Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points - Release 15.3(3)JBB

Configuring the Access Point for the First Time

---

This chapter describes how to configure basic settings on the wireless device for the first time. The contents of this chapter are similar to the instructions in the quick start guide that shipped with the wireless device. You can configure all the settings described in this chapter using the CLI, but it might be simplest to browse to the wireless device web-browser interface to complete the initial configuration and then use the CLI to enter additional settings for a more detailed configuration.

Note The access point radio interfaces are disabled by default.

Before You Start

Before you install the wireless device, make sure you are using a computer connected to the same network as the wireless device, and obtain the following information from your network administrator:

• A system name for the wireless device
• The case-sensitive wireless service set identifier (SSID) for your radio network
• If not connected to a DHCP server, a unique IP address for the wireless device (such as 172.17.255.115)
• If the wireless device is not on the same subnet as your PC, a default gateway address and subnet mask
• A Simple Network Management Protocol (SNMP) community name and the SNMP file attribute (if SNMP is in use)
• If you use IPSU to find the wireless device IP address, the access point MAC address. The MAC address can be found on the label on the bottom of the access point (such as 00164625854c).

Resetting to Default Settings Using the MODE Button

---

Note Using the MODE button for resetting to default settings applies only to autonomous mode access points and not to lightweight mode access points.

---

Follow these steps to reset the access point to factory default settings using the access point MODE button:

---

Step 1 Disconnect power (the power jack for external power or the Ethernet cable for in-line power) from the access point.

Step 2 Press and hold the MODE button while you reconnect power to the access point.

Step 3 Hold the MODE button until the Status LED turns amber (approximately 1 to 2 seconds), and release the button. All access point settings return to factory defaults.

---

 

Resetting to Default Settings Using the CLI

---

Caution You should never delete any of the system files prior to resetting defaults or reloading software.

---

If you want to reset the access point to its default settings and a static IP address, use the write erase or erase /all nvram command. If you want to erase everything including the static IP address, in addition to the above commands, use the erase and erase boot static-ipaddr static-ipmask command.

From the privileged EXEC mode, you can reset the access point/bridge configuration to factory default values using the CLI by following these steps:

---

Step 1 Enter erase nvram: to erase all NVRAM files including the startup configuration.

---

Note The erase nvram command does not erase a static IP address.

---

Step 2 Follow the step below to erase a static IP address and subnet mask. Otherwise, go to step 3.

a. Enter write default-config.

Step 3 Enter Y when the following CLI message displays: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm].

Step 4 Enter reload when the following CLI message displays: Erase of nvram: complete. This command reloads the operating system.

Step 5 Enter Y when the following CLI message displays: Proceed with reload? [confirm].

---

Caution Do not interrupt the boot process to avoid damaging the configuration file. Wait until the access point/bridge Install Mode LED begins to blink green before continuing with CLI configuration changes. You can also see the following CLI message when the load process has finished: Line protocal on Interface Dot11Radio0, changed state to up.

---

Step 6 After the access point/bridge reboots, you can reconfigure the access point by using the Web-browser interface if you previously assigned a static IP address, or the CLI if you did not.

The access point is configured with the factory default values including the IP address (set to receive an IP address using DHCP), from privileged EXEC mode. To obtain the new IP address for an access point/bridge, you can use the show interface bvi1 CLI command.

---

 

Logging into the Access Point

A user can login to the access point using one of the following methods:

• graphical user interface (GUI)
• Telnet (if the AP is configured with an IP address)
• console port

Note Not all models of Cisco Aironet Access Points have the console port. If the access point does not have a console port, use either the GUI or the Telnet for access.

For information on logging into the AP through the GUI, refer to Using the Web-Browser Interface for the First Time.

For information on logging into the AP through the CLI refer to Accessing the CLI.

For information on logging into the AP through a console port refer to Connecting to an Access Point Locally.

Obtaining and Assigning an IP Address

To browse to the wireless device Express Setup page, you must either obtain or assign the wireless device IP address using one of the following methods:

• Connect to the access point console port and assign a static IP address. Follow the steps in the appropriate section to connect to the device console port:

– Connecting to an Access Point Locally.

– Connecting to the 1550 Series Access Point Locally

Note In some terminal emulator applications you may need to set the Flow control parameter to Xon/Xoff. If you are not able to console into the device with the flow control value set to none, try changing the flow control value to Xon/Xoff.

• Use a DHCP server (if available) to automatically assign an IP address. You can find out the DHCP-assigned IP address using one of the following methods:

– Connect to the wireless device console port and use the show ip interface brief command to display the IP address.

Follow the steps in the “Connecting to an Access Point Locally” section to connect to the console port.

– Provide your network administrator with the wireless device Media Access Control (MAC) address. Your network administrator will query the DHCP server using the MAC address to identify the IP address. The access point MAC address is on label attached to the bottom of the access point.

Connecting to an Access Point Locally

Note The following applies to all APs except the 1550 series APs.

If you need to configure the access point locally (without connecting the access point to a wired LAN), you can connect a PC to its console port using a DB-9 to RJ-45 serial cable. Follow these steps to open the CLI by connecting to the access point console port:

Step 1 Connect a nine-pin, female DB-9 to RJ-45 serial cable to the RJ-45 serial port on the access point and to the COM port on a computer. The Cisco part number for the DB-9 to RJ-45 serial cable is AIR-CONCAB1200. Browse to http://www.cisco.com/go/marketplace to order a serial cable.

Step 2 Set up a terminal emulator to communicate with the access point. Use the following settings for the terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control.

Note If xon/xoff flow control does not work, use no flow control.

Step 3 When connected, press enter or type en to access the command prompt. Pressing enter takes you to the user exec mode. Entering en prompts you for a password, then takes you to the privileged exec mode. The default password is Cisco and is case-sensitive.

Note When your configuration changes are completed, you must remove the serial cable from the access point.

Connecting to the 1550 Series Access Point Locally

If you need to configure the access point locally (without connecting to a wired LAN), you can connect a PC to the Ethernet port on the long-reach power injector using a Category 5 Ethernet cable. You can use a local connection to the power injector Ethernet port the same as you would use a serial port connection.

Note You do not need a special crossover cable to connect your PC to the power injector; you can use either a straight-through cable or a crossover cable.

Follow these steps to connect to the bridge locally:

Step 1 Make sure that the PC you intend to use is configured to obtain an IP address automatically, or manually assign it an IP address within the same subnet as the access point/bridge IP address. For example, if you assigned the access point/bridge an IP address of 10.0.0.1, assign the PC an IP address of 10.0.0.20.

Step 2 With the power cable disconnected from the power injector, connect your PC to the power injector using a Category 5 Ethernet cable. You can use either a crossover cable or a straight-through cable.

Note Communication takes place between the power injector and the access point/bridge using Ethernet Port 0. Do not attempt to change any of the Ethernet Port 0 settings.

Step 3 Connect the power injector to the access point/bridge using dual coaxial cables.

Step 4 Connect the power injector power cable and power on the access point/bridge.

Step 5 Follow the steps in the “Assigning Basic Settings” section. If you make a mistake and need to start over, follow the steps in the Resetting the Device to Default Settings.

Step 6 After configuring the access point/bridge, remove the Ethernet cable from your PC and connect the power injector to your wired LAN.

Note When you connect your PC to the access point/bridge or reconnect your PC to the wired LAN, you might need to release and renew the IP address on the PC. On most PCs, you can perform a release and renew by rebooting your PC or by entering ipconfig /release and ipconfig /renew commands in a command prompt window. Consult your PC operating instructions for detailed instructions.

Default Radio Settings

Beginning with Cisco IOS Release 12.3(8)JA, access point radios are disabled and no default SSID is assigned. This was done in order to prevent unauthorized users to access a customer wireless network through an access point having a default SSID and no security settings. You must create an SSID before you can enable the access point radio interfaces.

Assigning Basic Settings

After you determine or assign the wireless device IP address, you can browse to the wireless device Express Setup page and perform an initial configuration:

Step 1 Open your Internet browser.

Step 2 Enter the wireless device IP address in the browser address line and press Enter.
An Enter Network Password screen appears.

Step 3 Press Tab to bypass the Username field and advance to the Password field.

Step 4 Enter the case-sensitive password Cisco and press Enter.
The Summary Status page appears.

Step 5 Click Easy Setup.
The Express Setup screen appears.

Step 6 Click Network Configuration.

Step 7 Enter the Network Configuration settings which you obtained from your system administrator.
The configurable settings include:

• Host Name—The host name, while not an essential setting, helps identify the wireless device on your network. The host name appears in the titles of the management system pages.

Note You can enter up to 32 characters for the system name. However, when the wireless device identifies itself to client devices, it uses only the first 15 characters in the system name. If it is important for client users to distinguish between wireless devices, make sure that a unique portion of the system name appears in the first 15 characters.

Note When you change the system name, the wireless device resets the radios, causing associated client devices to disassociate and quickly reassociate.

• Server Protocol—Click the radio button that matches the network method of IP address assignment.

– DHCP—IP addresses are automatically assigned by your network DHCP server.

– Static IP—The wireless device uses a static IP address that you enter in the IP address field.

• IP Address—Use this setting to assign or change the wireless device IP address. If DHCP is enabled for your network, leave this field blank.

Note If the wireless device IP address changes while you are configuring the wireless device using the web-browser interface or a Telnet session over the wired LAN, you lose your connection to the wireless device. If you lose your connection, reconnect to the wireless device using its new IP address. Follow the steps in the “Resetting the Device to Default Settings” section if you need to start over.

• IP Subnet Mask—Enter the IP subnet mask provided by your network administrator so the IP address can be recognized on the LAN. If DHCP is enabled, leave this field blank.
• Default Gateway—Enter the default gateway IP address provided by your network administrator. If DHCP is enabled, leave this field blank.
• IPv6 ProtocolP—Specify the protcols to be applied, by selecting the required check boxes. You can select:

– DHCP

– Autoconfig

– Static IP

• IPv6 Address—Enter the IPv6 address
• Username—Enter the username required to access the network.
• Password—Enter the password corresponding to the username required to access the network.
• SNMP Community—If your network is using SNMP, enter the SNMP Community name provided by your network administrator and select the attributes of the SNMP data (also provided by your network administrator).
• Current SSID List (Read Only)

Step 8 Enter the following Radio Configuration settings for the radio bands supported by the access point. Both the 2.4 GHz and 5 GHz radios have the following options:

• SSID—Type the SSID in the SSID entry field. The SSID can contain up to 32 alphanumeric characters.

– Broadcast SSID in Beacon—To allow devices without a specified SSID to associate with the access point, select this check box. If this check box is selected, the access point will respond to Broadcast SSID probe requests and also broadcast its own SSID with its Beacons.
When you broadcast the SSID, devices that do not specify an SSID can associate to the wireless device. This is a useful option for an SSID used by guests or by client devices in a public space. If you do not broadcast the SSID, client devices cannot associate to the wireless device unless their SSID matches this SSID. Only one SSID can be included in the wireless device beacon.

• VLAN—To enableVLAN for the radio, click the Enable VLAN ID radio button and then enter a VLAN identifier ranging from 1- 4095. To specify this as the native VLAN, check the Native VLAN check box. To disable VLAN, click the No VLAN radio button.
• Security—Select the security setting for the SSID. The settings are listed in order of robustness, from No Security to WPA, which is the most secure setting. If you select EAP Authentication or WPA, enter the IP address (the RADIUS Server IP address) and shared secret (RADIUS Server Secret) for the authentication server on your network.

Note If you do not use VLANs on your wireless LAN, the security options that you can assign to multiple SSIDs are limited. See the “Using VLANs” section for details.

– No Security—This security setting does not use an encryption key or key management, and uses open authentication.

– WEP Key—This security setting uses mandatory WEP encryption, no key management and open authentication. You can specify up to four WEP keys, i.e. Key 1, 2, 3, and 4. Enter each key value, and specify whether it is 128 bit or 40 bit.

– EAP Authentication—The Extensible Authentication Protocols (EAP) Authentication permits wireless access to users authenticated against a database through the services of an authentication server then encrypts the authenticated and authorized traffic. Use this setting for LEAP, PEAP, EAP-TLS, EAP-TTLS, EAP-GTC, EAP-SIM, and other 802.1x/EAP based protocols. This setting uses mandatory encryption WEP, open authentication + EAP, network EAP authentication, no key management, RADIUS server authentication port 1645. Specify the RADIUS Server and the RADIUS Server Secret.

– WPA—The Wi-Fi Protected Access (WPA) security setting permits wireless access to users authenticated against a database through the services of an authentication server, then encrypts their authenticated and authorized IP traffic with stronger algorithms than those used in WEP. Make sure clients are WPA certified before selecting this option. This setting uses encryption ciphers tkip, open authentication + EAP, network EAP authentication, key management WPA mandatory, and RADIUS server authentication port 1645. Specify the RADIUS Server and the RADIUS Server Secret.

Note To better understand the security settings used here, see “Understanding the Security Settings” section.

• Role in Radio Network—Click the button that describes the role of the wireless device on your network. Select Access Point (Root) if the wireless device is connected to the wired LAN. Select Repeater (Non-Root) if it is not connected to the wired LAN. The only role supported on the Airlink is root. For information on the roles supported by different APs in a radio network, see Configuring the Role in Radio Network. The following roles are available in a radio network:

– Access Point—A root device. Accepts associations from clients and bridges wireless traffic from the clients to the wireless LAN. This setting can be applied to any access point.

– Repeater—A non-root device. Accepts associations from clients and bridges wireless traffic from the clients to root access point connected to the wireless LAN. This setting can be applied to any access point.

– Root Bridge—Establishes a link with a non-root bridge. In this mode, the device also accepts associations from clients.

– Non-Root Bridge—In this mode, the device establishes a link with a root bridge.

– Install Mode—Places the access point/bridge in auto installation mode so you can align and adjust a bridge link for optimum efficiency.

– Workgroup Bridge—In the Workgroup bridge mode, the access point functions as a client device that associates with a Cisco Aironet access point or bridge. A workgroup bridge can have a maximum of 254 clients, presuming that no other wireless clients are associated to the root bridge or access point.

– Universal Workgroup Bridge—Configures the access point as a workgroup bridge capable of associating with non-Cisco access points.

– Client MAC:—The Ethernet MAC address of the client connected to the universal workgroup bridge. This field appears only in the universal workgroup bridge mode.

– Scanner—Functions as a network monitoring device. In the Scanner mode, the access point does not accept associations from clients. It continuously scans and reports wireless traffic it detects from other wireless devices on the wireless LAN. All access points can be configured as a scanner.

• Optimize Radio Network for—Use this setting to select either preconfigured settings for the wireless device radio or customized settings for the wireless device radio.

– Throughput—Maximizes the data volume handled by the wireless device, but might reduce its range.

– Range—Maximizes the wireless device range but might reduce throughput.

– Default—Sets the default values for the access point.

– Custom—The wireless device uses the settings you enter on the Network Interfaces. Clicking Custom takes you to the Network Interfaces.

• Aironet Extensions—Enable this setting if there are only Cisco Aironet wireless devices on your wireless LAN.
• Channel—The default channel setting for the wireless device radios is least congested; at startup, the wireless device scans for and selects the least-congested channel. For the most consistent performance after a site survey, however, we recommend that you assign a static channel setting for each access point.

– For the 2.4 GHz radio, the relevant options are Least-Congested, channel 1-2412, channel 2-2417, channel 3-2422, channel 4-2427, channel 5-2432, channel 6-2437, channel 7-2442, channel 8-2447, channel 9-2452, channel 10-2457, and channel 11-2462.

– For the 5 GHz radio, the relevant options are Dynamic Frequency selection, channel 36-5180, channel 40-5200, channel 44-5220, channel 48-5240, channel 149-5745, channel 153-5765, channel 157-5785, channel 161-5805, and channel 165-5825.

• Power—Choose the power level from the Power drop-down list.

– For the 2.4 GHz radio, the relevant options are Maximum, 22, 19, 16, 13, 10, 7, and 4.

– For the 5 GHz radio, the relevant options are Maximum, 14, 11, 8, 5, and 2.

Step 9 Click Apply to save your settings.

Step 10 Click Network Interfaces to browse to the Network Interfaces Summary page.

Step 11 Click the radio interface to browse to the Network Interfaces: Radio Status page.

Step 12 Click the Settings tab to browse to the Settings page for the radio interface.

Step 13 Click Enable to enable the radio.

Step 14 Click Apply.

Your wireless device is now running but probably requires additional configuring to conform to your network operational and security requirements. Consult the chapters in this manual for the information you need to complete the configuration.

Note You can restore access points to factory defaults by unplugging the power jack and plugging it back in while holding down the Mode button for a few seconds, or until the Status LED turns amber.

Understanding the Security Settings

You can configure basic security settings in the Easy Setup > Radio Configuration section. You can use the options given in this section to create unique SSIDs and assign one of four security types to them.

You can create up to 16 SSIDs on the wireless device. The created SSIDs appear in the Current SSID List. On dual-radio wireless devices, the SSIDs that you create are enabled by default on both radio interfaces.

---

Note In Cisco IOS Release 12.4(23c)JA and 12.xxx, there is no default SSID. You must configure an SSID before client devices can associate to the access point.

---

The SSID can consist of up to 32 alphanumeric, case-sensitive, characters.

The first character can not contain the following characters:

• Exclamation point (!)
• Pound sign (#)
• Semicolon (;)

The following characters are invalid and cannot be used in an SSID:

• Plus sign (+)
• Right bracket (])
• Front slash (/)
• Quotation mark (")
• Tab
• Trailing spaces

CLI Configuration Examples

The examples in this section show the CLI commands that are equivalent to creating SSIDs using each security type. This section contains these example configurations:

• Example: No Security for Radio 2.4GHz
• Example: Static WEP for Radio 2.4 GHz
• Example: EAP Authentication
• Example: WPA2 for Radio 2.4GHz

Example: No Security for Radio 2.4GHz

This example shows a part of the resulting configuration when an SSID called no_security_ssid is created, the SSID is included in the beacon, assigned to VLAN 10, and then VLAN 10 is selected as the native VLAN:

Example: Static WEP for Radio 2.4 GHz

This example shows a part of the configuration that results from creating an SSID called static_wep_ssid, excluding the SSID from the beacon, assigning the SSID to VLAN 20, selecting 3 as the key slot, and entering a 128-bit key:

Example: EAP Authentication

This example shows a part of the configuration that results from creating an SSID called eap_ssid, excluding the SSID from the beacon, and assigning the SSID to VLAN 30:

Note The following warning message appears if your radio clients are using EAP-FAST and you do not include open authentication with EAP as part of the configuration:

SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured.

Example: WPA2 for Radio 2.4GHz

This example shows a part of the configuration that results from creating an SSID called wpa_ssid, excluding the SSID from the beacon, and assigning the SSID to VLAN 40:

Configuring System Power Settings Access Points

The AP 1040, AP 802, AP 1140, AP 1550, AP 1600, AP 2600, AP 3500, AP 3600 and AP 1260 disable the radio interfaces when the unit senses that the power source to which it is connected does not provide enough power. Depending on your power source, you might need to enter the power source type in the access point configuration. Choose the Software > System Configuration page on the web-browser interface, and then select a power option. Figure 4-1 shows the System Power Settings section of the System Configuration page.

Figure 4-1 Power Options on the System Software: System Configuration Page

Support for 802.11ac

802.11ac is the next generation wireless standard of 802.11. It is designed to provide high throughput and operate in the 5 GHz band. 802.11ac is supported on the 3700, 2700, and 1700 series access points. The 802.11ac radio depends on the 802.11n radio to be fully functional. Shutting down the 802.11n radio will affect the 802.11ac functionalities.

Power Management for 802.11ac

The 3700, 2700, and 1700 802.11ac series access points can be powered by a Power-over-Ethernet (PoE) sources, local power, or a power injector. If the AP is powered by PoE, based on the whether the source is PoE+ (802.3at) or PoE (802.3af), the AP will adjust certain radio configurations as it may require more power than provided by the inline power source.

For example, a 3700 series AP which is powered by PoE+ (802.3at) will provide 4x4:3 configuration on both radios, and when powered by PoE (802.3af) it will provide a 3x3:3 configuration on both radios. Please refer to the below table.

---

Tip Radio configurations such as 4x4:3 imply 4 transmitters and 4 receivers capable of 3 spatial streams

---

---

Note To determine whether the AP is running at high PoE power or reduced (15.4W) power, in the AP's GUI, got to the Home page. If the AP is running on reduced power, under Home:Summary Status, the following warning is displayed:

Due to insufficient inline power. Upgrade inline power source or install power injector.

---

 

All access points except outdoor mesh products can be powered over Ethernet. Access points with two radios powered over Ethernet are fully functional and support all the features. See Table 4-4 for the various power management options available.

 

Table 4-4 Inline Power Options based on Power Sources

Power Draw	Description	AP Functionality	PoE Budget (Watts) 1	802.3af	E-PoE	802.3at PoE+ PWRINJ4
PoE + 802.3at	AP3700 Out of the box	4x4:3 on 2.4/5 GHz	16.1	No	Yes	Yes
PoE 802.3af	AP3700 Out of the box	3x3:3 on 2.4/5 GHz	15.4	Yes	N/A	N/A
PoE 802.3at	AP2700 Out of the Box	3x4:3 on 2.4/5 GHz and Auxillary Ethernet Port Enabled	16.8	No	No	Yes
PoE 802.3af	AP2700 Out of the Box	3x4:3 on 5 GHz and 2x2:2 on 2.4 GHz and Auxiliary Ethernet Port Enabled	15.4	Yes	Yes	N/A

1.This is the power required at the PSE, which is either a switch or an injector.

802.11n and 802.11ac use the power levels configured on 802.11n. You cannot configure power levels independently for 802.11ac.

Assigning an IP Address Using the CLI

When you connect the wireless device to the wired LAN, the wireless device links to the network using a bridge virtual interface (BVI) that it creates automatically. Instead of tracking separate IP addresses for the wireless device Ethernet and radio ports, the network uses the BVI.

When you assign an IP address to the wireless device using the CLI, you must assign the address to the BVI. Beginning in privileged EXEC mode, follow these steps to assign an IP address to the wireless device BVI:

Using a Telnet Session to Access the CLI

Follow these steps to access the CLI by using a Telnet session. These steps are for a PC running Microsoft Windows with a Telnet terminal application. Check your PC operating instructions for detailed instructions for your operating system.

Step 1 Choose Start > Programs > Accessories > Telnet.

If Telnet is not listed in your Accessories menu, select Start > Run, type Telnet in the entry field, and press Enter.

Step 2 When the Telnet window appears, click Connect and select Remote System.

Note In Windows 2000, the Telnet window does not contain drop-down lists. To start the Telnet session in Windows 2000, type open followed by the wireless device IP address.

Step 3 In the Host Name field, type the wireless device IP address and click Connect.

Configuring the 802.1X Supplicant

Traditionally, the dot1x authenticator/client relationship has always been a network device and a PC client respectively, as it was the PC user that had to authenticate to gain access to the network. However, wireless networks introduce unique challenges to the traditional authenticator/client relationship. First, access points can be placed in public places, inviting the possibility that they could be unplugged and their network connection used by an outsider. Second, when a repeater access point is incorporated into a wireless network, the repeater access point must authenticate to the root access point in the same way as a client does.

The supplicant is configured in two phases:

• Create and configure a credentials profile
• Apply the credentials to an interface or SSID

You can complete the phases in any order, but they must be completed before the supplicant becomes operational.

Configuring IPv6

IPv6 is the latest Internet protocol for IPv, developed to provide an extremely large number of addresses. It uses 128 bit addresses instead of the 32 bit addresses that are used in IPv4.

As deployments in wireless networks use greater number of IP wireless devices and smart phones, IPv6 with its 128-bit address format can support 3.4 x 1038 address space.

IPv6 addresses are represented as a series of 16-bit hexadecimal fields separated by colons (:) in the format: x:x:x:x:x:x:x:x.

There are three types of IPv6 address types:

• Unicast

The Cisco IOS software supports these IPv6 unicast address types:

– Aggregatable Global Address

Aggregatable global unicast addresses are globally routable and reachable on the IPv6 portion of the Internet. These global addresses are identified by the format prefix of 001.

– Link-Local Address

Link-Local Addressses are automatically configured on interface using link-local prefix FE80::/10 (1111 1110 10). The interface identifier is in the modified EUI-64 format.

• Anycast can be used only by a router and not the host. Anycast addresses must not be used as the source address of an IPv6 packet.
• Multicast address is a logical identifier for a group of hosts that process frames intended to be multicast for a designated network service. Multicast addresses in IPv6 use a prefix of FF00::/8 (1111 1111)

IPv6 configuration uses these multicast groups:

– Solicited-node multicast group FF02:0:0:0:0:1:FF00::/104

– All-nodes link-local multicast group FF02::1

– All-routers link-local multicast group FF02::2

Table 4-5 lists the IPv6 address types and formats.

The following modes are supported

• Root
• Root bridge
• Non Root bridge
• Repeater
• WGB

The following modes are not supported

• Spectrum mode
• Monitor mode

Beginning in privileged EXEC mode, use these commands to enable tie ipv6 address

– ap(config)# int bv1

– ap(config-if)# ipv6 address

A link-local address, based on the Modified EUI-64 interface ID, is automatically generated for the interface when stateless autoconfiguration is enabled.

Beginning in privileged EXEC mode, use the following command to enable stateless autoconfiguration:

ap(config-if)# ipv6 address autoconfig

Beginning in privileged EXEC mode, use the following command to configure a link local addreess without assigning any other IPv6 addressesto the interface:

ap(config-if)# ipv6 address ipv6-address link-local

Beginning in privileged EXEC mode, use the following command to assign a site-local or global address to the interface:

ap(config-if)# ipv6 address ipv6-address [eui-64]

Note The optional eui-64 keyword is used to utilize the Modified EUI-64 interface ID in the low order 64 bits of the address.

IPv6 WDS Support

The WDS and the infrastructure access points communicate over a multicast protocol called WLAN Context Control Protocol (WLCCP).

Cisco IOS Release 15.2(4)JA supports communication between the WDS and Access Point through IPv6 addresses. The WDS works on a Dual Stack; that is, it accepts both IPv4 and IPv6 registeration.

IPv6 WDS AP registration

The first active IPv6 address is used to register the WDS. Table 4-7 shows different scenarios in the IPv6 WDS AP registration process.

 

Table 4-7 IPv6 WDS–AP Registration

Scenario	WDS			AP			Mode of Communication
	Dual	IPv6	IPv4	Dual	IPv6	IPv4
1	Yes			yes			IPv6
2	Yes				yes		IPv6
3	Yes					yes	IPv4
4		yes		yes			IPv6
5		yes			yes		IPv6
6		yes				yes	Fails
7			yes	yes			IPv4
8			yes		yes		Fails
9			yes			yes	IPv4

---

Note 11r roaming between IPv4 and IPv6 access points is not supported because the MDIE is different. Both AP and WDS use the first active IPv6 address in BV1 to register and advertise. Link-local is not used for registration.

---

Automatic Configuring of the Access Point

The Autoconfig feature of autonomous access points allows the AP to download its configuration, periodically, from a Secure Copy Protocol (SCP) server. If the Autoconfig feaure is enabled, the AP downloads a configuration information file from the server at a pre-configured time and applies this configuration. The next configuration download is also scheduled along with this.

Note The AP does not apply a configuration if it is the same as the last downloaded configuration.