|
Table Of Contents
Configuring Multiple Client Profiles
MCP Support in the 12.3(8)JK Release
MCP Support in 12.4(3)JK and Later Releases
Setting Priority in 12.4(3)JK and Later Releases
Configuring a WMIC for MCP (12.4(3)JK or Later Releases)
Configuring a WMIC for MCP (12.3(8)JK Only)
Configuring Multiple Client Profiles
This chapter describes how to configure multiple client profiles (MCP) on the Cisco wireless mobile interface card (WMIC).
Note The multiple client profiles feature is supported on only 2.4-GHz C3201 WMICs.
Overview
MCP Support in the 12.3(8)JK Release
A universal workgroup bridge with multiple client profiles can automatically select a client profile, based on the available infrastructure and set of client profiles. A client profile consists of a service set identifier (SSID) and encryption settings that are bounded by a VLAN ID. To configure the SSID, you use the ssid command in global configuration mode. To configure encryption settings, you use the interface dot11radio command in global configuration mode.
For the 12.3(8)JK release, MCP is supported only on universal workgroup bridges and is subject to the following constraints:
•To activate the feature, you must enable the universal workgroup bridge and multiple client profiles.
•All universal workgroup bridge limitations and constraints apply to multiple client profiles.
•Each SSID should have an assigned VLAN ID. The cipher suites and Wired Equivalent Privacy (WEP) for each SSID should be configured with the same assigned VLAN ID.
•The infrastructure SSID and guest mode should not be configured.
•Neither radio interface nor Ethernet interface should have the dot1q trunk configured.
•Fast roaming is not supported. Fast roaming is supported only through a single SSID across the entire roaming network.
•Support is provided for up to 16 multiple client profiles per WMIC.
•Activated profiles will use the first available SSID. Priority setting among SSIDs is not supported.
MCP Support in 12.4(3)JK and Later Releases
In 12.4(3g)JK and later releases, MCP has been redesigned to support the following client modes:
•workgroup-bridge
•universal workgroup-bridge
•non-root bridge
You no longer need to enable MCP by running the client profile multiple command. Any SSID configured into the dot11 interface in these client modes is automatically picked up as an active client profile.
In addition, you no longer need a VLAN ID to combine each SSID with its encryption settings. Instead, the encryption settings have been moved from the dot11 interface into each SSID profile. For more information, see Chapter 8, "Configuring Cipher Suites and WEP."
The new client profile supports priority setting. The higher priority SSID may have more opportunities to get associated compared to lower priority SSIDs.
Setting Priority in 12.4(3)JK and Later Releases
In 12.4(3g)JK and later release, each SSID profile can be configured with a priority level (1 to 16) if the WMIC works in client modes. The highest priority level is 1 and the lowest is 16.
By default, each profile is configured with the lowest priority level. The priority level does not appear in the running configuration.
For example, to set an SSID with a scanning priority of 5, you would enter the following:
client# configure terminal
client(config)# dot11 ssid sample
client(config-ssid)# priority 5
client(config-ssid)#end
The higher priority SSID may have more opportunities to get associated as opposed to lower priority SSIDs if their matching root devices all exist in the same wireless environment. However, there is no guarantee that the higher priority SSID will always get preference over lower priority SSIDs. There are many uncertainties in the wireless environment that affect association, such as signal strength, wireless qualities, root side traffic loads, and receiving collisions.
Configuring a WMIC for MCP (12.4(3)JK or Later Releases)
You can configure a WMIC with MCP in one of the following modes: workgroup-bridge, universal workgroup-bridge, or non-root bridge. In any of these configurations, the WMIC can support up to 16 different SSID profiles in the dot11 interface.
Each SSID profile may own different encryptions and priorities. Any SSID configured into the dot11 interface will be automatically picked up as an active client profile.
To configure a WMIC for MCP, follow these steps, beginning in privileged EXEC mode.
To remove a client profile, simply remove the SSID from the dot11 interface.
Configuration Examples
The example in this section describes how to configure four client profiles with different encryption, authentication and priority settings.
Table 6-1 shows the settings for the four client profiles.
The following commands are used to configure the client profiles listed in Table 6-1.
Client profile A:
client# configure terminal
client(config)# dot11 ssid FREE_NET
client(config-ssid)# authentication open
client(config-ssid)# priority 2
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid FREE_NET
client(config-if)# endf
Client profile B:
client# configure terminal
client(config)# dot11 ssid LEAP_TKIP
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# authentication client username aLeapUser password ciscoleap
client(config-ssid)# encryption mode cipher tkip
client(config-ssid)# priority 8
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid LEAP_TKIP
client(config-if)# endif
Client profile C:
client# configure terminal
client(config)# dot11 ssid EAPTLS_AES
client(config-ssid)# authentication open eap eap_methods
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# encryption mode cipher aes
client(config-ssid)# dot1x credentials authUserProfile
client(config-ssid)# dot1x eap profile tlsProfile
client(config-ssid)# priority 11
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid EAPTLS_AES
client(config-if)# endif
Client profile D:
client# configure terminal
client(config)# dot11 ssid STATIC_WEP128
client(config-ssid)# authentication open
client(config-ssid)# encryption mode cipher wep128
client(config-ssid)# encryption key 2 size 128bit 0 11223344556677889900112233
client(config-ssid)# priority 13
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid STATIC_WEP128
client(config-if)# endif
Configuring a WMIC for MCP (12.3(8)JK Only)
You can configure a WMIC device in universal workgroup bridge mode and enable multiple client profile. In this configuration, the WMIC can support up to 16 different SSIDs and encryption settings; by contrast, a single client profile consists of an SSID and encryption setting that are bounded by a VLANID through the vlan keyword.
To configure the WMIC for multiple client profiles, follow these steps, beginning in privileged EXEC mode.
When you enable or disable the multiple client profiles feature, all ssid and encryption commands are removed from the interface.
Configuration Examples
You can configure a WMIC device in universal workgroup bridge mode and enable multiple client profiles to support up to 16 client profiles. The example in this section describes four client profiles with different encryption and authentication settings and assigned VLAN IDs.
Table 6-2 shows the settings for the four client profiles.
The following commands are used to configure the client profiles.
Client profile A:
client# configure terminal
client(config)# dot11 ssid FREE_NET
client(config-ssid)# vlan 8
client(config-ssid)# authentication open
client(config-ssid)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid FREE_NET
client(config-if)# end
Client profile B:
client# configure terminal
client(config)# dot11 ssid LEAP_TKIP
client(config-ssid)# vlan 25
client(config-ssid)authentication network-eap eap_methods
client(config-ssid)authentication key-management wpa
client(config-ssid)authentication client username aLeapUser password ciscoleap
client(config-ssid)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# encryption vlan 25 mode ciphers tkip
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid LEAP_TKIP
client(config-if)# end
Client profile C:
client# configure terminal
client(config)# dot11 ssid EAPTLS_AES
client(config-ssid)# vlan 102
client(config-ssid)# authentication open eap eap_methods
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# dot1x credentials authUserProfile
client(config-ssid)# dot1x eap profile tlsProfile
client(config-ssid)# end
client# config terminal
client(config-if)# encryption vlan 102 mode ciphers aes-ccm
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid EAPTL_AES
client(config-if)# end
Client profile D:
client# config terminal
client(config)# dot11 ssid WPAPSK_WEP128
client(config-ssid) vlan 11
client(config-ssid)# authentication open
client(config-ssid)# authentication key-management wpa optional
client(config-ssid)# wpa-psk ascii mobile11
client(config-ssid)# end
client# config terminal
client(config-if)# encryption vlan 11 key 3 size 128bit 98765432109876543210abcdef transmit-key
client(config-if)# encryption vlan 11 mode ciphers tkip wep128
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid WPAPSK_WEP128
client(config-if)# end
Posted: Wed Feb 13 22:30:53 PST 2008
All contents are Copyright © 1992--2008 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.