Cisco Systems 3.2 Wireless Office Headset User Manual


 
6-4
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 6 Configuring WLANs
Configuring Wireless LANs
Configuring a Timeout for Disabled Clients
You can configure a timeout for disabled clients. Clients who fail to authenticate three times when
attempting to associate are automatically disabled from further association attempts. After the timeout
period expires, the client is allowed to retry authentication until it associates or fails authentication and
is excluded again. Use these commands to configure a timeout for disabled clients:
Enter config wlan blacklist wlan-id timeout to configure the timeout for disabled clients. Enter a
timeout from 1 to 65535 seconds, or enter 0 to permanently disable the client.
Use the show wlan command to verify the current timeout.
Assigning Wireless LANs to VLANs
Use these commands to assign a wireless LAN to a VLAN:
Enter this command to assign a wireless LAN to a VLAN:
config wlan vlan wlan-id { default | untagged | vlan-id controller-vlan-ip-address vlan-netmask
vlan-gateway }
Use the default option to assign the wireless LAN to the VLAN configured on the network port.
Use the untagged option to assign the wireless LAN to VLAN 0.
Use the vlan-id, controller-vlan-ip-address, vlan-netmask, and vlan-gateway options to assign
the wireless LAN to a specific VLAN and to specify the controller VLAN IP address, the local
IP netmask for the VLAN, and the local IP gateway for the VLAN.
Enter show wlan to verify VLAN assignment status.
Note Cisco recommends that you assign one set of VLANs for wireless LANs and a different set of VLANs
for management interfaces to ensure that controllers properly route VLAN traffic.
To remove a VLAN assignment from a wireless LAN, use this command:
config wlan vlan wlan-id untagged
Configuring Layer 2 Security
This section explains how to assign Layer 2 security settings to wireless LANs.
Dynamic 802.1X Keys and Authorization
Cisco Wireless LAN Controllers can control 802.1X dynamic WEP keys using EAP (extensible
authentication protocol) across access points, and support 802.1X dynamic key settings for wireless
LANs.
Enter show wlan wlan-id to check the security settings of each wireless LAN. The default security
setting for new wireless LANs is 802.1X with dynamic keys enabled. To maintain robust Layer 2
security, leave 802.1X configured on your wireless LANs.
To disable or enable the 802.1X configuration, use this command:
config wlan security 802.1X {enable | disable} wlan-id