CCNA Notes

200-301 Exam Prep

Progress0/67

0% complete

Practice TestsNew
1Networking Devices2Interfaces And Cables3OSI Model and TCP/IP Suite4Intro to the CLI5Ethernet LAN Switching - Part 16Ethernet LAN Switching - Part 27IPv4 Addressing - Part 18IPv4 Addressing - Part 29Switch Interfaces10The IPv4 Header11Routing Fundamentals - Part 111Static Routing - Part 212Life of a Packet13Subnetting - Part 114Subnetting - Part 215Subnetting (VLSM) - Part 316VLANs - Part 117VLANs - Part 218VLANs - Part 319DTP / VTP20Spanning Tree Protocol - Part 121Spanning Tree Protocol - Part 222Rapid Spanning Tree Protocol23Etherchannel24Dynamic Routing25RIP / EIGRP26OSPF - Part 127OSPF - Part 228OSPF - Part 329First Hop Redundancy Protocol30TCP and UDP31IPv6 - Part 132IPv6 - Part 233IPv6 - Part 334Standard Access Control List35Extended Access Control List36CDP and LLDP37NTP - Network Time Protocol38DNS - Domain Name System39DHCP - Dynamic Host Configuration Protocol40SNMP - Simple Network Management Protocol41SYSLOG42SSH - Secure Shell43FTP and TFTP44NAT (Static) - Part 145NAT (Dynamic) - Part 246QoS (Voice VLAN) - Part 147QoS (Quality of Service) - Part 248Security Fundamentals49Port Security50DHCP Snooping51Dynamic ARP Inspection52LAN Architectures53WAN Architectures54Virtualization and Cloud - Part 154Virtualization (Containers) - Part 254Virtualization (VRF) - Part 355Wireless Fundamentals56Wireless Architectures57Wireless Security58Wireless Configuration59Introduction to Network Automation60JSON, XML, and YAML61REST APIs62Software Defined Networking63Ansible, Puppet, and Chef67CCNA Complete Cheatsheet
/Wireless Configuration
Topic 585 min read

Wireless Configuration

/
Tip: Select text to highlight or pin your reading position

58. WIRELESS CONFIGURATION

TOPOLOGY INTRODUCTION

imageClick to enlarge

INTERNAL PC (VLAN 100) ACCESSING DEFAULT GATEWAY via Internal CAPWAP tunnel

imageClick to enlarge

REACHING External GUEST PC via DEFAULT GATEWAY + Internal and External CAPWAP tunnels

imageClick to enlarge

LAYER 3 SWITCH CONFIGURATION (SW1)

imageClick to enlarge

PART 2 of configuration

Note DHCP “Option 43”

imageClick to enlarge

WLC SETUP

This helps set up the WLC to allow GUI configuration

imageClick to enlarge

imageClick to enlarge

Why Jeremy chose FRANCE for Country Code (has to do with regulatory domain of equipment)

imageClick to enlarge

imageClick to enlarge

ACCESSING THE WLC GUI

imageClick to enlarge

imageClick to enlarge

imageClick to enlarge

imageClick to enlarge

imageClick to enlarge

WLC CONFIGURATION

imageClick to enlarge

WLC PORTS

  • WLC PORTS are the PHYSICAL PORTS that cables connect to
  • WLC INTERFACES are the logical interfaces within the WLC (ie: SVIs on a SWITCH)
  • WLCs have a few different PORTS:
    • SERVICE PORT
      • A dedicated MANAGEMENT PORT
      • Used for OUT-OF-BAND management
      • Must connected to a SWITCH ACCESS PORT because it only supports one VLAN
      • This PORT can be used to connect to the DEVICE while it is booting, performing system recovery, etc.
    • DISTRIBUTION SYSTEM PORT
      • These are the standard NETWORK PORTS that connect to the “DISTRIBUTION SYSTEM” (WIRED NETWORK) and are used for DATA traffic.
      • These PORTS usually connect to SWITCH TRUNK PORTS, and if multiple distribution PORTS are used they can form a LAG
    • CONSOLE PORT
      • This is a standard CONSOLE PORT, either RJ45 or USB
    • REDUNDANCY PORT
      • This PORT is used to connect to another WLC to form a HIGH AVAILABILITY (HA) pair

imageClick to enlarge

WLC INTERFACES

  • MANAGEMENT INTERFACES

    • Used for management traffic such as TELNET, SSH, HTTP, HTTPS, RADIUS authentication, NTP, SYSLOG, etc.
    • CAPWAP TUNNELS are also formed to / from the WLC’s management INTERFACE

  • REDUNDANCY MANAGEMENT INTERFACE

    • When TWO WLCs are connected by their REDUNDANCY PORTS, one WLC is “ACTIVE” and the other is “STANDBY”
    • This INTERFACE can be used to connect to and manage the “STANDBY” WLC

  • VIRTUAL INTERFACE

    • This INTERFACE is used when communicating with WIRELESS CLIENTS to relay DHCP requests, perform CLIENT WEB AUTHENTICATION, etc.

  • SERVICE PORT INTERFACE

    • If the SERVICE PORT is used, this INTERFACE is bound to it and used for OUT-OF-BAND MANAGEMENT

  • DYNAMIC INTERFACE

    • These are the INTERFACES used to map a WLAN to a VLAN
    • For example :
      • TRAFFIC from the “INTERNAL” WLAN will be sent to the WIRED NETWORK from the WLCs “INTERNAL” DYNAMIC INTERFACE

WLAN CONFIGURATION

Click “NEW”

imageClick to enlarge

Fill in details of the interface and click “APPLY”

imageClick to enlarge

Fill out details (IP, Netmask, Gateway…) and then click “APPLY”

imageClick to enlarge

INTERNAL interface has now been created

imageClick to enlarge

Now, repeat the above steps for the GUEST interface

imageClick to enlarge

Fill out details (IP, Netmask, Gateway…) and then click “APPLY”

imageClick to enlarge

imageClick to enlarge

Now that all the INTERFACES are created, we can start WLAN CONFIGURATION

imageClick to enlarge

imageClick to enlarge

INTERNAL WLAN is set to “MANAGEMENT”, it needs to be changed to “INTERNAL”

imageClick to enlarge

SECURITY will also need to be changed from [WPA2] to [WPA2 PSK]

imageClick to enlarge

(Need to CHECK the PSK “Enable” box at the bottom)

Change the PSK FORMAT to “ASCII” and enter a PASSWORD (at least 8 chars in length)

imageClick to enlarge

imageClick to enlarge

  • WEB AUTHENTICATION

    • After the WIRELESS CLIENTS gets an IP ADDRESS and tries to access a WEB PAGE, they will have to enter a USERNAME and PASSWORD to AUTHENTICATE

  • WEB PASSTHROUGH

    • Similar to the above, but NO USERNAME or PASSWORD are required
    • A warning or statement is displayed and the CLIENT simply has to agree to gain access to the INTERNET

  • CONDITIONAL and SPLASH PAGE web redirect options are similar but additionally require 802.1x LAYER 2 AUTHENTICATION

QoS

imageClick to enlarge

Default QoS setting is “SILVER” (Best Effort). This can be changed depending on the class of traffic being sent through the WLAN

ADVANCED SETTINGS

imageClick to enlarge

imageClick to enlarge

CONFIGURING A NEW WLAN (GUEST)

imageClick to enlarge

Change STATUS to “ENABLED” and INTERFACE GROUP to “GUEST”

imageClick to enlarge

imageClick to enlarge

Now, we need to change the SECURITY POLICY to [WPA2][Auth(PSK)]

Returning to MONITORING, we can see the changes we made to the CONFIGURATION

imageClick to enlarge

Current number of CLIENTS is now 0. By connecting to the WLANS, these numbers should change. To SEE a list of the CLIENTS connected, click the left-hand side “CLIENTS” tab

imageClick to enlarge

imageClick to enlarge

ADDTIONAL WLC FEATURES

WIRELESS tab showing a list of the APs currently in the NETWORK

imageClick to enlarge

Clicking on an AP shows information and configuration settings for it

imageClick to enlarge

MANAGEMENT tab allows you change the ways you can MANAGE the WLC

Clicking “Mgmt Via Wireless” allows you change if you can access MANAGEMENT via WI-FI

imageClick to enlarge

imageClick to enlarge

SECURITY tab can allow us to create ACCESS LISTS

imageClick to enlarge

First, NAME the ACL and what kind of IP ADDRESS it’s for

imageClick to enlarge

CLICK “Add New Rule” to specify the ACL Rules (What traffic can pass)

imageClick to enlarge

imageClick to enlarge

imageClick to enlarge

We now need to APPLY the ACL (just like applying it to an INTERFACE on a ROUTER)

Click “CPU ACL” from the left-hand menu

imageClick to enlarge

Select the new ACL from the pull-down list and then click “APPLY”

imageClick to enlarge

imageClick to enlarge

PreviousWireless Security
NextIntroduction to Network Automation