252 CCNA Wireless Official Exam Certification Guide
Figure 13-20 Radio Statistics
■ 802.11a/n Radios / 802.11b/g/n Radios: The 802 Radios links provide a list of
APs with that specific type of radio.
■ Clients: This link ties you to a page that provides a list of clients and lets you search
by MAC address for clients.
■ RADIUS Servers: This link provides a list of RADUIS Authentication and Account-
ing servers.
Looking further into the 802.11a/n Radios and 802.11b/g/n Radios options, you can gain
even more information by selecting the Details link for a radio from the Monitor Sum-
mary page. Here is what you get. You see the slot that the radio is in and the base radio
MAC address. Looking more closely at Figure 13-19, you can see that Operational Status
is UP. You can gain information regarding a load profile, noise profile, interference profile,
and coverage profile.
Load Profile is set to 80% by default. If the load of this particular AP goes over that
threshold, Load Profile shows a warning rather than the status Passed. Likewise, if the
SNR is too low, Load Profile indicates a warning. Should too much interference be on the
same channel that this AP is operating on, the Interference Profile shows a warning. If
clients roam away and are not able to relay off another AP, the Coverage Profile shows a
warning. To see the details of these profiles, from the screen in Figure 13-18, select the
Details link at the right side of the page. This causes a page similar to Figure 13-20 to be
displayed.
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 252
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 253
The resulting page is Radio Statistics. Numerous items are of interest here that are not
seen in the figure:
Note: To see the content discussed in the previous bulleted list, you need to scroll down
in the web interface of the controller, because the page is long for this output and is not
shown completely in Figure 13-20.
■ The Noise vs. Channel chart shows each channel of the AP and the level of non-
802.11 noise interference on that particular channel.

■ The Interference by Channel shows statistics for other 802.11 interference.
■ The Load Statistics section provides information about transmit and receive utiliza-
tion, channel utilization, and attached clients.
■ Two charts exist: % Client Count vs. RSSI and % Client Count vs. SNR.
■ The next section covers the Rx Neighbors Information. This section displays neigh-
boring APs along with their IP address and Received Signal Strength Indicator (RSSI).
The controller uses this to allocate channels and ensure adequate coverage by shaping
the coverage area.
As far as the CCNA Wireless exam is concerned, you should be familiar with the overall
concept, but you do not need to understand each area in great detail. Still, with all this in-
formation for monitoring the APs that this controller manages and their radios, you must
contend with those rogue devices. Rogue devices include any wireless device that can in-
terfere with the managed APs. The following section discusses how to manage them.
Managing Rogue APs
You can manage rogue APs from the controller interface. Recall that on the Monitor page,
the second column has information on rogue devices. This is a good place to start. Re-
viewing the Monitor page, seen in Figure 13-21, notice that the first line below Rogue
Summary is Active Rogue APs.
A rogue AP is an AP that is unknown to the controller. You want to avoid jumping to con-
clusions here. It might simply be an AP in a neighboring business. It does not necessarily
represent the bad guys. This takes a little work to figure out, however.
The next line is Active Rogue Clients. This is a wireless device that sends an unexpected
frame. This is usually from a default configuration on client devices.
Next is Adhoc Rogues, which is, as previously mentioned, any device setting up an Adhoc
network.
Finally, you have the Rogues on a Wired Network field. This is a count of rogues that a
Rogue Detector AP has discovered. It works by the AP detecting ARP requests on the
wired network for APs marked as rogue.
You can gather more information by selecting the Detail link on the right. Selecting this
for the Active Rogue APs presents a list of the designated rogue APs. The key on this page

is the number of detecting radios. Examine Figure 13-22. Notice that 20 of 32 rogues are
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 253
254 CCNA Wireless Official Exam Certification Guide
Figure 13-21 Review Rogues from the Monitor Page
listed. Also key in on the number of detecting radios. The fewer radios, the better. That is
because if only one or two detect the rogue, the rogue is probably on the edge of the net-
work, most likely coming from a neighboring business, as is the case with this figure.
If the number of detecting radios is high, the rogue is being seen by a number of APs and
most likely is within your network, probably sitting under a desk exactly where it should
not be.
You can click on the rogue that you are concerned with and select Contain Rogue, as seen
in Figure 13-23.
When you contain the rogue, your AP spoofs its MAC address and sends deauthentication
frames that appear to come from the contained AP. When clients see this, they are unable
to stay associated with the contained AP. This should stress the importance of ensuring
that it is not the AP of your neighbor.
Another note related to containment relates to the number of devices you can contain.
You cannot contain more than three rogues per AP because the AP that is performing
containment takes a CPU hit of up to 10 percent per contained AP. The system cap is 30
percent. This means that if an AP contains two rogues, it takes a 20 percent CPU hit. With
the system cap of 30 percent, it can contain only one more rogue.
Key
Topi
c
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 254
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 255
Figure 13-22 Rogue APs
Figure 13-23 Contain the Rogue AP
Key
Topi

c
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 255
256 CCNA Wireless Official Exam Certification Guide
Managing Clients
Managing clients is another important aspect to master. From the Monitor page, you can
see the client summary. This gives a total of current clients, excluded clients, and disabled
clients. Any device that sends a probe is considered a current client, so this number might
be inflated even if the client does not associate with the AP.
Clicking on details provides a list of clients, as shown in Figure 13-24. You can see the
MAC address of the clients, the AP with which they are associated, the WLAN profile
they are using, and the protocol they are using.
In the case of Figure 13-24, the client with MAC address 00:1e:c2:ab:14:26 is associated
with the Public_Guest_Access profile. Next you have the status, in this case Associated.
Also, the client is authenticated, and port 1 on the controller is the means to the wired
network. This client is not a workgroup bridge.
As seen in other examples, you can hover your mouse over the blue arrow to the right for
a list of options, including these:
■ LinkTest
■ Disable
■ Remove
Figure 13-24 Clients
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 256
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 257
■ 802.11aTSM
■ 802.11b/gTSM
The LinkTest provides a way to test the link of the client by reporting the number of sent
and received packets, the signal strength, and the signal-to-noise ratio (SNR).
Disabling the client puts it into a Disabled Client list and bans it until it is manually re-
moved. To view this list, select Security > Disabled Clients. To manually add clients, click
New.

The Remove link disassociates the client. However, this does not prevent it from attempt-
ing association again, like disabling would.
For more details, click the client MAC address. This presents the Detail page, as seen in
Figure 13-25. The five sections are as follows:
■ Client Properties
■ Security Information
■ Quality of Service Properties
■ Client Statistics
■ AP Properties
Finally, there are excluded clients. Clients can be excluded for the following reasons:
■ The client has failed 802.11 authentication five times.
■ The client has failed 802.11 association five times.
■ The client has failed 802.1x authentication three times.
■ The client has failed the policy on an external server.
■ The client has an IP that is already in use.
■ The client has failed three web authentication attempts.
By default, these clients are excluded for 60 seconds. Think of it as a waiting period. If a
client retries after that 60 seconds and does not fail any of the criteria in the preceding
list, the client is no longer excluded.
Using Internal DHCP
One reason for exclusion is that the client might be trying to use an IP that is in use al-
ready. You can solve this issue using DHCP. If your network does not have a DHCP server,
the controller can act as one for you. To configure the controller as a DHCP server, go to
CONTROLLER > Internal DHCP Server > New. The rest of the DHCP server configura-
tion is pretty self-explanatory.
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 257
258 CCNA Wireless Official Exam Certification Guide
Figure 13-25 Clients > Detail
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 258
Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 259

Table 13-2 Key Topics for Chapter 13
Key Topic Item Description Page Number
Controller Terminology Section defining controller terms 228
Example 13-3 Setup Wizard 232
Configuring the
Controller Using the
Web Interface
Creating an interface and
creating a WLAN
238
Figure 13-12 802.11a/n radios 246
Figure 13-13 802.11a/n Radio Options menu 246
Figure 13-19 Viewing 802.11a/n radios 251
Figure 13-21 Review rogues from the Monitor page 254
Exam Preparation Tasks
Review All the Key Concepts
Review the most important topics from this chapter, noted with the Key Topics icon in the
outer margin of the page. Table 13-2 lists a reference of these key topics and the page
number where you can find each one.
Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the Glossary:
port, interface, WLAN, static interface, dynamic interface, roaming, mobility group
15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 259
This chapter covers the following subjects:
Connecting to a Standalone AP: A brief discus-
sion on how to gain access to a standalone AP using
various methods.
Using the Express Setup and Express Security
for Basic Configuration: How to set up the
standalone AP for wireless access using the Express

Setup and Express Security configurations.
Converting to LWAPP: How to convert a stand-
alone AP to lightweight mode using the Upgrade
tool.
16_1587202115_ch14.qxd 9/29/08 2:40 PM Page 260
CHAPTER 14
Migrating Standalone APs to LWAPP
Table 14-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section Questions
Connecting to a Standalone AP 1–4
Using the Express Setup and Express Security for Basic Configuration 5–6
Converting to LWAPP 7–10
Many Cisco APs are capable of operating in both autonomous mode and lightweight
mode. APs that can do both usually ship in standalone mode. Some may choose to use
these APs in standalone mode. Others might immediately convert them to Lightweight
Access Point Protocol (LWAPP)–capable APs and integrate them into a network designed
after the Cisco Unified Wireless Network (CUWN). In this chapter, you will learn how to
access a standalone AP, how to configure it in standalone mode, and how to convert it to
lightweight mode.
You should do the “Do I Know This Already?” quiz first. If you score 80 percent or higher,
you might want to skip to the section “Exam Preparation Tasks.” If you score below 80
percent, you should spend the time reviewing the entire chapter. Refer to Appendix A,
“Answers to the ‘Do I Know This Already?’ Quizzes,” to confirm your answers.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this
chapter’s topics before you begin. Table 14-1 details the major topics discussed in this
chapter and their corresponding quiz questions.
1. A standalone AP has a console port. True or False?
a. True
b. False

16_1587202115_ch14.qxd 9/29/08 2:40 PM Page 261