Enterprise Mobility 3.0 Design Guide Corporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: Text Part Number: OL-11573-01 ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc and/or its affiliates in the United States and certain other countries All other trademarks mentioned in this document or Website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0612R) Enterprise Mobility 3.0 Design Guide © 2007 Cisco Systems, Inc All rights reserved CONTENTS Preface 1-xv Document Purpose 1-xv Intended Audience 1-xv Document Organization CHAPTER 1-xv Cisco Unified Wireless Network Solution Overview WLAN Introduction 1-1 WLAN Solution Benefits 1-1 Requirements of WLAN Systems Cisco Unified Wireless Network CHAPTER 1-1 1-2 1-4 Cisco Unified Wireless Technology and Architecture 2-1 LWAPP Overview 2-1 Split MAC 2-2 Layer and Layer Tunnels 2-4 Layer Tunnel 2-4 Layer Tunnel 2-4 WLC Discovery and Selection 2-7 Components 2-8 WLCs 2-9 APs 2-10 Cisco Autonomous APs 2-10 Cisco Lightweight APs 2-10 Mobility Groups, AP Groups, and RF Groups 2-12 Mobility Groups 2-12 Creating Mobility Group 2-13 Putting WLCs in Mobility Groups 2-13 Mobility Group Rule Breakers 2-14 AP Groups 2-14 RF Groups 2-15 Roaming 2-16 WLC to WLC, Different Subnet 2-17 Points to Remember with Layer Roaming Broadcast and Multicast on the WLC 2-18 2-19 Enterprise Mobility 3.0 Design Guide OL-11573-01 i Contents WLC Broadcast and Multicast Details DHCP 2-20 ARP 2-21 Other Broadcast and Multicast Traffic 2-20 2-21 Design Consideration 2-21 WLC Location 2-22 Centralizing WLCs 2-23 Connecting Distributed WLCs Network 2-24 Link Budget and Wired Network Performance AP Connection 2-26 2-25 Operation and Maintenance 2-26 WLC Discovery 2-26 AP Distribution 2-27 Firmware Changes 2-27 CHAPTER WLAN Radio Frequency Design Considerations Introduction 3-1 3-1 RF Basics 3-1 Regulatory Domains 3-1 Operating Frequencies 3-2 802.11b/g Operating Frequencies and Data Rates 3-2 802.11a Operating Frequencies and Data Rates 3-3 Understanding the IEEE 802.11 Standards 3-6 RF Spectrum Implementations 3-7 Direct Sequence Spread Spectrum 3-8 IEEE 802.11b Direct Sequence Channels 3-8 IEEE 802.11g 3-8 IEEE 802.11a OFDM Physical Layer 3-9 IEEE 802.11a Channels 3-9 RF Power Terminology 3-10 dB 3-10 dBi 3-11 dBm 3-11 Effective Isotropic Radiated Power 3-11 Planning for RF Deployment 3-12 Different Deployment Types of Overlapping WLAN Coverage Data-Only Deployment 3-12 Voice/Deployment 3-12 Location-Based Services Deployments 3-14 3-12 Enterprise Mobility 3.0 Design Guide ii OL-11573-01 Contents WLAN Data Rate Requirements 3-15 Data Rate Compared to Coverage Area 3-15 AP Density for Different Data Rates 3-16 Client Density and Throughput Requirements 3-17 WLAN Coverage Requirements 3-18 Power Level and Antenna Choice 3-19 Omni and Directional Antennas 3-19 Patch Antennas 3-20 Security Policy Requirements 3-21 RF Environment 3-21 RF Deployment Best Practices 3-22 Manually Fine-Tuning WLAN Coverage 3-23 Channel and Data Rate Selection 3-23 Recommendations for Channel Selection Manual Channel Selection 3-25 Data Rate Selection 3-26 3-23 Radio Resource Management (Auto-RF) 3-28 Overview of Auto-RF Operation 3-29 Auto-RF Variables and Settings 3-30 Sample show ap auto-rf Command Output 3-32 Dynamic Channel Assignment 3-33 Interference Detection and Avoidance 3-34 Dynamic Transmit Power Control 3-34 Coverage Hole Detection and Correction 3-35 Client and Network Load Balancing 3-35 CHAPTER Cisco Unified Wireless Security 4-1 Overview 4-1 Architecture 4-1 Functional Areas and Components Client Component 4-2 Access Layer 4-2 Control and Distribution 4-3 Authentication 4-3 Management 4-3 WLAN Security Implementation Criteria IPsec 4-5 802.1x/EAP Authentication 4-5 Wired Equivalent Privacy 4-7 4-2 4-3 Enterprise Mobility 3.0 Design Guide OL-11573-01 iii Contents Temporal Key Integrity Protocol 4-7 Cisco Key Integrity Protocol and Cisco Message Integrity Check Counter Mode/CBC-MAC Protocol 4-8 Proactive Key Caching and CCKM 4-9 References 4-11 WLAN Security Selection 4-8 4-11 WLAN Security Configuration 4-14 Unified Wireless Security 4-15 Infrastructure Security 4-16 WLAN Data Transport Security 4-16 WLAN Environment Security 4-17 Rogue AP 4-17 Management Frame Protection 4-18 WLAN IDS 4-20 Client Security 4-21 WLC Configuration 4-23 WLAN LAN Extension 4-25 WLAN LAN Extension 802.1x/EAP 4-25 Application Transparency 4-26 Performance Transparency 4-27 User Transparency 4-27 WLAN LAN Extension IPsec 4-27 Security Transparency 4-27 Application Transparency 4-28 Performance Transparency 4-28 User Transparency 4-29 WLAN Static Keys 4-29 Security Transparency 4-30 Application Transparency 4-30 Performance Transparency 4-30 User Transparency 4-30 Cisco Unified WLAN Architecture Considerations Security Transparency 4-31 Application Transparency 4-31 Performance Transparency 4-31 User Transparency 4-31 4-30 EAP Considerations for High Availability ACS Architecture ACS Architecture 4-32 Sample Architecture 4-32 4-31 Enterprise Mobility 3.0 Design Guide iv OL-11573-01 Contents CHAPTER Cisco Unified Wireless QoS Introduction 5-1 5-1 QoS Overview 5-1 Wireless QoS Deployment Schemes 5-2 QoS Parameters 5-2 Upstream and Downstream QoS 5-3 QoS and Network Performance 5-4 802.11 DCF 5-4 Interframe Spaces 5-5 Random Backoff 5-5 CWmin, CWmax, and Retries 5-6 Wi-Fi Multimedia 5-7 WMM Access 5-7 WMM Classification 5-8 WMM Queues 5-9 EDCA 5-10 U-APSD 5-11 TSpec Admission Control 5-13 Add Traffic Stream 5-13 Sample TSpec Decode 5-15 QoS Advanced Features for WLAN Infrastructure 5-15 IP Phones 5-18 Setting the Admission Control Parameters 5-19 Impact of TSpec Admission Control 5-20 802.11e, 802.1p, and DSCP Mapping 5-21 AVVID Priority Mapping 5-22 Deploying QoS Features Cisco on LWAPP-based APs QoS and the H-REAP 5-23 Guidelines for Deploying Wireless QoS 5-23 Throughput 5-23 Traffic Shaping, Over the Air QoS and WMM Clients WLAN Voice and the Cisco 7920 5-24 CHAPTER Cisco Unified Wireless Multicast Design Introduction 5-23 5-24 6-1 6-1 Overview of Multicast Forwarding 6-1 Enabling the Multicast Feature 6-4 Multicast-enabled Networks 6-4 Enterprise Mobility 3.0 Design Guide OL-11573-01 v Contents Enabling Multicast Forwarding on the Controller 6-4 Commands for Enabling Ethernet Multicast Mode via the GUI 6-4 Commands for Enabling Ethernet Multicast Mode via the CLI 6-5 Multicast Deployment Considerations 6-5 LWAPP Multicast Reserved Ports and Addresses 6-5 Recommendations for Choosing an LWAPP Multicast Address 6-6 Fragmentation and LWAPP Multicast Packets 6-6 All Controllers Have the Same LWAPP Multicast Group 6-7 Controlling Multicast on the WLAN using Standard Multicast Techniques How Controller Placement Impacts Multicast Traffic and Roaming Additional Considerations CHAPTER 6-9 6-10 Cisco Unified Wireless Hybrid REAP Remote Edge AP 6-7 7-1 7-1 Hybrid REAP 7-2 Supported Platforms 7-2 Controllers 7-2 Access Points 7-3 H-REAP Terminology 7-3 Switching Modes 7-3 Operation Modes 7-3 Authentication Modes 7-4 H-REAP States 7-4 Applications 7-6 Branch Wireless Connectivity 7-6 Branch Guest Access 7-6 Public WLAN Hotspot 7-7 Deployment Considerations 7-8 Authentication Methods 7-8 Roaming 7-9 WAN Link Disruptions 7-9 H-REAP Limitations and Caveats 7-10 Restricting Inter-Client Communication 7-12 H-REAP Scaling 7-12 Inline Power 7-13 Management 7-13 H-REAP Configuration 7-13 Initial Configuration 7-13 Serial Console Port 7-13 Enterprise Mobility 3.0 Design Guide vi OL-11573-01 Contents DHCP with Statically Configured Controller IPs 7-15 Configuring AP for H-REAP Operation 7-15 Enabling VLAN Support 7-16 Advanced Configuration 7-17 Choosing WLANs for Local Switching 7-17 H-REAP Local Switching (VLAN) Configuration 7-19 H-REAP Verification 7-20 Verifying the H-REAP AP Addressing 7-20 Verifying the Controller Resolution Configuration 7-21 Troubleshooting 7-21 H-REAP Does Not Join the Controller 7-21 Client Associated to Local Switched WLAN Cannot Obtain an IP Address 7-21 Client Cannot Authenticate or Associate to Locally Switched WLAN 7-21 Client Cannot Authenticate or Associate to the Central Switched WLAN 7-22 H-REAP Debug Commands 7-22 H-REAP AP Debug Commands 7-22 CHAPTER Cisco Unified Wireless Control System Introduction 8-1 8-1 Wireless Control System Overview 8-2 Role of WCS Within the Unified Wireless Network Architecture Defining Network Devices to WCS 8-7 Adding Controllers to WCS 8-8 Adding Controllers 8-8 Adding Location Appliances To WCS 8-4 8-11 Using WCS to Configure Your Wireless Network 8-12 Configuring Network Components 8-12 Configuring WLAN Controllers 8-12 Configuring Lightweight Access Points 8-16 Copying Lightweight Access Point Configurations 8-20 Removing Lightweight Access Point Configurations 8-21 Defining and Applying Policy Templates 8-22 Using Policy Template Configuration Groups 8-25 Configuring Location Appliances 8-26 Managing Network Component Software 8-27 Managing Controller Operating Software, Web Authentication Bundles, and IDS Signatures 8-28 Managing Location Server Software Level 8-31 Ensuring Configuration Integrity 8-32 Enterprise Mobility 3.0 Design Guide OL-11573-01 vii Contents Configuration Audit Reporting 8-33 Synchronizing WCS with Controller and Access Point Configurations 8-34 Controller Configuration Archival 8-39 Configuring WCS Campus, Building, Outdoor, and Floor Maps 8-42 Configuring WCS to Manage the Cisco Wireless Location Appliance 8-43 Using WCS to Monitor Your Wireless Network 8-43 Network Summary 8-44 Monitoring Maps 8-46 Monitoring Devices 8-48 Monitoring WLAN Controllers 8-48 Monitoring Access Points 8-51 Monitoring Clients 8-54 Monitoring Asset Tags 8-62 Monitoring Security 8-65 Monitoring Events and Alarms, and Generating Notifications 8-69 Using WCS to Locate Devices in Your Wireless Network 8-82 On-Demand Device Location 8-83 On-Demand Location of WLAN Clients 8-83 On-Demand Location of Individual 802.11 Active RFID Asset Tags On-Demand Location of Individual Rogue Access Points 8-87 On-Demand Location of Individual Rogue Clients 8-88 WCS and the Location Appliance 8-89 Tracking Clients, Asset Tags, and Rogues with the Location Appliance 8-86 8-91 Using WCS to Efficiently Deploy Your Wireless Network 8-92 Policy Templates 8-93 Performing Tasks Across Multiple WLAN Controllers 8-94 Deployment Models 8-96 Campus Deployment 8-96 Branch Deployment 8-99 Traffic Considerations When Using WCS in Large Networks 8-104 Traffic Sources 8-104 WLAN Controllers and WCS 8-105 WLAN Controllers and the Location Appliance 8-115 WCS and the Location Appliance 8-116 Administering WCS 8-116 Administering Scheduled Tasks 8-116 Configuration Backup 8-117 Network Audit 8-118 WCS Backup 8-120 Enterprise Mobility 3.0 Design Guide viii OL-11573-01 Appendix A Excerpt of Configuration Audit Exchange, WCS 4400 WLAN Controller Enterprise Mobility 3.0 Design Guide A-2 OL-11573-01 A P P E N D I X B WCS Event and Alarm Severities Double-quotations enclose variables that are replaced with resource names when the message is displayed Critical Events and Alarms The PoE controller has failed on the controller “{0}” AP “{0}”, interface “{1}” is down on controller “{2}” AP “{0}” disassociated from controller “{1}” Controller “{0}” RADIUS server(s) are not responding to authentication requests Port “{0}” is down on controller “{1}” Rogue AP “{0}” is on wired network User “{1}” with IP address “{0}” has made too many unsuccessful login attempts AP “{0}” with protocol “{1}” on controller “{2}” is contained as a rogue, preventing service Fake AP or other attack may be in progress Rogue AP count on system “{0}” has exceeded the security warning threshold of “{1}” 10 Fake AP or other attack may be in progress Rogue AP count on AP with MAC address “{0}” associated with controller “{2}” has exceeded the security warning threshold of “{1}” 11 Controller “{0}” detected duplicate IP address “{0}” being used by machine with MAC address “{1}” 12 AP “{0}” on controller “{3}” detected duplicate IP address “{2}” being used by machine with MAC address “{1}” 13 The AP “{0}” with protocol “{1}” received a message with a large NAV field and all traffic on the channel has been suspended This is most likely a malicious DoS attack 14 The AP “{1}” received a WPA MIC error on protocol “{2}” from Station “{0}” Counter measures have been activated and traffic has been suspended for 60 seconds 15 Controller “{0}” is unreachable 16 IDS signature attack detected on controller “{0}” The signature type is “{1}”, signature name is “{2}”, and signature description is “{3}” 17 Transmitter failure detected on the “{0}” radio of AP “{1}” on controller “{2}” 18 Receiver failure detected on the “{0}” radio of AP “{1}” on controller “{2}” Enterprise Mobility 3.0 Design Guide OL-11573-01 B-1 Appendix B WCS Event and Alarm Severities Major Events and Alarms 19 AP impersonation with MAC “{0}” is detected by authenticated AP “{1}” on “{2}” radio and Slot ID “{3}” 20 AP functionality has been disabled for key “{0}”, reason being “{1}” for feature set “{2}” 21 AP “{1}” is unable to associate The regulatory domain configured on it “{3}” does not match the controller “{0}” country code “{2}” 22 CPU Receive Multicast Queue is full on controller “{0}” 23 Failed to authorize AP “{0}” Authorization entry does not exist in AP authorization list of controller “{1}” 24 Failed to authorize AP “{0}” AP’s authorization key does not match with SHA1 key in AP authorization list of controller “{1}” 25 Failed to authorize AP “{0}” Controller “{1}” could not verify the self-signed certificate from the AP 26 Failed to authorize AP “{0}” AP has a self-signed certificate, whereas the AP authorization list of controller “{1}” has manufactured installed certificate for this AP 27 Radio with MAC address “{0}” and protocol “{1}” is down The reason is “{2}” 28 Radio with MAC address “{0}” and protocol “{1}” that has joined controller “{2}” has invalid interface The reason is “{3}” 29 The Cisco Intrusion Detection System “{0}” has detected a possible intrusion attack by the wireless client “{1}” 30 Controller “{0}” is “{1}” with the central time server 31 MFP configuration of the WLAN was violated by the radio interface “{0}” and detected by the radio interface “{1}” of the AP with MAC address “{2}” The violation was “{3}” 32 Guest user “{1}” deleted on controller “{0}” Major Events and Alarms The radios associated with controller “{0}” exceeded license count “{1}” The current number of radios on this controller is “{2}” The sensed temperature on the controller “{0}” is too high The current sensed temperature is “{1}” The sensed temperature on the controller “{0}” is too low The current sensed temperature is “{1}” The temperature sensor failed on the controller “{0}” Temperature is unknown Adhoc rogue “{0}” was found and has been auto-contained as per WPS policy Rogue AP “{0}” was advertising the SSID and has been auto-contained as per WPS policy Trusted AP “{0}” has invalid encryption It is using “{1}” instead of “{2}” It has been auto-contained as per WPS policy Trusted AP “{0}” has invalid radio policy It is using “{1}” instead of “{2}” It has been auto-contained as per WPS policy Trusted AP “{0}” has invalid SSID It has been auto-contained as per WPS policy 10 Trusted AP “{0}” is missing or has failed 11 Trusted AP “{0}” on controller “{3}” has invalid preamble It is using “{1}” instead of “{2}” It has been auto-contained as per WPS policy Enterprise Mobility 3.0 Design Guide B-2 OL-11573-01 Appendix B WCS Event and Alarm Severities Minor Events and Alarms 12 Keepalive messages are lost between master and controller “{0}” Minor Events and Alarms AP “{0}”, interface “{1}” Load threshold violated AP “{0}”, interface “{1}” Noise threshold violated AP “{0}”, interface “{1}” Interference threshold violated AP “{0}”, interface “{1}” Coverage threshold of “{3}” is violated Total number of clients is “{5}” and number failed clients is “{4}” Controller “{0}” User authentication from controller “{0}” failed for user name “{1}” and user type “{2}” Client “{0}”, which was associated with AP “{1}”, interface “{2}” is excluded The reason code is “{3}” IPsec IKE negotiation failure from remote IP address “{0}” IPsec invalid cookie from remote IP address “{0}” Rogue AP “{0}” with SSID “{3}” and channel number “{4}” is detected by AP “{1}” Radio type “{2}” with RSSI “{5}” and SNR “{6}” 10 The WEP key configured at the station may be wrong Station MAC address is “{0}”, AP MAC is “{1}”, and Slot ID is “{2}” 11 AP “{0}” with static IP configured as “{2}” has fallen back to the working DHCP address “{1}” 12 Absence of with MAC , last seen at 13 with MAC is the Area 14 with MAC has moved beyond ft of marker , located at a range of ft Clear Events and Alarms AP “{0}”, interface “{1}” is up AP “{0}”, interface “{1}” Load changed to acceptable AP “{0}”, interface “{1}” Noise changed to acceptable AP “{0}”, interface “{1}” Interference changed to acceptable AP “{0}”, interface “{1}” Coverage changed to acceptable Port “{0}” is up on controller “{1}” Rogue AP “{0}” is removed; it was detected as rogue AP by AP “{1}” Radio type “{2}” Rogue AP “{0}” is not able to connect to the wired network The temperature sensor is working now on the controller “{0}” The sensed temperature is “{1}” 10 Controller “{0}” is reachable 11 Adhoc rogue “{0}” was found and was auto-contained The alert state is clear now 12 Rogue AP “{0}” was advertising the SSID and was auto-contained The alert state is clear now Enterprise Mobility 3.0 Design Guide OL-11573-01 B-3 Appendix B WCS Event and Alarm Severities Informational Events and Alarms 13 Trusted AP “{0}” had invalid encryption The alert state is clear now 14 Trusted AP “{0}” had invalid radio policy The alert state is clear now 15 Trusted AP “{0}” had invalid SSID The alert state is clear now 16 Trusted AP “{0}” is missing or has failed The alert state is clear now 17 Controller “{0}” is cleared from IDS signature attack The wireless system is no longer detecting the intrusion 18 Transmitter failure cleared on the “{0}” radio of AP “{1}” on controller “{2}” 19 Receiver failure cleared on the “{0}” radio of AP “{1}” on controller “{2}” 20 Trusted AP ”{0}“ on controller ”{3}” had invalid preamble The alert state is clear now 21 Radio with MAC address “{0}” and protocol “{1}” is up The reason is “{2}” 22 Radar has been cleared on channel “{1}”, which was detected by AP base radio MAC “{0}” on radio 802.11a 23 The Cisco Intrusion Detection System “{0}” has cleared the wireless client “{1}” from possibly having generated an intrusion attack Informational Events and Alarms Controller “{0}” Configuration saved in flash Controller “{0}” Multiple users logged in Controller “{0}” Cold start AP “{0}” associated with controller “{2}” on port number “{1}” AP “{0}”, interface “{1}” Transmit power level changed to “{2}” AP “{0}”, interface “{1}” Channel changed to “{2}” Interference energy before update was “{3}” and after update is “{4}” RRM 802.11a grouping done; the new group leader MAC address is “{0}” RRM 802.11b/g grouping done; the new group leader MAC address is “{0}” Controller “{0}” Authentication failure reported 10 Client “{0}” is associated with AP “{1}”, interface “{2}” 11 Client “{0}” with user name “{3}” is authenticated with AP “{1}”, interface “{2}” 12 Client “{0}” is disassociated from AP “{1}”, interface “{2}” with reason code “{3}” 13 Client “{0}” is deauthenticated from AP “{1}”, interface “{2}” with reason code “{3}” 14 Client “{0}” has failed authenticating with AP “{1}”, interface “{2}” The reason code is “{3}” 15 Client “{0}” failed to associate with AP “{1}”, interface “{2}” The reason code is “{3}” 16 Rogue AP “{0}” is cleared explicitly It is not detected anymore 17 Fake AP or other attack is cleared now Rogue AP count on system “{0}” is within the threshold of “{1}” 18 Fake AP or other attack on AP with MAC address “{0}” associated with controller “{2}” is cleared now Rogue AP count is within the threshold of “{1}” 19 Global “{1}” network status disabled on controller with IP address “{0}” Enterprise Mobility 3.0 Design Guide B-4 OL-11573-01 Appendix B WCS Event and Alarm Severities Informational Events and Alarms 20 Global “{1}” network status enabled on controller with IP address “{0}” 21 Radio with MAC address “{0}” and protocol “{1}” has core dump on controller “{2}” 22 AP “{0}” tried to join controller “{1}” and failed The controller does not support this kind of AP 23 Radar has been detected on channel “{1}” by AP base radio MAC “{0}” on radio 802.11a Enterprise Mobility 3.0 Design Guide OL-11573-01 B-5 Appendix B WCS Event and Alarm Severities Informational Events and Alarms Enterprise Mobility 3.0 Design Guide B-6 OL-11573-01 A P P E N D I X C Example of Wireless LAN Controller Initial Setup Use the '-' character to backup System Name [Cisco_40:3d:c3]: AeS_4402_1 Enter Administrative User Name (24 characters max): admin Enter Administrative Password (24 characters max): ***** Service Interface IP Address Configuration [none][DHCP]: none Service Interface IP Address: 192.168.0.40 Service Interface Netmask: 255.255.255.0 Enable Link Aggregation (LAG) [yes][NO]: NO Management Management Management Management Management Management Interface Interface Interface Interface Interface Interface IP Address: 10.1.56.16 Netmask: 255.255.252.0 Default Router: 10.1.56.2 VLAN Identifier (0 = untagged): Port Num [1 to 2]: DHCP Server IP Address: 10.1.56.1 AP Transport Mode [layer2][LAYER3]: LAYER3 AP Manager Interface IP Address: 10.1.56.17 AP-Manager is on Management subnet, using same values AP Manager Interface DHCP Server (10.1.56.1): 10.1.56.1 Virtual Gateway IP Address: 1.1.1.1 Mobility/RF Group Name: Mobility Group Network Name (SSID): testuser Allow Static IP Addresses [YES][no]: YES Configure a RADIUS Server now? [YES][no]: no Enter Country Code (enter 'help' for a list of countries) [US]: US Enable Enable Enable Enable 802.11b 802.11a 802.11g Auto-RF Network [YES][no]: YES Network [YES][no]: YES Network [YES][no]: YES [YES][no]: YES Configuration saved! Resetting system with new configuration Enterprise Mobility 3.0 Design Guide OL-11573-01 C-1 Appendix C Example of Wireless LAN Controller Initial Setup Enterprise Mobility 3.0 Design Guide C-2 OL-11573-01 A P P E N D I X D Examples of SNMP Traps Figure D-1 AP Disassociated, AP Interface Down, and Link Down Traps Enterprise Mobility 3.0 Design Guide OL-11573-01 D-1 Appendix D Figure D-2 Examples of SNMP Traps Client Authentication Failure, Client De-Authenticated, and WLC Configuration Saved Traps Enterprise Mobility 3.0 Design Guide D-2 OL-11573-01 Appendix D Examples of SNMP Traps Figure D-3 Rogue AP Detected, Rogue AP Removed, and Interference Profile Failed Traps Enterprise Mobility 3.0 Design Guide OL-11573-01 D-3 Appendix D Figure D-4 Examples of SNMP Traps AP Current Channel Changed, AP Current Tx Power Changed, AP Load Profile Failed Traps Enterprise Mobility 3.0 Design Guide D-4 OL-11573-01 A P P E N D I X E Sample Monitor > Devices > Access Points Reports Figure E-1 Load, TX Power, Noise, and Interference Report Options Enterprise Mobility 3.0 Design Guide OL-11573-01 E-1 Appendix E Figure E-2 Sample Monitor > Devices > Access Points Reports Client Distribution by RSSI and SNR, Access Point Up Time Enterprise Mobility 3.0 Design Guide E-2 OL-11573-01 ... controlled manner Enterprise Mobility 3.0 Design Guide OL-11573-01 2-27 Chapter Cisco Unified Wireless Technology and Architecture Operation and Maintenance Enterprise Mobility 3.0 Design Guide 2-28... discussed in more detail later in this design guide Enterprise Mobility 3.0 Design Guide 2-14 OL-11573-01 Chapter Cisco Unified Wireless Technology and Architecture Mobility Groups, AP Groups, and RF... Figure 2-6 Enterprise Mobility 3.0 Design Guide 2-12 OL-11573-01 Chapter Cisco Unified Wireless Technology and Architecture Mobility Groups, AP Groups, and RF Groups Figure 2-6 WLC Mobility Group