cc/td/doc/product/access/mar_3200
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Configuring Multiple Client Profiles

Overview

MCP Support in the 12.3(8)JK Release

MCP Support in 12.4(3)JK and Later Releases

Setting Priority in 12.4(3)JK and Later Releases

Configuring a WMIC for MCP (12.4(3)JK or Later Releases)

Configuration Examples

Configuring a WMIC for MCP (12.3(8)JK Only)

Configuration Examples


Configuring Multiple Client Profiles

This chapter describes how to configure multiple client profiles (MCP) on the Cisco wireless mobile interface card (WMIC).

Note The multiple client profiles feature is supported on only 2.4-GHz C3201 WMICs.

Overview

MCP Support in the 12.3(8)JK Release

A universal workgroup bridge with multiple client profiles can automatically select a client profile, based on the available infrastructure and set of client profiles. A client profile consists of a service set identifier (SSID) and encryption settings that are bounded by a VLAN ID. To configure the SSID, you use the ssid command in global configuration mode. To configure encryption settings, you use the interface dot11radio command in global configuration mode.

For the 12.3(8)JK release, MCP is supported only on universal workgroup bridges and is subject to the following constraints:

To activate the feature, you must enable the universal workgroup bridge and multiple client profiles.

All universal workgroup bridge limitations and constraints apply to multiple client profiles.

Each SSID should have an assigned VLAN ID. The cipher suites and Wired Equivalent Privacy (WEP) for each SSID should be configured with the same assigned VLAN ID.

The infrastructure SSID and guest mode should not be configured.

Neither radio interface nor Ethernet interface should have the dot1q trunk configured.

Fast roaming is not supported. Fast roaming is supported only through a single SSID across the entire roaming network.

Support is provided for up to 16 multiple client profiles per WMIC.

Activated profiles will use the first available SSID. Priority setting among SSIDs is not supported.

MCP Support in 12.4(3)JK and Later Releases

In 12.4(3g)JK and later releases, MCP has been redesigned to support the following client modes:

workgroup-bridge

universal workgroup-bridge

non-root bridge

You no longer need to enable MCP by running the client profile multiple command. Any SSID configured into the dot11 interface in these client modes is automatically picked up as an active client profile.

In addition, you no longer need a VLAN ID to combine each SSID with its encryption settings. Instead, the encryption settings have been moved from the dot11 interface into each SSID profile. For more information, see Chapter 8, "Configuring Cipher Suites and WEP."

The new client profile supports priority setting. The higher priority SSID may have more opportunities to get associated compared to lower priority SSIDs.

Setting Priority in 12.4(3)JK and Later Releases

In 12.4(3g)JK and later release, each SSID profile can be configured with a priority level (1 to 16) if the WMIC works in client modes. The highest priority level is 1 and the lowest is 16.

By default, each profile is configured with the lowest priority level. The priority level does not appear in the running configuration.

For example, to set an SSID with a scanning priority of 5, you would enter the following:

client# configure terminal
client(config)# dot11 ssid sample
client(config-ssid)# priority 5
client(config-ssid)#end

The higher priority SSID may have more opportunities to get associated as opposed to lower priority SSIDs if their matching root devices all exist in the same wireless environment. However, there is no guarantee that the higher priority SSID will always get preference over lower priority SSIDs. There are many uncertainties in the wireless environment that affect association, such as signal strength, wireless qualities, root side traffic loads, and receiving collisions.

Configuring a WMIC for MCP (12.4(3)JK or Later Releases)

You can configure a WMIC with MCP in one of the following modes: workgroup-bridge, universal workgroup-bridge, or non-root bridge. In any of these configurations, the WMIC can support up to 16 different SSID profiles in the dot11 interface.

Each SSID profile may own different encryptions and priorities. Any SSID configured into the dot11 interface will be automatically picked up as an active client profile.

To configure a WMIC for MCP, follow these steps, beginning in privileged EXEC mode.

 
Command
Purpose

Step 1 

configure terminal

Enters global configuration mode.

Step 2 

interface dot11 radio 0

Enters interface configuration mode for radio interface 0.

Step 3 

station-role {workgroup-bridge [universal address] | non-root}

Changes station-role to permit support for workgroup-bridge, universal workgroup bridge, or non-root bridge modes.

The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices.

Step 4 

ssid ssid-name

Enables the SSID for this interface.

Examples:

#(config-if) ssid mcp_ssid1

#(config-if) ssid mcp_ssid2

#(config-if) ssid mcp_ssid3

#(config-if) ssid mcp_ssid4

Step 5 

end

Returns to privileged EXEC mode.

Step 6 

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To remove a client profile, simply remove the SSID from the dot11 interface.

Configuration Examples

The example in this section describes how to configure four client profiles with different encryption, authentication and priority settings.

Table 6-1 shows the settings for the four client profiles.

Table 6-1 Multiple Client Profile Example (12.4(3) Release or Later) 

Client Profile
A
B
C
D

SSID

FREE_NET

LEAP_TKIP

EAPTLS_AES

STATIC_WEP128

Authentication Type

open

LEAP

EAP_TLS

open

Encryption Type

none

TKIP

AES

WEP128

Assigned VLAN ID

2

8

11

13


The following commands are used to configure the client profiles listed in Table 6-1.

Client profile A:
client# configure terminal
client(config)# dot11 ssid FREE_NET
client(config-ssid)# authentication open
client(config-ssid)# priority 2
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid FREE_NET
client(config-if)# endf

Client profile B:
client# configure terminal
client(config)# dot11 ssid LEAP_TKIP
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# authentication client username aLeapUser password ciscoleap
client(config-ssid)# encryption mode cipher tkip
client(config-ssid)# priority 8
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid LEAP_TKIP
client(config-if)# endif

Client profile C:
client# configure terminal
client(config)# dot11 ssid EAPTLS_AES
client(config-ssid)# authentication open eap eap_methods
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# encryption mode cipher aes
client(config-ssid)# dot1x credentials authUserProfile
client(config-ssid)# dot1x eap profile tlsProfile
client(config-ssid)# priority 11
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid EAPTLS_AES
client(config-if)# endif

Client profile D:
client# configure terminal
client(config)# dot11 ssid STATIC_WEP128
client(config-ssid)# authentication open
client(config-ssid)# encryption mode cipher wep128
client(config-ssid)# encryption key 2 size 128bit 0 11223344556677889900112233
client(config-ssid)# priority 13
client(config-ssid)# end
client# config terminal
client(config)# interface dot11Radio 0
client(config-if)# ssid STATIC_WEP128
client(config-if)# endif

Configuring a WMIC for MCP (12.3(8)JK Only)

You can configure a WMIC device in universal workgroup bridge mode and enable multiple client profile. In this configuration, the WMIC can support up to 16 different SSIDs and encryption settings; by contrast, a single client profile consists of an SSID and encryption setting that are bounded by a VLANID through the vlan keyword.

To configure the WMIC for multiple client profiles, follow these steps, beginning in privileged EXEC mode.

 
Command
Purpose

Step 1 

configure terminal

Enters global configuration mode.

Step 2 

interface dot11 radio 0

Enters interface configuration mode for radio interface 0.

Step 3 

station-role workgroup-bridge universal address

Changes station-role to permit support for universal workgroup bridge. The address is the MAC address of the router interface on the wireless and mobile router and is needed to instruct the router to associate with Cisco and non-cisco root devices.

Step 4 

client profile multiple

Enables the multiple client profile.

Step 5 

encryption [vlan vlan-id ] key 1-4 size {40bit | 128Bit} encryption-key [transmit-key]

Configures proper encryption for each SSID bounded by dot11 VLANID. For this step, it is assumed that SSID security has already been configured.

Example:

#encryption vlan 11 key 3 size 40bit abcdef9876

#encryption vlan 11 mode wep mandatory

#encryption vlan 21 key 2 size 128bit 98765432109876543210abcdef

#encryption vlan 21 mode wep mandatory key-hash

#encryption vlan 34 mode wep mandatory mic key-hash

#encryption vlan 35 mode ciphers tkip wep128

Step 6 

ssid ssid-name

Enables the SSID for this interface.

Examples:

#ssid v11_open_wep40

#ssid v21_open_wep128

#ssid v34_wpapsk_tkip

#ssid v35_wpapsk_aes

Step 7 

end

Returns to privileged EXEC mode.

Step 8 

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

When you enable or disable the multiple client profiles feature, all ssid and encryption commands are removed from the interface.

Configuration Examples

You can configure a WMIC device in universal workgroup bridge mode and enable multiple client profiles to support up to 16 client profiles. The example in this section describes four client profiles with different encryption and authentication settings and assigned VLAN IDs.

Table 6-2 shows the settings for the four client profiles.

Table 6-2 Multiple Client Profile Example 

Client Profile
A
B
C
D

SSID

FREE_NET

LEAP_TKIP

EAPTLS_AES

WPAPSK_WEP128

Authentication Type

open

LEAP

EAP_TLS

WPA PSK

Encryption Type

none

TKIP

AES

128bits WEP key

Assigned VLAN ID

8

25

102

11


The following commands are used to configure the client profiles.

Client profile A:

client# configure terminal
client(config)# dot11 ssid FREE_NET
client(config-ssid)# vlan 8
client(config-ssid)# authentication open
client(config-ssid)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid FREE_NET
client(config-if)# end

Client profile B:

client# configure terminal
client(config)# dot11 ssid LEAP_TKIP
client(config-ssid)# vlan 25
client(config-ssid)authentication network-eap eap_methods
client(config-ssid)authentication key-management wpa
client(config-ssid)authentication client username aLeapUser password ciscoleap
client(config-ssid)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# encryption vlan 25 mode ciphers tkip
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid LEAP_TKIP
client(config-if)# end

Client profile C:

client# configure terminal
client(config)# dot11 ssid EAPTLS_AES
client(config-ssid)# vlan 102
client(config-ssid)# authentication open eap eap_methods
client(config-ssid)# authentication network-eap eap_methods
client(config-ssid)# authentication key-management wpa
client(config-ssid)# dot1x credentials authUserProfile
client(config-ssid)# dot1x eap profile tlsProfile
client(config-ssid)# end
client# config terminal
client(config-if)# encryption vlan 102 mode ciphers aes-ccm
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid EAPTL_AES
client(config-if)# end


Client profile D:

client# config terminal
client(config)# dot11 ssid WPAPSK_WEP128
client(config-ssid) vlan 11
client(config-ssid)# authentication open
client(config-ssid)# authentication key-management wpa optional
client(config-ssid)# wpa-psk ascii mobile11
client(config-ssid)# end
client# config terminal
client(config-if)# encryption vlan 11 key 3 size 128bit 98765432109876543210abcdef transmit-key
client(config-if)# encryption vlan 11 mode ciphers tkip wep128
client(config-if)# end
client# config terminal
client(config)# interface Dot11Radio 0
client(config-if)# ssid WPAPSK_WEP128
client(config-if)# end

hometocprevnextglossaryfeedbacksearchhelp

Posted: Wed Feb 13 22:30:53 PST 2008
All contents are Copyright © 1992--2008 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.