Cisco Wireless Control System Configuration Guide Software Release 5.0 February 2008 Americas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: Text Part Number: OL-15478-01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system All rights reserved Copyright © 1981, Regents of the University of California NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc and/or its affiliates in the United States and certain other countries All other trademarks mentioned in this document or Website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0711R) Contents Preface xxi Audience Purpose -xxii -xxii Organization -xxii Conventions -xxiii Related Publications -xxiii Obtaining Documentation, Obtaining Support, and Security Guidelines CHAPTER Overview -xxiv 1-1 Overview of the Cisco Unified Wireless Network Solution Overview of WCS 1-2 1-3 WCS Versions 1-4 WCS Base 1-4 WCS Base + Location 1-5 Relationship with Cisco Location Appliances 1-5 Comparison of WCS Base and WCS Location 1-6 WCS User Interface 1-7 Cisco WCS Navigator CHAPTER Getting Started Prerequisites 1-7 2-1 2-2 System Requirements 2-2 Installing WCS for Windows Installing WCS for Linux 2-4 2-10 Starting WCS 2-12 Starting WCS on Windows 2-12 Starting WCS on Linux 2-12 Logging into the WCS User Interface 2-13 General Tab 2-14 Client Tab 2-15 Security Tab 2-16 Customizing Tabs on the WCS Home Page 2-17 Customizing Content on the WCS Home Page 2-18 Using the Cisco WCS User Interface Menu Bar 2-21 Monitor Menu 2-21 Configure Menu 2-21 2-20 Cisco Wireless Control System Configuration Guide OL-15478-01 iii Contents Administration Menu 2-21 Location Menu 2-21 Help Menu 2-22 Sidebar Area 2-22 Alarm Dashboard 2-22 Command Buttons 2-22 Main Data Page 2-23 Administrative Tools 2-23 CHAPTER Configuring Security Solutions 3-1 Cisco Unified Wireless Network Solution Security 3-2 Layer Solutions 3-2 Layer Solutions 3-2 Layer Solutions 3-2 Single Point of Configuration Policy Manager Solutions 3-3 Rogue Access Point Solutions 3-3 Rogue Access Point Challenges 3-3 Tagging and Containing Rogue Access Points 3-3 Rogue Management 3-3 Integrated Security Solutions 3-4 Using WCS to Convert a Cisco Unified Wireless Network Solution from Layer to Layer Mode Configuring a Firewall for WCS Access Point Authorization 3-5 3-6 3-6 Management Frame Protection (MFP) Guidelines for Using MFP 3-8 3-7 Configuring Intrusion Detection Systems (IDS) Viewing IDS Sensors 3-9 Configuring IDS Signatures 3-9 Uploading IDS Signatures 3-12 Downloading IDS Signatures 3-13 Enabling or Disabling IDS Signatures Viewing IDS Signature Events 3-17 3-9 3-14 Enabling Web Login 3-17 Downloading Customized Web Authentication Connecting to the Guest WLAN 3-21 Deleting a Guest User 3-21 Certificate Signing Request (CSR) Generation 3-18 3-22 Cisco Wireless Control System Configuration Guide iv OL-15478-01 Contents CHAPTER Performing System Tasks 4-1 Adding System Components to the WCS Database 4-2 Adding a Controller to the WCS Database 4-2 Adding a Location Appliance to the WCS Database 4-2 Additional Functionality with Location Appliance 4-3 Using WCS to Update System Software Downloading Vendor Device Certificates Downloading Vendor CA Certificates 4-4 4-5 4-5 Using WCS to Enable Long Preambles for SpectraLink NetLink Phones Creating an RF Calibration Model CHAPTER Adding and Using Maps 4-7 5-1 Creating Maps 5-2 Adding a Campus 5-2 Adding Buildings 5-3 Adding a Building to a Campus Map 5-3 Adding a Standalone Building 5-4 Adding Outdoor Areas 5-6 Enabling Location Presence on a Location Server Searching Maps 5-9 Finding Coverage Holes 5-7 5-10 Adding and Enhancing Floor Plans 5-10 Adding Floor Plans to a Campus Building 5-11 Adding Floor Plans to a Standalone Building 5-12 Using the Map Editor to Enhance Floor Plans 5-13 Using the Map Editor to Draw Polygon Areas 5-14 Using Planning Mode to Calculate Access Point Requirements Adding Access Points 5-24 Placing Access Points 4-6 5-17 5-26 Creating a Network Design 5-28 Designing a Network 5-28 Changing Access Point Positions by Importing and Exporting a File 5-34 Using Chokepoints to Enhance Tag Location Reporting 5-35 Adding Chokepoints to the WCS Database and Map 5-35 Removing Chokepoints from the WCS Database and Map 5-42 Monitoring Chokepoints 5-43 Monitoring Maps 5-43 Monitoring Predicted Coverage 5-44 Cisco Wireless Control System Configuration Guide OL-15478-01 v Contents Access Point Layer 5-45 AP Mesh Info Layer 5-46 Clients Layer 5-47 802.11 Tags Layer 5-48 Rogue APs Layer 5-49 Rogue Clients Layer 5-50 Monitoring Channels on a Floor Map 5-51 Monitoring Transmit Power Levels on a Floor Map Monitoring Coverage Holes on a Floor Map 5-52 Monitoring Clients on a Floor Map 5-53 Monitoring Outdoor Areas 5-54 Importing or Exporting WLSE Map Data Creating and Applying Calibration Models 5-51 5-55 5-58 Analyzing Element Location Accuracy Using Testpoints Assigning Testpoints to a Selected Area 5-65 5-64 Using the Accuracy Tool to Conduct Accuracy Testing 5-68 Using Scheduled Accuracy Testing to Verify Accuracy of Current Location Using On-Demand Accuracy Testing to Test Location Accuracy 5-70 CHAPTER Monitoring Wireless Devices 5-69 6-1 Monitoring Rogue Access Points, Adhocs, and Clients Interpreting Security Summary Window 6-2 Malicious Rogue Access Points 6-4 Friendly Rogue Access Points 6-4 Unclassified Rogue Access Points 6-5 Rogue Adhocs 6-6 Most Recent Security Alerts 6-7 Most Recent Malicious Rogue Access Points Most Recent Rogue Adhocs 6-7 Signature Attacks 6-7 Access Point Threats / Attacks 6-8 Client Security Related 6-8 IPSEC Failures 6-8 Monitoring Rogue Access Point 6-8 Monitoring Rogue Adhoc 6-10 Monitoring Rogue Clients 6-10 Monitoring Shunned Clients 6-11 Rogue Access Point Location, Tagging, and Containment Detecting and Locating Rogue Access Points 6-13 6-2 6-7 6-12 Cisco Wireless Control System Configuration Guide vi OL-15478-01 Contents Monitoring Clients 6-15 WLAN Client Troubleshooting 6-16 Enabling Automatic Client Troubleshooting Finding Clients 6-30 6-30 Receiving Radio Measurements 6-34 Monitoring Mesh Networks Using Maps 6-35 Monitoring Mesh Link Statistics Using Maps 6-35 Monitoring Mesh Access Points Using Maps 6-38 Monitoring Mesh Access Point Neighbors Using Maps Monitoring Mesh Health 6-42 Mesh Statistics for an Access Point 6-40 6-44 Viewing the Mesh Network Hierarchy 6-49 Using Mesh Filters to Modify Map Display of Maps and Mesh Links 6-50 Viewing Google Earth Maps 6-52 Google Earth Settings 6-53 Viewing Clients Identified as WGBs Running a Link Test 6-54 6-55 Retrieving the Unique Device Identifier on Controllers and Access Points Coverage Hole 6-60 Monitoring Pre-Coverage Holes Viewing DHCP Statistics CHAPTER 6-57 6-60 6-62 Managing WCS User Accounts 7-1 Adding WCS User Accounts 7-2 Deleting WCS User Accounts 7-4 Changing Passwords 7-4 Monitoring Active Sessions 7-5 Viewing or Editing User Information Viewing or Editing Group Information 7-6 7-7 Setting Lobby Ambassador Defaults 7-9 Editing the Default Lobby Ambassador Credentials Viewing the Audit Trail 7-10 7-10 Enabling Audit Trails for Guest User Activities 7-12 Creating Guest User Accounts 7-12 Creating a Lobby Ambassador Account 7-14 Editing a Lobby Ambassador Account 7-15 Logging in to the WCS User Interface as a Lobby Ambassador 7-16 Cisco Wireless Control System Configuration Guide OL-15478-01 vii Contents Managing WCS Guest User Accounts 7-16 Adding Guest User Accounts 7-17 Guest User Credentials 7-18 Viewing and Editing Guest Users 7-18 Deleting Guest User Templates 7-19 Scheduling WCS Guest User Accounts 7-20 Printing or E-mailing WCS Guest User Details 7-21 Logging the Lobby Ambassador Activities 7-21 CHAPTER Configuring Mobility Groups Overview of Mobility 8-2 Symmetric Tunneling 8-5 8-1 Overview of Mobility Groups 8-5 When to Include Controllers in a Mobility Group Messaging among Mobility Groups 8-7 Configuring Mobility Groups 8-8 Prerequisites 8-8 Setting the Mobility Scalability Parameters Mobility Anchors 8-13 Configuring Mobility Anchors 8-7 8-11 8-13 Configuring Multiple Country Codes 8-15 Creating Config Groups 8-18 Adding New Group 8-19 Configuring Config Groups 8-20 Adding or Removing Controllers from Config Group 8-20 Adding or Removing Templates from the Config Group 8-21 Applying Config Groups 8-21 Auditing Config Groups 8-22 Rebooting Config Groups 8-22 Downloading Software 8-23 Downloading IDS Signatures 8-24 Downloading Customized WebAuth CHAPTER Configuring Controllers and Access Points Adding Controllers 9-1 9-2 Setting Multiple Country Codes Searching Controllers 8-25 9-3 9-4 Managing User Authentication Order 9-5 Cisco Wireless Control System Configuration Guide viii OL-15478-01 Contents Viewing Audit Status (for Controllers) 9-5 Viewing Latest Network Audit Report 9-6 Pinging a Network Device from a Controller Enabling Load-Based CAC for Controllers 9-7 9-7 Enabling High Density 9-9 Requirements 9-9 Optimizing the Controller to Support High Density Configuring 802.3 Bridging 9-10 9-12 Configuring an RRM Threshold Controller (for 802.11a/n or 802.11b/g/n) Configuring EDCA Parameters for Individual Controller Configuring SNMPv3 9-12 9-13 9-13 Configuring Global Credentials for Access Points 9-14 Autonomous to LWAPP Migration Support 9-15 Adding IOS Access Points to WCS 9-16 Adding IOS Access Points by Device Information 9-16 Adding Autonomous Access Points by CSV File 9-17 Viewing Autonomous Access Points in WCS 9-17 Work Group Bridge (WGB) Mode 9-18 Autonomous Access Point to LWAPP Access Point Migration Adding/Modifying a Migration Template 9-18 Configuring Access Points 9-18 9-19 Configuring Access Point Radios for Location Optimized Monitor Mode Scheduling Radio Status 9-25 Viewing Scheduled Tasks 9-25 Viewing Audit Status (for Access Points) 9-26 Searching Access Points 9-24 9-26 Viewing or Editing Rogue Access Point Rules 9-27 Configuring Spectrum Experts 9-28 Adding a Spectrum Expert 9-28 Monitoring Spectrum Experts 9-28 Spectrum Experts > Summary 9-29 Interferers > Summary 9-29 Spectrum Experts Details 9-30 Configuring Wired Guest Access CHAPTER 10 Using Templates 9-30 10-1 Adding Controller Templates 10-1 Configuring an NTP Server Template 10-3 Cisco Wireless Control System Configuration Guide OL-15478-01 ix Contents Configuring General Templates 10-4 Configuring QoS Templates 10-7 Configuring a Traffic Stream Metrics QoS Template 10-8 Configuring WLAN Templates 10-9 Security 10-12 QoS 10-17 Advanced 10-18 Configuring H-REAP AP Groups 10-21 Configuring a File Encryption Template 10-22 Configuring a RADIUS Authentication Template 10-23 Configuring a RADIUS Accounting Template 10-25 Configuring a LDAP Server Template 10-26 Configuring a TACACS+ Server Template 10-27 Configuring a Network Access Control Template 10-28 Configuring a Local EAP General Template 10-29 Configuring a Local EAP Profile Template 10-31 Configuring an EAP-FAST Template 10-32 Configuring Network User Credential Retrieval Priority Templates 10-34 Configuring a Local Network Users Template 10-34 Configuring Guest User Templates 10-36 Configuring a User Login Policies Template 10-37 Configuring a MAC Filter Template 10-38 Configuring an Access Point or LBS Authorization 10-39 Configuring a Manually Disabled Client Template 10-40 Configuring a CPU Access Control List (ACL) Template 10-41 Configuring a Rogue Policies Template 10-42 Configuring a Rogue AP Rules Template 10-43 Configuring a Rogue AP Rule Groups Template 10-45 Configuring a Friendly Access Point Template 10-47 Configuring a Client Exclusion Policies Template 10-48 Configuring an Access Point Authentication and MFP Template 10-50 Configuring a Web Authentication Template 10-51 Downloading a Customized Web Authentication Page 10-53 Configuring Access Control List Templates 10-55 Configuring a Policy Name Template (for 802.11a/n or 802.11b/g/n) 10-56 Configuring High Density Templates 10-59 Configuring a Voice Parameter Template (for 802.11a/n or 802.11b/g/n) 10-61 Configuring a Video Parameter Template (for 802.11a/n or 802.11b/g/n) 10-62 Configuring EDCA Parameters through a Controller Template 10-63 Configuring a Roaming Parameters Template (for 802.11a/n or 802.11b/g/n) 10-64 Cisco Wireless Control System Configuration Guide x OL-15478-01 Index file encryption template global settings 10-22 for standard and custom signatures filter deleting auto provisiioning global username and password 15-20 editing current auto provisioning 15-19 filtering Google Earth maps viewing 15-18 finding clients 6-52 GPS markers 3-6 floor plans adding to a campus building 5-11 to 5-12 adding to a standalone building enhancing with map editor 5-12 to 5-13 5-13 foreign access point interference 5-60 groups for hybrid-REAP foreign AP interference for rogue access point rules group setup window on ACS server deleting friendly access point template 10-47 6-4 7-17 creating 7-12 7-16 scheduling G 7-20 guest user activities guest user credentials general tab client properties emailing print 6-23 7-21 7-21 viewing and editing general templates guest user templates 10-4 deleting 10-36 7-18 10-36 7-19 guest WLAN 5-8 geographical coordinates 16-1 connecting 3-21 guidelines for using the map editor global credentials configuring 7-18 guest users 6-24 GEO check box 7-12 guest user details 6-21 2-14 generate password 13-58 3-21 managing configuring 13-58 guest user account adding 10-44 friendly rogue access points security 15-9 guest user 3-15 RF properties 10-45 GUEST_USER_AUTHENTICATED 10-58 home page 12-13 GUEST_USER_ADDED 10-58 friendly rogue 16-6 5-4 grid of plus marks avoiding 16-1 importing into WCS 5-10 firewall, configuring for WCS avoiding 16-2 Google KML or CSV 6-30 finding coverage holes frame type 6-47 Google Earth coordinates 15-18 15-17 filter properties 9-23 10-18 gold queue 6-50 filter member management filter mode overriding gold using to modify maps 3-16 5-13 9-14 Cisco Wireless LAN Controller Configuration Guide IN-8 OL-15301-01 Index IDS signatures H 3-9 disabling heater status 6-42 downloading heat map 3-13 downloading from config group described graphic 5-25 enabling 5-25 help menu 2-22 3-12 importing a file to change access point position of mesh network 6-49 importing asset information hierarchy of mesh parent to child 6-51 high density 9-9 high density templates 9-9 10-59 importing WLSE map data indicator of alarms 10-68 historical report type customizing content Aironet 2-18 10-19 ingress interface 2-17 input type H-REAP AP groups 3-7 9-31 15-18 inspect location readiness 10-21 10-22 using to upgrade 12-16 installing a license Hybrid REAP 11-16 B-4 installing WCS configuring 9-1, 12-1 for WLSE conversion hybrid REAP access point groups hybrid-REAP groups 10-65 12-12 12-13 Hybrid REAP local switching insufficient memory interferers 10-19 summary 9-29 internal web auth I 9-31 configuring 3-9 3-9 IDS signature events viewing 8-4 intrusion detection systems 3-9 invalid association request 6-48 invalid reassociation request 3-9 3-17 C-2 6-46 inter-subnet roaming IDS sensors 5-23 installer H-REAP groups IDS 5-22 inspect VoWLAN readiness H-REAP configuration tab auditing 5-55 2-22 infrastructure MFP configuring 16-6 information elements 14-1 home page customizing tabs 16-2 importing Google KML or CSV into WCS high throughput template configuring 11-10 16-4 into Google Earth high density requirements 5-34 importing coordinates as CSV file enabling 8-24 3-14 uploading hierarchy hysteresis 3-14 6-48 invalid reauthentication request inventory detail status inventory reports creating 6-48 2-15 14-8 14-9 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-9 Index modifying viewing backup and restore 14-9 deleting 14-9 inventory status IOS access points adding B-7 license installation B-4 license management 9-16 adding by device information IOSAP_DOWN 9-16 IOSAP_LINK_UP licenses B-5 B-2 license types 13-59 IOSAP_LINK_DOWN IOSAP_UP B-6 license agreement 2-19 B-6 B-2 licensing 13-59 on WLSE network management 13-59 lifetime 13-59 C-3 7-19 IP connectivity 6-33 linear point collection IPSEC failures 6-8 link aggregation 5-59 10-5 link aggregation (LAG) guidelines K 12-4 link metric adjusted KEK key encryption key 6-37 unadjusted 10-24 key wrap 10-24 link SNR KML file 16-2 link stats 6-37 6-37 for mesh 14-10 link test L running laptop icon latitude link test results 6-32 list all filters 16-1 Layer security solutions Layer load 3-2 10-62 9-7 lobby ambassador Layer security solutions 7-12 logging activites 3-2 Layer to Layer mode, converting Cisco Wireless LAN Solution 3-5 10-39 7-21 lobby ambassador account creating editing LDAP server 7-14 7-15 lobby ambassador defaults configuring a template for 10-26 LEAP authentication requirements setting 7-9 local authentication 8-8 legacy syslog template for hybrid-REAP groups 10-75 license adding 15-19 5-43 enabling 3-2 10-14 LBS authorization 6-37 load-based CAC 10-12 Layer security solutions Layer 6-55 local EAP check box 10-17 local EAP general template B-5 12-13 local EAP profile template 10-29 10-31 Cisco Wireless LAN Controller Configuration Guide IN-10 OL-15301-01 Index local management user template local net users template local password policy 10-77, 10-78 logging the lobby ambassador activities login.html 10-34 LOMM 15-21 local switching 3-18 9-21 configuring access point radios Hybrid REAP longitude 10-19 locating rogue access points 9-24 16-3 long preambles, enabling for SpectraLink NetLink phones 4-6 6-13 location of rogue access points 7-21 LWAPP migration 6-12 9-15 location accuracy analyzing 5-64 using testpoints M 5-64 MAC filtering location appliance importing MAC filter template 11-8 MAC frequency location appliance data backing up location appliance functionality location appliance importing message authenticator code keys 11-8 Maintain Image Aspect Ratio adding to WCS database auto-synchronizing maintaining WCS 4-2 location inventory status 1-5 most recent 2-21 9-21 management frame flood signatures managing licenses location server inventory report location server utilization 7-16 B-5 1-7 9-5 manually disabled client 2-16 14-12 template for 6-27 10-40 manufacturer information B-2 6-28 map 6-17 adding chokepoints 15-4 5-35 removing chokepoints logging in to the WCS user interface 15-24 5-42 map editor 7-15 logging into the WCS user interface logging options 3-7, 10-50 managing user authentication order 14-9 3-10 6-47 managing multiple WCSs 5-22 6-4 6-7 managing guest user accounts 5-7 location readiness logging 10-44 management queue 5-3 on a location server log analysis 6-46 management frame protection location presence location upgrade 5-54 malicious rogue access points 2-19 location optimized monitor mode location tab malicious rogue 10-24 11-1 to 11-20 malformed neighbor packets 11-11 relationship with WCS Location inspecting 3-15 MACK 4-3 location appliances assigning 10-38 3-15 MAC information 11-12 location menu 10-14 2-13 to 2-14 general notes and guidelines 5-13 using to draw polygon areas 5-14 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-11 Index map editor, enhancing floor plans mesh statistics 5-13 for an access point maps creating mesh stranded APs 5-2 to 5-25 monitoring home page 5-9 using to monitor link stats 2-17 mesh template 6-35 using to monitor mesh AP neighbors 6-40 map view configuring 10-69 mesh tree updating menu bar 14-10 mesh tab 5-43, 5-43 to 5-54 searching 6-44 viewing 6-51 6-49 2-21 mesh worst node hops 14-10 mesh access point neighbors mesh worst SNR links 14-10 monitoring message integrity check information element 6-40 mesh access points monitoring metrics in QoS 6-38 mesh alarms MFP most recent 3-7 3-7 MFP client protection 14-10 MFP templates 6-42 mesh link statistics MIC IE 6-35 6-35 minimum RSSI mesh link stats 14-10 mirror mode mesh neighbors 6-41 mobility monitoring using maps 6-49 8-13 mobility groups 8-7 configuring 8-8 12-4 mobility scalability 14-10 mesh packet error statistics 8-11 modifying access point reports 14-10 14-10 mesh parent-child hierarchical view 8-8 8-2 prerequisites 6-35 mesh packet statistics 10-64 9-22 mobility anchors 6-35 mesh networks mesh node hops 10-50 mobile announce messages mesh network mesh network hierarchy 10-20 10-50 monitoring monitoring 10-20 MFP signature generation 6-42 monitoring 10-8 for clients 2-17 mesh alternate parent mesh health 5-46 mesh report 14-6, 14-11 modifying viewing 14-11 14-11 mesh security statistics for an AP 6-42 14-4 modifying audit reports 14-6 modifying client reports 14-6, 14-7 modifying inventory reports creating 10-50 modifying map displays using filters 14-9 6-50 6-50 modifying mesh reports 14-11 modifying a migration template 9-18 modifying performance reports 14-12 modifying security reports 14-14 Cisco Wireless LAN Controller Configuration Guide IN-12 OL-15301-01 Index monitoring active sessions monitoring alarms most recent malicious rogue 7-5 most recent mesh alarms 13-4 monitoring channels on a floor map configuring setting 5-52 monitoring email notifications monitoring events 8-12 multiple country codes 5-53 monitoring coverage holes 8-15 9-3 multiple syslog template 13-13 10-76 13-12 monitoring failed objects monitoring maps 13-7 N 5-43 monitoring mesh access point neighbors 6-40 6-40 N+1 redundancy NAT monitoring mesh health 6-37, 6-42, 6-52 8-5 8-11 Navigator monitoring mesh link statistics 1-7 NetStumbler signature 6-35 3-11 network access control monitoring mesh networks using maps 6-7 multicast mobility mode on a floormap configuring template 6-35 10-28 network address translation monitoring outdoor areas 5-54 network design 6-60 network protection monitoring predicted coverage 5-44 Network Summary page 3-9 2-14 monitoring rogue access point alarms 13-7 new rogue AP count report monitoring rogue access point details 13-9 new rogue APs report monitoring rogue access points 6-8 new search monitoring rogue adhoc alarms 13-10 node hop count monitoring rogue adhocs 6-10 monitoring rogue clients 6-10, 13-13 monitoring security configurations monitoring shunned clients 6-11 monitoring spectrum experts 5-51 worst 2-17 node hops 6-46 for mesh 14-10 avoiding non-802.11 types 5-46 10-58 non-802.11 noise 10-58 non-Cisco ACS server monitor mode for use with RADIUS location optimized 9-21 note, defined most recent AP alarms 2-19 NTP server template most recent client alarms 14-13 5-9 avoiding 2-21 14-13 noise 9-28 monitoring transmit power levels on a floormap 13-14 8-11 5-28 monitoring pre-coverage holes monitor menu 2-16 most recent security alerts 5-43 monitoring clients using maps 3-3, 6-7 most recent security alarms monitoring chokepoints using maps 2-17 most recent rogue adhocs 5-51 on a floormap 6-7 2-15 15-13 xxiii 10-3 null probe response signatures 3-10 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-13 Index O performance reports on-demand accuracy testing 5-68 creating Open Source License acknowledgement B-6 optimizing the controller for high density organizationally unique identifier organization of document 6-28 xxii 14-12 viewing 14-12 performing data management tasks pico cell mode outdoor areas 15-25 10-57 pinging network devices from a controller adding to a campus map monitoring 5-6 creating 16-3 placement of access points creating with Google Earth 9-7 placemarks 5-54 outdoor location 16-1 override global username password planning mode 9-23 overview 1-2 1-3 5-26 5-18 to calculate access point requirements platinum Cisco Wireless LAN Solution WCS 14-12 modifying 9-10 14-12 10-18 platinum queue PLR 5-17 6-47 10-9 policy manager solutions 3-3 policy name template P configuring polygon areas packet error rate worse drawing with map editor 2-17 packet error rate link color 6-51 packet loss monitoring 10-8 packet latency prerequisites 6-48 packets transmitted parent TSF passthrough present map 6-48 2-2 print guest user details 7-21 10-51 purpose of document 6-34 5-7 6-32 protection type 6-46 xxii 10-15 password rules turning on or off PEAP 5-44 5-22 presence parameters 14-10 parent changes 6-60 distance based 10-9 packet statistics for mesh 5-69 predictive tool 10-8 packets received 6-46 predicted coverage, monitoring 10-8 packet loss rate 5-14 pre-coverage holes 14-10 packet jitter poor neighbor SNR position testpoints packet error statistics for mesh 10-56 15-21 10-32 Q QoS peer-to-peer blocking 10-20 10-17 QoS templates 10-7 Cisco Wireless LAN Controller Configuration Guide IN-14 OL-15301-01 Index queue refresh heatmap 14-10 queues related publications silver, gold, platinum, bronze, management quiet time 5-43 6-47 xxiii relative to ground 16-2 removing chokepoints 3-15 5-42 removing controllers from config group removing templates from config group R 8-20 8-21 report radio inventory status 802.11 counters 2-19 access point inventory radio measurements receiving busiest APs 6-34 radio receiver sensitivity client count radio status 9-25 radio templates configuring 10-82 radio utilization report 10-25 RADIUS authentication template 10-23 RADIUS servers 14-7 combined inventory 14-9 controller inventory 14-9 controller utilization 14-12 deleting location server inventory 14-9 location server utilization 14-12 mesh worst node hops 9-28 reassociation request failures 6-48 radio utilization reassociation request success 6-48 security summary reassociation request timeouts 6-48 14-12 14-3 mesh alternate parent 15-23 reachability status 14-7 coverage hole summary 14-12 RADIUS accounting template configuring 14-7 client association 10-58 14-9 14-4 busiest clients 6-29 radio resource management scheduling 14-12 14-10 14-10 14-12 14-13 traffics stream metrics 14-4 reauthentication request failures 6-48 traffic stream metrics reauthentication request success 6-48 Tx power level and channel reauthentication request timeout 6-48 unique client rebooting config groups receiving radio measurements recent alarms 2-15, 2-19 6-32 recent rogue adhoc alarm recent rogue AP alarms 2-16 2-16 recovering the WCS password refresh browser reporting tag location 5-35 11-21 access point type 14-4 disable schedule 14-2 enable schedule 14-2 mesh link stats 14-10 mesh node hops 14-10 mesh packet error statistics 5-43 refresh controller values refresh from network 14-12 reports 2-19 recent coverage holes recent map 6-34 14-12 14-7 voice statistics 8-22 14-7 9-6 5-43 mesh packet statistics 14-10 mesh worst SNR links 14-10 14-10 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-15 Index running 14-1 reset AP now rogue adhoc alarms 9-24 restore WCS values monitoring 9-6 restoring WCS database on Linux restrict by protocol 6-31 retention expiration 5-9 5-8 RF calibration model, creating RF calibration tool RLDP roaming most recent 3-3, 6-7 rogue APs layer monitoring 14-13 6-10, 13-13 rogue clients layer 8-2 roaming parameters template rogue detector ROGUE_AP_NOT_ON_NETWORK 13-61 rogue access point details routing state 13-9 rogue access point location 6-12 rogue access point rule groups 10-45 10-42 configuring a template 10-43 14-13 6-46 RRM intervals 10-67, 10-68 RRM interval template configuring rogue access point rules 10-66, 10-68 RRM thresholds 10-65 RRM threshold template 9-27 configuring rogue access points detecting 3-3 rogues detected by APs 13-7 10-65 rules 6-13 for rogue access point 6-13 detecting and locating 6-13 to 6-14 6-4 running a link test locating 6-13 running background tasks running reports 6-4 monitoring 6-2 to ??, 6-8 solutions for unclassified rogue adhoc alarm 3-3 6-5 10-43 viewing or editing for rogue access points friendly malicious 10-43 rogue policies template for rogue access point alarms alarm monitor 9-22 rogue management 10-8, 10-9 viewing or editing 5-50 rogue location discovery protocol 10-64 monitoring 14-13 rogue clients 10-74 10-43 roaming time 2-19 5-49 rogue APs report 6-23 configuring 14-13 2-16 rogue APs event report 5-25 10-74 RF update traps 6-10 rogue AP detail summary 1-7 RF prediction heat map RF properties monitoring rogue AP alarms 4-7 2-19 6-6 rogue adhocs event report 6-56 RF profile traps rogue adhoc detail summary rogue adhocs retransmission rule enable retrieving UDI 11-7 13-10 6-55 15-2 14-1 RX neighbor requests RX neighbor responses Rx sensitivity 9-27 6-46 6-46 10-60 2-16 Cisco Wireless LAN Controller Configuration Guide IN-16 OL-15301-01 Index sequence parameter S serial number saved searches 5-9 8-11 synchronizing WCS and location servers 10-65 5-68 definitions scheduled tasks 9-25 setting multiple country codes 7-9 9-3 shunned clients accessing 14-3 monitoring scheduling guest user account scheduling radio status 7-20 sidebar area 9-25 6-11 2-22 signature attacks search 6-7 signature attacks summary using for alarms search clients 13-6 silver 6-31 searching maps 9-4 15-18 skull-and-crossbones indicator security alarms sniffer most recent 6-47 single device 5-7 2-16 9-22 SNMP authentication 6-7 configuring 13-14 security mesh statistics security reports 6-47 SNR down 14-13 worst SNR UP 14-14 3-2 to 3-5 2-17 6-37 downloading config groups to controllers software, updating 6-44 security summary report adding 9-28 spectrum expert details 2-16 sensors 3-9 9-30 spectrum experts 10-84 sending mobile announce messages viewing IDS types 4-4 spectrum expert 6-2 security tab selecting access points 8-23 SpectraLink NetLink phones, enabling long preambles 4-6 14-13 security summary window home page 6-37 software security statistics for mesh 6-51 SNR link 14-14 security solutions 9-13 SNR definition 14-14 modifying 10-73 SNMPv3 security configurations monitoring 6-14 10-81 sniffer mode security alerts most recent 2-16 10-18 silver queue searching controllers viewing 5-20 setting lobby ambassodor defaults schedule panel creating 11-9 service options scheduled accuracy testing viewing 6-28 servers scalability parameters scan threshold 10-56 8-8 configuring 9-28 monitoring 9-28 summary 9-29 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-17 Index standard signatures templates 3-9, 3-15 using starting WCS on Linux test analysis 2-12 on Windows 10-1 6-33 testing 2-12 accuracy statistics DHCP testpoints 6-62 statistics tab 5-64 TFTP server 6-25 status, checking 5-68 3-12 TFTP server template 11-2 configuring status report AP profile threats 14-4 access points stopping WCS on Linux 10-71 tilt 11-3 on Windows 6-8 16-2 tool to conduct accuracy testing 11-3 supported Cisco WLSE management stations top APs by client count C-2 switch symmetric mobility tunneling symmetric tunneling 8-5 synchronize servers 11-9 syslog templates total interferer count 12-4 traffic stream metrics traffic stream metrics report TACACS+ server 10-27 10-58 5-51 monitoring on a floormap 5-51 5-52 trap 15-22 802.11 security tagging of rogue access points 6-12 5-35 10-74 trap control templates 10-72 trap receiver template 10-71 traps 6-34 AAA tasks Telnet SSH templates 14-4, 14-7 monitoring on a floor map values TACACS+ servers 10-8 10-65 transmit power level configuring a template for 10-8 14-4 transition time T importing into ACS 10-62 traffic stream metrics QoS template 2-2 tag location reporting 10-57 traffic stream metrics QoS status graphical configuring 2-15 9-30 traffic indicator message 10-5 10-75, 10-76 system requirements temperature 2-15 total APs not assigned to maps configuring for hybrid REAP target TSF 5-68 access point 15-4 10-74 client related 10-74 6-42 template configuring for rogue AP rules 10-74 template for configuring network user credentials RF profile 10-74 RF update 10-74 unsupported 10-43 10-34 10-73 WPS 13-63 10-74 Cisco Wireless LAN Controller Configuration Guide IN-18 OL-15301-01 Index traps added in 2.1 13-33 updating system software traps added in 2.2 13-37 upgrading the network traps added in 3.0 13-39 upgrading to Linux traps added in 3.1 13-41 traps added in 3.2 13-44 traps added in 4.0 13-45 traps added in 4.0.96.0 traps added in 4.1 11-21 during WLSE conversion on Linux 11-20 on Windows 13-49 11-20 uploading IDS signatures 13-51, 13-58 upstream delay traps added in 5.0 13-62 upstream packet loss rate trend report type user accounts 14-1 for guest A-1 troubleshooting voice RF coverage 10-9 10-9 7-12 managing 9-5 user authentication priority template 10-43 trusted AP policies template tunneling 3-12 user authentication order 5-23 trusted AP policies template for C-3 upgrading WCS traps added in 4.2 13-58 troubleshooting 4-4 configuring 10-43 10-78 user credential retrieval priority 8-5 turning password rules on or off Tx channel report user details 15-16 emailing 14-12 Tx neighbor requests 6-46 Tx power level report 14-12 7-21 printing 6-46 Tx neighbor responses 10-34 user groups 7-21 7-3 user interface 2-20 user login policies configuring a template U user preferences 15-31 using chokepoints UDI retrieving on controllers and access points unadjusted link metric unclassified rogue 6-57 using filtering 10-44 unclassified rogue access points 6-5 5-34 to enhance tag location reporting using edit view 6-37 10-37 5-34 13-5 6-50 using maps uninstalling WCS to monitor mesh AP neighbors 6-40 on Linux to monitor mesh link statistics 6-35 11-15 on Windows using maps to monitor mesh networks 11-15 unique client report using planning mode 14-7 unique device identifier using search 6-57 unknown association requests unknown reassociation request update map view 5-14 13-6 using template 6-48 6-49 unknown reauthentication request 6-35 6-49 ACL 10-41 for friendly access point 10-47 6-51 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-19 Index using templates video parameter template 10-1 802.11a policy name 802.11b/g RRM interval viewing audit reports 10-80 access point authorization viewing audit status 9-5 9-26 viewing autonomous access points viewing client reports local management user 14-7 identified as WGBs 6-54 10-77, 10-78 viewing DHCP statistics 6-62 viewing Google Earth maps 10-34 6-52, 16-6 MAC filter 10-38 viewing guest users NTP server 10-3 viewing IDS signature events QoS viewing mesh tree 10-23 traffic stream metrics QoS trap control view in grid 10-8 10-72 trap receiver 10-71 web authentication 6-44 13-4 14-12 2-19 viewing security reports 14-14 viewing shunned clients 3-9 viewing the audit trail 10-51 7-10 voice parameter template 10-9 configuring using testpoints to analyze element location accuracy using the installer to upgrade 5-64 10-61 voice RF coverage troubleshooting 11-16 utilization report for controllers 14-9 viewing performance reports 10-74 3-17 14-11 viewing MFP events 10-75, 10-76 Telnet SSH WLAN viewing mesh reports 10-25 RADIUS authentication syslog 7-18 viewing inventory reports 10-7 RADIUS accounting 9-17 viewing clients 10-76 10-36 local net users 14-4 14-6 for access points 10-39 10-75 for multiple syslog guest users 10-50 10-22 for legacy syslog 5-45, 5-51, 5-52, 5-53 viewing access point reports access point authentication & MFP file encryption 9-5 view filters icon 10-65 10-61 access point/radio 10-62 view audit reports 10-66, 10-68 802.11b/g RRM threshold 802.11b/g voice configuring 10-56 5-23 voice statistics report voice traffic 14-12 14-12 5-20 VoWLAN readiness inspecting V V5 Client Statistics Report 14-7 vendor CA certificates downloading 4-5 vendor device certificates downloading 4-5 5-23 W WCS checking status on Linux 11-2 Cisco Wireless LAN Controller Configuration Guide IN-20 OL-15301-01 Index on Windows installing WCS licenses 11-2 WCS Location 2-4 maintaining overview B-2 described 11-1 to 11-20 1-5 to 1-6 relationship with Cisco location appliances 1-3 servers supported WCS Navigator 1-3 starting 1-7 WCS on WLSE on Linux licensing 2-12 on Windows C-6 WCS password 2-12 recovering stopping on Linux adding 11-3 uninstalling on Linux 7-2 changing passwords deleting 11-15 on Windows described on Linux on Windows 2-13 to 2-14 WCS values 11-20 restoring 1-4 to 1-6 WCS_EMAIL_FAILURE 7-16 1-3, 1-7 logging into 11-20 7-4 7-4 WCS user interface 11-15 upgrading versions 11-21 WCS user accounts 11-3 on Windows 9-6 web authentication template 13-60 WCS-ADV-SI-SE-10 B-3 web authentication types WCS Base, described 1-4, 1-6 web auth security WCS controller deployment web auth types from WLSE autonomous enabling adding chokepoints adding controllers WGB 4-2 9-31 3-17 3-11 9-18 WGBs 4-2 viewing those clients backing up on Linux 3-18 A-3 Wellenreiter signature 5-35 adding location appliances configuring 11-5 removing chokepoints 6-54 wired guest access 11-5 to 11-6 on Windows 10-51 web login C-1 WCS database 9-30 Wireless Control System (WCS) 5-42 See WCS restoring on Linux WLANs 11-7 on Windows 11-4, 15-2 WLAN templates A-3 10-9 WLSE autonomous deployment conversion 2-13 WCS Home page WLSE management stations customizing content customizing tabs web auth security 11-6 scheduling automatic backups WCS home 1-5 2-18 2-17 C-1 C-2 WLSE map data exporting 5-55 Cisco Wireless LAN Controller Configuration Guide OL-15301-01 IN-21 Index importing 5-55 WLSE upgrade B-2 WLSE upgrade license WMM policy C-6 10-18 work group bridge mode worst node hop count 9-18 2-17 worst node hops for mesh 14-10 worst packet error rate worst SNR link 2-17 2-17 worst SNR links for mesh WPS traps 14-10 10-74 Cisco Wireless LAN Controller Configuration Guide IN-22 OL-15301-01 ... documents: Note • Wireless Control System Online Help • Release Notes for Cisco Wireless Control System 4.2 for Windows or Linux • Cisco Location Application Configuration Guide 3.1 • Release Notes... Cisco Wireless Control System Configuration Guide xx OL-15478-01 CH A P T E R Overview This chapter describes the Cisco Unified Wireless Network Solution and the Cisco Wireless Control System. .. 3-18 3-22 Cisco Wireless Control System Configuration Guide iv OL-15478-01 Contents CHAPTER Performing System Tasks 4-1 Adding System Components to the WCS Database 4-2 Adding a Controller to the