Finally, we get to the Advanced tab, where you really want to understand each field before selecting options. Again, depending on your version of code, there will be different options on this page and plenty of footnotes to go with them.
My typical settings on this page for a network like our Synergy SSID would include:
• Coverage Hole Detection--Enable. Based on a how a client is perceived versus pre-defined radio parameters, if a suspected coverage hole is reported, you can have the system attempt to "fill" it with increased power from nearby access points.
• P2P Blocking Action--Disable. This one can stir up discussion, but for clients doing things like Facetime within the same WLAN, we disable client-to-client dropping of packets. For open guest nets, you'd likely select Drop.
• Client Exclusion--Enable. I use this to protect my RADIUS servers from getting DOS'd by misconfigured client devices that continually submit bad EAP data. When enabled on the WLAN, and properly set up in global security settings on the controller, misbehaving clients are allowed three bad auths (not adjustable) and not allowed to try again for the duration of the timeout value.
• Client User Idle Timeout--300 Seconds (typical). If clients on the VLAN are not active within this period, the system drops them and requires re-authentication to get back in service.
• DHCP Addr. Assignment Required--Select. This helps prevent duplicate IP address conditions among clients by requiring all to get an address from DHCP servers, and disallows static IP address on clients.
• Client Load Balancing- Enable (with caution). This setting helps keep an even balance of clients across APs in a given area, but it's a setting you have to read up on to get right.
• Band Select--Enable. If you want to move as many dual-band clients as possible to the 5 GHz side of your dual-band APs, enable this setting. The system uses probe suppression on 2.4 GHz to achieve this, but some clients can struggle a bit. Sometimes Band Select is a trial-and-error exercise.
As you get your WLAN into production, you may revisit this page in the management interface to tweak these settings, or add or remove settings.
Save the configuration, and just like that, the APs on the controller are now broadcasting the Synergy SSID for clients to use. But wait... there's more.
Controlling AP Groups
By default, all APs on a controller will transmit all configured SSIDs. When controllers host hundreds of access points, it's a fair bet that you may want some SSIDs to be transmitted everywhere, and others to be limited to targeted coverage areas. Most wireless systems provide for this.
In Cisco's WLAN configs, you use the "AP Groups" feature to map SSID combinations to specific APs. But be warned--changing the Group for an access point makes it reboot, so consider this a maintenance action to be undertaken when you won't disrupt clients.
Don't Forget The Clients!
For secure wireless networks we manipulate a fair number of settings to make the WLAN what we need it to be. The wireless profiles of clients need to configured to match. How to get lots of client devices properly configured for the WLAN is This is often one of the more challenging parts of client support. The complexity of the WLAN will drive what goes into setting up the clients.
I hope to cover this topic in more detail in a subsequent post. In the meantime, I provide a beginner's overview of client configuration in this slideshow.Lee is a Network Engineer and Wireless Technical Lead for a large private university. He also teaches classes on networking, wireless network administrtaion, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronc Warfare ... View Full Bio