Cisco Router 860, 880 Series User Manual
Have a look at the manual Cisco Router 860, 880 Series User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 261
17-23
Book Title
OL-xxxxx-xx
Chapter 17 Administering the Wireless Device
Managing the System Time and Date
This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001:
AP# clock set 13:32:00 23 July 2001
Displaying the Time and Date Configuration
To display the time and date configuration, use the show clock [detail] command in privileged EXEC
mode.
The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be
accurate). If...](http://img.usermanuals.tech/thumb/17/102935/w64_index.html@nav=null&now=get&message=Downloading&file=SCG880-860-260.png "Page 261
17-23
Book Title
OL-xxxxx-xx
Chapter 17 Administering the Wireless Device
Managing the System Time and Date
This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001:
AP# clock set 13:32:00 23 July 2001
Displaying the Time and Date Configuration
To display the time and date configuration, use the show clock [detail] command in privileged EXEC
mode.
The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be
accurate). If...")
17-23 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Managing the System Time and Date This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001: AP# clock set 13:32:00 23 July 2001 Displaying the Time and Date Configuration To display the time and date configuration, use the show clock [detail] command in privileged EXEC mode. The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be accurate). If the system clock has been set by a timing source such as NTP, the flag is set. If the time is not authoritative, it is used only for display purposes. Until the clock is authoritative and the authoritative flag is set, the flag prevents peers from synchronizing to the clock when the peers’ time is invalid. The symbol that precedes the show clock display has this meaning: *—Time is not authoritative. (blank)—Time is authoritative. .—Time is authoritative, but NTP is not synchronized. Configuring the Time Zone To manually configure the time zone, follow these steps beginning in privileged EXEC mode: CommandPurpose Step 1clock set hh:mm:ss day month year or clock set hh:mm:ss month day year Manually sets the system clock using one of these formats: For hh:mm:ss, specify the time in hours (24-hour format), minutes, and seconds. The time specified is relative to the configured time zone. For day, specify the day by date in the month. For month, specify the month by name. For year, specify the year (no abbreviation). Step 2show running-configVerifies your entries. Step 3copy running-config startup-config(Optional) Saves your entries in the configuration file. CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2clock timezone zone hours-offset [minutes-offset]Sets the time zone. The wireless device keeps internal time in universal time coordinated (UTC), so this command is used only for display purposes and when the time is manually set. For zone, enter the name of the time zone to be displayed when standard time is in effect. The default is UTC. For hours-offset, enter the hours offset from UTC. (Optional) For minutes-offset, enter the minutes offset from UTC.
17-24 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Managing the System Time and Date The minutes-offset variable in the clock timezone command in global configuration mode is available for those cases where a local time zone is a percentage of an hour different from UTC. For example, the time zone for some sections of Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone command in global configuration mode. Configuring Summer Time (Daylight Saving Time) To configure summer time (daylight saving time) in areas where it starts and ends on a particular day of the week each year, follow these steps beginning in privileged EXEC mode: The first part of the clock summer-time global configuration command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the southern hemisphere. This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: AP(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file. Command Purpose CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]Configures summer time to start and end on the specified days every year. Summer time is disabled by default. If you specify clock summer-time zone recurring without parameters, the summer time rules default to the United States rules. For zone, specify the name of the time zone (for example, PDT) to be displayed when summer time is in effect. (Optional) For week, specify the week of the month (1 to 5 or last). (Optional) For day, specify the day of the week (Sunday, Monday...). (Optional) For month, specify the month (January, February...). (Optional) For hh:mm, specify the time (24-hour format) in hours and minutes. (Optional) For offset, specify the number of minutes to add during summer time. The default is 60. Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-25 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Configuring a System Name and Prompt if summer time in your area does not follow a recurring pattern (configure the exact date and time of the next summer time events), follow these steps beginning in privileged EXEC mode: The first part of the clock summer-time global configuration command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the southern hemisphere. To disable summer time, use the no clock summer-time command in global configuration mode. This example shows how to set summer time to start on October 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: AP(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 Configuring a System Name and Prompt You configure the system name on the wireless device to identify it. By default, the system name and prompt are ap. If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt. A greater-than symbol (>) is appended. The prompt is updated whenever the system name changes, unless you manually configure the prompt by using the prompt command in global configuration mode. NoteFor complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Addressing Services Command Reference. CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2clock summer-time zone date [month date year hh:mm month date year hh:mm [offset]] or clock summer-time zone date [date month year hh:mm date month year hh:mm [offset]] Configures summer time to start on the first date and end on the second date. Summer time is disabled by default. For zone, specify the name of the time zone (for example, PDT) to be displayed when summer time is in effect. (Optional) For week, specify the week of the month (1 to 5 or last). (Optional) For day, specify the day of the week (Sunday, Monday...). (Optional) For month, specify the month (January, February...). (Optional) For hh:mm, specify the time (24-hour format) in hours and minutes. (Optional) For offset, specify the number of minutes to add during summer time. The default is 60. Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-26 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Configuring a System Name and Prompt This section contains this configuration information: Default System Name and Prompt Configuration, page 17-26 Configuring a System Name, page 17-26 Understanding DNS, page 17-26 Default System Name and Prompt Configuration The default access point system name and prompt is ap. Configuring a System Name To manually configure a system name, follow these steps beginning in privileged EXEC mode: When you set the system name, it is also used as the system prompt. To return to the default hostname, use the no hostname command in global configuration mode. Understanding DNS The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map hostnames to IP addresses. When you configure DNS on the wireless device, you can substitute the hostname for the IP address with all IP commands, such as ping, telnet, connect, and related Telnet support operations. CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2hostname nameManually configures a system name. The default setting is ap. NoteWhen you change the system name, the wireless device radios reset, and associated client devices disassociate and quickly reassociate. NoteYou can enter up to 63 characters for the system name. However, when the wireless device identifies itself to client devices, it uses only the first 15 characters in the system name. If it is important for client users to distinguish between access point wireless devices, make sure a unique portion of the system name appears in the first 15 characters. Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-27 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Configuring a System Name and Prompt IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, such as the File Transfer Protocol (FTP) system, is identified as ftp.cisco.com. To keep track of domain names, IP has defined the concept of a domain name server, which holds a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the hostnames, specify the name server that is present on your network, and enable the DNS. This section contains the following configuration information: Default DNS Configuration, page 17-27 Setting Up DNS, page 17-27 Displaying the DNS Configuration, page 17-28 Default DNS Configuration Ta b l e 17-3 shows the default DNS configuration. Setting Up DNS To set up the wireless device to use the DNS, follow these steps beginning in privileged EXEC mode: Ta b l e 17-3 Default DNS Configuration FeatureDefault Setting DNS enable stateDisabled. DNS default domain nameNone configured. DNS serversNo name server addresses are configured. CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2ip domain-name nameDefines a default domain name that the software uses to complete unqualified host names (names without a dotted-decimal domain name). Do not include the initial period that separates an unqualified name from the domain name. At boot time, no domain name is configured; however, if the wireless device configuration comes from a BOOTP or Dynamic Host Configuration Protocol (DHCP) server, then the default domain name might be set by the BOOTP or DHCP server (if the servers were configured with this information). Step 3ip name-server server-address1 [server-address2 ... server-address6]Specifies the address of one or more name servers to use for name and address resolution. You can specify up to six name servers. Separate each server address with a space. The first server specified is the primary server. The wireless device sends DNS queries to the primary server first. If that query fails, the backup servers are queried.
17-28 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Creating a Banner If you use the wireless device IP address as its hostname, the IP address is used and no DNS query occurs. If you configure a hostname that contains no periods (.), a period followed by the default domain name is appended to the hostname before the DNS query is made to map the name to an IP address. The default domain name is the value set by the ip domain-name command in global configuration mode. If there is a period (.) in the hostname, Cisco IOS software looks up the IP address without appending any default domain name to the hostname. To remove a domain name, use the no ip domain-name name command in global configuration mode. To remove a name server address, use the no ip name-server server-address command in global configuration mode. To disable DNS on the wireless device, use the no ip domain-lookup command in global configuration mode. Displaying the DNS Configuration To display the DNS configuration information, use the show running-config command in privileged EXEC mode. NoteWhen DNS is configured on the wireless device, the show running-config command sometimes displays a server’s IP address instead of its name. Creating a Banner You can configure a message-of-the-day (MOTD) and a login banner. The MOTD banner appears on all connected terminals at login and is useful for sending messages that affect all network users (such as impending system shutdowns). The login banner also appears on all connected terminals. It appears after the MOTD banner and before the login prompts. NoteFor complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference. This section contains the following configuration information: Default Banner Configuration, page 17-29 Step 4ip domain-lookup(Optional) Enables DNS-based hostname-to-address translation on the wireless device. This feature is enabled by default. If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Step 5endReturns to privileged EXEC mode. Step 6show running-configVerifies your entries. Step 7copy running-config startup-config(Optional) Saves your entries in the configuration file. Command Purpose
17-29 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Creating a Banner Configuring a Message-of-the-Day Login Banner, page 17-29 Configuring a Login Banner, page 17-30 Default Banner Configuration The MOTD and login banners are not configured. Configuring a Message-of-the-Day Login Banner You can create a single or multiline message banner that appears on the screen when someone logs into the wireless device. To configure a MOTD login banner, follow these steps beginning in privileged EXEC mode: To delete the MOTD banner, use the no banner motd command in global configuration mode. This example shows how to configure a MOTD banner for the wireless device. The pound sign (#) symbol is used as the beginning and ending delimiter: AP(config)# banner motd # This is a secure site. Only authorized users are allowed.For access, contact technical support. # AP(config)# This example shows the banner displayed from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4.Escape character is ^]. This is a secure site. Only authorized users are allowed.For access, contact technical support. User Access Verification Password: CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2banner motd c message cSpecifies the message of the day. For c, enter the delimiting character of your choice, such as a pound sign (#), and press the Return key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending delimiter are discarded. For message, enter a banner message up to 255 characters. You cannot use the delimiting character in the message. Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-30 Book Title OL-xxxxx-xx Chapter 17 Administering the Wireless Device Configuring Ethernet Speed and Duplex Settings Configuring a Login Banner You can configure a login banner to appear on all connected terminals. This banner appears after the MOTD banner and before the login prompt. To configure a login banner, follow these steps beginning in privileged EXEC mode: To delete the login banner, use the no banner login command in global configuration mode. This example shows how to configure a login banner for the wireless device using the dollar sign ($) symbol as the beginning and ending delimiter: AP(config)# banner login $ Access for authorized users only. Please enter your username and password.$ AP(config)# Configuring Ethernet Speed and Duplex Settings The Cisco 860 and Cisco 880 ISR Gigabit Ethernet interface only supports 1000 Mbps speed and duplex settings by default, and the interface is always up. When the wireless device receives inline power from a switch, any change in the speed or duplex settings that resets the Ethernet link reboots the wireless device. NoteThe speed and duplex settings on the wireless device Ethernet port must match the Ethernet settings on the port to which the wireless device is connected. If you change the settings on the port to which the wireless device is connected, change the settings on the wireless device Ethernet port to match. CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2banner login c message cSpecifies the login message. For c, enter the delimiting character of your choice, such as a pound sign (#), and press the Return key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending delimiter are discarded. For message, enter a login message up to 255 characters. You cannot use the delimiting character in the message. Step 3endReturns to privileged EXEC mode. Step 4show running-configVerifies your entries. Step 5copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-31
Book Title
OL-xxxxx-xx
Chapter 17 Administering the Wireless Device
Configuring the Access Point for Wireless Network Management
The Ethernet speed and duplex are set to auto by default. To configure Ethernet speed and duplex, follow
these steps beginning in privileged EXEC mode:
Configuring the Access Point for Wireless Network
Management
You can enable the wireless device for wireless network management. The wireless network manager
(WNM) manages the devices on your wireless LAN.
Enter the following command to configure the wireless device to interact with the WNM:
AP(config)# wlccp wnm ip address ip-address
Enter the following command to check the authentication status between the WDS access point and the
WNM:
AP# show wlccp wnm status
Possible statuses are not authenticated, authentication in progress, authentication fail, authenticated,
and security keys setup.
Configuring the Access Point for Local Authentication and
Authorization
You can configure AAA to operate without a server by configuring the wireless device to implement
AAA in local mode. The wireless device then handles authentication and authorization. No accounting
is available in this configuration.
NoteYou can configure the wireless device as a local authenticator for 802.1x-enabled client devices to
provide a backup for your main server or to provide authentication service on a network without a
RADIUS server. See
Chapter 14, “Using an Access Point as a Local Authenticator,” for detailed
instructions on configuring the wireless device as a local authenticator.
CommandPurpose
Step 1configure terminalEnters global configuration mode.
Step 2interface fastethernet0Enters configuration interface mode.
Step 3speed {10 | 100 | auto}Configures the Ethernet speed. Cisco recommends that you use auto, the
default setting.
Step 4duplex {auto | full | half}Configures the duplex setting. Cisco recommends that you use auto, the
default setting.
Step 5endReturns to privileged EXEC mode.
Step 6show running-configVerifies your entries.
Step 7copy running-config startup-config(Optional) Saves your entries in the configuration file.
17-32
Book Title
OL-xxxxx-xx
Chapter 17 Administering the Wireless Device
Configuring the Authentication Cache and Profile
To configure the wireless device for local AAA, follow these steps beginning in privileged EXEC mode:
To disable AAA, use the no aaa new-model command in global configuration mode. To disable
authorization, use the no aaa authorization {network | exec} method1 command in global
configuration mode.
Configuring the Authentication Cache and Profile
The authentication cache and profile feature allows the access point to cache the
authentication/authorization responses for a user so that subsequent authentication/authorization
requests do not need to be sent to the AAA server.
NoteOn the access point, this feature is supported only for Admin authentication.
CommandPurpose
Step 1configure terminalEnters global configuration mode.
Step 2aaa new-modelEnables AAA.
Step 3aaa authentication login default localSets the login authentication to use the local username database. The
default keyword applies the local user database authentication to all
interfaces.
Step 4aaa authorization exec localConfigures user AAA authorization to determine if the user is allowed to
run an EXEC shell by checking the local database.
Step 5aaa authorization network localConfigures user AAA authorization for all network-related service
requests.
Step 6username name [privilege level]
{password encryption-type password}Enters the local database, and establishes a username-based
authentication system.
Repeat this command for each user.
For name, specify the user ID as one word. Spaces and quotation
marks are not allowed.
(Optional) For level, specify the privilege level the user has after
gaining access. The range is 0 to 15. Level 15 gives privileged EXEC
mode access. Level 0 gives user EXEC mode access.
For encryption-type, enter 0 to specify that an unencrypted password
follows. Enter 7 to specify that a hidden password follows.
For password, specify the password the user must enter to gain access
to the wireless device. The password must be from 1 to 25 characters,
can contain embedded spaces, and must be the last option specified
in the username command.
NoteCharacters TAB, ?, $, +, and [ are invalid characters for
passwords.
Step 7endReturns to privileged EXEC mode.
Step 8show running-configVerifies your entries.
Step 9copy running-config startup-config(Optional) Saves your entries in the configuration file.