Module 13: WLAN Configuration •Instructor Materials Switching, Routing, and Wireless Essentials v7.0 (SRWE) Cisco Networking Academy Program Switching, Routing, and Wireless Essentials v7.0 (SRWE) Module 13: WLAN Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Instructor Materials – Module 13 Planning Guide •This PowerPoint deck is divided in two parts: •Instructor Planning Guide •Information to help you become familiar with the module •Teaching aids •Instructor Class Presentation •Optional slides that you can use in the classroom •Begins on slide # 10 •Note: Remove the Planning Guide from this presentation before sharing with anyone. •For additional help and resources go to the Instructor Home Page and Course Resources for this course. You also can visit the professional development site on netacad.com, the official Cisco Networking Academy Facebook page, or Instructor Only FB group. ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What to Expect in this Module §To facilitate learning, the following features within the GUI may be included in this module: § § • Feature Description Animations Expose learners to new skills and concepts. Videos Expose learners to new skills and concepts. Check Your Understanding(CYU) Per topic online quiz to help learners gauge content understanding. Interactive Activities A variety of formats to help learners gauge content understanding. Syntax Checker Small simulations that expose learners to Cisco command line to practice configuration skills. PT Activity Simulation and modeling activities designed to explore, acquire, reinforce, and expand skills. ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What to Expect in this Module (Cont.) §To facilitate learning, the following features may be included in this module: Feature Description Hands-On Labs Labs designed for working with physical equipment. Class Activities These are found on the Instructor Resources page. Class Activities are designed to facilitate learning, class discussion, and collaboration. Module Quizzes Self-assessments that integrate concepts and skills learned throughout the series of topics presented in the module. Module Summary Briefly recaps module content. ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Check Your Understanding •Check Your Understanding activities are designed to let students quickly determine if they understand the content and can proceed, or if they need to review. •Check Your Understanding activities do not affect student grades. •There are no separate slides for these activities in the PPT. They are listed in the notes area of the slide that appears before these activities. • § ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module 13: Activities •What activities are associated with this module? • • • Page # Activity Type Activity Name Optional? 13.1.1 Video Configure a Wireless Network Recommended 13.1.10 Packet Tracer Configure a Wireless Network Recommended 13.1.11 Lab Configure a Wireless Network Recommended 13.2.1 Video Configure a Basic WLAN on the WLC Recommended 13.2.7 Packet Tracer Configure a Basic WLAN on the WLC Recommended 13.3.1 Video Define an SNMP and RADIUS Server on the WLC Recommended 13.3.5 Video Configure a VLAN for a New WLAN Recommended 13.3.8 Video Configure a DHCP Scope Recommended 13.3.10 Video Configure a WPA2 Enterprise WLAN Recommended ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module 13: Activities (Cont.) •What activities are associated with this module? • • • Page # Activity Type Activity Name Optional? 13.3.12 Packet Tracer Configure a WPA2 Enterprise WLAN on the WLC Recommended 13.4.5 Packet Tracer Troubleshoot WLAN Issues Recommended 13.5.1 Packet Tracer WLAN Configuration Recommended 13.5.3 Module Quiz WLAN Configuration Recommended ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module 13: Best Practices •Prior to teaching Module 13, the instructor should: •Review the activities and assessments for this module. •Try to include as many questions as possible to keep students engaged during classroom presentation. •After this Module, the L2 Security and WLANs Exam is available, covering Modules 10-13. • •Topic 13.1 •Ask the students or have a class discussion •Why should you periodically change the credentials on your wireless router? •What value do you think QoS would provide to a home user? • • • • § • • § § ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module 13: Best Practices (Cont.) •Topic 13.2 •Ask the students or have a class discussion •What do you think is one of the benefits of deploying a network using a WLC? •What protocol does the WLC use to learn about the AP? •Topic 13.3 •Ask the students or have a class discussion •In your opinion, what is a downside to centralized authentication with RADIUS? •Why would you disable the broadcast of your SSID? •Topic 13.4 •Ask the students or have a class discussion •Why is keeping updated firmware so important to network security? •Many wireless routers allow the owner to run several different wireless networks; one in the 2.4Ghz band and another in the 5Ghz band. What benefit might that provide? • • § § Module 13: WLAN Configuration Switching, Routing, and Wireless Essentials v7.0 (SRWE) Cisco Networking Academy Program Switching, Routing, and Wireless Essentials v7.0 (SRWE) Module 13: WLAN Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Objectives •Module Title: WLAN Configuration • •Module Objective: Implement a WLAN using a wireless router and WLC. § Topic Title Topic Objective Remote Site WLAN Configuration Configure a WLAN to support a remote site. Configure a Basic WLAN on the WLC Configure a WLC WLAN to use the management interface and WPA2 PSK authentication. Configure a WPA2 Enterprise WLAN on the WLC Configure a WLC WLAN to use a VLAN interface, a DHCP server, and WPA2 Enterprise authentication. Troubleshoot WLAN Issues Troubleshoot common wireless configuration issues. 13.0 – Introduction 13.0.2 – What will I learn to do in this module? ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13.1 Remote Site WLAN Configuration 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Video – Configure a Wireless Network •This video will cover the following: •Use the Wireless Router Web Page •Change the Password •Change the WAN and LAN settings •Connect the Wireless Network 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.1 – Video – Configure a Wireless Network ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration The Wireless Router •Remote workers, small branch offices, and home networks often use a small office and home router. •These “integrated” routers typically include a switch for wired clients, a port for an internet connection (sometimes labeled “WAN”), and wireless components for wireless client access. •These wireless routers typically provide WLAN security, DHCP services, integrated Name Address Translation (NAT), quality of service (QoS), as well as a variety of other features. •The feature set will vary based on the router model. • •Note: Cable or DSL modem configuration is usually done by the service provider’s representative either on-site or remotely. 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.2 - The Wireless Router ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Log in to the Wireless Router •Most wireless routers are preconfigured to be connected to the network and provide services. •Wireless router default IP addresses, usernames, and passwords can easily be found on the internet. •Therefore, your first priority should be to change these defaults for security reasons. • •To gain access to the wireless router’s configuration GUI •Open a web browser and enter the default IP address for your wireless router. •The default IP address can be found in the documentation that came with the wireless router or you can search the internet. •The word admin is commonly used as the default username and password. • 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.3 – Log in to the Wireless Router ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Basic Network Setup •Basic network setup includes the following steps: •Log in to the router from a web browser. •Change the default administrative password. •Log in with the new administrative password. •Change the default DHCP IPv4 addresses. •Renew the IP address. •Log in to the router with the new IP address. • 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.4 - Basic Network Setup ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Basic Wireless Setup •Basic wireless setup includes the following steps: •View the WLAN defaults. •Change the network mode, identifying which 802.11 standard is to be implemented. •Configure the SSID. •Configure the channel, ensuring there are no overlapping channels in use. •Configure the security mode, selecting from Open, WPA, WPA2 Personal, WPA2 Enterprise, etc.. •Configure the passphrase, as required for the selected security mode. • 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.5 - Basic Wireless Setup ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Configure a Wireless Mesh Network •In a small office or home network, one wireless router may suffice to provide wireless access to all the clients. •If you want to extend the range beyond approximately 45 meters indoors and 90 meters outdoors, you create a wireless mesh. •Create the mesh by adding access points with the same settings, except using different channels to prevent interference. •Extending a WLAN in a small office or home has become increasingly easier. •Manufacturers have made creating a wireless mesh network (WMN) simple through smartphone apps. 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.6 - Configure a Wireless Mesh Network ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration NAT for IPv4 •Typically, the wireless router is assigned a publicly routable address by the ISP and uses a private network address for addressing on the LAN. •To allow hosts on the LAN to communicate with the outside world, the router will use a process called Network Address Translation (NAT). •NAT translates a private (local) source IPv4 address to a public (global) address (the process is reversed for incoming packets). •NAT makes sharing one public IPv4 address possible by tracking the source port numbers for every session established by a device. •If your ISP has IPv6 enabled, you will see a unique IPv6 address for each device. • 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.7 - NAT for IPv4 ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Quality of Service •Many wireless routers have an option for configuring Quality of Service (QoS). •By configuring QoS, you can guarantee that certain traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing. •On some wireless routers, traffic can also be prioritized on specific ports. 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.8 - Quality of Service ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Port Forwarding •Wireless routers typically block TCP and UDP ports to prevent unauthorized access in and out of a LAN. •However, there are situations when specific ports must be opened so that certain programs and applications can communicate with devices on different networks. •Port forwarding is a rule-based method of directing traffic between devices on separate networks. •Port triggering allows the router to temporarily forward data through inbound ports to a specific device. •You can use port triggering to forward data to a computer only when a designated port range is used to make an outbound request. 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.9 – Port Forwarding ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Packet Tracer – Configure a Wireless Network •In this Packet Tracer activity, you will complete the following objectives: •Connect to a wireless router •Configure the wireless router •Connect a wired device to the wireless router •Connect a wireless device to the wireless router •Add an AP to the network to extend wireless coverage •Update default router settings 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.10 – Packet Tracer – Configure a Wireless Network ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote Site WLAN Configuration Lab – Configure a Wireless Network •In this lab, you will configure basic settings on a wireless router and connect a PC to router wirelessly. 13 – WLAN Configuration 13.1 - Remote Site WLAN Configuration 13.1.11 - Lab – Configure a Wireless Network ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13.2 Configure a Basic WLAN on the WLC 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Video – Configure a Basic WLAN on the WLC •This video will cover the following: •Review the topology •Access the GUI for the WLAN controller •Information about the wireless network on the Network summary screen •Configure a new WLAN •Secure the new WLAN 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.1 – Video – Configure a Basic WLAN on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC WLC Topology •The topology and addressing scheme used for this topic are shown in the figure and the table. •The access point (AP) is a controller-based AP as opposed to an autonomous AP, so it requires no initial configuration and is often called lightweight APs (LAPs). •LAPs use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC). •Controller-based APs are useful in situations where many APs are required in the network. •As more APs are added, each AP is automatically configured and managed by the WLC. Device Interface IP Address Subnet Mask R1 F0/0 172.16.1.1 255.255.255.0 R1 F0/1.1 192.168.200.1 255.255.255.0 S1 VLAN 1 DHCP WLC Management 192.168.200.254 255.255.255.0 AP1 Wired 0 192.168.200.3 255.255.255.0 PC-A NIC 172.16.1.254 255.255.255.0 PC-B NIC DHCP Wireless Laptop NIC DHCP 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.2 – WLC Topology ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Log in to the WLC •Configuring a wireless LAN controller (WLC) is not that much different from configuring a wireless router. The WLC controls APs and provides more services and management capabilities. •The user logs into the WLC using credentials that were configured during initial setup. •The Network Summary page is a dashboard that provides a quick overview of configured wireless networks, associated access points (APs), and active clients. •You can also see the number of rogue access points and clients. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.3 – Log in to the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC View AP Information •Click Access Points from the left menu to view an overall picture of the AP’s system information and performance. •The AP is using IP address 192.168.200.3. •Because Cisco Discovery Protocol (CDP) is active on this network, the WLC knows that the AP is connected to the FastEthernet 0/1 port on the switch. •This AP in the topology is a Cisco Aironet 1815i which means you can use the command-line and a limited set of familiar IOS commands. C:\Users\bvachon\AppData\Local\Temp\SNAGHTML1aba7b2b.PNG 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.4 – View AP Information ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Advanced Settings •Most WLC will come with some basic settings and menus that users can quickly access to implement a variety of common configurations. •However, as a network administrator, you will typically access the advanced settings. • •For the Cisco 3504 Wireless Controller, click Advanced in the upper right-hand corner to access the advanced Summary page. •From here, you can access all the features of the WLC. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.5 - Advanced Settings ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN •Wireless LAN Controllers have Layer 2 switch ports and virtual interfaces that are created in software and are very similar to VLAN interfaces. •Each physical port can support many APs and WLANs. •The ports on the WLC are essentially trunk ports that can carry traffic from multiple VLANs to a switch for distribution to multiple APs. •Each AP can support multiple WLANs. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN (Cont.) •Basic WLAN configuration on the WLC includes the following steps: 1.Create the WLAN 2.Apply and Enable the WLAN 3.Select the Interface 4.Secure the WLAN 5.Verify the WLAN is Operational 6.Monitor the WLAN 7.View Wireless Client Information 8. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN (Cont.) 1.Create the WLAN: In the figure, a new WLAN with an SSID name Wireless_LAN is created. 2. 2. 2. 2. 2.Apply and Enable the WLAN: Next the WLAN is enabled the WLAN settings are configured. 3. • 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN (Cont.) 3.Select the Interface: The interface that will carry the WLAN traffic must be selected. 4. 4. 4. 4. 4.Secure the WLAN: The Security tab is used to access all the available options for securing the LAN. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN (Cont.) 5.Verify the WLAN is Operational: The WLANs menu on the left is used to view the newly configured WLAN and its settings. 6. 6.Monitor the WLAN: The Monitor tab is used to access the advanced Summary page and confirm that the Wireless_LAN now has one client using its services. 7. 7. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Configure a WLAN (Cont.) 7.View Wireless Client Details: Click Clients in the left menu to view more information about the clients connected to the WLAN. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.6 - Configure a WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Basic WLAN on the WLC Packet Tracer – Configure a Basic WLAN on the WLC •In this lab, you will explore some of the features of a wireless LAN controller. •You will create a new WLAN on the controller and implement security on that LAN. •Then you will configure a wireless host to connect to the new WLAN through an AP that is under the control of the WLC. •Finally, you will verify connectivity. 13 – WLAN Configuration 13.2 – Configure a Basic WLAN on the WLC 13.2.7 - Packet Tracer – Configure a Basic WLAN on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13.3 Configure a WPA2 Enterprise WLAN on the WLC 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Video – Define an SNMP and RADIUS Server on the WLC •This video will cover the following: •Configure the WLAN controller to send SNMP traps to an external server •Configure the WLAN controller to use an external RADIUS server to authenticate WLAN users •Verify connectivity with the RADIUS server 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.1 - Video – Define an SNMP and RADIUS Server on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC SNMP and RADIUS •PC-A is running Simple Network Management Protocol (SNMP) and Remote Authentication Dial-In User Service (RADIUS) server software. •The network administrator wants the WLC to forward all SNMP log messages (i.e., traps) to the SNMP server. •The network administrator wants to use a RADIUS server for authentication, authorization, and accounting (AAA) services. •Users will enter their username and password credentials which will be verified by the RADIUS server. •The RADIUS server is required for WLANs that are using WPA2 Enterprise authentication. •Note: SNMP server and RADIUS server configuration is beyond the scope of this module. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.2 - SNMP and RADIUS ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure SNMP Server Information •To enable SNMP and configure settings: 1.Click the MANAGEMENT tab to access a variety of management features. 2.Click SNMP to expand the sub-menus. 3.Click Trap Receivers. 4.Click New... to configure a new SNMP trap receiver. • •Enter the SNMP Community name and the IP address (IPv4 or IPv6) for the SNMP server and then click Apply. •The WLC will now forward SNMP log messages to the SNMP server. 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.3 - Configure SNMP Server Information ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure RADIUS Server Information •To configure the WLC with the RADIUS server information: 1.Click SECURITY. 2.Click RADIUS 3.Click Authentication 4.Click New... to add PC-A as the RADIUS server. 5. •Enter the IPv4 address for PC-A and the shared secret that will be used between the WLC and the RADIUS server and then click Apply. 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.4 - Configure RADIUS Server Information ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure RADIUS Server Information (Cont.) •After clicking Apply, the list of configured RADIUS Authentication Servers refreshes with the new server listed. 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.4 - Configure RADIUS Server Information (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Video – Configure a VLAN for a New WLAN •This video will cover the following: •Review the topology •Deploy a new VLAN interface •Associate the new VLAN interface with a WLAN 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.5 - Video – Configure a VLAN for a New WLAN ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Topology with VLAN 5 Addressing •Each WLAN configured on the WLC needs its own virtual interface. •The WLC has five physical data ports that can be configured to support multiple WLANs and virtual interface. •The new WLAN will use interface VLAN 5 and network 192.168.5.0/24 and therefore R1 has been configured for VLAN 5 as shown in the topology and show ip interface brief output. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.6 –Topology with VLAN 5 Addressing ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a New Interface •VLAN interface configuration on the WLC includes the following steps: 1.Create a new interface. 2.Configure the VLAN name and ID. 3.Configure the port and interface address. 4.Configure the DHCP server address. 5.Apply and Confirm. 6.Verify Interfaces. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.7 - Configure a New Interface ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a New Interface (Cont.) 1.Create a new interface: Click CONTROLLER > Interfaces > New... 2. 2. 2. 2.Configure the VLAN name and ID: In the example, the new interface is named vlan5, the VLAN ID is 5, and applied. 3. 3. 3. 3. 3. 3. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.7 - Configure a New Interface (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a New Interface (Cont.) 3.Configure the port and interface address: On the interface Edit page, configure the physical port number (i.e., the WLC G1 interface is Port Number 1 on the WLC), the VLAN 5 interface addressing (i.e., 192.168.5.254/24), and the default gateway (i.e., 192.168.5.1) • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.7 - Configure a New Interface (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a New Interface (Cont.) 4.Configure the DHCP server address: The example configures a primary DHCP server at IPv4 address 192.168.5.1 which is the default gateway router address which is enabled as a DHCP server. 5. 5. 5.Apply and Confirm: Scroll to the top and click Apply and then click OK for the warning message. 6. 6. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.7 - Configure a New Interface (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a New Interface (Cont.) 6.Verify Interfaces: Click Interfaces to verify that the new vlan5 interface is shown in the list of interfaces with its IPv4 address. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.7 - Configure a New Interface (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Video – Configure a DHCP Scope •This video will cover the following: •Review the topology •Explain the role of the WLC DHCP server •Create a new DHCP scope 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.8 - Video – Configure DHCP for the New WLAN ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a DHCP Scope •DHCP scope configuration includes the following steps: 1.Create a new DHCP scope. 2.Name the DHCP scope. 3.Verify the new DHCP scope. 4.Configure and enable the new DHCP scope. 5.Verify the enable DHCP scope • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.9 - Configure a DHCP Scope ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a DHCP Scope (Cont.) 1.Create a new DHCP scope: To configure a new DHCP scope, click Internal DHCP Server > DHCP Scope > New.... 2. 2. 2. 2.Name the DHCP scope: The scope is named Wireless_Management and then applied. 3. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.9 - Configure a DHCP Scope (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a DHCP Scope (Cont.) 3.Verify the new DHCP scope: In the DHCP Scopes page click the new Scope Name to configure the DHCP scope. 4. 4.Configure and enable the new DHCP scope: On the Edit screen for the Wireless_Management scope, configure a pool of addresses (i.e., 192.168.200.240/24 to .249), the default router IPv4 address (i.e., 192.168.200.1), then Enabled and Apply. 5. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.9 - Configure a DHCP Scope (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a DHCP Scope (Cont.) 5.Verify the enable DHCP scope: The network administrator is returned to the DHCP Scopes page and can verify the scope is ready to be allocated to a new WLAN. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.9 - Configure a DHCP Scope (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Video – Configure a WPA2 Enterprise WLAN •This video will cover the following: •Review the topology •Create a WLAN •Configure the WLC to use the RADIUS server •Secure the new WLAN with WPA2-Enterprise •Verify WPA2-Enterprise Security 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.10 - Video – Configure a WPA2 Enterprise WLAN ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a WPA2 Enterprise WLAN •By default, all newly created WLANs on the WLC will use WPA2 with Advanced Encryption System (AES). •802.1X is the default key management protocol used to communicate with the RADIUS server. •Next, create a new WLAN to use interface vlan5. • •Configuring a new WLAN on the WLC includes the following steps: 1.Create a new WLAN. 2.Configure the WLAN name and SSID. 3.Enable the WLAN for VLAN 5. 4.Verify AES and 802.1X defaults. 5.Configure WLAN security to use the RADIUS server. 6.Verify the new WLAN is available. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.11 - Configure a WPA2 Enterprise WLAN ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a WPA2 Enterprise WLAN (Cont.) 1.Create a new WLAN: Click the WLANs tab and then Go to create a new WLAN. 2. 2. 2. 2.Configure the WLAN name and SSID: Enter the profile name and SSID, choose an ID of 5, and then click Apply to create the new WLAN. 3. 3. 3. 3. 3. • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.11 - Configure a WPA2 Enterprise WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a WPA2 Enterprise WLAN (Cont.) 3.Enable the WLAN for VLAN 5: Once the WLAN, change the status to Enabled, choose vlan5 from the Interface/Interface Group(G) dropdown list, and then click Apply and click OK to accept the popup message. 4. 4. 4.Verify AES and 802.1X defaults: Click the Security tab to view the default security configuration for the new WLAN. • 3. 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.11 - Configure a WPA2 Enterprise WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Configure a WPA2 Enterprise WLAN (Cont.) 5.Configure the RADIUS server: To select the RADIUS server that will be used to authenticate WLAN users, click the AAA Servers tab and in the dropdown box, select the RADIUS server that was configured on the WLC previously, and then Apply your changes. 6. 6.Verify that the new WLAN is available: To verify that the new WLAN is listed and enabled click on the WLANs submenu. 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.11 - Configure a WPA2 Enterprise WLAN (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a WPA2 Enterprise WLAN on the WLC Packet Tracer – Configure a WPA2 Enterprise WLAN on the WLC •In this Packet Tracer activity, you will configure a new WLAN on a wireless LAN controller (WLC), including the VLAN interface that it will use. You will configure the WLAN to use a RADIUS server and WPA2-Enterprise to authenticate users. You will also configure the WLC to use an SNMP server. •Configure a new VLAN interface on a WLC. •Configure a new WLAN on a WLC. •Configure a new scope on the WLC internal DHCP server. •Configure the WLC with SNMP settings. •Configure the WLC to use a RADIUS server to authenticate WLAN users. •Secure a WLAN with WPA2-Enterprise. •Connect hosts to the new WLC. • • • 13 – WLAN Configuration 13.3 – Configure a WPA2 Enterprise WLAN on the WLC 13.3.12 - Packet Tracer – Configure a WPA2 Enterprise WLAN on the WLC ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13.4 Troubleshoot WLAN Issues 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Troubleshooting Approaches •Network problems can be simple or complex, and can result from a combination of hardware, software, and connectivity issues. •Technicians must be able to analyze the problem and determine the cause of the error before they can resolve the network issue. •This process is called troubleshooting. • •Troubleshooting any sort of network problem should follow a systematic approach. • •A common and efficient troubleshooting methodology is based on the scientific method and can be broken into the six main steps shown in the table on the next slide. • 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.1 – Troubleshooting Approaches ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Troubleshooting Approaches (Cont.) Step Title Description 1 Identify the Problem The first step in the troubleshooting process is to identify the problem. While tools can be used in this step, a conversation with the user is often very helpful. 2 Establish a Theory of Probable Causes After you have talked to the user and identified the problem, you can try and establish a theory of probable causes. This step often yields more than a few probable causes to the problem. 3 Test the Theory to Determine Cause Based on the probable causes, test your theories to determine which one is the cause of the problem. A technician will often apply a quick procedure to test and see if it solves the problem. If a quick procedure does not correct the problem, you might need to research the problem further to establish the exact cause. 4 Establish a Plan of Action to Resolve the Problem and Implement the Solution After you have determined the exact cause of the problem, establish a plan of action to resolve the problem and implement the solution. 5 Verify Full System Functionality and Implement Preventive Measures After you have corrected the problem, verify full functionality and, if applicable, implement preventive measures. 6 Document Findings, Actions, and Outcomes In the final step of the troubleshooting process, document your findings, actions, and outcomes. This is very important for future reference. 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.1 – Troubleshooting Approaches (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Wireless Client Not Connecting •If there is no connectivity, check the following: •Confirm the network configuration on the PC using the ipconfig command. •Confirm that the device can connect to the wired network. Ping a known IP address. •If needed, reload drivers as appropriate for the client or try a different wireless NIC. •If the wireless NIC of the client is working, check the security mode and encryption settings on the client. • •If the PC is operational but the wireless connection is performing poorly, check the following: •Is the PC out of the planned coverage area (BSA)? •Check the channel settings on the wireless client. •Check for interference with the 2.4 GHz band. • 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.2 – Wireless Client Not Connecting ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Wireless Client Not Connecting (Cont.) •Next, ensure that all the devices are actually in place. •Consider a possible physical security issue. •Is there power to all devices and are they powered on? • •Finally, inspect links between cabled devices looking for bad connectors or damaged or missing cables. •If the physical plant is in place, verify the wired LAN by pinging devices, including the AP. •If connectivity still fails at this point, perhaps something is wrong with the AP or its configuration. •When the user PC is eliminated as the source of the problem, and the physical status of devices is confirmed, begin investigating the performance of the AP. •Check the power status of the AP. • 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.2 – Wireless Client Not Connecting (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Troubleshooting When the Network Is Slow •To optimize and increase the bandwidth of 802.11 dual-band routers and APs, either: •Upgrade your wireless clients - Older 802.11b, 802.11g, and even 802.11n devices can slow the entire WLAN. For the best performance, all wireless devices should support the same highest acceptable standard. •Split the traffic - The easiest way to improve wireless performance is to split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band. Therefore, 802.11n (or better) can use the two bands as two separate wireless networks to help manage the traffic. • •There are several reasons for using a split-the-traffic approach: •The 2.4 GHz band may be suitable for basic Internet traffic that is not time-sensitive. •The bandwidth may still be shared with other nearby WLANs. •The 5 GHz band is much less crowded than the 2.4 GHz band; ideal for streaming multimedia. •The 5 GHz band has more channels; therefore, the channel chosen is likely interference-free. • 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.3 – Troubleshooting When the Network Is Slow ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Troubleshooting When the Network Is Slow (Cont.) •By default, dual-band routers and APs use the same network name on both the 2.4 GHz band and the 5 GHz band. •It may be useful to segment the traffic. •The simplest way to segment traffic is to rename one of the wireless networks. • •To improve the range of a wireless network, ensure the wireless router or AP location is free of obstructions, such as furniture, fixtures, and tall appliances. •These block the signal, which shortens the range of the WLAN. •If this still does not solve the problem, then a Wi-Fi Range Extender or deploying the Powerline wireless technology may be used. • 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.3 – Troubleshooting When the Network Is Slow (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Updating Firmware •Most wireless routers and APs offer upgradable firmware that should be periodically verified. • •On a WLC, there will most likely be the ability to upgrade the firmware on all APs that the WLC controls. •In the figure, the firmware image that will be used to upgrade all the APs is downloaded. •On a Cisco 3504 Wireless Controller, click WIRELESS > Access Points > Global Configuration and then scroll to the bottom of the page for the AP Image Pre-download section. 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.4 – Updating Firmware ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Troubleshoot WLAN Issues Packet Tracer – Troubleshoot WLAN Issues •In this Packet Tracer, you will complete the following objectives: •Troubleshoot wireless LAN connectivity issues in a home network. •Troubleshoot wireless LAN connectivity issues in an enterprise network. 13 – WLAN Configuration 13.4 – Troubleshoot WLAN Issues 13.4.5 - Packet Tracer – Troubleshoot WLAN Issues ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13.5 Module Practice and Summary 13 – WLAN Configuration 13.5 – Module Practice and Summary ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Practice and Quiz Packet Tracer – WLAN Configuration •In this Packet Tracer activity, you will configure both a wireless home router and a WLC-based network. You will implement both WPA2-PSK and WPA2-Enterprise security. •Configure a home router to provide Wi-Fi connectivity to a variety of devices. •Configure WPA2-PSK security on a home router. •Configure interfaces on a WLC. •Configure WPA2-PSK security on a WLAN and connect hosts to the WLAN. •Configure WPA2-Enterprise on a WLAN and connect hosts to the WLAN. •Verify connectivity. • • • 13 – WLAN Configuration 13.5 – Module Practice and Summary 13.5.1 - Packet Tracer – WLAN Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Practice and Quiz What Did I Learn In This Module? •Remote workers, small branch offices, and home networks often use a wireless router, which typically include a switch for wired clients, a port for an internet connection (sometimes labeled “WAN”), and wireless components for wireless client access. •Most wireless routers are preconfigured to be connected to the network and provide services. The wireless router uses DHCP to automatically provide addressing information to connected devices. •Your first priority should be to change the username and password of your wireless router. •If you want to extend the range beyond approximately 45 meters indoors and 90 meters outdoors, you can add wireless access points. •The router will use a process called Network Address Translation (NAT) to convert private IPv4 addresses to internet-routable IPv4 addresses. •By configuring QoS, you can guarantee that certain traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing. •Lightweight APs (LAPs) use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC). 13 – WLAN Configuration 13.5 – Module Practice and Summary 13.5.2 – What Did I Learn In This Module? ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module Practice and Quiz What Did I Learn In This Module? (Cont.) •Configuring a wireless LAN controller (WLC) is similar to configuring a wireless router except that a WLC controls APs and provides more services and management capabilities. Use the WLC interface to view an overall picture of the AP’s system information and performance, to access advanced settings and to configure a WLAN. •SNMP is used monitor the network. The WLC is set to forward all SNMP log messages, called traps, to the SNMP server. •For WLAN user authentication, a RADIUS server is used for authentication, accounting, and auditing (AAA) services. Individual user access can be tracked and audited. •Use the WLC interface to configure SNMP server and RADIUS server information, VLAN interfaces, DHCP scope, and a WPA2 Enterprise WLAN. •There are six steps to the troubleshooting process. •When troubleshooting a WLAN, a process of elimination is recommended. Common problems are: no connectivity and poorly performing wireless connection when the PC is operational. •To optimize and increase the bandwidth of 802.11 dual-band routers and APs, either: upgrade your wireless clients or split the traffic. •Most wireless routers and APs offer upgradable firmware. Firmware releases may contain fixes for common problems reported by customers as well as security vulnerabilities. You should periodically check the router or AP for updated firmware. 13 – WLAN Configuration 13.5 – Module Practice and Summary 13.5.2 – What Did I Learn In This Module? (Cont.) 13.5.3 – Module Quiz – WLAN Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Module 13: WLAN Configuration New Terms and Commands •Network Address Translation (NAT) •Wireless Mesh Network (WMN) •Port Forwarding •Port Triggering §