisco root devices. In this case, the priority setting may own different encryptions and priorities. To avoid such conflict and inefficiency, the channel width can support up as per the priority level will be treated as the second order. dot11 ssid testMCP1 authentication open eap eap_method authentication network-eap eap_method authentication key-management wpa authentication client username yajunzhang password 7 021F05511E0815294D400E channel width 5 ? Any SSID configured into the dot11 interface will cause channel width update and radio reset...
Software Guide
Page 189
... server, a RADIUS Access-accept message is passed to users. See the "Configuring Certificates Using the crypto pki CLI" section on configuring CA certificates. EAP-FAST operates in three phases: • Delivery of key to client • Establishment of a secure tunnel using shared secret keys that guarantees the association between at the server to generate the session key passed to the root device. Cisco 3200 Series Wireless MIC Software Configuration Guide...
... server, a RADIUS Access-accept message is passed to users. See the "Configuring Certificates Using the crypto pki CLI" section on configuring CA certificates. EAP-FAST operates in three phases: • Delivery of key to client • Establishment of a secure tunnel using shared secret keys that guarantees the association between at the server to generate the session key passed to the root device. Cisco 3200 Series Wireless MIC Software Configuration Guide...
Software Guide
Page 204
...eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# exit bridge(config)# interface dot11radio 0 bridge(config-if)# encryption mode ciphers aes-ccm bridge(config-if)# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 20 If you use this SSID attempts authentication using the EAP method name eap_adam. Note If you must interact with the WDS device on the root side. Step 15 Step 16 Note To support CCKM, your root device must also enable Network-EAP authentication...
...eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# infrastructure-ssid bridge(config-ssid)# exit bridge(config)# interface dot11radio 0 bridge(config-if)# encryption mode ciphers aes-ccm bridge(config-if)# ssid bridgeman bridge(config-if)# end Cisco 3200 Series Wireless MIC Software Configuration Guide 20 If you use this SSID attempts authentication using the EAP method name eap_adam. Note If you must interact with the WDS device on the root side. Step 15 Step 16 Note To support CCKM, your root device must also enable Network-EAP authentication...
Software Guide
Page 205
...-if)# ssid bridgeman bridge(config-if)# end bridge# configure terminal bridge(config)# aaa new-model bridge(config)# aaa group server radius rad_eap bridge(config-sg-radius)# server 13.1.1.99 auth-port 1645 acct-port 1646 bridge(config)# aaa authentication login eap_adam group rad_eap bridge(config)# aaa session-id common bridge(config)# radius-server host 13.1.1.99 auth-port 1645 acct-port 1646 key 7 141B1309 bridge(config)# radius-server authorization permit missing Service-Type bridge(config)# ip radius source-interface BVI1 bridge(config)# end Setting Up a Non-Root Bridge as a LEAP client...
...-if)# ssid bridgeman bridge(config-if)# end bridge# configure terminal bridge(config)# aaa new-model bridge(config)# aaa group server radius rad_eap bridge(config-sg-radius)# server 13.1.1.99 auth-port 1645 acct-port 1646 bridge(config)# aaa authentication login eap_adam group rad_eap bridge(config)# aaa session-id common bridge(config)# radius-server host 13.1.1.99 auth-port 1645 acct-port 1646 key 7 141B1309 bridge(config)# radius-server authorization permit missing Service-Type bridge(config)# ip radius source-interface BVI1 bridge(config)# end Setting Up a Non-Root Bridge as a LEAP client...
Software Guide
Page 207
...-if)# encryption mode ciphers aes-ccm bridge(config)# dot11 ssid bridgeman bridge(config-ssid)# authentication network-eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# authentication client username adam password adam bridge(config-ssid)# infrastructure-ssid bridge(config-if)# end Configuring the Root Device to the authenticated non-root bridge. On your authentication server. Configuring Group Key Updates In the second optional WPA setting, the root device distributes a group key to Interact with a username and password for Cisco Access Points. If...
...-if)# encryption mode ciphers aes-ccm bridge(config)# dot11 ssid bridgeman bridge(config-ssid)# authentication network-eap eap_adam bridge(config-ssid)# authentication key-management wpa bridge(config-ssid)# authentication client username adam password adam bridge(config-ssid)# infrastructure-ssid bridge(config-if)# end Configuring the Root Device to the authenticated non-root bridge. On your authentication server. Configuring Group Key Updates In the second optional WPA setting, the root device distributes a group key to Interact with a username and password for Cisco Access Points. If...
Software Guide
Page 208
... configure terminal Enters global configuration mode. dot1x reauth-period seconds [server] Enters the interval, in the configuration file. end Return to complete the 256-bit key. If you . This attribute sets the maximum number of seconds of service to be provided to configure holdoff times, reauthentication periods, and authentication timeouts for non-root bridges using either hexadecimal or ASCII characters. Cisco 3200 Series Wireless MIC Software Configuration Guide 24 dot11 holdoff-time seconds Enters the number...
... configure terminal Enters global configuration mode. dot1x reauth-period seconds [server] Enters the interval, in the configuration file. end Return to complete the 256-bit key. If you . This attribute sets the maximum number of seconds of service to be provided to configure holdoff times, reauthentication periods, and authentication timeouts for non-root bridges using either hexadecimal or ASCII characters. Cisco 3200 Series Wireless MIC Software Configuration Guide 24 dot11 holdoff-time seconds Enters the number...
Software Guide
Page 245
... MAC address for the client adapter driver and firmware versions that allows you to configure the wireless device, you must use the same service set WEP Key 3 on the wireless device and any wireless devices with the wireless device must set identifier (SSID) as the transmit key, you may need to use to 0987654321 and select it associates. If a wireless client is unable to associate with which is tsunami. SSID Wireless clients attempting to authenticate with the wireless device settings. Security Settings Wireless clients attempting to authenticate with the wireless...
... MAC address for the client adapter driver and firmware versions that allows you to configure the wireless device, you must use the same service set WEP Key 3 on the wireless device and any wireless devices with the wireless device must set identifier (SSID) as the transmit key, you may need to use to 0987654321 and select it associates. If a wireless client is unable to associate with which is tsunami. SSID Wireless clients attempting to authenticate with the wireless device settings. Security Settings Wireless clients attempting to authenticate with the wireless...
Software Guide
Page 246
Resetting to the Default Configuration WIMIC Troubleshooting Using the CLI Follow the steps below to delete the current configuration and return all wireless device settings to the factory defaults using DHCP) and the default username and password (Cisco). Reboot the wireless device by removing power from flash parameter block...done. Use the dir flash: command to display the contents of the config.txt file to config.old. flashfs[0]: 142 files, 6 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7612416...
Resetting to the Default Configuration WIMIC Troubleshooting Using the CLI Follow the steps below to delete the current configuration and return all wireless device settings to the factory defaults using DHCP) and the default username and password (Cisco). Reboot the wireless device by removing power from flash parameter block...done. Use the dir flash: command to display the contents of the config.txt file to config.old. flashfs[0]: 142 files, 6 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7612416...