Table Of Contents
Performing Administrative Tasks
Using Discovery and Managing Devices
Managing Devices
Changing Management Status or Deleting Devices
Limitation on the Number of Managed Devices
View Device Management History
Specifying Device Credentials
Enter SNMP Community Strings for All Devices
Community String Guidelines
Enter HTTP Usernames and Passwords—Non-IOS Access Points
Enter Telnet and SSH Usernames and Passwords—IOS Access Points
Enter HTTP Port Settings—IOS Access Points
Managing Device Discovery
Overview: Discovery
Set Up Devices
Use Discovery Options
Set Up Discovery Filters
Schedule Discovery
Run Discovery Now
Managing Device Inventories
Run Immediate Inventory—Selected Devices
Run Scheduled Inventory—Selected Devices
Viewing Inventory and Discovery Task History
Run Log Details—Discovery and Inventory
Importing Devices
Import Devices from a File
Import Devices from a CiscoWorks Server
Exporting Devices
Exporting Devices to a CiscoWorks Server
Exporting Devices to a CSV File
Managing AAA Servers
Manage LEAP Servers
Manage RADIUS Servers
Manage EAP-MD5 Servers
Manage PEAP Servers
Managing Groups
Overview: Groups
Creating a New Static Group
Creating a New Rule-Based Group
Copying a Static Group
Copying a Rule-Based Group
Editing a Static Group
Editing a Rule-Based Group
Deleting a Static or Rule-Based Group
Managing the Appliance
Viewing WLSE Status
Managing Log Files
Log Files Displayed
Restarting the Wireless LAN Solution Engine
Managing WLSE Software
Viewing Software Status
Managing the Repository
Installing Software Updates
Browsing the Repository
Viewing Software Update History
Overview: Security
Managing Security
Overview: Authentication Modules
Selecting an Authentication Module
Managing SSL (HTTPS)
Disabling or Enabling Telnet and Selecting SSH
Viewing the Last 10 Logged-On Users
Backing Up and Restoring Data
Specifying the Backup Location
Configuring a Windows 2000 or Windows XP Server as a Backup Location
Scheduling and Running Backups
Restoring Data
Copying Configuration Data from One WLSE to Another
Using Diagnostics
Viewing and Creating a Status Report
Viewing and Creating a Self-Test Report
Viewing Processes
Specifying a Splash Screen Message
Setting the Time and Specifying Name Servers
Set the Current Local and UTC Time
Specify NTP Time Servers
Specify Name Servers
Configuring the Mail Route
Using Connectivity Tools
Using Network Tools
Using the SNMP Query Tool
General System Settings
Managing System Parameters
Updating Supported Firmware Versions
Viewing Supported Firmware Versions
Administering Users
Managing Roles
Managing Users
Add Users
Modify Users
Delete Users
Modifying Your Profile
Creating Links
Running the ACS Failed Login Report
Performing Administrative Tasks
The following subtabs are displayed when you select the Administration tab:
Note 
Some of these subtabs may not be visible to some users; what you see under the Administration tab depends on your login.
•Discover—Set up access points and bridges, routers and switches, and AAA servers so they can be managed by the WLSE. Place devices under management, configure and run discovery, specify device credentials, run inventory, view discovery and inventory history, import and export devices, specify AAA servers to monitor (see Using Discovery and Managing Devices).
•Group Management—Group devices for efficient device management (see Managing Groups).
•Appliance—Manage the Wireless LAN Solution Engine system (see Managing the Appliance).
•System—Configure parameters for collecting and retaining data, view information about supported firmware versions, and update firmware support to add newly supported versions (see Managing System Parameters).
•User Admin—Manage users and user roles (see Administering Users).
•My Profile—Change your password (see Modifying Your Profile).
•Links—Set up links to other systems (such as CiscoWorks servers) and display their desktops. Run ACS failed login reports (see Creating Links).
Using Discovery and Managing Devices
When you select Administration > Discover, the following options appear in the left pane:
•Managed Devices—View newly discovered devices, change device status, and view device management history—see Managing Devices.
•Device Credentials—Specify community strings for all managed devices and specify the HTTP usernames and passwords for access points (see Specifying Device Credentials).
•Discover—Set up devices, schedule discovery, perform an immediate discovery, set up discovery filters, and set discovery options (auto-management and access point filtering)—see Managing Device Discovery.
•Inventory—Run on-demand and scheduled inventories to collect information from managed devices before the next scheduled inventory (see Managing Device Inventories)
•Task History—View details on discovery and inventory jobs (See Viewing Inventory and Discovery Task History).
•Import Devices—Import devices from a file or from a CiscoWorks server (see Importing Devices).
•Export Devices—Export devices to a CiscoWorks server that is running RME or to a file (see Exporting Devices).
•LEAP Server—Add, modify, and delete LEAP servers (see Manage LEAP Servers).
•RADIUS Server—Add, modify, and delete RADIUS servers (see Manage EAP-MD5 Servers).
•EAP-MD5 Server—Add, modify, and delete EAP-MD5 servers (see Manage EAP-MD5 Servers).
•PEAP Server—Add, modify, and delete PEAP servers (see Manage PEAP Servers).
Managing Devices
Before you can view discovered devices or perform any operations on them, you must move the devices to the managed state. When you select Administration > Discover > Managed Devices, the following options are displayed:
•Manage/Unmanage—View newly discovered devices, change device management status, or delete devices (see Changing Management Status or Deleting Devices).
•Device History—View the management history of each discovered device (see View Device Management History).
Changing Management Status or Deleting Devices
You can use the Manage/Unmanage option to change a device's management status or delete a device.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Managed Devices > Manage/Unmanage. The device selector is displayed, showing:
•Newly discovered devices (New folder). All new devices are also listed in the Unmanaged folder.
•Managed devices (Managed folder)
•Unmanaged devices (Unmanaged folder).
Step 2 To view the contents of a folder, expand the folder.
Step 3 To modify the status of the devices in a folder, click the folder name. Select one or more devices from the list and click Manage or Unmanage in the Group Change Status window. Devices are moved into the Managed or Unmanaged folders.
You must move newly discovered devices to the managed state. Only managed devices appear in WLSE displays.
Tip If you want all discovered devices to be automatically moved to the managed state or you can to filter access point management, see Use Discovery Options.
Note There is a limitation on the number of access points and bridges that can be managed by a single Wireless LAN Solution Engine. For more information, see Limitation on the Number of Managed Devices.
Step 4 After you move devices to the managed state, inventory is run for those devices. This ensures that device attributes appear in displays, such as reports and system-defined groups without waiting for the next inventory cycle. For information about running an immediate inventory, see Managing Device Inventories.
Note When auto-manage is enabled, after devices are discovered an inventory is run automatically for the auto-managed devices. For more information about auto-manage, see Use Discovery Options.
Step 5 To view details about a device, select the device from the device selector. You can change the device's status by using the Manage and Unmanage buttons.
Note Some details may not be displayed if the corresponding parameters are not set on the device; for example, Location and Contact.
The details in the Device Details pane are as follows:
Table 6-1 Device Details Pane
Field
|
Description
|
Device Name
|
Hostname, IP address, or SNMP sysname.
|
Description
|
Detailed device description.
|
Version
|
Software version installed on the device.
|
Device Family
|
Device type.
|
SysName
|
The system name.
|
SysObjectId
|
Unique identifier that identifies the device type.
|
Location
|
Where the device is located.
|
IP Address
|
Device IP address.
|
Subnet
|
Subnet in which the device is located.
|
Network Segment
|
The network segment in which the device is located.
|
Contact
|
The person to contact for this device.
|
Step 6 To delete a device, select the device from the device selector or dialog box and click Delete.
The device will be removed from the device selector and from all tables (including trend tables).
Related Topics
•Managing Device Discovery
•Device Name and IP Address Display
Limitation on the Number of Managed Devices
The WLSE 1130 can manage 2500 access points and wireless bridges. After you have placed 2500 of these devices under management, warning messages are displayed each time you place more devices in the folder. After 2550 devices are under management, no additional devices can be placed in the Managed folder.
The WLSE 1105 can manage 500 access points and wireless bridges. After you have placed 500 of these devices under management, warning messages are displayed each time you place more devices in the folder. After 525 devices are under management, no more devices can be placed in the Managed folder.
Device discovery continues after the absolute limit is reached, but no additional devices can be placed under management.
View Device Management History
The Historical Operations table shows information on all changes in device state (from unmanaged to managed or vice versa).
Note Your login determines whether you can use this option.
Procedure
Step 1 To view the Historical Operations table, select Administration > Discover > Managed Devices > Device History. The following information is displayed:
Table 6-2 Managed Device History Information
Field
|
Description
|
Timestamp
|
Date and time when the state change occurred.
|
Device Name
|
The device's hostname.
|
IP Address
|
The device's IP address.
|
State
|
The device's state:
•New—Device was discovered but has not been moved to the managed or unmanaged state.
•Managed—Device has been moved to the managed state.
•Unmanaged—Device is unmanaged.
|
Step 2 To sort table data, click on the column heading by which you want to sort the data:
•A triangle indicates ascending order.
•An upside-down triangle indicates descending order.
•No triangle indicates that the data is not sorted.
Specifying Device Credentials
This option allows you specify device community strings, device credentials, and ports:
•SNMP Communities—Specify community strings for managed devices. See Enter SNMP Community Strings for All Devices.
•HTTP User/Password—Specify the HTTP usernames and passwords for configuring non-IOS access points. See Enter HTTP Usernames and Passwords—Non-IOS Access Points.
•Telnet/SSH User/Password—Specify the Telnet usernames and passwords for IOS access points. See Enter Telnet and SSH Usernames and Passwords—IOS Access Points.
•IOS HTTP Port Settings—Specify the HTTP ports for IOS access points. See Enter HTTP Port Settings—IOS Access Points.
Enter SNMP Community Strings for All Devices
The Wireless LAN Solution Engine uses a device's read-only SNMP community string to discover the device and populate reports and uses the read/write community string to configure the device and update firmware. If community strings are not entered correctly, the WLSE cannot communicate with the device. Both read-only and read/write community strings are required.
The default community string is public for both the read-only string and the read-write string. If the community strings on your devices differ from the defaults, you must specify the community strings before the discovery process can begin and before you can configure the devices.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > SNMP Communities. The SNMP Communities dialog box contains a default entry that covers all devices, provided device community strings are set to the default (public).
Step 2 To add community strings, use either of the following methods. Use the community strings you created during initial device setup. For more information, see Set Up Devices.
•Use the individual text boxes and list for the variables: Hostname (IP address), Read Community, SNMP Timeout, SNMP Retries, and Write Community. Then click Add. The community string appears in the large textbox.
•Enter the data directly in the large text box using the following syntax:
target:read_community::timeout:retries:::write_community
Note You must enter the correct number of colons between variables. Otherwise, the community strings cannot be read.
Information about the variables follows. For more details, see Community String Guidelines.
Table 6-3 Community String Guidelines
Variable
|
Description
|
Notes
|
target
|
The IP address of a device or range of devices that use these community strings.
|
If you do not specify a target, the default community strings apply to all devices in the network.
|
read_community
|
A password allowing read-only access to the target devices.
|
You must specify the read community string. Otherwise, the default value of public is used.
|
timeout
|
The length of time (seconds) the server waits for a response from the device before performing the first retry.
|
The default is 10 seconds. If you increase the timeout period, discovery could take significantly longer to complete. The minimum value is one and the maximum value is 60.
|
retries
|
Number of attempts the server makes to communicate with the device before declaring that the device has timed out.
|
The default is one retry. If you increase the number of retries, discovery takes significantly longer to complete. The default retry policy doubles the previous timeout value for retry.
|
write_community
|
The password that allows write access to the target devices.
|
You must specify the write community string. Otherwise, the default value of public is used.
|
Step 3 To modify a community string, make your changes directly in the large textbox.
Step 4 Click Save to apply your changes.
Related Topics
Community String Guidelines
Community String Guidelines
Use these guidelines when adding or modifying community strings:
•You can assign community strings to any of the following:
–Complete IP address; for example, 172.20.4.9
–Any wild cards (based on IP addresses); for example:
*.*.*.*
172.*.*.*
–Address ranges, which can include wild cards; for example:
27.20.[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
•You can add a combination of general and specific entries, but the WLSE reads the community strings from most specific to least specific.
•If you enter duplicate community strings for a device, the most specific community string is used.
•All printable characters, except for colons (:), are allowed in community strings.
•Spaces are not allowed in community strings.
•Comments are not allowed.
Enter HTTP Usernames and Passwords—Non-IOS Access Points
HTTP usernames and passwords are required for downloading configuration files to non-IOS access points. The password must be set on each access point, and you can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on access points, see Set Up Devices.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > HTTP User/Password.
Step 2 To add a username and password:
a. Enter the access point IP address or range of IP addresses that will use this username and password.
When two or more entries match the IP address of one device, the most specific address will be used.
You can use the following guidelines for entries:
Entry Type
|
Examples
|
A complete IP address.
|
171.20.4.9
|
IP address with wildcards.
|
*.*.*.*
172.*.*.*
|
IP address with ranges [X-Y], where X is less than Y, and wildards.
|
27.20..[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
|
b. Enter the username.
c. Enter the password.
d. Click Save. The IP address and username are added to the Current Entries textbox.
Step 3 To modify an entry:
a. Select the entry from the Current Entries text box.
b. Modify fields as needed and click Save.
Step 4 To delete an entry, select it from the Current Entries text box and click Delete.
Related Topics
"Configuring Devices"
Enter Telnet and SSH Usernames and Passwords—IOS Access Points
Telnet or SSH usernames and passwords are required for applying configuration templates to IOS access points and for upgrading firmware on IOS access points. You can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on IOS access points, see Set Up Devices.
Note The Telnet/SSH credentials you enter in this dialog must match the login sequence on the IOS access points. For example, if the device prompts for an enable password only, enter the Enable Password only. Do not enter a User Name or User Password. Otherwise the WLSE will not be able to open a login session on the device.
Note Only SSH1 is supported.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > Telnet/SSH User/Password.
Step 2 To add a username and password:
Note If the device is configured only for a Telnet password, enter a User Password, but leave the User Name field empty.
a. Enter the access point IP address or range of IP addresses that will use this username and password.
b. Enter the username.
c. Enter the password.
d. Click Save. The IP address and username are added to the Current Entries textbox.
Step 3 To modify an entry:
a. Select the entry from the Current Entries text box.
b. Modify fields as needed and click Save.
Step 4 To clear your current entries, click Clear Fields.
Step 5 To delete an entry, select it from the Current Entries text box and click Delete.
Related Topics
"Configuring Devices"
Enter HTTP Port Settings—IOS Access Points
HTTP port settings are required for reports on IOS access points; the port settings are used for the links from reports to access point Web interfaces. The port you should supply for each device is the port for accessing the access point's Web interface.
Note For non-IOS access points, there is no need to specify HTTP ports. Port information is collected during inventory.
Procedure
Step 1 Select Administration > Discover > Device Credentials > IOS HTTP Port Settings.
Step 2 To add a port:
a. Enter the IP address or range of IP addresses that use this port number.
b. Enter the port number.
c. Click Save.
Step 3 Repeat Step 2 to add more IP addresses and ports.
Managing Device Discovery
When you select Administration > Discover > DISCOVER, the following options appear:
•Discovery Options—Configure automatic management of discovered devices, set reverse DNS lookup, and filter access point management—see Use Discovery Options.
Note Before devices can be discovered, they must be properly configured—see Set Up Devices.
•Filter Rules—Limit discovery by using IP address filters (see Set Up Discovery Filters).
•Schedule Discovery—Set up scheduled discoveries (see Schedule Discovery).
•Run Discovery Now—Run one-time, immediate discoveries (see Run Discovery Now)
You can also view details on the last 15 discoveries—See Viewing Inventory and Discovery Task History.
Related Topics
•Overview: Discovery
•Set Up Devices
Overview: Discovery
You can set up regularly scheduled discoveries and run one-time discoveries.
Before the WLSE can discover devices:
•Configure discovery (see Schedule Discovery) or use the on-demand discovery option (see Run Discovery Now).
As an alternative to using Cisco Discovery Protocol (CDP) to run discovery, you can import devices from a file or from a CiscoWorks server running Resource Manager Essentials (RME). See Importing Devices.
•Devices must be properly configured for access by the WLSE. See Set Up Devices.
•Community strings must be entered on the WLSE. See Enter SNMP Community Strings for All Devices).
Discovery proceeds according to the seed devices and CDP distance that you specify. The CDP distance determines the depth of the discovery. With a CDP distance of 1, only the immediate neighbors of the seed device are discovered. With a CDP distance of 2, devices A and B that are directly connected to the seed device are discovered, and the immediate neighbors of A and B are also discovered. You should set the CDP distance so that your entire wireless network is discovered.
Devices such as PCs and workstations are not valid seed devices.
If CDP is disabled, you can still discover access points by entering their IP addresses as seed values in the discovery dialogs or by importing them from a file or from a CiscoWorks server that is running RME. However, the switches directly attached to such access points will not be discovered if CDP is disabled, and switch-related reports will be empty. Routers and switches are only discovered if they have properly configured access points attached to them.
After devices are discovered, they must be moved to the managed state—see Managing Devices. Unmanaged devices do not appear in WLSE displays. You can specify auto-management of devices and limit auto-management of access points—see Use Discovery Options.
Set Up Devices
You must set up devices so the WLSE can discover and manage them. This section describes both required and optional setup tasks for:
•Set Up Non-IOS Access Points and Bridges
•Set Up IOS Access Points
•Set Up Routers and Switches
•Set Up AAA Servers
Set Up Non-IOS Access Points and Bridges
You can set up access points and bridges in two ways:
•By using the WLSE's automatic configuration option for first-time device configuration and applying a configuration template to a number of access points. For more information, see Automating Configurations.
•By opening a web browser session on each access point and performing the tasks in the following table. To use this method, you must first configure each access point or bridge for web browsing.
Table 6-4 Set Up Procedures for Non-IOS Access Points and Bridges
Tasks
|
Procedure
|
Notes
|
1. Enable Cisco Discovery Protocol (CDP).
|
1. In the Summary Status page, click Setup.
2. Under Services: Cisco Services, click Cisco Discovery Protocol.
3. Select Enabled. Click Apply or OK.
|
CDP is required for the WLSE to discover devices on the network.
|
2. Enable SNMP.
(Optional) Set the location.
(Optional) Set the system name and system contact.
|
1. In the Summary Status page, click Setup.
2. Under Services, click SNMP.
3. Select Enabled.
4. Enter a System Name, System Location, and System Contact.
5. Click Apply or OK.
|
SNMP is required for the WLSE to discover devices, populate reports, transfer configuration information to devices, and upgrade device firmware.
Setting the location enables proper grouping of devices into system-defined location groups. For more information, see Managing Groups.
Setting the system name and system location ensures that this information is included in device detail displays.
|
3. Set the read community string.
|
1. In the Summary Status page, click Setup.
2. Under Services, click Security.
3. Click User Information; then click Add New User.
4. Create a user with all privileges, including SNMP, Firmware, Write, and Admin privileges.
In addition, for access points that are running a firmware version earlier than 12.01(T), assign Ident privileges.
5. Click Apply or OK.
|
The read community string is required for device discovery and populating reports.
|
4. Set the read-write community string.
|
1. In the Summary Status page, click Setup.
2. Under Services, click Security.
3. Click User Information; then click Add New User.
4. To create a user with SNMP read/write privileges, enter a username and password and select the Write, SNMP, Firmware, and Admin privileges.
5. Click Apply or OK.
|
The read-write community string is required for configuration and firmware jobs.
|
5. Add an HTTP user with the ability to modify firmware, and enable the User Manager.
You can use the same user that you created in Task 4, if the user has firmware privileges.
|
1. In the Summary Status page, click Setup.
2. Click Security.
3. Click User Information; then click Add New User.
4. Enter a username and password and select Firmware; then click Apply.
5. Navigate back to the Security Setup page and click User Manager.
6. Select Enabled; then click Apply or OK.
|
This allows configuration uploads from the WLSE to access points.
You must also enter HTTP users and passwords on the WLSE (see Enter HTTP Usernames and Passwords—Non-IOS Access Points).
|
6. Set up TFTP as the transfer protocol between the WLSE and access points.
|
1. In the Summary Status page, click Setup.
2. Under Services, click FTP.
3. Use the pulldown menu to select TFTP as the file transfer protocol.
4. In the Default File Server text box, enter the IP address of the WLSE.
5. Click Apply or OK.
|
TFTP is used for transferring configuration changes to access points.
|
Set Up IOS Access Points
You can set up access points and bridges in the following ways:
•Use the WLSE's automatic configuration option for first-time device configuration and applying a configuration template to a number of access points—See Automating Configurations.
•Log into each device by using Telnet or SSH and use the device's CLI commands—See Set Up IOS Access Points by Using the Device CLI.
•Log into each device's Web interface—See Set Up IOS Access Points by Using the Device Web Interface.
After you set up a device, all of its MIB variables can be accessed and the device can be discovered by the WLSE.
Note VLAN information for IOS access points might not be collected by the WLSE if WEP keys are not configured in each VLAN. This affects VLAN reports, grouping, and faults. VLAN information becomes accessible through SNMP as soon as WEP keys are configured.
Set Up IOS Access Points by Using the Device CLI
Procedure
Step 1 Use Telnet or SSH to log into the AP 1100 or AP 1210.
Step 2 Enter enable mode.
Step 3 Enter global configuration mode.
Step 4 Enable CDP by entering the following command:
Note You can find out whether CDP has been enabled by using the show cdp command in enable mode.
Note If you do not wish to use CDP, you can add all access points as seeds or import devices. For more information, see Managing Device Discovery and Importing Devices.
Step 5 Enter the following commands in the sequence shown. The first two commands set the read-only SNMP community string and create an ISO view, which enables discovery and the fault and report features on the WLSE. The third command sets a read-write community string, which allows you to use the WLSE to update access point firmware and configuration.
snmp-server view iso iso included
snmp-server community community_string view iso RO
snmp-server community community_sring RW
Note These community strings must be entered on the WLSE. See Enter SNMP Community Strings for All Devices.
Note Devices that do not have an ISO view will be placed in the Misconfigured Devices system group after discovery and fault will be generated. The fault refers to a "dot 11 MIB" problem.
Step 6 You can use either Telnet or SSH to push configuration templates to IOS access points. To use templates to configure IOS access points, you must configure either Telnet or SSH or both. See Steps 7and 8 for the procedures to enable and configure SSH and Telnet.
Step 7 To enable and configure SSH, enter the following commands. In these commands, hostname is the hostname of the acccess point, and domain_name is your network's domain name (for example, cisco.com). At the prompt for the number of bits in the modulus, press Return to accept the default or enter a value.
ip domain-name domain_name
How many bits in the modulus [512]:
The following commands are recommended, but optional:
ip ssh authentication-retries 3
Step 8 To configure Telnet, enter the following commands:
The following commands are recommended, but optional:
Step 9 Exit global configuration mode, then enter the following command:
Set Up IOS Access Points by Using the Device Web Interface
Procedure
Step 1 Log into the Web interface of the AP 1100 or AP 1210 device.
Step 2 Select SERVICES from the menu, then click CDP:
a. After Cisco Discovery Protocol (CDP), select Enabled.
b. Click Apply.
Note If you do not wish to use CDP, you can add all access points as seeds or import devices. For more information, see Managing Device Discovery and Importing Devices.
Step 3 You can use either Telnet or SSH (secure shell protocol) to push configuration templates to IOS access points. To use templates to configure IOS access points, you must configure either Telnet or SSH or both. See Steps 4 and 5 for procedures.
Step 4 To enable and configure SSH (secure shell protocol), enter the following:
a. Select SERVICES > Telnet/SSH.
b. Enable Secure Shell.
c. Enter a System Name.
d. Enter a Domain Name (for example, cisco.com).
e. (Optional) Enter the RSA key size.
f. (Optional) Enter the Authentication Timeout.
g. (Optional) Enter Authentication Retries.
h. Click Apply.
Step 5 To enable and configure Telnet:
a. Select SERVICES > Telnet/SSH.
b. Enable Telnet.
c. (Optional) Enable Teletype.
d. Enter the number of Columns.
e. Enter the number of Lines.
f. Click Apply.
Step 6 Select SNMP from the menu.
a. After Simple Network Management Protocol (SNMP), select Enabled.
a. Click Apply.
Step 7 In the SNMP Request Communities section, enter a community string for the ISO view. This community string is required for discovery and to enable the fault and report features of the WLSE.
a. Enter the community string in the SNMP Community field.
b. Enter iso in the Object Identifier field.
Note Devices that do not have an ISO view will be placed in the Misconfigured Devices system group after discovery.
c. Click Read-Only.
d. Click Apply.
Step 8 In the SNMP Request Communities section, enter a community string to enable firmware and configuration updates on the access point.
a. Enter the community string in the SNMP Community field.
b. Click Read-Write.
c. Click Apply.
Step 9 The community strings created in Steps 7 and 8 must be entered on the WLSE before the device can be discovered and other WLSE features can be used. For more information, see Enter SNMP Community Strings for All Devices.
Set Up Routers and Switches
Note Only routers and switches that have properly configured access points or bridges attached to them will be discovered.
On each router and switch, configure the following:
Table 6-5 Setup Procedures for Routers and Switches
Task
|
Procedure
|
Notes
|
1. Enable CDP and verify that access points and bridges are visible from the router or switch.
|
1. In enable mode, verify that CDP is running on the device by using one of the following commands:
–On IOS-based devices—show cdp run.
–On Hybrid OS-based Catalyst switches—show cdp.
2. If CDP is not running, in global configuration mode, enter cdp run to enable CDP.
3. To verify that access points or bridges are visible in the device's CDP table, enter show cdp neighbors.
|
CDP is required for the WLSE to discover the device.
|
2. Enable SNMP and set up community strings.
|
On IOS-based devices, enter configuration mode and use the snmp community community_string ro command.
On Hybrid OS-based Catalyst devices, enter enable mode and use the set snmp community read-only community_string command.
|
SNMP is required for the WLSE to discover and manage the device.
|
3. (Optional) Set the system name, contact, and location variables.
|
On IOS-based devices, enter configuration mode and use the following commands.
•Set system name—hostname name
•Set system contact—snmp contact contact
•Set location—snmp location location
On Hybrid OS-based Catalyst switches, enter enable mode and use the following commands:
•Set system name—set system name name command.
•Set system contact—set system contact contact
•Set location—set system location location
|
These variables make the device more manageable. The location variable enables proper grouping of devices into the system-defined Location group. For more information about groups, see Managing Groups.
The system name, system contact, and location will appear in the device detail displays.
|
Set Up AAA Servers
The WLSE can monitor the performance of AAA (Authentication, Authorization, and Accounting) services provided by CiscoSecure ACS Server. To enable monitoring, you must:
•Configure CiscoSecure ACS server to recognize the WLSE as a client. Follow the procedure in this section on each server.
•For PEAP, besides the procedure in this section, you must set up a certificate and private key on the ACS server and then enable PEAP. For more information, see the CiscoSecure ACS documentation.
•Configure the WLSE to add information about LEAP, RADIUS, EAP-MD5, and PEAP servers. For more information, see Managing AAA Servers.
Procedure
Step 1 Log into the CiscoSecure ACS Server that will provide authentication services to the wireless network.
Note You will need the IP address or name of the system on which CiscoSecure ACS Server is running when you configure the WLSE.
Step 2 Click User Setup on the left side of the initial page.
Step 3 Enter a username for the user the WLSE will use for synthetic transactions and click Add/Edit.
Step 4 Enter a password in the first set of Password and Confirm Password textboxes. Click Submit.
Note You will need this name and password when configuring the WLSE.
Step 5 Click Network Configuration on the left side of the page.
Step 6 Click Add Entry. In the Add AAA Client area, enter the WLSE information in the following text boxes:
•Client Hostname—enter the WLSE hostname (or IP address)
•Client IP—enter the WLSE IP address
•Key—enter a secret key
Note You will need this key when configuring the WLSE.
Step 7 Select RADIUS (Cisco Aironet) from the Authenticate Using list.
Step 8 Click Submit or Submit+Restart. A restart is required for the changes to take effect.
Use Discovery Options
You can modify the discovery process by specifying that all discovered devices be automatically managed, enabling reverse DNS lookup, and setting up filters for auto-management of access points.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Discovery Options.
Step 2 If DNS is configured on devices, you can enable reverse DNS lookup by selecting Use reverse DNS lookup. Use of this feature affects device name display on the WLSE as follows:
Reverse DNS lookup enabled?
|
Affect on Display
|
Yes
|
If the lookup succeeds, the device name is displayed.
|
If the lookup fails, the device IP address is displayed.
|
No
|
If the device's SNMP sysName is set, the sysName is displayed.
|
If the sysName is not set, the device IP address is displayed.
|
Step 3 To enable automatic management for all discovered devices, select Auto-Manage Devices.
All discovered devices will be automatically placed in the Managed folder.
Note If you are using the automatic configuration feature, new access points and bridges added to the network will be automatically configured if Auto-Manage is enabled. For more information, see Automating Configurations.
Step 4 To use the option for auto-managing selected access points within specified time limits, see Enabling the MAC Address Filter for Access Points.
Step 5 Click Save to save all of your changes to Discovery Options.
Related Topics
Changing Management Status or Deleting Devices
Enabling the MAC Address Filter for Access Points
This option allows you to specify access points that you want to auto-manage during a specified time interval.
Auto-management affects all discovered devices. Access point filtering affects only access points. See Table 6-6 for more information.
You can specify the access points to auto-managed by entering Ethernet MAC addresses in the text box or importing a file containing Ethernet MAC addresses. For example files, see Example MAC Address Files.
Table 6-6 Access Point Filtering Outcomes
Auto-Manage selected?
|
Enable MAC Filtering selected?
|
Result
|
No
|
No
|
All discovered devices must be manually moved to the managed state.
|
Yes
|
No
|
All discovered devices are automatically moved to the managed state.
|
Yes
|
Yes
|
Only access points listed in Access Points to Auto-Manage will be auto-managed in the time interval specified.
Note If the time interval expires, newly discovered access points will not be auto-managed. Any access points that you have manually placed in the Managed folder will still be managed.
|
To enable MAC address filtering:
Step 1 Select Administration > Discover > DISCOVER > Discovery Options.
Step 2 Select Auto-Manage Devices.
Step 3 Select Enable Filtering for Auto-Manage devices.
Step 4 In the Filters Valid fields, specify the time period for auto-management.
Note When the time period expires, you must deselect Enable Filtering. Otherwise, no newly discovered access points will be managed.
Step 5 To enter Ethernet MAC addresses in the text box:
a. Remove the default * entry before beginning. Otherwise, all access points will be auto-managed regardless of the MAC addresses you enter.
b. Enter Ethernet MAC addresses in the Enter MAC Address of access point text box (in hexadecimal format) and click >>. For example, 000b46fd0286. You can use the asterisk (*) as a wildcard; for example, *b46fd0286.
Step 6 To import a list of Ethernet MAC addresses from a file:
a. Create an ASCII file consisting of one address per line or a comma-separated list (.txt file). For more information, see Example MAC Address Files.
b. Enter the path to the file in the Import From File textbox or click Browse to find the file.
c. Click Import.
Step 7 To remove an address, select it in the Valid MAC Addresses text box and click <<.
Step 8 Click Save to save all of your changes to the Discovery Options screen (see Use Discovery Options).
Example MAC Address Files
You can use either of the following file formats to import MAC addresses for limited discovery of access points:
•One address per line; for example:
•Comma-separated list; for example:
000b466e482,0000bbe8190c2,0040965b611f,000a41047e3b,0040965b5f75,
004096588420,004096543a84,000bbe6d8bd4
Set Up Discovery Filters
You can limit discovery to certain devices by setting up filter rules to include or exclude devices. Filter rules consist of device IP addresses with optional wildcards and ranges.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Filter Rules.
Step 2 Add IP addresses to the Include Rules or Exclude Rules text boxes, one entry per line. Use standard IP address format (four octets separated by periods) in which any octet can be:
•A value between 0 and 255.
•An asterisk (*) wildcard, denoting any number from 0 to 255; for example, 10.20.*.*.
•A range in which the first number is less than the second; for example, 10.20.30[50-60].
Rules cause discovery to be limited as described in the following table.
Note Exclude rules take precedence over include rules.
Table 6-7 Effects of Include and Exclude Rules in Discovery Filters
|
