Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating and Managing a WLAN Service Profile

    WLAN Service profiles create an SSID and provide many of the parameters the SSID needs to operate—you must have at least one WLAN Service profile in your wireless network. There are no default WLAN Profiles provided in Network Director. Therefore, you must create at least one WLAN Service profile. For more information about the individual WLAN Service profile parameters, see Understanding WLAN Service Profiles.

    This topic describes:

    Managing WLAN Service Profiles

    From the Manage WLAN Service Profiles page, you can:

    • Create a new WLAN Service profile by clicking Add. For directions, see Creating a WLAN Service Profile.
    • Modify an existing profile by selecting it and then clicking Edit.
    • View information about a WLAN Service profile by either clicking the profile name or by selecting the profile and clicking Details.
    • Delete profiles by selecting a profile and clicking Delete.

      Tip: You cannot delete profiles that are in use—that is, assigned to objects or used by other profiles. To see the current assignments for a profile, click the hyperlink provided for the profile name to display the details.

    • Clone a profile by selecting a profile and clicking Clone.

    Table 1 describes the information provided about WLAN Service profiles on the Manage WLAN Service Profiles page. This page lists all WLAN Service profiles defined for your network, regardless of your current selected scope in the network view.

    Table 1: Manage WLAN Service Profile Fields

    Field

    Description

    Profile Name

    Name given to the profile when the profile was created.

    Device Family

    Wireless controllers (WLC)

    SSID

    Name broadcast by access points to radios.

    SSID Type

    SSID type refers to encryption. Encryption is either on (Crypto) or off (Clear).

    Service Profile Type

    WLAN Service profiles are tailored for different conditions, such as WEB, Open, Voice, 802.1X, or Custom.

    Authorization Profile Name

    Associated Authorization profile name. Authorization refers to the levels of information available to each client.

    Authentication Profile Name

    Associated Authentication profile name. Authentication is the process of identifying yourself to the network, for example logging on.

    CoS Profile

    Class of Services profile associated with this WLAN Service profile. For more information, see Understanding Class of Service (CoS) Profiles.

    Description

    Any description provided during creation of the WLAN Service profile.

    Creation Time

    Date and time when the profile was created.

    Last Updated Time

    Date and time when the profile was last modified.

    User Name

    The username of the person or system that created or modified the profile.

    Tip: All columns might not be currently displayed. To show or hide fields in the table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

    Before You Create a WLAN Service Profile

    You need at least one Authentication Profile and one Authorization profile to create a WLAN Service profile—these profiles are mapped to the WLAN Service profile to create an SSID. You can use existing Authentication Profiles and Authorization profiles—see Creating and Managing Authentication Profiles) or an Authorization profile (Creating and Managing Wireless Authorization Profiles). You can alternately create the profiles during WLAN Service profile creation.

    Creating a WLAN Service Profile

    In Network Director, you configure wireless SSIDs by creating WLAN Service profiles. In a WLAN Service profile, at minimum with Quick Setup, you specify:

    • A WLAN Profile name
    • A Service Profile Type: 802.1X, Voice, Web Portal, Open Access, or Custom
    • An SSID name
    • Encryption setting (on or off). If encryption is on, you must indicate a method of encryption.
    • Authentication for client connection
    • Authorization for client connection

    To create a WLAN Service profile:

    1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

      Tip: Do not select Dashboard View, Virtual View, or Topology View.

    2. Click in the Network Director banner.
    3. In the Tasks pane, expand Wireless, expand Profiles, and then click WLAN Service.

      The Manage WLAN Service Profiles page opens, displaying the list of currently configured WLAN Service profiles.

    4. Click Add.

      The Create WLAN Profile page is displayed with two tabs, Quick Setup and Custom Setup. The Quick Setup page is displayed.

    5. You can complete only the required settings for a WLAN Service profile as described in both the online help and in Specifying WLAN Service Profile Quick Setup.
    6. Optionally, click the Custom Setup tab and complete any or all advanced settings for a WLAN Service profile as described in both the online help and in Specifying WLAN Service Profile Custom Setup Settings.
    7. Click Done.

      The WLAN Service profile is added to the list of profiles that you can include in a Radio profile.

    Note: Assigned settings from any profile, including this one, have lower priority than settings made directly to a controller or an access point. For more information, see Adding and Managing an Individual Access Point and Configuring a Controller .

    Specifying WLAN Service Profile Quick Setup

    To configure only the required settings for the WLAN Service profile, enter the settings described in Table 2. Required settings are indicated by a red asterisk (*) that appears next to the field label in the user interface.

    Table 2: WLAN Service Profile Quick Setup

    Field

    Action

    Profile Name
    (all Service Profile Types)

    Type a unique name that identifies the profile.

    Use up to 32 characters for wireless profile names. Profile names must not contain special characters or spaces. Note that profiles automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

    Description
    (all Service Profile Types)

    Type 0 through 256 alphanumeric characters, including spaces and special characters.

    Service Profile Type

    Indicate one of these Service profiles:

    • 802.1X Service Profile
    • Voice Service Profile
    • Web Portal Service Profile
    • Open Access Service Profile
    • Custom Service Profile

    The remaining setting options change, depending on which Service profile you selected here.

    SSID
    (all Service profile types)

    Type a unique name to be broadcast from access points and selected by clients. Use up to 32 characters and only the special character _. For more information about SSIDs, see Understanding Network Director SSID Configuration Using Profiles and Understanding the Network Terms SSID, BSSID, and ESSID.

    SSID Type
    (Voice, Web-Portal, Open-Access, Custom Service Profile)

    SSID type refers to the encryption setting, which is either Encrypted or Unencrypted. For more information, see Understanding Wireless Encryption and Ciphers . If you selected the Service Profile Type 802.1X, the SSID Type is automatically set—you have no option here.

    Vendor
    (Voice Service Profile Type)

    Select one of the supported vendors for voice products:

    • SpectraLink
    • Vocera
    • Avaya
    • Ascom
    • Aastra
    • Other

    Enable Voice Tracking
    (Voice Service Profile Type)

    You can configure or select a CoS Profile to work with the WLAN Service profile for wireless access to Voice over IP (VoIP) devices.

    Security Settings

    You can have any or all of the available security types enabled: RSN (WPA2), WPA, or Static WEP.

    RSN (WPA2) or WPA
    (802.1X, Voice, and Custom Service Profile Types)

    AES (CCMP): WPA2 with CCMP

    CCMP encryption ciphers are part of WPA2 (RSN) encryption. Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard and is based on the Counter Mode with CBC-MAC (CCM) of the AES standard. For more information, see Understanding Wireless Encryption and Ciphers .

    Note: CCMP and TKIP ciphers can be applied simultaneously. In this case, clients will authenticate to the CCMP version if possible, otherwise they will use the TKIP version.

    TKIP: WPA2 with TKIP

    TKIP encryption ciphers are part of WPA encryption. Temporal Key Integrity Protocol (TKIP) provides link-layer security without requiring replacement of legacy hardware the way CCMP does. For more information, see Understanding Wireless Encryption and Ciphers .

    Note: CCMP and TKIP ciphers can be applied simultaneously. In this case, clients will authenticate to the CCMP version if possible, otherwise they will use the TKIP version.

    Static WEP
    (802.1X, Voice, and Custom Service Profile Types)

    To enable static WEP encryption, configure the static WEP keys and assign them to unicast and multicast traffic. Make sure you configure the same static keys on the clients.

    Authentication Settings

    Authentication is the process of identifying yourself to the network, for example logging on. Here you have the option to use an existing Authentication Profile (Select Existing Authentication) or to set authentication settings (Configure Authentication Settings). For more information about Authentication Profiles, see Understanding Authentication Profiles.

    Configure Authentication Settings for an 802.1X Service Profile, Voice Service Profile, or Web Portal

    Authentication for 802.1X, voice, or a Web portal is done with a RADIUS server. You can either create a RADIUS server configuration here or you can select an existing RADIUS server.

    The default is to create a RADIUS server. Provide a RADIUS Server Address and Secret.

    To use an existing RADIUS server, enable Select RADIUS Server, click Select, and then select one of the RADIUS servers listed in the Choose RADIUS Profile window. Click OK.

    Configure Authentication Settings for a Custom Service Profile

    When you enable Configure Existing Authentication for a Custom Service Profile, add one or more Access Rules to the WLAN Profile:

    1. Click Add.

      The Add access Rule window opens.

    2. Select an access type:
      • 802.1X Access—Authenticate the client by using 802.1X authentication. For more information, see Understanding the IEEE 802.11 Standard for Wireless Networks.
      • MAC Access—Authenticate the client by using MAC RADIUS authentication.
      • Web Access—Have clients log into a Web page before granting access to the SSID.
      • Open Access—Automatically authenticate the client and enable access to the requested SSID without requiring a username and password.

      Tip: Open Access has no additional authentication settings. You can only indicate that you want to Enable Accounting. You must either enable local accounting or specify an Access Profile.

    3. Provide a matching glob, a shorthand method for matching an authentication, authorization, and accounting (AAA) to either a single user or a set of users. A user glob can contain up to 80 characters and cannot include spaces or tabs. The double-asterisk (**) wildcard characters with no delimiter characters match all user names. The single-asterisk (*) wildcard character matches any number of characters up to, but not including, a delimiter character in the glob. Valid user glob delimiter characters are the at (@) sign and the period (.).

      Note: The matching glob value must be unique and cannot be used for any other access rules.

    4. Select an EAP type:
      • External Authentication Server (default)—Use an external server for authentication. Do not Enable Local Authentication if you select this.
      • PEAP Offload—Offload all EAP processing from server groups. In this case, the RADIUS server is not required to communicate by using the EAP protocols.
      • Local EAP—Use a local database to authenticate clients. Encryption and data integrity checking are provided for the connection. Use only with Local Authentication.
    5. Either Enable Authentication or Enable Local Authentication, depending on which option you chose in the previous step.
    6. Optionally, Enable Accounting and/or Enable Local Accounting. Select a Record Type, either Start-Stop or Stop-Only.
    7. You need to reference an Access Profile.

      Create an Access Profile by providing a RADIUS Server Address and RADIUS Secret.

      Select an Access Profile by enabling Select Access Profile and selecting an Access Profile from the list.

    8. Click OK.

      The Add access Rule window closes and the access rule is added to the list of Access Rules under Authentication Settings.

     
     
    Authorization Settings

    Authorization refers to the levels of information available to each client. For more information, see Understanding Authorization Profiles.

    Configure Authorization Settings
    (all service types)

    When you enable Configure Authorization Settings, select either a VLAN Name or a VLAN Pool.

    When you select VLAN Name do the following:

    1. Click Select.

      The Choose VLAN Profile window opens.

    2. Select one of the existing VLAN Profiles from the list.
    3. Click OK.

      The Choose VLAN Profile window closes and the name of the VLAN Profile you selected appears in the VLAN Name field under Authorization Settings.

    When you select VLAN Pool do the following:

    1. Click Select.

      The Choose VLAN Pool window opens.

    2. Select one of the existing VLAN pools from the list.
    3. Click OK.

      The Choose VLAN Pool window closes and the name of the VLAN pool you selected appears in the VLAN Pool field under Authorization Settings.

    Select Existing Authorization
    (all service types)

    When you enable Select Existing Authorization, do the following:

    1. Click Select.

      The Choose Authorization Profile window opens.

    2. Select one of the existing Authorization Profiles from the list.
    3. Click OK.

      The name of the Authorization Profile you selected appears in the Authorization Profile field under Authorization Settings.

    Specifying WLAN Service Profile Custom Setup Settings

    When you select the Custom Setup tab, nine different groups of settings are available in a list on the left side of the window: Basic Settings, Web Portal Settings, 802.11n and Client Type Settings, Voice Configuration, Broadcast Settings, Client Timeouts, Rate Configuration, and Device Detection.

    Follow these directions to reconfigure any of the nine WLAN Service profile options under the Custom Setup tab:

    Specifying Basic Settings for Custom WLAN Profile Setup

    Table 3 describes the required basic settings for a WLAN Service profile. These are the same settings found under the Quick Setup tab.

    Table 3: WLAN Service Profile Basic Settings

    Field

    Action

    Profile Name
    (all Service Profile Types)

    Type a unique name that identifies the profile.

    Use up to 32 characters for wireless profile names. Profile names must not contain special characters or spaces. Note that profiles automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

    Description
    (all Service Profile Types)

    Type 0 through 256 alphanumeric characters, including spaces and special characters.

    Service Profile Type

    Indicate one of these Service profiles:

    • 802.1X Service Profile
    • Voice Service Profile
    • Web Portal Service Profile
    • Open Access Service Profile
    • Custom Service Profile

    The remaining setting options change, depending on which Service profile you selected here.

    SSID
    (all Service profile types)

    Type a unique name to be broadcast from access points and selected by clients. Use up to 32 characters and only the special character _. For more information about SSIDs, see Understanding Network Director SSID Configuration Using Profiles and Understanding the Network Terms SSID, BSSID, and ESSID.

    SSID Type
    (Voice, Web-Portal, Open-Access, Custom Service Profile)

    SSID type refers to the encryption setting, which is either Encrypted or Unencrypted. For more information, see Understanding Wireless Encryption and Ciphers . If you selected the Service Profile Type 802.1X, the SSID Type is automatically set—you have no option here.

    Vendor
    (Voice Service Profile Type)

    Select one of the supported vendors for voice products:

    • SpectraLink
    • Vocera
    • Avaya
    • Ascom
    • Aastra
    • Other

    Enable Voice Tracking
    (Voice Service Profile Type)

    You can configure or select a CoS Profile to work with the WLAN Service profile for wireless access to Voice over IP (VoIP) devices.

    Security Settings

    You can have any or all of the available security types enabled: RSN (WPA2), WPA, or Static WEP.

    RSN (WPA2) or WPA
    (802.1X, Voice, and Custom Service Profile Types)

    AES (CCMP): WPA2 with CCMP

    CCMP encryption ciphers are part of WPA2 (RSN) encryption. Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard and is based on the Counter Mode with CBC-MAC (CCM) of the AES standard. For more information, see Understanding Wireless Encryption and Ciphers .

    Note: CCMP and TKIP ciphers can be applied simultaneously. In this case, clients will authenticate to the CCMP version if possible, otherwise they will use the TKIP version.

    TKIP: WPA2 with TKIP

    TKIP encryption ciphers are part of WPA encryption. Temporal Key Integrity Protocol (TKIP) provides link-layer security without requiring replacement of legacy hardware the way CCMP does. For more information, see Understanding Wireless Encryption and Ciphers .

    Note: CCMP and TKIP ciphers can be applied simultaneously. In this case, clients will authenticate to the CCMP version if possible, otherwise they will use the TKIP version.

    Static WEP
    (802.1X, Voice, and Custom Service Profile Types)

    To enable static WEP encryption, configure the static WEP keys and assign them to unicast and multicast traffic. Make sure you configure the same static keys on the clients.

    Authentication Settings

    Authentication is the process of identifying yourself to the network, for example logging on. Here you have the option to use an existing Authentication Profile (Select Existing Authentication) or to set authentication settings (Configure Authentication Settings). For more information about Authentication Profiles, see Understanding Authentication Profiles.

    Configure Authentication Settings for an 802.1X Service Profile, Voice Service Profile, or Web Portal

    Authentication for 802.1X, voice, or a Web portal is done with a RADIUS server. You can either create a RADIUS server configuration here or you can select an existing RADIUS server.

    The default is to create a RADIUS server. Provide a RADIUS Server Address and Secret.

    To use an existing RADIUS server, enable Select RADIUS Server, click Select, and then select one of the RADIUS servers listed in the Choose RADIUS Profile window. Click OK.

    Configure Authentication Settings for a Custom Service Profile

    When you enable Configure Existing Authentication for a Custom Service Profile, add one or more Access Rules to the WLAN Profile:

    1. Click Add.

      The Add access Rule window opens.

    2. Select an access type:
      • 802.1X Access—Authenticate the client by using 802.1X authentication. For more information, see Understanding the IEEE 802.11 Standard for Wireless Networks.
      • MAC Access—Authenticate the client by using MAC RADIUS authentication.
      • Web Access—Have clients log into a Web page before granting access to the SSID.
      • Open Access—Automatically authenticate the client and enable access to the requested SSID without requiring a username and password.

      Tip: Open Access has no additional authentication settings. You can only indicate that you want to Enable Accounting. You must either enable local accounting or specify an Access Profile.

    3. Provide a matching glob, a shorthand method for matching an authentication, authorization, and accounting (AAA) to either a single user or a set of users. A user glob can contain up to 80 characters and cannot include spaces or tabs. The double-asterisk (**) wildcard characters with no delimiter characters match all user names. The single-asterisk (*) wildcard character matches any number of characters up to, but not including, a delimiter character in the glob. Valid user glob delimiter characters are the at (@) sign and the period (.).

      Note: The matching glob value must be unique and cannot be used for any other access rules.

    4. Select an EAP type:
      • External Authentication Server (default)—Use an external server for authentication. Do not Enable Local Authentication if you select this.
      • PEAP Offload—Offload all EAP processing from server groups. In this case, the RADIUS server is not required to communicate by using the EAP protocols.
      • Local EAP—Use a local database to authenticate clients. Encryption and data integrity checking are provided for the connection. Use only with Local Authentication.
    5. Either Enable Authentication or Enable Local Authentication, depending on which option you chose in the previous step.
    6. Optionally, Enable Accounting and/or Enable Local Accounting. Select a Record Type, either Start-Stop or Stop-Only.
    7. You need to reference an Access Profile.

      Create an Access Profile by providing a RADIUS Server Address and RADIUS Secret.

      Select an Access Profile by enabling Select Access Profile and selecting an Access Profile from the list.

    8. Click OK.

      The Add access Rule window closes and the access rule is added to the list of Access Rules under Authentication Settings.

     
     
    Authorization Settings

    Authorization refers to the levels of information available to each client. For more information, see Understanding Authorization Profiles.

    Configure Authorization Settings
    (all service types)

    When you enable Configure Authorization Settings, select either a VLAN Name or a VLAN Pool.

    When you select VLAN Name do the following:

    1. Click Select.

      The Choose VLAN Profile window opens.

    2. Select one of the existing VLAN Profiles from the list.
    3. Click OK.

      The Choose VLAN Profile window closes and the name of the VLAN Profile you selected appears in the VLAN Name field under Authorization Settings.

    When you select VLAN Pool do the following:

    1. Click Select.

      The Choose VLAN Pool window opens.

    2. Select one of the existing VLAN pools from the list.
    3. Click OK.

      The Choose VLAN Pool window closes and the name of the VLAN pool you selected appears in the VLAN Pool field under Authorization Settings.

    Select Existing Authorization
    (all service types)

    When you enable Select Existing Authorization, do the following:

    1. Click Select.

      The Choose Authorization Profile window opens.

    2. Select one of the existing Authorization Profiles from the list.
    3. Click OK.

      The name of the Authorization Profile you selected appears in the Authorization Profile field under Authorization Settings.

    Specifying WLAN Settings for Custom WLAN Profile Setup

    Reconfigure any or all of the available advanced WLAN settings listed in Table 4 for any WLAN Service profile.

    Table 4: Custom WLAN Settings for WLAN Profiles

    Field

    Description

    Beacon
    (default is enabled)

    Select this check box to indicate that the SSID name of this WLAN will be broadcast. Clear this check box to hide the name of the SSID. See Understanding Network Director SSID Configuration Using Profiles.

    Keep Initial VLAN
    (default is disabled)

    Select this check box to specify that VLANs persist over different controllers. If an 802.1X user is not assigned to a VLAN by AAA, and subsequently roams to a controller where the VLAN he was in does not exist, a tunnel is set up so that the user stays in that VLAN. This, however, does not work for Web portal clients. For more information about configuring VLANs in Network Director, see Understanding VLAN Profiles, and Creating and Managing VLAN Profiles.

    Load Balance Exempt
    (default is disabled)

    Select this check box to prevent access points from sharing the data traffic load for this SSID. This only has an effect if the associated Access profile has load-balancing enabled. For more information about load-balancing, see Understanding Load Balancing for Wireless Radios.

    Fall Through Access
    (default is None)

    Select the action the system will take when authentication fails. You can indicate that a Web Portal be used login or you can just enable login with open access (Last Resort). The default is None. If you select Web Portal, you must also complete the additional Web Portal Settings under the Authentication Profile tab—see either Creating and Managing Authentication Profiles or Specifying WLAN Service Profile Quick Setup.

    Bandwidth Limit
    (default is disabled)

    Select this option to limit the bandwidth of any client session connected to an access point with this given WLAN Service profile (SSID). You must also indicate a Max Bandwidth—default is 1Kbps.

    Max Bandwidth: If Bandwidth Limit is selected, select a maximum bandwidth in kilobytes per second to limit any client session connected to an access point with this given WLAN Service profile (SSID). This bandwidth setting in a WLAN Service profile overrides any bandwidth setting configured in a CoS profile as part of an Authorization profile. Default is 1Kbps.

    Backup SSID Mode
    (default is disabled)

    You can enable this option and then provide a backup SSID for remote access points on the network. Configure the SSID in Creating and Managing Remote Site Profiles. Also see Access Points Are in Located Remote Sites, Assigning Remote Site Profiles to Access Points, Understanding Remote Access Points

    Backup SSID Timeout—Check to measure the length of time before the backup SSID starts to broadcast.

    Backup SSID Timeout—Length of time a remote access point is non-functional before the backup SSID starts to broadcast.

    Keep Clients
    (default is enabled)

    Specifies whether clients (sessions) are dropped or not during an outage period. The default is to keep the sessions.

    Multicast Conversion
    (default is disabled)

    When checked, this feature enables multicast to unicast conversion on packets.

    Specifying Web Portal Settings Under Advanced WLAN Profile Setup

    If Service Profile Type (under the Basic Settings tab) is set to Web Portal Service Profile, complete the Web Portal Settings listed in Table 5.

    Table 5: Web Portal Settings for WLAN Profiles

    Field

    Description

    Web Portal ACL
    (Web Portal Service Profile only)

    ACL stands for access control list. To restrict Layer 3 traffic among clients in the same VLAN, use an ACL. You can configure the ACL yourself or use the Restrict L3 Traffic option. The default is portalacl.

    Web Portal Login Page
    (Web Portal Service Profile only)

    To add a Web Portal Login page, select Web Portal Logout and indicate the Web Portal Login Page name.

    Web Portal Logout
    (Web Portal Service Profile only)

    By default, Web Portal Logout is disabled—you do not need to provide a logout page. If you want to provide a logout page, enable this option and then provide the name of the page under Web Portal Logout.

    Specifying 802.11n and Client Type Settings Under Advanced WLAN Profile Setup

    If your access points and/or clients are capable of 802.11n transmission, you can change the settings listed in Table 6 for those devices.

    Table 6: 802.11n and Client Settings for WLAN Profiles

    Field

    Description

    Client Types
    (all profile types)

    All of the listed client types are enabled by default. Disable any type by removing the check mark.

    802.11n

    802.11ng Mode
    (all profile types)
    (default is Enabled)

    When 802.11n is an enabled client type for this WLAN, enable 802.11ng Mode to accept additional connections from 802.11g clients.

    802.11na Mode
    (all profile types)
    (default is Enabled)

    When 802.11n is an enabled client type for this WLAN, enable 802.11na Mode to accept additional connections from 802.11a clients.

    Guard Interval
    (all profile types)


    (all profile types)


    (default is Short)

    Select a guard interval value (Long or Short). The guard interval is the space between symbols (characters) being transmitted—it eliminates inter-symbol interference. In normal 802.11 operation, the guard interval is 800 ns (Long). In 802.11n operation, short guard intervals of 400 ns are supported. By reducing this interval (by selecting Short), data bits are transmitted in shorter intervals and provide increased throughput.

    Tip: Legacy devices might require long guard intervals.

    Frame Aggregation for 802.11n
    (all profile types)(default is All)

    When 802.11n is an enabled client type, you can enable frame aggregation for the listed frame types:

    • All—After transmission of every 802.11n frame, an idle time called Interframe Spacing (IFS) is observed before transmitting the subsequent frame.
    • MSDU—Aggregate MAC Service Data Unit aggregation collects Ethernet frames to be transmitted to a single destination and wraps them in a single 802.11n MAC header frame. This is efficient because Ethernet headers are much shorter than 802.11 headers. Only MSDUs with whose destination address and source address map to the same receiver address and transmitter address are aggregated.
    • MPDU: Aggregated - MAC Protocol Data Unit aggregation collects multiple 802.11n packets of application data into a single packet called an A-MPDU. This reduces the IFS number, which in turn provides more time for data transmission. In addition, clients operating in 802.11n send acknowledgement for block of packets instead of individual packet acknowledgement, reducing overhead involved in frame acknowledgements and increasing overall throughput.
    • Disabled

    A-MSDU Max Length
    (default is 4K)

    Select a maximum length for a MAC service data unit (MSDU)—4K or 8K. An MSDU is the service data unit received from the logical link control (LLC) sub-layer which lies above the medium access control (MAC) sub-layer in a protocol stack. When 802.11n is an enabled client type for this WLAN, you can configure the maximum aggregated MSDU packet length. This enables joining multiple packets together into a single transmission unit, in order to reduce the overhead associated with each transmission. Default is 4K.

    A-MPDU Max Length
    (default is 64K)

    Select the MPDU maximum length for 802.11n frame aggregation—8K, 16K, 32K, or 64K. An idle time called Interframe Spacing (IFS) is observed before transmitting a data frame. When 802.11n is an enabled client type for this WLAN, multiple packets of application data are aggregated into a single packet. This is called A-MPDU (Aggregated - MAC Protocol Data Unit). This reduces the number of IFS, which in turn provides more time for data transmission. In addition, clients operating in 802.11n send acknowledgement for block of packets instead of individual packet acknowledgement. This reduces the overhead involved in frame acknowledgements and increases the overall throughput.

    Specifying Voice Configuration Settings Under Advanced WLAN Profile Setup

    Voice support can be part of any WLAN Service profile and you can reconfigure any of the voice settings listed in Table 7.

    Table 7: Voice Settings for WLAN Profiles

    Field

    Description

    CAC Mode
    (default is None)
    (all profile types)

    Select either None (no call admission control constraint), Session (call admission constrained by total number of sessions on this WLAN), or VoIP Session (call admission constrained by total number of voice over IP sessions on this WLAN). When enabled, CAC limits the number of active sessions to 14 on a radio by default. You can change the maximum number of sessions to a value from 0 to 100. For more information about call admission control, see Understanding Call Admission Control.

    Max Associated Sessions—If call admission control (CAC) is set to Session, select a number from 0 through 500 to limit the number of sessions by using this WLAN Service profile. Default is 14.

    Max VoIP Calls—If call admission control (CAC) is set to VoIP Session,select a number from 0 through 100 to limit the voice over IP calls by using this WLAN Service profile. Default is 12.

    Short Retry Count
    (default is 5)
    (all profile types)

    Select the number of times (1 through 15) a channel tries to send a frame without getting a response—the default is 5. By default, the frag-threshold setting uses the short-retry-count for frames less than 2346 bytes.

    Long Retry Count
    (default is 5)
    (all profile types)

    Select number of times (1 through 15) a channel tries to send a frame without getting a response—the default is 5. By default, the frag-threshold setting uses the long-retry-count for frames 2346 bytes or longer.

    Specifying Broadcast Settings Under Advanced WLAN Profile Setup

    Broadcast Settings are mechanisms to reduce overhead caused by wireless broadcast traffic or traffic from unauthenticated clients. Any of the settings listed in Table 8 can be enabled for any of the profile types:

    Table 8: Broadcast Settings for WLAN Profiles

    Field

    Description

    Proxy ARP
    (disabled by default)
    (all profile types)

    Select to have the controller respond on behalf of wireless clients to ARP requests for IP addresses.

    No Broadcast
    (disabled by default)
    (all profile types)

    Select to send unicasts to clients for ARP requests and DHCP offers. Send ACKs instead of forwarding them as multicasts.

    DHCP Restrict
    (disabled by default)
    (all profile types)

    Select to have controller capture but not forward any traffic except DHCP traffic for a wireless client during authentication and authorization.

    Specifying Client Timeouts Under Advanced WLAN Profile Setup

    Client Timeout settings determine when clients are dropped by the network. Any of the settings listed inTable 9 can be reconfigured:

    Table 9: Client Timeout Settings for WLAN Profiles

    Field

    Description

    User Idle Timeout
    (default is 180 seconds)
    (all profile types)

    Select the number of seconds (20 through 86400) that a voice call can be idle before it is dropped. Default is 180.

    Idle Client Probing
    (default is enabled)
    (all profile types)

    Select to send keepalives from radios to idle clients on the SSID to check for rogue devices.

    Web Portal Session Timeout
    (default is 5 seconds)
    (all profile types)

    If a Web portal is configured, select the maximum number of seconds (5 through 28800) a user session on a Web portal can last before it is dropped. Default is 5 seconds.

    Note: Web portals are configured in Authentication profiles.

    Handshake Timeout
    (default is 20 milliseconds)
    (all profile types)

    Select the maximum number of milliseconds (20 through 5000) an authentication handshake can last before it is dropped. Default is 20 milliseconds and zero indicates no limit.

    Specifying Rate Configuration Under Advanced WLAN Profile Setup

    The following rates can be reconfigured for 802.11a, 802.11b, 802.11na, and 802.11ng:

    • Beacon Rate: Data rate of beacon frames sent by radios. This rate is also used for probe-response frames. The valid rates depend on the radio type.
    • Multicast Rate: Data rate of multicast frames sent by radios.
    • Transmission Rates: Data transmission rates supported by each radio type. Select Mandatory to indicate that a client must support at least one of these rates to associate. Select Standard to indicate that valid rates are neither disabled nor mandatory.

    Table 10 lists the radio default settings.

    Table 10: Default Rate Settings for Radios

    Field

    Default

    802.11a

    Beacon Rate: 6.0

    Multicast Rate: Automatic

    Transmission Rates:

    • 6.0: Mandatory
    • 9.0: Supported
    • 12.0: Mandatory
    • 18.0: Supported

    802.11b

    Beacon Rate: 2

    Multicast Rate: Automatic

    Transmission Rates:

    • 1.0: Mandatory
    • 2.0: Mandatory
    • 5.5: Supported
    • 11.0: Supported

    802.11g

    Beacon Rate: 2

    Multicast Rate: Automatic

    Transmission Rates:

    • 1.0: Mandatory
    • 2.0: Mandatory
    • 5.5: Mandatory
    • 6.0: Supported

    802.11na

    Beacon Rate: 6

    Multicast Rate: Automatic

    Transmission Rates:

    • 6.0: Mandatory
    • 9.0: Supported
    • 12.0: Mandatory
    • 18.0: Supported

    802.11ng

    Beacon Rate: 2

    Multicast Rate: Automatic

    Transmission Rates:

    • 1.0: Mandatory
    • 2.0: Mandatory
    • 5.5: Mandatory
    • 6.0: Supported

    Specifying Device Detection Settings Under Advanced WLAN Profile Setup

    Field

    Description

    Detection Mode

    You can select from the following detection modes:

    • Just Detect enables device detection but does not enforce any rules.
    • Enforce lets you configure the device detection timeout with a range of 1 to 60 seconds with a default value of 5 seconds. When you select Enforce, the default ACL device ACL is enabled. This ACL prevents access to the network until the device is recognized.
    • Disable disables the feature which is enabled by default.

    Detection Timeout
    (default is 5 seconds)

    When Enforce is selected, indicate the length of time in seconds allowed for device detection on the network.

    Pre-detection ACL

    When Enforce is selected, configures an ACL for device fingerprinting authorization. The Device Detect ACL is configured automatically when you enable device policy enforcement on a Service profile. This is similar to the way that portalacl is configured when the parameter auth-fallthru is set to web-portal.

    What To Do Next

    Next, you can either create a new Radio profile and select the WLAN Service profile during creation, or you can edit an existing Radio profile and add the WLAN Service profile to the existing Radio profile. See Creating and Managing a Radio Profile for directions.

    Note: Assigned settings from any profile, including this one, have lower priority than settings made directly to a controller or an access point. For more information, see Adding and Managing an Individual Access Point and Configuring a Controller .

    Published: 2015-02-12