Step 9. Note: Your client device must support WPS for this feature to work. The WPS push button might be called something else, depending on the brand of your client device. It is typically located somewhere around the Wi-Fi Settings.
The images on this section are taken from an Android device. Note: A window will appear showing that it is searching for your client device. Tap OK to continue when your client device has successfully connected. Back on the router web-based utility, the prompt below will pop up. Click OK. Click Register. The page should automatically refresh when it is connected. On the client device, tap OK to continue when it has successfully connected to the wireless network.
In the version 4. The MAR not only has Fast Ethernet and Serial interface connections for other client devices, but can also use them to connect to other network devices for backhaul purposes. Figure illustrates this example. The Wireless However, when a WLAN connection is not available, cellular technology provides a backup link. Connection priority can be set by routing priority, or by the priority for Mobile IP. When they must communicate with another node in the network, their traffic is sent to their default gateway, the Cisco Series router.
This traffic then crosses the WLAN to the controller where it is then forwarded out the controller interface to the wired network. Return traffic destined for any client attached to the MAR would be forwarded via a static route pointing back to the controller of the Mesh network. Figure shows the return path to the MAR. Mobile IP eliminates the need for static routing and will be discussed further in this chapter. If the deployment calls for more complexity such as secondary cellular backhaul links then Mobile IP will be required.
The following is a configuration example for the MAR It can be used as a step-by-step process to configure the Universal Work Group Bridge client using open authentication, and WEP encryption. Use a straight through DB9-to-DB9 cable. Step 1 Connect to and log into the Mobile Router. Step 2 Create a loopback interface and assign an IP address. VLAN 3 is used for the 2. Step 3 Configure your authentication type:. Step 4 Configure your encryption key, if needed:. Step 6 Bridge the dot11 interface:.
Step 7 Bridge the ethernet interface:. Step 8 Configure the bridged virtual interface:. Four basic triggers start the WMIC scanning for a better root bridge or access point:. Only the last two items in this list are configurable using the packet retries command and mobile station period X threshold Y in dBm ; the remainder are hard-coded. If a client starts scanning because of a loss of eight consecutive beacons, the message "Too many missed beacons" is displayed on the console.
The WMIC in this case acting as a universal bridge client much like any other wireless client in its behavior. When a client device completes MAC authentication to your authentication server, the access point adds the client's MAC address to the cache. Use the timeout option to configure a timeout value for MAC addresses in the cache.
Enter a value from 30 to in seconds. The default value is 30 minutes. When you enter a timeout value, MAC-authentication caching is enabled automatically. Shows entries in the MAC-authentication cache. Include client MAC addresses to show entries for specific clients. Clears all entries in the cache. Include client MAC addresses to clear specific clients from the cache. Use the no form of the dot11 aaa mac-authen filter-cache command to disable MAC authentication caching. The following example shows how to enable MAC authentication caching with a one-hour timeout:.
To configure holdoff times, reauthentication periods, and authentication timeouts for client devices that authenticate through your access point, follow these steps, beginning in privileged EXEC mode:.
Enters the number of seconds that a client device must wait before it can reattempt to authenticate after a failed authentication. The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point.
Enter a value from 1 to The optional no keyword resets the timeout to its default state, Enters the interval, in seconds, that the access point waits before forcing an authenticated client to reauthenticate.
Enter the server keyword to configure the access point to use the reauthentication period that is specified by the authentication server. This attribute sets the maximum number of seconds of service to be provided to the client before termination of the session or before the prompt. The server sends this attribute to the access point when a client device performs EAP authentication. The access point uses the Session-Timeout attribute for the last authentication that the client performs.
If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period. Use the no form of these commands to reset the values to default settings. Traditionally, the dot1x authenticator and client have been a network device and a PC client, the supplicant, respectively, as it was the PC user that had to authenticate to gain access to the network.
Access points can be placed in public places, inviting the possibility that they could be unplugged and their network connection used by an outsider. You can complete the phases in any order, but they must be completed before the supplicant becomes operational. To create an Creates a dot1x credentials profile and enters the dot1x credentials configuration submode. Hidden passwords are used when applying a previously saved configuration. LINE —An unencrypted clear text password.
Note Unencrypted and clear text are the same. You can enter a 0 followed by the clear text password, or omit the 0 and enter the clear text password. Use the no form of the dot1x credentials command to negate a parameter. The following example creates a credentials profile named test with the username user and a the unencrypted password password :.
To apply the credentials to the access point's wired port, follow these steps, beginning in privileged EXEC mode:. The following example applies the credentials profile test to the access point's Fast Ethernet port:. If you have a repeater access point in your wireless network and are using the Enters the Note The first character cannot be the! The following example applies the credentials profile test to the ssid testap1 on a repeater access point.
This section describes the optional configuration of an EAP method list for the Configuring EAP method profiles enables the supplicant to not acknowledge some EAP methods, even though they are available on the supplicant. Use the no command to negate a command or to set its defaults.
Use the show eap registrations method command to view the currently available registered EAP methods. Use the show eap sessions command to view existing EAP sessions.
This operation normally applies to root access points. This operation typically applies to repeater access points. Note The repeater mode is not supported on Cisco and Cisco series embedded-wireless devices. To use the authentication types described in this section, the access point authentication settings must match the authentication settings on the client adapters that associate to the access point. Table 1 lists the client and access point settings required for each authentication type.
Note Some non-Cisco Aironet client adapters do not perform Likewise, to allow both Cisco Aironet Note If you are running an If you do not configure open authentication with EAP, the following warning message appears:. Note To allow both
0コメント