DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL)"

Transcription

1 [Type a quote from the document or the summary of an interesting point. You can position the text box anywhere in the document. Use the Drawing Tools tab to change the formatting of the pull quote text box.] DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL) Remote Lab Guide Version 1.3

2 Copyright 2017, Cisco Systems, Inc. All rights reserved. Copyright 2017, GigaWave Technologies, All rights reserved. 2 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

3 Table of Contents Lab Guide...6 Overview...6 Outline...6 Lab Topology Diagram...7 Lab 1-1 Perform the Initial Controller Configuration using the CLI...8 Task 1: Lab Familiarization...10 Task 2: Navigate the Gigawave Remote Lab...12 Task 3: Navigate the Interactive Diagram Page...15 Task 4: Prepare the Client Laptop in the Remote Lab...18 Task 5: Understanding WLAN Controller Boot Options...20 Task 6: Run the Wizard Configuration Tool...22 Task 7: Joining the Access Points to the Controller...25 Task 8: Closing the Lab...25 Lab 1-2: Unified AP Modes of Operation...26 Activity Objective...26 Task 1: Logging In to the Controller...26 Task 2: Verify the Access Point s Names...27 Task 3: Create an Open WLAN...28 Task 4: Examine the AP Capabilities in Various Modes of Operation...29 Task 5: Closing the Lab...38 Lab 1-3: AP Association Options...39 Activity Objective...39 Task 1: Deploying an Access Point Using DHCP Option Task 2: Deploying an Access Point using DNS Server Entry...42 Task 3: Configuring the Primary and Secondary Controller...43 Task 4: Configure Your Mobility Group...44 Task 5: Observing the AP Failover Process...46 Task 6: Closing the Lab...48 Lab 1-4: Controller Web Interface...49 Activity Objective...49 Task 1: Monitoring the WLAN Controller...49 Task 2: Configuring a VLAN (Dynamic) Interface...50 Task 3: Configure DHCP Pool on the WLAN Controller...51 Task 4: Defining a RADIUS Server...53 Task 5: Management Options...53 Task 6: Performing File Transfers and Backups...55 Task 7: Enable Management via Wireless...56 Task 8: Closing the Lab Cisco Systems, Inc. Remote Lab Guide 3

4 Lab 1-5: RRM and CleanAir Configuration Activity Objective Task 1: Modifying the Default Auto RF Values Task 2: Configuring Global Support for Cisco CleanAir Task 3: Verifying that Cisco CleanAir Is Working Task 4: Closing the Lab Lab 1-6: Configuring Security Parameters on the WLC Activity Objective Task 1: Creating a Local Net User Task 2: Creating a New Local EAP Profile Task 3: Creating a New WLAN to use Local EAP Task 4: Configuring Peer-to-Peer Blocking Task 5: Configuring Wi-Fi Direct Support Task 6: Configuring Management Frame Protection Task 7: Verifying Local EAP Authentication Capability Task 8: Closing the Lab Lab 1-7: AVC Configuration Task 1: Configuring AVC Profile Task 2: Associate an AVC Profile to a WLAN Task 3: Use TFTP Task 4: View the AVC Information Task 5: Configuring AVC Profile to Drop Traffic Task 6: Try Again to use TFTP Task 7: Closing the Lab Lab 1-8: Configuring Basic B2C Guest Access and Web Authentication Task 1: Configuring a Local Guest Access Method Task 2: Creating a Local Net User as a Guest Task 3: Testing Client Login Task 4: Testing Client Exclusion Task 5: Closing the Lab Lab 2-1: FlexConnect Local Switching Task 1: Configure the Controller Task 2: Enable FlexConnect on the AP and Configure FlexConnect Groups Task 3: Configure a Client Profile Task 4: Induce a WAN Failure Task 5: Closing the Lab Lab 4-1: Perform the Controller Configuration Using the Ease of Use Setup Wizard Task 1: Reset your WLC Task 2: Configuring the 3650 Switch Ports Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

5 Task 3: Run the Ease of Use Wizard...99 Task 4: Reconnect to you 2504 WLC Task 5: Resetting the 3650 Switch and WLC Task 6: Closing the Lab Answer Key Lab 1-1 Perform the initial Controller configuration using the CLI Lab 1-2: Unified AP Modes of Operation Lab 1-4: Controller Web Interface Lab 1-5: RRM and CleanAir Configuration Lab 1-6: Configuring Security Parameters on the WLC Lab 1-7: AVC Configuration Lab 1-8: Configuring Basic B2C Guest Access and Web Authentication Cisco Systems, Inc. Remote Lab Guide 5

6 WDBWL Lab Guide Overview Outline This guide presents the instructions and other information concerning the lab activities for this course. You can find the solutions in the lab activity Answer Key. This guide includes these activities: Lab 1-1 Perform the Initial Controller Configuration using the CLI Lab 1-2: Unified AP Modes of Operation Lab 1-3: AP Association Options Lab 1-4: Controller Web Interface Lab 1-5: RRM and CleanAir Configuration Lab 1-6: Configuring Security Parameters on the WLC Lab 1-7: AVC Configuration Lab 1-8: Configuring Basic B2C Guest Access and Web Authentication Lab 2-1: FlexConnect Local Switching Lab 4-1: Perform the Controller Configuration Using the Ease of Use Setup Wizard 6 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

7 Lab Topology Diagram POD X MSE ISE Admin PC Core SW 3750E vwlc G1/0/1 G1/0/2 G1/0/3 G1/0/4 G1/0/5 G1/0/6 G1/0/7 G1/0/8 PX-AP1 CAPWAP PodX-3650sw PX-AP2 Autonomous WLC 2504 Client Laptop Pod Inside /24 Pod NAT Outside X.0 /24 PX-AP3 CAPWAP 2017 Cisco Systems, Inc. Remote Lab Guide 7

8 Lab 1-1 Perform the Initial Controller Configuration using the CLI Activity Objective Visual Objective Complete this lab activity to practice what you learned in the related materials. Use the activities here to complete the initial controller configuration activities for this course. In the following lab, you will create a basic configuration for the WLAN controller. After completing this activity, you will be able to meet these objectives: Prepare Classroom PC for Remote Lab Prepare the Client Laptop in the Remote Lab Configure the controller using the console management interface Deploy a new or replacement controller using the auto install process Join the access point to the controller Refer to the lab topology diagram. This diagram illustrates what you will accomplish in this activity. The information provided in the tables here reiterates the information in the lab diagram. In all of the details, replace X with your student pod number. Note Each student will be assigned to a pod by the instructor. Each pod is isolated from the others behind a NAT router interface on a x /24 subnet. Many addresses are common to all pods. Where an address must be unique it will be determined by your pod number. Client Laptop IP Address Username Password Pod X student password WLAN Controller Base Parameters System Name Administrative User Name Password Enable Link Aggregation Value 2504-X (where X is the pod number) admin Iforgot2 NO Management Interface IP address Management Interface Netmask Management Interface Default Router Management Interface VLAN Identifier 0 Management Interface Port Number 1 Management Interface DHCP Server IP Address Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

9 Virtual Gateway IP Address Multicast Address Mobility/RF Group Name Network Name Configure DHCP Bridging Mode Allow Static IP Addresses Configure a RADIUS Server now PodX (where X is the pod number) WDBWL-X (where X is the pod number) NO NO YES RADIUS Server IP address RADIUS Server Port 1812 RADIUS Server Secret Country Code Enable b Network Enable a Network Enable g Network Enable Auto-RF Configure a NTP Server now iforgot US YES YES YES YES YES NTP Server IP address NTP Server polling interval 3600 Configure IPv6 Parameters NO 2017 Cisco Systems, Inc. Remote Lab Guide 9

10 Task 1: Lab Familiarization Overview In this activity, you will connect to the Gigawave remote lab. After completing this activity, you will be able to meet the objectives. Use the icons on the diagram page to open a CLI or VPN session Use the Session menu to open a CLI or VPN session Use the action key Use the icons page to activate scripts Topology POD X MSE ISE Admin PC Core SW 3750E vwlc G1/0/1 G1/0/2 G1/0/3 G1/0/4 G1/0/5 G1/0/6 G1/0/7 G1/0/8 PX-AP1 CAPWAP PodX-3650sw PX-AP2 Autonomous WLC 2504 Client Laptop Pod Inside /24 Pod NAT Outside X.0 /24 PX-AP3 CAPWAP Job Aids These job aids are available to help you complete the lab activity. 10 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

11 Usernames and Passwords Device Prime Infrastructure (PI) CLI username / password Prime Infrastructure (PI) GUI username / password MSE CLI username / password MSE Prime Infrastructure username / password ISE GUI username / password ISE CLI username / password Admin PC username / password vwlc CLI & GUI username / password WLC 2504 CLI & GUI username / password Client Laptop Pod 3650 switch CLI username / password PX-AP1 CLI & GUI username / password /enable password PX-AP2 CLI & GUI username / password /enable password PX-AP3 CLI & GUI username / password /enable password WLC 5508 C CLI & GUI username / password WLC 5508 C CLI & GUI username / password WLC 5508 C CLI & GUI username / password Usernames and Passwords admin / Iforgot2 root / Iforgot 2 (created during installation) & AdminPI/Iforgot2 Root / admin / MSEver80!! admin / Iforgot2 admin / Iforgot2 podadmin / Iforgot2 admin / Iforgot2 admin / Iforgot2 student / password admin / Iforgot2 Cisco / Cisco / Cisco Cisco / Cisco / Cisco Cisco / Cisco / Cisco studentadmin / Iforgot2 studentadmin / Iforgot2 studentadmin / Iforgot Cisco Systems, Inc. Remote Lab Guide 11

12 IP Addresses Device IP Address Prime Infrastructure (PI) MSE ISE Admin PC vwlc WLC Client Laptop (wired I/F) Pod PX-AP1 (CAPWAP) DHCP PX-AP2 (autonomous) PX-AP3 (CAPWAP) DHCP Pod Gateway (core router) Core Switch WLC C (core) WLC C (core) WLC C (dmz) Task 2: Navigate the Gigawave Remote Lab In this task, you will access the remote labs web site open various CLI and VPN sessions to familiarize yourself with the remote lab setup. To access the remote lab, you will need to open a connection to the Gigawave remote lab web page. When you open a connection to the Gigawave remote lab web page two pages open, the Gigawave Live Labs web page which has information about your lab session and menu controls. The second page opens to the interactive diagram page, which allows you access to the various devices in the remote lab. Complete the following steps: From your PC, open a web browser session to the GigaWave remote labs at the address 12 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

13 Note Step 3 The instructions in this Hardware Challenge Lab guide were created using Windows Internet Explorer 11. If you are using your own laptop and select to use a different browser, some steps may be different. Login to the Gigawave Live Labs web page with the credentials provided by your instructor. If a Terms and Conditions page is present, Read the Terms and Conditions and click I Accept. The Gigawave Live Labs web page opens followed immediately by the Lab Guide page. Step 4 From the Lab Information section on the left, answer the following questions. Q1) How much time is left in the lab: the lab information shows the time left in hours that the lab will be accessible with the current login. Q2) To which pod number are you connected: This should match the information given you by your instructor Cisco Systems, Inc. Remote Lab Guide 13

14 Step 5 Click Information button and answer the following questions: Q3) What is the Time Zone of the lab: Q4) What is the Start time of the lab: Q5) What is the End time of the lab: Step 6 Click the (set time zone) link. A pop-up menu appears. Step 7 Step 8 Select your time zone and then click the X in the upper right corner of the popup to close the Set Time zone popup. If you are in the Eastern Time zone (default) then skip to Answer the following questions. Q6) What is the Time Zone of the lab: Q7) What is the Start time of the lab: Q8) What is the End time of the lab: 14 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

15 Step 9 Close the Pod Information window. Notice that the time in the Lab Information window at the left has changed to the new time zone, if you changed the time zone. You can also change the time zone by clicking the (set time zone) link next to the Time is under the Lab Information page. 0 1 Write the Lab time left down here:. This is continuously running clock. The lab will be available at all times until the Lab time left expires. Click the Setup Results link. A Setup Results page opens Verify the setup was successful. If you get any other result contact you instructor before continuing. Close the Setup Results page. Click the Reset To link. A Reset To pop-up opens. This will reset the lab if necessary. This process takes approximately 20 minutes. DO NOT Reset the lab unless instructed to by your instructor. Click the Cancel button to close the Reset To pop-up window. The Connect via Topology link opens the interactive diagram page. When you first open the Live Labs web page, the interactive diagram page opens automatically. If the interactive diagram page is closed for any reason, you can always reopen in by clicking the Connect via Topology link on the Live Labs page. Task 3: Navigate the Interactive Diagram Page Activity Procedure In this task, you will familiarize yourself with the interactive diagram page. This page is used to access all of the lab devices. Complete these steps: 2017 Cisco Systems, Inc. Remote Lab Guide 15

16 From your pc, maximize the interactive diagram page. Notice that a copy of the lab diagram is on the left and the interactive diagram labeled Pod X is on the right in the window. Select the menu icon (three horizontal bars) on the upper right corner of the lab guide. Here you can change the position of the lab guide on the page, undock the lab guide as a separate window or close the lab guide. If you wish to change the position of the lab guide or close it select the menu item. Step 3 Select the menu icon in the upper right corner of the interactive lab page. Here you can open the lab guide if you closed it earlier and wish to reopen it. You can refresh the diagram page, which refreshes the links between the diagram page and the devices. You can open a chat to someone else using the same pod. You will not be sharing a pod but your instructor can login to your pod and use the chat with you. You can reset the pod (this will take 15 to 2 minutes). If enabled, you can change the lab. Selecting Close will close the interactive lab diagram page. 16 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

17 Step 4 Click on the WLC 2504 icon to open a CLI to the 2504 WLC in your pod. The page changes to a terminal setting for the 2504 management port. Step 5 Click the allow access button to activate the console and allow access to copy to the clipboard of your pc. Press Enter to access the console. You will not login to the WLC at this time. Note A pop-up window appears when using Internet Explorer. Firefox and Chrome do not open the popup. Other browsers have not been tested. Whenever prompted, click Allow Access if you wish to copy items to your PC Cisco Systems, Inc. Remote Lab Guide 17

18 Step 6 Step 7 Select Diagram from the Systems menu. The diagram page reappears. Right-click on the WLC 2504 icon. A menu appears. List the options available: Task 4: Prepare the Client Laptop in the Remote Lab Activity Procedure The Client Laptop configuration begins with both the wired and wireless interfaces disabled. In this task, you will enable the wireless interface on the Client Laptop and connect to the WDBWL SSID. The Client Laptop is used throughout the labs to verify the configurations performed. You will use the Admin PC for configuration tasks. Complete these steps: 18 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

19 POD X MSE ISE Admin PC Core SW 3750E vwlc G1/0/1 G1/0/2 G1/0/3 G1/0/4 G1/0/5 G1/0/6 G1/0/7 G1/0/8 PX-AP1 CAPWAP PodX-3650sw PX-AP2 Autonomous WLC 2504 Client Laptop Pod Inside /24 Pod NAT Outside X.0 /24 PX-AP3 CAPWAP Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems drop-down, select Client Laptop. A Remote Desktop Connection window opens. Click the PODLAPTOP\student icon. Enter password in the Password field and press Enter. The Client Laptop opens to the desktop. You will now connect your wireless interface to a WLAN configured on the 5508 core controllers. Step 5 Step 6 Step 7 Step 8 Step 9 Select the Windows Network icon in the lower right corner of the Client Laptop. Click to Open Network and Sharing Center link. On the left side, click Change adapter settings. Right-click on the Intel 4965 Wireless icon. Select Enable Cisco Systems, Inc. Remote Lab Guide 19

20 Right-click on the Local Area Connection - Realtek PCIe GBE Family Controller icon. If the Local Area Connection is already enabled, skip to 3. Select Enable. Close the Network Connections window. Select the Windows Network icon in the lower right corner of the Client Laptop. From the Intel 4965 Wireless list, select WDBWL. Check the Connect automatically check box and click Connect. In the Security key field, enter Iforgot2 and click OK. The Intel 4965 client should connect to the WDBWL WLAN. Click on the Windows Network icon to verify that the wireless card is connected to the network WDBWL. Task 5: Understanding WLAN Controller Boot Options Activity Procedure In this task, you will learn about the different options available during the initial boot of the controller. Complete these steps: Step 3 Your instructor will assign you a group number. Write it down here. From the System menu, select Diagram. From the Diagram page, click the WLC 2504 icon. Step 4 Step 5 Step 6 Step 7 From the Actions menu, select Power off. Read the Message from web page and click OK. Wait for the WLC 2504 to shut down. From the Actions menu, select Power On. The WLC 2504 begins booting. Click the terminal window in the grey area to activate the screen. 20 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

21 Step 8 Press ESC when prompted to stop the system from auto-booting. The Boot Loader Menu appears. Note If you are not able to break into the Boot Loader Menu because you missed the opportunity to press the ESC key, press the Power Off button, wait for the Controller to Power off and then repeat Step 7 through Step 9. Step 9 0 Press the #4 key and press Enter to set your WLC 2504 to the Factory Default setting. Your control reboots. Press the ESC key when prompted to stop the system from auto booting. The Boot Loader Menu appears Cisco Systems, Inc. Remote Lab Guide 21

22 1 2 Press the #3 key and press Enter. The Change active boot image option will ensure that the WLC 2504 will load v code automatically the next time the WLC 2504 is rebooted. Press the #2 key and press Enter. This will cause your WLC 2504 to reboot one more time. Q1) Which of the options shown allows you to set the system back to the factory default configuration? Q2) Which partition is the active partition? verify this in the back of the book. Note The only time that you will see the boot options menu is during bootup. To view the boot options menu, you must reboot the controller and press the ESC key when prompted during the boot process. Activity Verification You have completed this activity when you have attained this result: Powered up the WLC 2504 and observed the Boot Loader Menu. Task 6: Run the Wizard Configuration Tool In this task, you will run the command line Cisco Wizard Configuration tool. Follow the configuration steps as they are presented to you by the Startup Wizard making sure that you provide the proper answers for your system. In addition, you will configure the basic connectivity parameters necessary for the system to communicate over the network to other devices, including the management workstation. Answer the following questions, first referring to the Lab Guide diagram and information for your pod. When you have all the necessary information, answer the questions presented by the Startup Wizard. Activity Procedure 1: Gather Information Activity Verification You will need to know information specific to your pod to configure the controller. Answer the following questions based on information provided by your instructor. Q1) To which student group have you been assigned? Q2) Which pod have you been assigned? You have completed this activity when you have attained this result: You have gathered all the information needed to configure the WLC Activity Procedure 2: Enter Student Pod Information Using the values derived from the previous task, enter the information into the CLI and complete the following step: 22 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

23 When the controller completes the boot process, and you are prompted, configure your controller using the following example dialog as a guide. Note Remember, if you miss a question or need to go back to the previous question to correct your answer, use the dash ( - ) to go back. Welcome to the Cisco Wizard Configuration Tool Use the '-' character to backup Would you like to terminate autoinstall? [yes]: yes System Name [Cisco_40:88:c3] (31 characters max): 2504-X where X is your pod number Note When you terminate the autoinstall routine, you will be prompted for the System name. Then a log message will appear and the terminal will be waiting for the system name. Note If you hit enter, then the autoinstall routine will take the default value and move to the next prompt. If this happens, hit the - (minus) key and enter to back up to the System Name prompt. Enter Administrative User Name (24 characters max): admin Enter Administrative Password (24 characters max): Iforgot2 Re-enter Administrative Password : Iforgot2 Enable Link Aggregation (LAG) [yes][no]: no Management Interface IP Address: Management Interface Netmask: Management Interface Default Router: Management Interface VLAN Identifier (0 = untagged): 0 Management Interface Port Num [1 to 4]: 1 Management Interface DHCP Server IP Address: Virtual Gateway IP Address: Multicast IP Address: Mobility/RF Group Name: PodX where X is your pod number Network Name (SSID): WDBWL-X where X is your pod number Configure DHCP Bridging Mode [yes][no]: no Allow Static IP Addresses [YES][no]: no Configure a RADIUS Server now? [YES][no]: yes Enter the RADIUS Server's Address: Enter the RADIUS Server's Port [1812]: 1812 Enter the RADIUS Server's Secret: iforgot Enter Country Code list (enter 'help' for a list of countries) [US]: US Enable b Network [YES][no]: yes Enable a Network [YES][no]: yes Enable g Network [YES][no]: yes Enable Auto-RF [YES][no]: yes Configure a NTP server now? [YES][no]: yes Enter the NTP server's IP address: Enter a polling interval between 3600 and secs: 3600 Would you like to configure IPv6 parameters[yes][no]: no 2017 Cisco Systems, Inc. Remote Lab Guide 23

24 Configuration correct? If yes, system will save it and reset. [yes][no]: yes Configuration saved! Resetting system with new configuration... The controller will save the configuration and reboot. Once the controller returns to the User prompt verify your administrative credentials by logging in to the controller. At the User name prompt, enter admin and press Enter. Step 3 At the password prompt, enter Iforgot2 and press Enter. This example uses pod 32. Step 4 Step 5 Step 6 At the Controller prompt, type show sysinfo and press Enter. Verify that the System Name shows as 2504-X, where X is your pod number. Enter q to exit the sysinfo menu once you have verified the system name. At the Controller prompt, type show wlan summary and press Enter. This example uses pod 32. Step 7 Verify that the WLAN profile name and SSID both show as WDBWL-X, where X is your pod number. Activity Verification You have completed this activity when you have attained this result: 24 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

25 The controller reboots and you can log in via the CLI with your new credentials to verify the configuration. Task 7: Joining the Access Points to the Controller Activity Procedure You will power on the CAPWAP based APs and verify that they join the controller. Complete the following steps. At the Controller prompt, enter show ap summary. You should see both access points joined to the controller. Activity Verification You have completed this activity when you have attained these results: Both APs have joined the controller. Task 8: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram Cisco Systems, Inc. Remote Lab Guide 25

26 Lab 1-2: Unified AP Modes of Operation Complete this lab activity to practice what you learned in the related module. Activity Objective Use the activities here to identify the available modes of operation for the access points available in your Lab equipment. In the following lab, you will connect to your assigned lab equipment and document the AP modes available and their differences for the installed APs. After completing this activity, you will be able to meet these objectives: Connect to your assigned Lab equipment Identify the available AP operational modes Identify the non-client serving modes Configure an AP to support network requirements Task 1: Logging In to the Controller Activity Procedure In this task, you will connect to the controller web interface and prove that, by default, it requires a secure HTTP connection in order to administer the controller. Complete the following steps. If you are continuing from the previous lab, skip to. From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems drop-down, select Admin PC. Step 3 Click the podadmin icon and enter Iforgot2 in the Password field. Note To make the remote desktop full screen on your PC, scroll to the far upper-right and select the full screen icon. You will need to enable the Ethernet interface on your Admin PC. Step 4 Step 5 Step 6 Step 7 Select the network icon in the windows tool bar and click Open Network and Sharing Center link. Click Change adapter settings. Right-click on Local Area Connection and click Enable to enable the Ethernet interface on Admin PC. Close the Network Connections window. 26 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

27 Step 8 Step 9 From the desktop of the Admin PC, open a Firefox browser and connect to the WLC 2504 at Since the controller uses a self-signed certificate, you will be given a warning popup. At the This Connection is Untrusted window, select I Understand the Risks. Note This lab uses Firefox. If you are using a different browser, you will see a different set of screens. Click the Add Exception button. The Add Security Exception pop-up window opens. Click the Confirm Security Exception button. The Login page for the WLC opens. To begin your session, click Login. When prompted enter the following credentials: User Name Password admin 3 Iforgot2 Click on the OK to complete the controller login. The Dashboard page opens. 4 Click Advanced to open to the Monitor Summary page. There are a number of controller web menus available across the top taskbar, each providing you with information about the current status of your WLAN controller. The window you are on is indicated by an orange underline. Note The 2504 controller opens to the Dashboard page while other controllers such as the 5508 open directly to the monitor page. 5 6 In the upper right, click Save Configuration to save the Landing Page selection. You should now always open to the Monitor page with the admin login. Click OK on both pop-up windows. Activity Verification You have completed this activity when you have attained this result: You have successfully logged into the controller through the controller web interface. Task 2: Verify the Access Point s Names Activity Procedure In this task, you will verify the name assigned to the associated APs from their default names to provide a simpler name to keep track of them during the later tasks in this lab. You will then create an open WLAN, which will be used to determine if a given AP mode is capable of supporting clients, or not. Complete the following steps Cisco Systems, Inc. Remote Lab Guide 27

28 Select the WIRELESS link from the selections across the top of the window. Note the existing AP names in the list here: Step 3 If the AP names are listed as follows, skip to Task 3, otherwise continue to Step 4. AP Name Example using pod 32 Px-AP1 (x is your pod number) P32-AP1 Px-AP3 (x is your pod number) Step 4 Step 5 Step 6 Step 7 Step 8 Step Activity Verification P32-AP3 Select the link under AP Name for the AP that appears with a different name such as Apf07f.06d7.4ed4. If the first AP is different, complete this step, if not skip to Step 8. On the AP General tab, change the AP Name to PX-AP1, where X is your pod number. Click on the Apply button in the upper right corner to commit the changes. Read the warning and click on OK. Select the <Back link to return to the All APs page. Select the link under AP Name for the second AP in the list. On the AP General tab, change the AP Name to be PX-AP3, where X is your pod number. Click on the Apply button in the upper right corner to commit the changes. Read the warning and click on OK. Click on the <Back button in the upper right corner to return to the list of all APs. Verify the AP names are now shown as PX-AP1 and PX-AP3, where X is your pod number. You have completed this activity when you have attained this result: You have successfully renamed your access points to PX-AP1 and/or PX-AP3. Task 3: Create an Open WLAN Activity Procedure In this task, you will create a WLAN, which uses open authentication to verify a clients ability to associate to an AP in its various modes of operation. Complete the following steps. Step 3 Step 4 Step 5 Step 6 From the top menu, select WLANs. The WLANs page appears. Select Create New and then click GO. The WLANs > New page appears. In the Profile Name field, enter AP-Mode-Lab. In the SSID field, enter APmodeX, where X is your Pod number. Click Apply. The WLANs > Edit AP-Mode-Lab page appears. Check the Status Enabled check box to enable the WLAN. 28 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

29 Step 7 Step 8 Choose the Security tab. In the Layer 2 sub-tab, choose None from the Layer 2 Security drop-down menu. This configures the WLAN for Open authentication. Note While using a completely open WLAN without any additional security at higher layers is not a recommended practice, for the purpose of this lab you would want a quick unencumbered connection to simply test for client connectivity. Step Click on the Apply button. Click Save Configuration. Click OK on both warning windows that appear. Task 4: Examine the AP Capabilities in Various Modes of Operation Activity Procedure In this task, you will examine how placing an AP into various modes of operations affects the APs capabilities, and verify a client s ability to associate to an AP in its various modes of operation. Complete the following steps. Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 First, verify that your APs are configured for the default of Local mode operation. Select the WIRELESS link from the top of the window. Under the AP Name heading, click on the link for PX-AP1, where X is your pod number. Verify that the AP Mode field displays local. If any other mode is displayed notify your instructor. Click on the <Back button. Under the AP Name heading, click on the link for PX-AP3. Verify that the AP Mode field displays local. If any other mode is displayed notify your instructor. Now, verify that your clients can associate to an AP in local mode. Select the MONITOR link from the selections along the top of the window. On the left side of the window, select the Clients link from those available. Step 9 Click OK if no clients are found, if not skip to 0. 0 Determine if there are any clients currently associated to your controller. If any clients are associated, list their IP addresses below 1 From the Systems menu, select Client Laptop Cisco Systems, Inc. Remote Lab Guide 29

30 2 Enter password in the Password field and press Enter. The remote Client Laptop opens to the desktop Select the Windows Network icon in the lower-right corner of the client laptop. Click the Open Network and Sharing Center link. The Network and Sharing Center page opens. Click on Change adapter settings. The Network Connections page opens. Right-click on the Intel 4965 Wireless icon to enable it. This is the internal wireless ABGN card in the Client Laptop. Close the Network Connections page. On your Client Laptop, click on the Network link in the taskbar to display available networks. This examples uses pod Scroll through the list of available wireless networks and locate the one named APmodeX, where X is your pod number and click on it. Click on the Connect button. Do not select the Connect automatically check box. On the Client Laptop, select the Network link. Right-click on APmodeX, where X is your pod number and click Status. The Status page opens. Click the Details button. The Network Connection Details page opens. 30 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

31 Example of pod Copy the IP address of your client. Click the Close button to close the Network Connections Details page. Click the Close button to close the Intel 4965 Wireless Status page. From the Systems menu, select Admin PC. Click on the Refresh link in the upper-right corner of the controller web page. Now, verify that your client is also able to associate to your other local mode AP. To accomplish this you will administratively disable the AP to which your client is associated. This will force the client into associating to your remaining AP. 9 Step 30 Step 31 Step 32 Step 33 Step 34 Write the name of the AP, to which your client is currently associated. Select the WIRELESS link at the top of the window. Click on the AP name link for the AP your client is currently associated with to open the details page for that AP. Locate the Admin Status drop-down on the AP details page, and using the dropdown menu, choose Disable from the list. Click on the Apply button in the upper-right corner of the screen. Navigate back to MONITOR > Clients and verify that your client is now associated to your other AP Cisco Systems, Inc. Remote Lab Guide 31

32 Now that you have seen that the Local mode is client serving, let s see if there are any available sub-modes and if they impact this ability. Step 35 Step 36 Step 37 Select the WIRELESS link at the top of the window. Click on the AP name link for the AP your client is currently associated with to open the details page for that AP. Locate the AP Sub Mode field on the details page. Q1) Are there any sub modes available? Q2) What sub modes are available for a Local Mode AP? Q3) What capabilities does this sub mode provide? (Hint Ask your instructor if you do not know, or are unsure) Step 38 Using the AP Sub Mode drop-down menu, choose the WIPS sub mode and click on the Apply button in the upper right portion of the screen. Q4) Did changing the sub mode cause the AP to reboot? Step 39 Navigate back to MONITOR > Clients. Q5) Did changing the sub mode affect the APs ability to support clients? Step 40 Navigate to WIRELESS and select the AP that you disabled in Step 35. Step 41 Step 42 Step 43 Step 44 Step 45 Step 46 Step 47 Step 48 Step 49 Step 50 Step 51 Step 52 Step 53 Step 54 Step 55 Step 56 From the Admin Status drop-down menu, select Enable and then click Apply. This enables both APs. Click the <Back button. From the Systems menu, select Client Laptop. On your Client Laptop, click on the Network link in the taskbar to display available networks. Click on the APmodeX network, where X is your pod number, to display the Disconnect button. Click Disconnect to disconnect from this wireless network. Now you will examine the client supporting capabilities of an AP operating in the Monitor mode. From the Systems menu, select Admin PC. Select the link for PX-AP1 under the AP Name selections. From the AP Mode drop-down menu, choose monitor. From the AP Sub Mode drop-down menu, select None. Click Apply in the upper right corner of the window. Read the reboot warning and then click OK. It may take a few minutes for the AP to reboot and join the controller again. Select the link for PX-AP3. From the Admin Status drop-down menu, select Disable to disable the AP. Click Apply. Click on the <Back button to return to the WIRELESS > ALL APs screen. 32 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

33 Step 57 Step 58 Click on the Refresh link in the upper right corner to refresh the screen and verify that your PX-AP1 has re-joined the controller. If it is not back yet wait another couple of minutes and then refresh the screen again. Once PX-AP1 has rejoined the controller navigate to MONITOR > Clients. Q6) Is your client currently associated to your controller? Step 59 Step 60 Step 61 From the Systems menu, select Client Laptop. On your Client Laptop, click on the Network link in the taskbar to display available networks. Scroll through the list of available wireless networks and determine if the one named APmodeX, where X is your pod number available. Q7) Do you see your network in the list of available networks? Q8) If not, why not? (Hint only client serving APs broadcast a SSID) Q9) What benefits do receive by operating an AP in Monitor mode? Step 62 From the Systems menu, select Admin PC. Step 63 Step 64 Step 65 Step 66 Step 67 Step 68 Step 69 Step 70 Step 71 Step 72 Select the WIRELESS link at the top of the window, and then select Px-AP3 under the AP Name section. From the AP Mode drop-down menu, choose Rogue Detector. From the Admin Status drop-down menu, choose Enable. Click Apply. Click OK. Read the warning Request failed: This is not a Cisco flexconnect AP. The admin state of a Rogue Detector AP cannot be enabled and then click on the OK to the pop-up window that appears. This is an expected warning and your PX-AP3 will reboot and rejoin your controller in Rogue Detector mode. Wait for a minute or two and then click on the Refresh link in the upper right corner of the window. If your PX-AP3 is still not present wait for another couple of minutes and then refresh the screen again. Once your PX-AP3 has rejoined your controller, select Client Laptop from the Systems menu. Click on the Network link in the taskbar to display available networks. Scroll through the list of available wireless networks and determine if the one named APmodeX, where X is your Pod number is available. Q10) Do you see your network in the list of available networks? Q11) If not, why not? (Hint only client serving APs broadcast a SSID) Q12) What benefits do receive by operating an AP in Rogue detector mode? Step 73 From the Systems menu, select Admin PC Cisco Systems, Inc. Remote Lab Guide 33

34 Step 74 Step 75 Step 76 Step 77 Step 78 Step 79 On the WIRELESS > All APs page select the link for PX-AP1 under the AP Name section. From the AP Mode drop-down menu, choose the Sniffer mode of operation and then click on the Apply button. Read the reboot warning and then click on the OK button. Wait for three minutes and then click on the Refresh link in the upper right corner of the window. If your Px-AP1 has not returned yet, wait for another two minutes and then click on Refresh again. On the WIRELESS > All APs page select the link for b/g/n under the Radios heading on the upper left portion of the window. Scroll to the right of the screen and place your cursor over the downward pointing blue triangle at the end of the Px-AP1 line until the menu appears. Step 80 Step 81 Step 82 Step 83 Step 84 Step 85 Click on Configure. The Configure page opens. Locate the Sniffer Channel Assignment portion at the top right of the window and click on the check box marked Sniff to enable the AP sniffer capabilities. Select Channel 6 to sniff traffic on and then enter (your client laptop address) in the Server IP Address field. Click Apply to commit your changes. From the Systems menu, select Client Laptop. On your Client Laptop, click on the Network link to display available networks. Q13) Do you see your wireless network in the list? Q14) If not, why Not? Step 86 Step 87 While on your Client Laptop, right-click on the Wireshark icon on the desktop and select Run as Administrator to launch the program. The User Account Control screen appears. Click Yes to the pop-up window. 34 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

35 Step 88 In the Capture column, click on the interface link with the description Realtek PCIe GBE Family Controller to start capturing packets. Step 89 Wait a few minutes and then stop the capture using either the capture menu, or the capture stop icon. Q15) What device is the source of all of the packets received? Q16) Examine a few of the captured packets; do any of these captured packets appear to be wireless packets? Step 90 Now select the Analyze > Decode As from the menus available at the top of the window Cisco Systems, Inc. Remote Lab Guide 35

36 Step 91 Step 92 Step 93 Select the Transport tab and use the scrollbar on the right side of the pop-up window to scroll down and locate the word AIROPEEK. Click on AIROPEEK to select it and then click on the Apply button. Click on the Close button to close the Decode As window. Step 94 Now reexamine the collected packets and answer the following questions Q17) Do any of the packets represent wireless packets? Q18) Did the source of the frames change? Q19) How were you able to capture wireless packets using a wired interface? Q20) Since you can see wireless packets, does this mode support wireless clients? Step 95 Step 96 Step 97 Step 98 Step 99 Close the Wireshark application and select Quit without Saving when prompted. From the Systems menu, select Admin PC. Re-login if prompted, and navigate to WIRELESS. Now select the link for Px-AP3 under the AP Name selections. From the AP Mode drop-down menu, choose FlexConnect. 36 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

37 From the Admin Status drop-down menu, enable the AP by choosing the Enable and then clicking the Apply button. Read the warning and then click on the OK button. Wait for three minutes and then click on the Refresh link. If your PX-AP3 has not returned yet, wait for another two minutes and then click on Refresh again. Once your PX-AP3 has rejoined the controller, select Client Laptop from the Systems menu. Click on the Network link to display available networks. Q21) Do you see your APmodeX, where X is your pod number, network in the list? Q22) Can you connect to this network? Q23) Which AP did you associate to? (Hint use Monitor > Clients) Q24) Why did you associate to this AP? From the Systems menu, select Admin PC. Navigate back to WIRELESS > ALL APs, and select the link for your PX-AP1 under the AP Name section. From the AP Mode drop-down menu, choose the local mode and click on the Apply button. Read the warning and click on the OK button. Wait for three minutes and then click on the Refresh link. If your PX-AP1 has not returned yet, wait for another two minutes and then click on Refresh again. Once your PX-AP1 rejoins the controller, navigate back to Monitor > Clients. Q25) Did your client change AP association? Q26) Did you expect your client to change association? Q27) Why or why not? From the Systems menu, select Diagram. Right-click on the PX-AP3-CAPWAP icon and select Power off this device. Read the pop-up window and click OK. Note 14 AP3 is being powered down to facilitate the following labs. In a production environment, this would not be necessary. From the Diagram page, right-click the PX-AP1 CAPWAP icon and select Power off this device and answer OK to the question to continue. Activity Verification You have completed this activity when you have attained this result: You have successfully connected your wireless client to an Open SSID using a Local mode AP and then determined if clients can be supported on APs in the Monitor, Rogue Detector, Sniffer, and FlexConnect modes Cisco Systems, Inc. Remote Lab Guide 37

38 Task 5: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. In the upper-right corner, click the X to close the Lab Topology Diagram. 38 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

39 Lab 1-3: AP Association Options Complete this lab activity to practice what you learned in the related module. Activity Objective Preparation for Lab In the previous labs, you performed an initial setup of the Cisco WLC and examined a few of the various AP modes of operation. As both the APs and the controller management interface were in the same subnet, the APs could discover the controller via a broadcast mechanism and rejoin the controller each time they rebooted. However, in a production environment, it is not realistic from a scalability standpoint to deploy all of your APs in the same subnet as your controller management interface. In order to deploy APs in other subnets, you must provide a way for the APs to discover the address of a controller to join. In this lab, you will perform AP deployment in a subnet other than your controller s management subnet, and use DNS and DHCP options to provide your AP with the IP address of a controller to join. In this lab, you will be redeploying an AP into different subnets, you want to ensure that each subnet is configured to provide a controller IP address in a different method. To help ensure that the AP is joining the controller you intended, you will use two controllers and have the AP always join the controller it does not know about. Task 1: Deploying an Access Point Using DHCP Option 43 Activity Procedure In previous labs, your access point was easily able to find a controller to join by virtue of being connected on the same subnet as the controllers. Once joined, they are able to learn and retain IP address information found on the controller, even if they are disconnected and moved to a remote network. Another option is to use Option 43 from a DHCP server. In this lab, the DHCP server has been set up to deliver to the access point the IP addresses of your controller. This is accomplished during the access point s initial DHCP address request. You will now configure the management interface of your controller with a NAT address so that when the AP is placed in a remote subnet, it will be able to access the 2504 controller. Complete these steps: If you are continuing from the previous lab, skip to. Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems drop-down, select Admin PC. Select CONTROLLER from the top menu. If prompted, login with the following credentials: Username Password Step 5 Step 6 admin Iforgot2 Click OK. From the left menu, click Interfaces. The Interfaces page opens Cisco Systems, Inc. Remote Lab Guide 39

40 Step 7 Step 8 Step Click on the management link under Interface Name. The Interfaces > Edit page opens. Check the Enable NAT Address check box. In the NAT IP Address field, enter X.10, where X is your pod number. Click Apply to execute the change. Read the warning pop-up window and answer OK. Click Save Configuration to save the change to flash. Read the pop-up windows and click OK for each. From the Systems menu, select Diagram. 3 Right-click the PX-AP1 CAPWAP icon and select Option43 VLAN. In about 10 seconds, an Option 43 VLAN tab appears showing the results of the guided script that was launched. This guided script changes the VLAN the access point is mapped to on the switch. This example uses pod When the guided script show Script Completed, close the GUIDED SCRIPT tab. From the Diagram page, click the PX-AP1 CAPWAP icon. 40 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

41 6 7 From the Actions drop-down, select Power Off and wait for AP1 to power off. From the Actions drop-down, select Power On. This example uses pod While your AP1 is rebooting, observe the CLI output for an entry similar to this *Mar 1 00:16:55.994: %CAPWAP-5-DHCP_OPTION_43: Controller address obtained through DHCP. In this example the IP Address is the NATed IP Address of Pod 32 s controller. This address was provided by the DHCP 43 feature. Your output should be10.9.1x.10, where X is your pod number The second CLI output to observe is *Mar 1 00:17:05.000: %CAPWAP-3- ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL this is an expected message. The DNS option is not supported on the VLAN that AP1 is currently connected to. From the Systems drop-down, select Admin PC. If the web browser to the controller has timed out, login using the following credentials: Username admin Password Iforgot2 2 Choose WIRELESS > Access Points > All APs. The All APs page opens Cisco Systems, Inc. Remote Lab Guide 41

42 This example uses pod For Pods 1-32 ensure that PX-AP1, where X is your pod number, has an IP address in the x subnet. For Pods ensure that PX-AP1, where X is your pod number, has an IP address in the x subnet. Click on PX-AP1, where X is your pod number, to open the details page for your access point. At the bottom of the screen, click Clear All Config. This erases the flash in the access point and forces it to reboot. Read the warning message and click OK. From the Systems menu, select AP1. From the Actions drop-down, select Power Off. Read the message and click OK. Activity Verification You have completed this activity when you attain this result: Deployed an access point to a remote network using the DHCP Option 43 method. Task 2: Deploying an Access Point using DNS Server Entry Activity Procedure In this task, you will deploy a cleared access points with no configuration information retained whatsoever as if brand new out-of-the-box directly to a remote network. After acquiring an IP address and learning the DNS server address from DHCP, your access point makes an address resolution call for hostname CISCO-CAPWAP-CONTROLLER.domain-name, which should be mapped on the DNS server to resolve to the management IP address of a designated controller. The DNS server will point the access point to your controller. Complete these steps: Step 3 Step 4 Step 5 From the Systems menu, select Diagram. From the Diagram page, right-click the PX-AP1 CAPWAP icon and select Mgmt VLAN. In about 10 seconds, an Mgmt VLAN tab appears showing the results of the guided script that was launched. This guided script moves the access point to the management VLAN where the DNS server provides AP1 with an IP address of your controller. Close the Mgmt VLAN tab. From the Systems menu, select AP1. Your AP1 is currently powered off so you will not see console activity at this time. From the Actions drop-down, select Power On. Observe the PX-AP1 CAPWAP booting and joining your controller (about 2 minutes). 42 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

43 This example uses pod 32. Step 6 Step 7 Step 8 Step 9 While your AP1 is rebooting, observe the CLI output for an entry similar to this Translating "CISCO-CAPWAP-CONTROLLER "...domain server ( ) <Date and times stamp> %CAPWAP-50DHCP_Option_43: Controller address <Controller IP address> obtained through DHCP. In this example, AP1 discovered the controller by performing a DNS lookup for CISCO- CAPWAP-CONTROLLER. From the Systems drop-down, select Admin PC. Click WIRELESS. The All APs page opens. Click on the APxxxx.xxxx.xxxx. (x is the mac address of the AP) link to open the details page for your access point. You will be in the General tab. This example uses pod In the AP Name field, enter PX-AP1, where X is your pod number. In the Location field, enter podx, where X is your pod number. Click Apply. Click OK. Click the Save Config link in the upper-right corner of the controller web interface. Click OK twice. Activity Verification You have completed this activity when you attain these results: You used DNS to have your AP join your controller. You have renamed the AP. Task 3: Configuring the Primary and Secondary Controller In this segment of the lab, you will configure a primary and secondary controller to determine where an AP will associate in your network. This process of populating information on an AP 2017 Cisco Systems, Inc. Remote Lab Guide 43

44 Activity Procedure is called AP priming. AP priming is one of the ways in which you can deploy APs in your network, by specifying to which controller they will associate. In the first two tasks of this lab you saw how to use either a DNS entry or DHCP option 43 to provide a default AP with the address of a WLC to join. While both of these methods are useful, in some network deployments consisting of multiple controllers they simply do not provide sufficient control over determining which WLC an AP should be associated with. However either of the two previous methods could be used to ensure that all newly deployed APs join a designated controller where they can then be primed with the information of the controller they should join and be rebooted to move to that controller. Complete these steps: Step 3 Write your AP IP address: Select the High Availability tab. Use the information in the table below to enter the following information in the High Availability tab: Parameter Name Management IP address Primary Controller 2504-X (where X is your pod number) X.10 (where X is your pod number) Secondary Controller C Tertiary Controller Leave blank Leave blank Step 4 Step 5 Click Apply and Save Configuration to write the changes to NVRAM. Click OK to each of the pop-up windows. Activity Verification You have completed this activity when you have attained this result: Configured your AP1 with a primary and secondary controller. Task 4: Configure Your Mobility Group Activity Procedure In this section, you will establish a mobility domain with a controller in the core network. This allows wireless clients to seamlessly roam and allows you to configure high-availability into your network by establishing a secondary controller to which your access point can failover in case of a primary controller failure. You will create a mobility domain since each controller is using a unique Mobility Domain Name. Complete these steps: From the Admin PC open to your controller, choose CONTROLLER > General. Verify the Default Mobility Domain Name is PodX, where X is your pod number. Note If not, change the Default Mobility name to PodX and click Apply to write the change to the running configuration. Answer OK to the Multicast Group Address should be in the range of to message. 44 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

45 Step 3 Step 4 Step 5 In the left menu, choose Mobility Management > Mobility Groups. Notice that your controller is the sole member of the default mobility group. Now add the controller from the core to the group. Choose New to add the second controller to the new mobility group. The Mobility Group Member > New page appears. Enter the following parameters in the Mobility Group Member > New window: Parameter Value Member IP Address Member MAC Address Group Name Hash 00:07:7d:c0:06:80 GWC None (default value) Step 6 Step 7 Step 8 Step 9 0 Click Apply to write the change to the running configuration. Your mobility group list now shows two members and the Control and Data paths show as being Down. It may take a few minutes before the Control and Data Paths show as being Up proceed to 1. If it is taking longer than 5 minutes for the status to the mobility group member to change from Down to Up proceed to Step 8. From the Systems meu, select Diagram. From the Diagram page, click the WLC 2504 icon. The 2504 page opens. Click in the console area to activate. Type the commands below using your controller s console connection: Login to the 2504 with User name /password = admin / Iforgot2 Type show mobility summary to see the status of the mobility group Type mping you might need to issue the command twice before you observe a successful mping. Next, type eping you might need to issue the command twice before you observe a successful eping. If you have a successful mping and eping Type show mobility summary to see the status of the mobility group From the Systems drop-down menu, select Admin PC. To verify connectivity to the other controller, position your cursor over the blue box with the white arrow on the right of the core controller. Click Ping. The ping should be successful. If it is not, check your values. Click OK to close the ping pop-up window. Click Save Configuration. Click OK to each pop-up window to execute the save and confirm the save. Close the web browser window. Your controllers are now ready to offer intercontroller connectivity and roaming. Activity Verification You have completed this activity when you have attained these results: Added the core controller to the others mobility List Cisco Systems, Inc. Remote Lab Guide 45

46 Verified that the mobility group is up. Task 5: Observing the AP Failover Process In this segment of the lab, you will see the failover behavior of an AP. Activity Procedure Complete these steps: Step 3 From the Diagram page, click on the WLC 2504 icon. Click in the CLI area and press the Enter key to open the console. Use the following credentials to login: User Password Step 4 Step 5 Step 6 Step 7 Step 8 admin Iforgot2 You should now see your controller prompt. Since you want to see events related to the AP association process, enter the command: debug capwap events enable Enter debug mobility keep-alive enable. You will begin to see keep-alive messages and errors. From the desktop of the Admin PC, double-click the putty-shortcut icon to launch the PuTTY program. Enter in the Host Name (or IP address) box. Select Telnet for the Connection type: Step 9 Parameter User Password Click the Open button to start a telnet session to the core controller, use the following table to login. Value studentadmin Iforgot2 46 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

47 0 Enter the command show ap summary. Verify that your AP is not in the list From the Diagram page, click the WLC 2504 icon and enter the following command at the Controller CLI prompt: config port adminmode 1 disable This creates a failure between the APs and the controller. Wait approximately one minute. From the desktop of the Admin PC, click on the active PuTTY window connecting you to the core controller. Enter the command show ap summary. Find your AP in the list. If your AP does not appear wait a little longer and try again. Your AP should appear in less than two minutes. Once you AP appears in the list, close the PuTTY session window by clicking on the red x in the corner and answer OK to close this session. 5 From the Diagram page, click on the WLC 2504 icon and enter the following command at the Controller CLI prompt: config port adminmode 1 enable This will re-establish the connection between the controller and the APs. Note If the CLI has timed out, login to the controller with User=admin / Password=Iforgot2. If the CLI has timed out you will need to reenable the debug commands: debug capwap events enable and debug mobility keep-alive enable before enabling the port. 6 7 Observe the capwap messages generated when the AP rejoins the 2504 controller. Wait approximately two minutes then enter show ap summary command on your controller to see if the access point has returned to your controller Cisco Systems, Inc. Remote Lab Guide 47

48 8 Enter debug disable-all to stop the debug messages. Activity Verification You have completed this task when you attain these results: You can see access points join a secondary controller when the primary controller becomes unavailable. You can see the access point rejoin its primary controller when the primary controller becomes available. Task 6: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram. 48 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

49 Lab 1-4: Controller Web Interface Complete this lab activity to practice what you learned in the related module. Activity Objective In this activity, you will explore in depth many of the features and functions that you will be using throughout the rest of the course. After completing this activity, you will be familiar with the controller WEB GUI interface layout and usage. Task 1: Monitoring the WLAN Controller Activity Procedure This task shows you how to use the Monitor tab with the controller web interface to monitor the status of the wireless network. Complete these steps: If you are continuing from the previous lab, skip to Step 3. Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems menu, select Admin PC. From the desktop of the Admin PC, open a Firefox browser and connect to the WLC 2504 at Click on the Login button to display the credential entry window. Enter the following: Username Password Step 5 admin Iforgot2 Answer the following questions: Q1) Which controller web window are you presented with when you first log in? Q2) Which of the controller interfaces are you using that allows your PC browser to access your WLAN controller? Q3) Do you detect any active rogues from your controller? Why? Note There are several subviews available in most controller web windows. You can use the Monitor > Statistics window to look at various statistics at the controller and port level. Step 6 Look at the MONITOR > Statistics > Controller window. Q4) Are you transmitting and receiving packets? Q5) Do you have any discarded packets? How many? 2017 Cisco Systems, Inc. Remote Lab Guide 49

50 Q6) Do you have any static VLANs defined? Q7) How long has it been since the counters on your controller have been cleared? Step 7 Click on the Clear Counters button to clear the counters now. Q8) What items did not reset to 0? Step 8 Change to the MONITOR > Statistics > Ports view. With the controller web utility, you can obtain detailed information about the activity taking place on each port. Q9) What ports are enabled and indicate a link up on your WLAN controller? Q10) If you wanted a detailed look at the activity on one of your ports that indicates a link up, how would you get to that information? Step 9 Click on the View Stats link for Port 1. Q11) What is the number of total bytes received on port 1? Q12) What packet size does the largest percentage of your traffic fall into? Q13) Do you have any packets with MAC errors? If so, what type of error? Q14) Do you have any discarded packets? If so, what was the reason? 0 Activity Verification Navigate to CDP > Interface Neighbors. Q15) What is the name of the Cisco neighbor device the controller sees? 1 Click on the Neighbor Name for the switch to see the detail page. Q16) What is the Neighbor Address? Q17) What Capability does the switch support? You have completed this activity when you have attained this result: You have completed all steps in this task and answered all the questions from the Monitor tab. Task 2: Configuring a VLAN (Dynamic) Interface It is possible to both monitor and configure your WLAN controller through the use of the controller web utility. Later, you will use this utility to set up the necessary user network infrastructure that will support your wireless subscribers. First, you will create an interface managing your WLAN controller. 50 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

51 Activity Procedure Complete these steps from your WLC 2504: Step 3 Step 4 Step 5 Step 6 Step 7 From the top menu bar, click CONTROLLER. The controller general page appears. In the left menu, click Interfaces. The Interfaces menu appears. In the upper-right corner of the page, click New. In the Interface Name field, enter data. In the VLAN Id field, enter 50 as the VLAN Id for the secure data interface. Click Apply to create the interface. A new screen appears where you can configure your interface details. Enter the following values for your pod listed in the following table. Interface Parameters (VLAN 50) Parameter Pod X Port Number 1 VLAN Identifier 50 IP Address X (X is your pod number) Netmask Gateway Primary DHCP Server Step 8 Step Activity Verification Click Apply to validate the settings. Click OK at the warning pop-up window. Click <Back to return to the Interfaces page. Click the Ping link at the top right side of the window. An address to ping window opens. Enter the IP address X, where X is your pod number for the interface that you just created and press OK. A Message from webpage pop-up window appears. Q1) How many pings were sent? Q2) How many pings were received? 2 Click OK to close the pop-up window. You have completed this activity when you have attained this result: You have configured the data (VLAN 50) interface on your controller. Task 3: Configure DHCP Pool on the WLAN Controller Activity Procedure In this task, you will create DHCP pool for clients connecting to an SSID mapped to the management interface. Complete these steps: 2017 Cisco Systems, Inc. Remote Lab Guide 51

52 Step 3 Step 4 Step 5 Step 6 From the top menu bar, choose CONTROLLER. In the left menu, choose Internal DHCP Server. Click DHCP Scope. In the DHCP Scopes window, click New to create a new scope. In the Scope Name field, enter clients using management vlan. Click Apply to create the scope. The DHCP Scopes page appears, showing your new scope in the list. It is disabled by default and does not have any range. Step 7 Click clients using management vlan link to edit its settings. The DHCP Scope > Edit page appears. Step 8 Enter the parameters listed in the table to create the scope for the data WLAN. Internal DHCP Server Parameters Parameter Value Pool Start Address Pool End Address Network Netmask Lease Time 3600 Default Routers DNS Domain name gigawave.trn DNS Servers Status Enabled Note Leave the default value for any parameter not listed in the table above. Step 9 Review your scope to check the values entered, and then click Apply to create the scope. You will return to the DHCP Scopes page. You will now modify the management interface to use the DHCP scope created. 0 1 Click the Interfaces link in the left menu. Click the Interface Name management. 2 In the DHCP Information section, change the Primary DHCP Server to This will point any client using a WLAN assigned to the management interface to the DHCP pool created on the controller Activity Verification Click Apply to execute the changes. Click OK on the warning window. Click Save Configuration. In the warning window, click OK. Click OK to acknowledge that your files have been successfully saved. You have successfully completed this task when you attain these results: 52 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

53 You have successfully created a scope for your clients that are on your controller and have saved the data DHCP pool. You have successfully modified the management interface to use the DHCP pool created. Task 4: Defining a RADIUS Server Activity Procedure In order to authenticate wireless client that will join the WLAN you created in the previous task. You must define at least one RADIUS server to be used for authentication by your WLC. In this task, you will define your Pod Identity Services Engine (ISE) as that RADIUS server. Complete these steps: Step 3 Step 4 Step 5 Step 6 From the menu bar, choose SECURITY. From the left menu, navigate to RADIUS > Authentication. The RADIUS Authentication Servers page opens. From the Auth Called Station ID Type drop-down menu, select IP Address. Click Apply to accept the changes. Click Save Configuration and click OK one each pop-up window. Click on the New button to add your Pod s ISE as a RADIUS server. Step 7 In the Server IP Address field, enter Step 8 Step Activity Verification Enter iforgot in both the Shared Secret and Confirm Shared Secret fields. Review the other possible settings, but do not change them and then click on the Apply button to commit your changes. The RADIUS Authentication Servers page appears. Position your cursor over the blue box at the far right of the RADIUS server in Server Index 2. A new window appears. Click Ping to verify the new RADIUS server is available. Review the information and click OK. Click the Save Configuration link to save the changes. Click OK to the pop-up windows. You have completed this activity when you have attained this result: You have added your Pod ISE as a RADIUS server on your WLC and is seen on the RADIUS Authentication Servers page. Task 5: Management Options Activity Procedure In this portion of the lab you will define the SNMP location for your WLC, determine which events will generate traps, and defined where those traps will be sent. Complete these steps: Choose MANAGEMENT from the menu bar Cisco Systems, Inc. Remote Lab Guide 53

54 On the menu to the left, navigate to SNMP > General. The SNMP System Summary page opens. Q1) What is the name of your controller? Write it here. Step 3 Step 4 Step 5 Step 6 Enter Pod-X, where X is your Pod number as the controller location. Add yourself as the contact for issues regarding your controller. Click Apply to save the changed to the running config. In the left menu, click Communities from the SNMP menu. Q2) What SNMP communities are currently present on your controller? Step 7 Step 8 Step 9 Click Trap Receivers from the SNMP menu. Click New to add a trap receiver for SNMP traps. In the Community Name field, enter Prime_Infrastructure. 0 In the IP address field, enter Set the Status to Enable. Click Apply to implement the changes. Navigate to SNMP > Trap Controls in the left sidebar menu. Select the Client tab. Check the Authentication check box. The controller will generate SNMP traps on client authentication. Click Apply. Click Save Configuration in the upper right part of your window. Click OK to the pop-up windows. Click Telnet-SSH from the menu on the left. Q3) Are Telnet sessions allowed to the controller? 0 Click User Sessions from the menu on the left. Q4) Are there any current CLI sessions? 1 Navigate to Tech Support > System Resource Information. Q5) What is the current CPU usage on your controller? Q6) How many system buffers are in use? 2 Activity Verification Navigate to Logs > Message logs in the left sidebar menu. Q7) What is the most recent message logged? You have completed this activity when you have attained these results: You have configured general properties of your controller. You have defined a trap receiver and defined the events which will trigger trap generation. 54 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

55 Task 6: Performing File Transfers and Backups In this procedure, you will use the controller web interface to create a backup of the current controller configuration to an external TFTP server. Activity Procedure: Command Options Complete these steps: To back up your current controller configuration, you will need to start the TFTP server that is on your laptop now. (Use the Tftpd64 server.) Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 From the Admin PC, reduce the web browser to the controller to make the desktop visible. Double-click the Tftpd64 icon on the desktop. The Tftpd64 window opens. Click the Browse button, the Browse for Folder window opens. Select Desktop and click OK. Minimize, but do not close the Tftpd64 window. Maximize the browser to the controller. Choose COMMANDS from the controller menu bar. Notice the options available in the left sidebar menu. Q1) What types of files can be uploaded from your controller using the Commands window? Q2) What file types can you download to the controller but not upload from the controller? Q3) What information must you have in order to perform an upload to your TFTP server? Step 9 From the left menu, choose Upload File to back up your 2504 WLC configuration Choose Configuration as the File Type. Select TFTP as the Transfer mode. Enter , your Admin PCs IP address, in the IP address field. Enter / in the File path, which points to the TFTP root directory that you set as the desktop earlier. Enter 2504-pX-config.txt, where X is your pod number, in the File Name field. Click Upload to start the configuration file upload. Read the warning and click OK. Monitor your TFTP server to make sure that the file is being transferred and that you finish with a successful completion of the procedure. In the left menu, select Set Time. The set time page appears. Q4) What Timezone Location is set on the controller? 9 Select Eastern Time (US and Canada) from the Timezone Location drop-down menu Cisco Systems, Inc. Remote Lab Guide 55

56 In the upper right of the screen, click Set Timezone to set the correct timezone for the location of the remote lab. Click OK. Save the configuration using the Save Configuration link. Click OK to the pop-up windows. Activity Verification You have completed this activity when you have attained this result: You have saved a configuration of your controller to your Pod laptop. Task 7: Enable Management via Wireless Activity Procedure Because you are using the same laptop to make both wired and wireless connectivity to the network, you want to ensure that you do not have any problems accessing the control GUI. To accomplish this, you will enable the controller to accept connections to the management interface from a wireless client associated to the same controller you are trying to access. Complete these steps: Step 3 Step 4 Step 5 Step 6 Activity Verification Choose MANAGEMENT from the menu bar. Choose Mgmt Via Wireless from the left sidebar menu. Check the Enable Controller Management to be accessible form the Wireless Clients check box. Click on the Apply button to commit your changes. Save your changes using the Save Configuration link. Click OK to the pop-up windows. You have completed this activity when you have attained this result: You have configured your controller to accept connections to the management IP address from wireless clients associated to the controller. Task 8: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram. 56 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

57 Lab 1-5: RRM and CleanAir Configuration Complete this lab activity to practice what you learned in the related module. Activity Objective This lab looks at the controller web interface capabilities to configure and monitor the wireless aspects of your WLAN controller. To avoid radio interference with other areas in the building, you will make some adjustments to the default settings. Make the requested adjustments and answer all questions. Task 1: Modifying the Default Auto RF Values Activity Procedure The next set of questions looks at the controller web interface capabilities to configure and monitor the wireless aspects of your WLAN controller. To avoid radio interference with other areas in the building, you will make some adjustments to the default settings. Make the requested adjustments and answer all questions. Complete these steps: If you are continuing from the previous lab, skip to Step 4. Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the systems menu, select Admin PC. From the desktop of the Admin PC, open a web browser session to Login with the following credentials: Username Password admin Step 5 Iforgot2 Navigate to Monitor > Summary. Q1) Does your system detect any rogue APs? Step 6 Click on the Detail link for the Active Rogue APs. Q2) What is the most common Status of the Rogue APs showing on the first page? Step 7 Choose the Mac Address of the first detected rogue, indicating an Alert in the list. Q3) Do you see any security enabled on the rogue? Q4) What is the RSSI value for the detected rogue? Step 8 Click on the clients associated to this rogue AP link. Q5) Are there any clients associated with the rogue AP that you selected? Step 9 Click on the <Back button to return to the Rogue AP Detail page Cisco Systems, Inc. Remote Lab Guide 57

58 Q6) What options are available in the Update Status drop-down menu? Q7) What is the name of the AP that detected the rogue? Q8) What is the MAC address of the AP that detected the rogue? 0 Click WIRELESS in the menu bar. 1 In the left menu, click All APs and then select the PX-AP1, where X is your pod number, from the list. Q9) What AP Mode is assigned to your AP? Q10) What other AP modes are available? Q11) What is the software version running on your AP? 2 Select the Interfaces tab. Q12) What is the operational status of your a radio interface? Q13) What is the operational status of your b radio interface? 3 From the Access Points option in the upper left sidebar menu, choose Radios > a/n/ac. Q14) What channel is your a radio transmitting on? Q15) What is the current Tx power level? 4 Scroll to the right side of the screen and place your cursor over the blue box. 5 Select Detail to see more details for this radio. Q16) How many WLANs are present on this interface? Q17) What are the mandatory data rates for your a network? Q18) What is the a beacon period set to? 6 From the left sidebar menu, navigate to b/g/n > Network. 7 8 Make sure that the b/g network status is Enabled. Review the other configuration settings, but leave them at their default values. 58 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

59 9 Click Apply to save the change to the running configuration on the controller. 0 From the Access Points option in the left sidebar menu, choose Radios > a/n/ac radios Select the blue drop-down arrow to select Configure. In RF Channel Assignment section, choose Custom option. Use the following table to find the channel number for your group. Group 1, Group 2 Group 3 Group 4 Group 5 Group 6 Group 7 Group 8 CH 36 CH 40 CH 44 CH 48 CH 52 CH 149 CH 153 CH Set the RF Channel Assignment to the appropriate value for your group. In the section labeled Tx Power Level Assignment, check the Custom assignment method check box. 6 Set the Power Level Assignment to Step 30 Step 31 Step 32 Step 33 Activity Verification Click Apply. Read the pop-up warnings and click on OK. Click Save Configuration. Read the pop-up warnings and click on OK. From the main menu bar, select WIRELESS. From the left menu, navigate to Access Points > Radios > b/g/n. From the blue box on the right, hover over and select Configure. Under RF Channel Assignment, select the Custom radio button and 1 from the drop-down menu. Your instructor has enabled an interferer that affects channel 1. Click Apply. Read the pop-up warning and click on OK. You have completed this activity when you have attained this result: You have configured a WLAN based on the values for your pod Cisco Systems, Inc. Remote Lab Guide 59

60 Task 2: Configuring Global Support for Cisco CleanAir In this task, you will use the controller web interface to access the WLAN controller and turn on support for Cisco CleanAir on both the 2.4-GHz and the 5-GHz radio bands. Activity Procedure: Configure Cisco CleanAir on the WLAN Controller Complete these steps: Step 3 From the menu bar, select WIRELESS. In the left menu, navigate to a/n/ac > CleanAir. Look at the interferers that the system is capable of detecting. Q1) How many different a/n interferers is the Cisco CleanAir technology able to identify? Step 4 Under the CleanAir Parameters section, set CleanAir to Enabled. Step 5 Verify that the Enable AQI Trap feature is enabled to allow the system to send AQI traps to trap receivers configured in the SNMP settings of the controller. Step 6 Set the AQI Alarm Threshold to 30. Step 7 Step 8 Step 9 Select the of Video Camera and TDD Transmitter interferers to generate traps, when detected. All other interferers should be in the Do Not Trap on These Types section of your display. Click Apply to apply your configuration settings. In the left menu, navigate to b/g/n > Clean Air. Q2) How many different b/g/n interferers is the CleanAir technology able to identify? 0 Under the CleanAir Parameters section, set CleanAir to Enabled. 1 Verify that the Enable AQI Trap feature is Enabled to allow the system to send AQI traps to trap receivers configured in the SNMP settings of the controller. 2 Set the AQI Alarm Threshold to Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

61 Select the of Video Camera and TDD Transmitter interferers to generate traps, when detected. All other interferers should be in the Do Not Trap on These Types section of your display. Click Apply to apply your configuration settings. Click Save Configuration. Click OK to the pop-up windows. Activity Verification You have completed this task when you attain this result: You have configured Cisco CleanAir features for both the 2.4- and 5.0-GHz bands and have selected the required interferers for detection and for trap generation. Task 3: Verifying that Cisco CleanAir Is Working In this task, you will use the controller web interface to verify that the Cisco CleanAir APs are detecting the wireless video interferer and seeing how the CleanAir information is displayed at the wireless LAN controller. Activity Procedure: Use the WLC Monitor Capability to View Cisco CleanAir Activity Complete these steps: Step 3 From the main menu bar, select the MONITOR option. From the left column menu, navigate to the Cisco CleanAir > b/g/n. Select the Interference Devices option. The Interference Devices page opens. Q1) Are there any interferers listed? Q2) If so, what information is shown about the interferer? Step 4 Navigate to Cisco CleanAir > b/g/n > Air Quality Report from the menu in the left column. Q3) What channel is most affected by the interferer? Q4) What is the average air quality (AQ)? Q5) Considering that, in terms of air quality, 100 is the best and 1 is the worst, is the interferer impacting the b/g/n radio band? Step 5 Place your cursor over the blue arrow icon and select AQ Graph from the dropdown options to see a graphical view of the air quality, non-wi-fi channel utilization, and interference power. An example graph is given here: 2017 Cisco Systems, Inc. Remote Lab Guide 61

62 62 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

63 Step 6 Navigate to Cisco CleanAir > a/n/ac > Interference Devices. Q6) Are there any interferers in the a/n/ac band? Step 7 Step 8 Step Activity Verification From the main menu bar, select WIRELESS. Navigate to Access Points > Radios > b/g/n. From the blue box at the right, hover over Configure and select it. Under RF Channel Assignment, select the Global radio button. Click Apply. Read the pop-up warnings and click on OK. You have completed this task when you attain these results: You have monitored the Cisco CleanAir features for both the 2.4- and 5.0-GHz bands on the WLC and you have verified that the CleanAir feature has detected and classified the interference source. Task 4: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram Cisco Systems, Inc. Remote Lab Guide 63

64 Lab 1-6: Configuring Security Parameters on the WLC Complete this lab activity to practice what you learned in the related module. Activity Objective This lab looks at the controller web interface capabilities to configure the wireless security aspects of your WLAN controller. Read the scenario below and make the determination as to which available security parameters must be configured on the WLC to meet the requirements presented in the scenario. Then answer all questions and perform the required configurations on the WLC. Task 1: Creating a Local Net User Activity Procedure Usernames created and maintained in the controller local database can be used for either web or RADIUS authentication to grant access to the Wireless network. In this task you will add a user to provide local EAP authentication. Complete these steps: If you are continuing from the previous lab, skip to Step 5. Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems menu, select Admin PC. From the desktop of the Admin PC, open a web browser and connect to the controller at Sign in with the following credentials: Username Password Step 5 Step 6 Step 7 Step 8 Step admin Iforgot2 Choose SECURITY from those available along the top of the window. In the left menu, navigate to AAA > Local Net Users. Click on the New button in the top right corner to create a new Local Net user. In the User Name field, enter LocalUser. In both the Password and Confirm Password fields, enter Iforgot2. Leave the WLAN profile set to Any WLAN. In the Description field, enter Local EAP user. Click Apply to save the new user configuration. You will return to the Local Net Users page where you should see the user listed under User Name. Activity Verification You have completed this activity when you have attained this result: You have created a local net user account 64 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

65 Task 2: Creating a New Local EAP Profile Activity Procedure Now you will create a new Local EAP profile. Complete these steps: Step 3 In the left menu, select Local EAP and then select Profiles. Click New in the top right corner to begin creating a new local EAP profile. In the Profile Name field, enter Small-Site and click on the Apply button. This profile needs to support both PEAP and EAP-FAST authentication methods. Step 4 Step 5 Activity Verification Check the check boxes located under both PEAP and EAP-FAST to select these methods. Click Apply to commit your changes. You have completed this activity when you have attained this result: You have created a Local EAP Profile which supports the PEAP and EAP-FAST authentication methods. Task 3: Creating a New WLAN to use Local EAP Activity Procedure Now you will create a new WLAN, which will be used to provide Local EAP authentication to the users defined in the local Net users database on the controller. Complete these steps: Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step Choose the WLANs link from those available along the top of the window. Verify that Create New is selected from the drop-down menu. Click Go. The WLANs > New page opens. In the Profile Name field, enter Local EAP. In the SSID field, enter LocalEX, where X is your pod number. Click Apply to create your WLAN. The WLANs > Edit Local EAP page opens to the General tab. Select the Enabled check box in the Status line. Select data in the Interface/Interface Group (G) drop-down menu. Select the Security tab, and then select the AAA Servers tab. Enable Local EAP in the Local EAP Authentication section by checking the Enabled check box. The EAP Profile Name Small-Site appears in the drop-down menu when you check the Enabled box. Click Apply to commit your changes Cisco Systems, Inc. Remote Lab Guide 65

66 Note Before you can use the controller to perform local authentications, you must make sure that there are no reachable RADIUS servers. In a production network you would either use RADIUS for authentication, or not have configured on the controller if you intended to use local authentication. However, because you defined a RADIUS server to the controller in a previous Lab, you must now take an additional action to disable that RADIUS server so you can use the controller to perform local authentications. Select SECURITY from the options available across the top of the window. From the left menu, navigate to AAA > RADIUS > Authentication to display the list of defined RADIUS authentication servers. Click on the Server Index 1 link to edit the RADIUS server definition built by the startup wizard. The RADIUS Authentication Servers > Edit page opens. From the Server Status drop-down menu, choose Disabled, and then click on the Apply button. You will return to the RADIUS Authentication Servers page. Verify that the Admin Status now shows as Disabled for this RADIUS servers on the controller. Click on the Server Index 2 link to edit the RADIUS server definition built in an earlier lab. From the Server Status drop-down menu, choose Disabled, and then click Apply. Verify that the Admin Status now shows as Disabled for this RADIUS servers on the controller. Activity Verification You have completed this activity when you have attained this result: You have created a WLAN broadcasting a SSID of LocalEX (X is your pod number), which is configured to provide Local EAP authentication for wireless clients. You have administratively disabled any defined RADIUS servers on the controller. Task 4: Configuring Peer-to-Peer Blocking Activity Procedure A portion of the requirements, which were defined for the site you are configuring were that wireless clients should not be able to contact each other directly via the infrastructure data WLAN. In this task, you will implement the peer-to-peer blocking process on the infrastructure WLAN in order to meet this requirement. Complete these steps: Step 3 Step 4 Select WLANs from the top menu bar. Click the WLAN ID for the Local EAP profile. Select the Advanced tab. Locate P2P Blocking Action and from the drop-down menu answer the next question. Q1) What choices are available? 66 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

67 Q2) Which of these choices will always prevent one wireless client from communicating with another wireless client via the wireless infrastructure? Q3) What would be the difference in handling peer-to-peer communications if you selected the other option?. Step 5 Select Drop from the P2P Blocking Action drop-down menu and click on Apply to commit the change. Step 6 Activity Verification Read the resulting pop-up warning and then click on the OK button. You have completed this activity when you have attained this result: You have configured the WLAN to drop any packets from a wireless client that are directed to another wireless client connected to the same infrastructure network. Task 5: Configuring Wi-Fi Direct Support Activity Procedure Your site requirements were to not allow communication directly from a wireless client to another wireless client via the infrastructure WLAN. However, they do permit for direct clientto-client wireless communication that does not cross the infrastructure WLAN for the purpose of printing or file sharing. This capability means that you will need to support Wi-Fi direct clients in your wireless network, but your company security policy states that no traffic between the infrastructure can be shared in any type of personal area, or device to device network. In this task, you will configure the appropriate Wi-Fi direct policy to meet these requirements. Complete these steps: On the WLANs > Edit Local EAP page, select the Advanced tab and locate the Wi-Fi Direct Clients Policy drop-down menu. Q1) What choices are available? Which of these choices will allow any Wi-Fi client except those advertising cross connect capabilities to join the wireless network? Q2) What would be the result of selecting the other option? Step 3 Select Not-Allow from the available Wi-Fi Direct Clients Policy drop-down menu. Step 4 Step 5 Activity Verification Click on the Apply button to commit the change. Read the pop-up warning message and then click on the OK button. You have completed this activity when you have attained this result: You have configured the WLAN to accept association from all Wi-Fi direct clients except those who are advertising the concurrency or crossover capability Cisco Systems, Inc. Remote Lab Guide 67

68 Task 6: Configuring Management Frame Protection Activity Procedure In this task, you will configure the WLAN to meet the requirement of providing infrastructure protection against know wireless attacks and extending client protection to clients using a standards based approach if possible, or a proprietary method if capable. To accomplish this you will need to enable the use of a standard based approach to protecting the management frames used by the wireless network. To accomplish this you must enable the use of w on the WLANs you want to provide protection for. Then you will need to enable the Cisco proprietary method of protecting management frames, allowing the same protections to be achieved by clients which are CCX v5 capable. Complete these steps: Step 3 On the WLANs > Edit Local EAP page select the Security tab. On the Layer 2 sub tab, locate the Protected Management Frame section and using the PMF drop-down menu and choose Optional. Read the warning and click OK. Q1) What Layer 2 Security method must be used to provide w protections? Q2) What is the difference in behavior between the Optional selection you made, and the required selection, which you did not, choose? Q3) What does the Comeback timer represent? Q4) The Comeback timer and SA Query Timeout fields, which were exposed by your selection, are used to configure the SA mechanism. Step 4 Click Apply, read the pop-up warning and then click on the OK button. Step 5 Step 6 Step 7 Now you will need to enable the Cisco proprietary method of MFP. Begin by selecting SECURITY from the options available across the top of the window. From the left menu, navigate to Wireless Protection Policies > Management Frame Protection > General. Verify that MFP is not currently operational on the controller. Step 8 Step 9 In the left menu, click on the AP Authentication link located directly above the Management Frame Protection or navigate to Wireless Protection Policies > AP Authentication. From the Protection Type drop-down menu, select Management Frame Protection and then click on the Apply button. 68 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

69 Choose WLANs from the selections available across the top of the window. Click on the WLAN ID for the Local EAP profile to enter the WLAN edit mode. Select the Advanced tab and locate the Management Frame Protection (MFP) section. Verify that the setting is at the default of Optional. Q5) What choices are available from the MFP Client Protection drop-down menu? Q6) What is the difference in behavior between Optional and Required? 4 Navigate to SECURITY > Wireless Protection Policies > Management Frame Protection > General and verify that the Cisco proprietary MFP is now Enabled. 5 Select SECURITY > Wireless Protection Policies > Management Frame Protection > WLANs to see the status of Cisco MFP for each WLAN. Q7) Since the figure above represents the Cisco method of MFP, how would you verify that w is also configured for the WLAN? 6 Click Save Configuration to save the changes. 7 Answer OK to the pop-up windows. Activity Verification You have completed this activity when you have attained this result: You have configured your Local EAP WLAN to provide management frame protection. Task 7: Verifying Local EAP Authentication Capability Activity Procedure In this task, you will verify that a wireless client is capable of associating to your Local EAP WLAN and properly authenticating to the network. Keep in mind that you will require a supplicant that supports the EAP-FAST authentication process. Complete these steps: Step 3 Step 4 Step 5 From the Systems menu, select Client Laptop. Select the icon for PODLAPTOP\student\Logged on Enter password in the Password field. If a Network Error message displays, click Close. From the Client Laptop, click on the network icon at the right side of the windows task bar to display the available wireless networks Cisco Systems, Inc. Remote Lab Guide 69

70 Step 6 Step 7 Step 8 Step Click Open Network and Sharing Center link. The Network and Sharing Center page appears. Select Manage wireless networks link located on the left side. The manage Wireless Network page opens. Click Add to create a new wireless network. The Manually connect to a wireless network window appears. Click Manually create a network profile. A new window appears. In the Network name field, enter LocalEX, where X is your pod number. From the Security type drop-down menu, select WPA2-Enterprise. Uncheck Start this connection automatically. Click Next. A Successfully added LocalEX, where X is your pod number, window opens. Click the Change connection settings link. The LocalEX (where X is your pod number) Wireless Network Properties page opens. Select the Security tab. Under Choose a network authentication method, select Cisco: EAP-FAST from the drop-down menu. Click on the Settings button. Select the User Credentials tab. Select the radio button for Prompt automatically for username and password. Click OK. Click OK. Click the Close button. The example above uses pod The new network should be in the window. Click the X in the upper right of the Manage Wireless networks page to close the window. Click on the network icon to display the available wireless networks. Locate the LocalEX (where X is your pod number) wireless network, click on it and select Connect. 70 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

71 6 When prompted enter LocalUser for the username, and Iforgot2 as the password and click on OK. Note 7 Both the username and password are case sensitive. Read the pop-up window informing you of the automatic PAC provisioning process and click on the Yes button. Note When obtaining a PAC for the first time, the server may send a failure message based on the configuration of the server. If this occurs, repeat 6 and 7 again to connect. After you have successfully authenticated with the PAC, the connection should always succeed on the first attempt. 8 9 Step 30 Step 31 Step 32 Step 33 From the System menu, select Admin PC. Select MONITOR from the choices along the top of the window. From the left menu, select Clients. Verify that your client is connected to the Local EAP profile and has an IP address in the x range. Click on your clients MAC address to open the client detail page. Scroll down and locate the Security Information section of the details page and locate the EAP Type field. Q1) What is the EAP type shown? Step 34 Step 35 Activity Verification From the System menu, select Client Laptop. Select the Network icon, click on LocalEX, where X is your pod number, and click Disconnect. You have completed this activity when you have attained this result: You have connected your client laptop to the LocalEx WLAN to validate the local authentication process. Task 8: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram Cisco Systems, Inc. Remote Lab Guide 71

72 Lab 1-7: AVC Configuration Activity Objective Complete this lab activity to practice what you learned in the related module. This lab looks at the configuration process for AVC, and then shows how to monitor to confirm the configuration is working. After completing this activity, you will be able to meet these objectives: Required Resources Describe the configuration of AVC Describe the process to monitor AVC You will need the information in this form to complete this lab, get this information from your instructor: Resource Value TFTP Server IP Address TFTP Client Filename to use Tftpd32 avc-download-file.txt All cabling required has been performed by the instructor. Note Critical success path: Follow the step-by-step procedure given in this exercise. Task 1: Configuring AVC Profile Activity Procedure In this task, you will configure an AVC profile. Complete these steps: If you are continuing from the previous lab, skip to. From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems menu, select Admin PC. Note Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 If your session timed out, select the podadmin icon and login with the password Iforgot2 Using Firefox, open a browser to your 2504 WLC using Click on I Understand the Risks. Click on the Add Exception button. Click the Confirm Security Exception button. Click the Login button and enter Username: admin / Password: Iforgot2 Click on the Advanced tab in the upper-right corner. Navigate to WIRELESS > Application Visibility and Control > AVC Profiles. 72 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

73 Activity Verification Click New and enter the AVC Profile Name WDBWL-AVC. Click Apply. On the AVC Profile Name page, click the blue AVC profile name WDBWL-AVC to open the AVC Profile > Edit WDBWL-AVC page. Click Add New Rule. Choose file-sharing from the Application Group and tftp from the Application Name drop-down menu. Select Mark as the Action. Set Silver as the DSCP. Click Apply. 8 See the list of default AVC applications available by choosing WIRELESS > Application Visibility and Control > AVC Applications. Browse through using the arrow keys and numbers at the top right. Q1) Do you recognize any of the applications? Q2) Write down some applications you recognize You have completed this activity when you have attained this result: You have created a new AVC profile, for TFTP traffic. Task 2: Associate an AVC Profile to a WLAN Activity Procedure In this task, you will associate an AVC profile to a WLAN. Complete these steps: Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step Choose WLANs and select Create New. Click the Go button. In the Profile Name field, enter AVC-Lab. In the SSID field, enter WDBWL-AVC-X, where X is your pod number and click the Apply button. Set the Status to Enabled by checking the box. Click the Apply button. Click on the Security tab. Scroll down to the Authentication Key Management section and enable PSK. In the PSK Format drop-down menu, select ASCII and enter Iforgot2 in the blank form field. Click on the QoS tab. From the AVC Profile drop-down menu, choose the AVC profile WDBWL-AVC. Click the Apply button. Click OK Cisco Systems, Inc. Remote Lab Guide 73

74 4 5 6 Click the <Back button. Click Save Configuration. Click OK to the pop-up windows. Activity Verification You have completed this activity when you have attained this result: You have associated the AVC profile to a WLAN. Task 3: Use TFTP Activity Procedure In this task, you will test the operation of TFTP. Complete these steps: Step 3 Step 4 From the Diagram page, select Client Laptop. Select the PODLAPTOP icon and enter password in the Password field to login to the client laptop. Navigate to Start > Control Panel > View network status and tasks > Change adapter settings. Confirm that the Local Area Connection is disabled and the Intel 4965 Wireless is enabled. After confirming your network connections, close the Network Connections window. Note Step 5 Step 6 If you need make any changes to these network connections, right-click on the icon and select Enable or Disable. From the Client Laptop click on the network icon. Connect to your WLAN WDBWL-AVC-X, where X is your pod number. 74 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

75 Step 7 Step 8 Step Enter Iforgot2 for the Security key: and click OK. From the Client Laptop click on the network icon and right-click your WLAN WDBWL-AVC-X and select Status. From the Intel 4965 Wireless Status window, click on the Details button. Document the IPv4 Address of your wireless connection here. IPv4 Address:. Close the Network Connection Details window and the Intel 4965 Wireless Status window Cisco Systems, Inc. Remote Lab Guide 75

76 Note The IP address you just documented will be used with the Tftpd32 program. Using this IP Address will ensure you are downloading the file from the Client Laptop radio interface and not the Ethernet interface Click the Windows Start icon and type cmd in the Search programs and files box and press Enter to open a CMD window. Type ping and press the Enter key to test ping the TFTP Server. You should get a successful response from the TFTP server. Close your command window. From the Client Laptop, locate the Tftpd32 icon on the desktop. Right-click on the Tftpd32 icon and select Run as administrator and click the Yes button on the User Account Control message. From the Server interface drop-down menu, select the IP Address you documented in Click the Tftp Client tab. Enter in the Host field. Click on the square box to the right of the Local File field. 1 Select Desktop for the location the TFTP file will be copied to. 76 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

77 Enter avc-download-file.txt in the File name: box and click the Open button. Enter avc-download-file.txt in the Remote File box. Click Get. The file will start downloading to the tftp default directory using the wireless network. Click on the OK button to close the file transfer details. 6 Close the Tftp32 windows. Activity Verification You have completed this activity when you have attained this result: You have successfully connected to and downloaded a file from your TFTP server. Task 4: View the AVC Information Activity Procedure In this task, you will view AVC information. Complete these steps: From the Systems menu, select Admin PC and maximize the Firefox session to your 2504 WLC. If your Firefox browser closed, open up a new connection to your 2017 Cisco Systems, Inc. Remote Lab Guide 77

78 Step 3 controller using and Login with Username: admin / Password: Iforgot2 Navigate to MONITOR > Applications > WLAN then click on the small blue number under the WLAN ID column linked to your WDBWL-AVC-X WLAN, where X is your pod number. You should see a graphic and text displaying TFTP data (If you do not see anything, repeat Task 3 4, then immediately repeat Task 4). Activity Verification You have completed this activity when you have attained this result: You have successfully viewed the AVC information that was captured. Task 5: Configuring AVC Profile to Drop Traffic Activity Procedure In this task, you will configure the AVC profile to drop traffic. Complete these steps: Step 3 Step 4 Step 5 Activity Verification Navigate to WIRELESS > Application Visibility and Control > AVC Profiles. On the AVC Profile Name page, click the AVC profile name WDBWL-AVC to open the AVC Profile > Edit page. Click on the blue tftp link under the Application Name column. Change the action to Drop. Click Apply. You have completed this activity when you have attained this result: You have changed the AVC profile to drop traffic. Task 6: Try Again to use TFTP Activity Procedure In this task, you will again test the operation of TFTP. Complete these steps: Step 3 From the Systems menu, select Client Laptop and delete the file avc-downloadfile.txt from the desktop. Open the Tftpd32 program by right clicking on the Tftpd32 icon and select Run as administrator and click the Yes button on the User Account Control message. From the Server interface drop-down menu, select the IP Address you documented previously in 0 on page 75. For example, X, where X is your pod number. 78 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

79 Step 4 Step 5 Step 6 Click the Tftp Client tab. Enter in the Host field. Click on the square box to the right of the Local File field. Step 7 Select Desktop for the location the TFTP file will be copied to. Step 8 Step 9 0 Enter avc-download-file.txt in the File name: box and click the Open button. Enter avc-download-file.txt in the Remote File field. Click the Get button on the Tftpd32 window Cisco Systems, Inc. Remote Lab Guide 79

80 1 2 3 After about 25 seconds a pop-up from Tftp32d program will show Timeoutwaiting block #1. This intended failure was cause by the AVC profile dropping TFTP traffic. Click OK. Close the Tfpd32 window. Activity Verification You have completed this activity when you have attained this result: You have been unsuccessful in your attempts to connect to and downloaded a file from your TFTP server. Task 7: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram. 80 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

81 Lab 1-8: Configuring Basic B2C Guest Access and Web Authentication Activity Objective Complete this lab activity to practice what you learned in the related module. In this activity, you will explore how to set up a WLAN with web authentication as the security policy. You will configure the WLAN controller to support a web authentication client. This implementation provides an open connection to a user that requires a name and password security exchange. All network traffic is transmitted in the clear that is, not encrypted or authenticated. In order to provide that support, you must create a new WLAN instance that provides an SSID that the web authentication client will use. Guest subscribers will be given an IP address using a DHCP server that is part of the lab infrastructure. You must also define a local net user and create the user password. When the support for web authentication is configured correctly on your controller, you will log in using the local net user username and password, by using a browser connection from your laptop. After completing this activity, you will be able to meet these objectives: Create and configure a WLAN to support a web authentication subscriber Connect to the controller through the web browser and new user account See how the web exclusion policy works Task 1: Configuring a Local Guest Access Method You will use the controller web interface to configure a VLAN interface and a WLAN that is needed to support the web authentication client traffic. Make sure that you have your lab PC connected and that you have an open controller web browser session to the controller. Activity Procedure 1 Complete these steps: If you are continuing from the previous lab, skip to Step 5. Step 3 Step 4 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems drop-down, select Admin PC. Open a web browser to Sign in with the following credentials: Username Password Step 5 Step 6 Step 7 admin Iforgot2 From the top menu bar, choose CONTROLLER, and then in the left sidebar, choose Interfaces. In the main Interfaces window, click New. In the window that appears, name the new interface guest and assign it a VLAN Id of Cisco Systems, Inc. Remote Lab Guide 81

82 Step 8 Click Apply to save the new interface. You must now configure the interface parameters in the new window that appears. Step 9 0 In the Port Number filed, enter 1 to assign the interface to port 1 on your WLAN controller. In the IP Address field, enter X, where X is your assigned pod number. 1 In the Netmask field, enter In the Gateway field, enter Enter as the Primary DHCP server for this interface. Click Apply to save the changes to the controller running the configuration. Click OK. Click Save Configuration. Click OK on the pop-up windows. In the upper-right corner of the screen, click ping, which is to the right of Save Configuration. A script prompt appears. Enter the X where X is your pod number and click OK. The ping response pop-up appears. Q1) What was the response? 0 Activity Verification Activity Procedure 2 Click OK to close the ping response pop-up window. You have completed this activity when you have attained this result: You have configured the guest interface on your controller. Complete these steps: Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step Select the WLANs link from those available across the top of the window. Select Create New from the drop-down menu and click GO to create a new WLAN. The WLANs > New window appears. In the Profile name field, enter webauth. In the SSID field, enter webauthx, where X is your pod number. Click Apply to create the new interface. A new edit window appears. Check the check box next Status to Enabled to enable the WLAN. From the Interface/Interface Group, choose the guest interface. Select the Security tab. You will open to the Layer 2 sub tab. Set the Layer 2 Security to None. Select the Layer 3 sub tab. Set Layer 3 Security to Web Policy. Read the warning and click OK. Verify the Authentication radio button is selected. 82 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

83 Click Apply to save the new WLAN to the running configuration on the WLAN controller. Click <Back to return to the WLANs page. Check the check boxes next to the WLAN SSIDs, WDBWL-X, where X is your pod number, APmodeX, LocalEX and WDBWL-AVC-X. Select Disable Selected from the drop-down menu and click GO. Click OK. Review the WLAN summary window. Make sure that the webauthx WLAN Admin Status shows as Enabled and all other WLANs on your controller are disabled. Click Save Configuration to save the changes. Click OK to the pop-up windows. Activity Verification 2017 Cisco Systems, Inc. Remote Lab Guide 83 You have completed this activity when you have attained these results: You have successfully created a WLAN on your controller associated to the VLAN 40 interface. You have disabled all other WLANs from the previous labs. Task 2: Creating a Local Net User as a Guest Activity Procedure You must create a local net user and define a password that you will provide when logging in as a web authentication client. Complete these steps: Step 3 Step 4 Step 5 Step 6 Select the SECURITY link from the options available across the top of the window. In the left menu, navigate to AAA > Local Net Users. Click New. In the User Name field, enter webuser. Enter Iforgot2 in the Password and Confirm Password fields. Check the Guest User check box. Q1) What options are available if you click the guest user? Step 7 Select webauth in the WLAN Profile drop-down menu. Step 8 Step Activity Verification Click Ok. In the Description field, enter Guest User. Click Apply to save the new user configuration. Click Save Configuration and answer OK to the warning pop-ups. You have completed this activity when you have attained this result: You have created a local net user account to be used for web authentication.

84 Task 3: Testing Client Login Activity Procedure 1 In this task, you will test the newly created web authentication SSID and local net user. Step 3 Step 4 Step 5 Step 6 Step 7 From the Systems menu, select Client Laptop. Click on the network icon at the right side of the windows task bar to display the available wireless networks. Locate the webauthx, where X is your pod number, click on it and select Connect. Open Internet Explorer. The Set Network Location window opens. Select Public Network and click Close. Ensure that the pop-up blocker is turned off. In the browser address window, input the address: and press Enter. Step 8 A security alert window appears. Click Continue to this website (not recommended) to proceed. 84 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

85 Step 9 0 When the Login window appears log in using the User Name of webuser and a Password of Iforgot2 (the local net user that you created.). Click Submit. Two windows should appear. The smaller window indicates a successful login and has a link to logout of the network. The larger window is your normal browser window, which will display the page you originally requested ( or the Login page to your WLC 2505 controller. In a production environment, you can use the larger window to browse to the Internet (there is no internet access available in the lab environment). You will use the smaller window to log out when you are finished using the webauth network. 1 In the smaller window, click Logout on the Web Authentication window to log out of the webauth network. Wait for the client to complete the logout procedure Cisco Systems, Inc. Remote Lab Guide 85

86 2 3 Click the Close button, to close the Web Authentication page. Close the web browser to test.gigawave.trn or the controller Login page. Activity Verification You have completed this activity when you have attained these results: You have successfully logged into the webauthx WLAN that you created. You used the redirect feature to reach or the controller. Task 4: Testing Client Exclusion Activity Procedure In the previous example, you logged in correctly and were granted access. This time, you will provide the wrong password each time that you attempt to log in. Complete these steps: Step 3 Step 4 Step 5 From the Systems menu, select Client Laptop, open a new Internet Explorer browser session to This opens a session directly to the web portal in the controller. When the security alert window comes up, Click Continue to this website (not recommended) to proceed. When the Login window appears, log in using the User Name of webuser but this time use cisco as the password and click on the Submit button. Repeat Step 3 three more times. Notice that on the fourth attempt, the web browser does not respond but continues to search. Click on the Network icon to show the WLANs available. Q1) Are you still connected? Step 6 From the Systems menu, select Admin PC. Step 7 Click the MANAGEMENT option in the menu bar. 86 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

87 Step 8 In the left menu, navigate to SNMP > Trap Logs to bring up a list of recent trap events. Q2) Examine the information found there. What entry do you see that indicates a client exclusion event? Q3) How many AAA Authentication failures occurred before the Client Exclusion? Step 9 Close the web browser connection to the controller. Activity Verification You have completed this activity when you have attained these results: You have successfully been excluded from the controller. You have viewed the SNMP logs. Task 5: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram Cisco Systems, Inc. Remote Lab Guide 87

88 Lab 2-1: FlexConnect Local Switching Activity Objective Complete this lab activity to practice what you have learned in the related module. In this activity, you will configure FlexConnect access points to provide connectivity if the WAN fails. After completing this activity, you will be able to meet these objectives: Configure the controller with a centrally switched WLAN to use 802.1X authentication for FlexConnect Enable FlexConnect on the AP and configure FlexConnect groups Configure a client profile to use the newly created WLAN Induce a WAN failure and ensure that the client connects to the FlexConnect in standalone mode Task 1: Configure the Controller Activity Procedure In the task, you will configure the controller with a centrally switched WLAN that is configured to use 802.1X authentication for FlexConnect. Complete these steps: If you are continuing from the previous lab, skip to. Step 3 Step 4 Step 5 From your PC, open a web browser session to the GigaWave remote labs at the address From the Systems drop-down, select Admin PC. Open the Firefox web browser to Click Login. Sign in with the following credentials: Username Password admin Iforgot2 Step 6 Step 7 Step 8 Step Select CONTROLLER from the top menu. From left side menu click on Interfaces. From under the Interface Name column, click on management. Scroll down to the NAT Address section and uncheck the Enable NAT Address option that was enabled in a previous lab. Scroll to the top of the page and click the Apply button. Click OK. Click on Save Configuration and answer OK to the pop-up messages. Choose WLANs. 88 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

89 Choose Create New in the drop-down menu and click Go. The WLAN > New page appears. In the Type drop-down menu, choose WLAN. In the Profile Name field, enter FLEX Connect. In the SSID field, enter wdbwl-x-flex, where X is your pod number. Click Apply to save the changes. The WLANs > Edit page appears. In the Status field, check the Enabled check box. Keep the Radio Policy drop-down menu as All. Keep the Interface/Interface Group (G) drop-down menu selection as management. In the Broadcast SSID field, check the Enabled check box. Click the Advanced tab. 4 5 In the FlexConnect Local Switching field, check the Enabled check box. Scroll down to bottom of Advanced tab for FlexConnect features. In the FlexConnect Local Auth field, check the Enabled check box. 6 7 In the DHCP Addr. Assignment field, check the Required check box. Click Apply to commit the changes and click OK to the message Enabling FlexConnect Local Switching will disable mdns Snooping. Press OK to continue. Activity Verification You have completed this task when you attain this result: You have created a WLAN for (FlexConnect). Task 2: Enable FlexConnect on the AP and Configure FlexConnect Groups In the task, you will configure FlexConnect on the AP and configure FlexConnect groups. In case of a WAN failure, the FlexConnect in standalone mode has the ability to authenticate wireless clients. For the AP to perform this role, you need to configure a FlexConnect group. Because the AP will be independent, you will connect to the AP CLI to monitor the 2017 Cisco Systems, Inc. Remote Lab Guide 89

90 Activity Procedure authentication process. Keeping the default credentials on the AP would be a security risk and you want to change the AP console credentials. Complete these steps: Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step Choose WIRELESS > Access Points. The All APs configuration page appears. If you have one AP (Px-AP1), proceed to Step 7. If you have two APs proceed to Step 3. Click Px-AP3 (your Cisco 2700 AP 3 name) to edit its settings. Select Disable in the Admin Status drop-down menu. This forces the client to connect to AP1, which will be configured for FlexConnect mode. Click Apply. Click <Back to return to the All APs page. Click Px-AP1 (your Cisco 2700 AP 1 name) to edit its settings. From the AP Mode drop-down menu, select FlexConnect. Click on the High Availability tab and delete the Secondary Controller C and the Management IP Address by clearing out the text in each field. This will prevent your access point from failing over to the C controller when you introduce a network failure in Task 4. At this point, only your 2504-X controller with the Management IP Address X.10 (X is your pod number) should be listed as the Primary Controller. Click Apply to commit the changes. Click <Back to return to the All APs page. Click the Refresh button to update the screen. From the ALL APs page, scroll to the right and look for the AP Mode column. Confirm that Px-AP1 is in FlexConnect mode. From the left side menu, click on FlexConnect Groups. The FlexConnect Groups page appears. Click New. The FlexConnect Groups > New page appears. In the Group Name field, enter FLEX. Click Apply. You will return to the FlexConnect Groups page. Click the FLEX Group Name. The FlexConnect > Groups > Edit page appears. Under the heading FlexConnect APs, click Add AP. Check the Select APs from current controller check box. From the AP Name drop-down menu, select your Px-AP1. Click Add. Check the Enable AP Local Authentication check box. Click Apply. Select the Local Authentication tab to add a Local User on the Flex Connect access point. 90 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

91 Step 30 Step 31 Step 32 Step 33 Step 34 Step 35 Step 36 In the UserName field, enter student. In the Password and Confirm Password fields, enter password. Click Add to add the local user. Select the Local Authentication tab then choose the Protocols tab. Uncheck the Enable EAP LEAP Authentication check box. Confirm that the Enable EAP Fast Authentication check box is checked. Uncheck the Enable EAP PEAP Authentication check box. Uncheck the Enable EAP TLS Authentication check box. Click Apply to commit the changes. Click Save Configuration to save the changes. Click OK. Activity Verification You have successfully completed this task when you have completed the following: You have enabled FlexConnect on the access point. You have created a FlexConnect group. You have added the access point to the FlexConnect group. You have added a local user on the FlexConnect access point. Task 3: Configure a Client Profile Activity Procedure In this activity, you will configure a client profile to use the new WLAN that you created. Complete these steps to configure a client profile on the remote lab PC. You will add a profile to use the wdbwl-x-flex WLAN. Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step From the Systems menu, select Client Laptop. Click icon for PODLAPTOP\student. Enter password in the Password filed and press Enter. Navigate to Start > Control Panel > View wireless status and tasks > Manage Wireless Networks. Click Add. Click Manually Create a Network Profile. In the Network name field, enter your SSID wdbwl-x-flex, where X is your pod number. From the Security type drop-down menu, choose WPA2-Enterprise. From the Encryption type drop-down menu, choose AES. Click Next. Click Change Connection Settings. Click the Security tab Cisco Systems, Inc. Remote Lab Guide 91

92 From the Choose a network authentication method: drop-down menu, choose Cisco: EAP-FAST. Make sure to uncheck Remember my credentials for this connection each time I m logged on check box. Click Settings. Click the User Credentials tab. Select the Use saved username and password radio button. Enter the following credentials: Parameter Username: Password: Value student password Confirm password: password Click OK twice to save the changes. Click Close to close the Manually connect to a wireless network window. Close the Manage Wireless Networks window. Click the Networks icon in the Windows tray. Choose wdbwl-x-flex, where X is your pod number, and click Connect. Select Yes in the EAP-FAST pop-up window. Since you do not have a PAC from the FlexConnect AP, you will need to connect a second time. Choose wdbwl-x-flex, where X is your pod number, and click Connect. You should connect successfully to the WLAN. From the Diagram page, click the icon for PX-AP1 CAPWAP to connect to AP1. The AP1 page opens. Click in the console area and press Enter to activate the CLI session. Use the following credentials to login: Username Password Cisco 9 Cisco Enter the show capwap reap association command. 92 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

93 Step 30 Observe the output. You will see information relating to your AP in the top portion of the output. Your client is authenticated through the FlexConnect. Activity Verification You have successfully completed this task when you attain these results: You have created a profile on the remote lab PC. You have connected to the WLAN successfully. Task 4: Induce a WAN Failure In this activity, you will induce a WAN failure and ensure that the client connects to the FlexConnect in standalone mode. Step 3 From the Diagram page, click the icon for WLC 2504 to connect to your pod controller. The 2504 page opens. Click in the console area and press Enter to open the CLI to the WLC. Use the following credentials to login: User admin Password Iforgot2 Step 4 Step 5 Step 6 Enter the command show ap summary to verify Px-AP1 is connected to the controller. You may see Px-AP3 as well. Enter config port adminmode 1 disable to disable the access port on the controller to simulate a WAN failure between the AP and controller. From the Systems menu, select AP1. Note Step 7 If your session has timed out, use the following: Enter Cisco at the Username. Enter Cisco at the Password prompt. Enter enable and press enter. Enter Cisco at the password prompt. Enter show capwap reap status to see the state of the access point Cisco Systems, Inc. Remote Lab Guide 93

94 Step 8 Step 9 0 AP eb.b848-pod1#show capwap reap status AP Mode: REAP, Standalone Radar detected on: Verify the status of REAP, Standalone. You may have to issue the show capwap reap status command more than once depending on how long it takes for the AP to go into standalone mode. From the Systems drop-down, select Client Laptop. Click on the Network icon in the Windows system tray and verify that you are still connected to wdbwl-x-flex. Note If you are not connected, skip to Select wdbwl-x-flex, and then click Disconnect. Once the FlexConnect connection is disconnected, select wdbwl-x-flex, where X is your pod number, and click Connect. Verify that you reconnected. From the Systems drop-down, select AP1. Enter the show capwap reap association command. Observe the output and look for an output similar to the following. (the following example uses pod 15) SSID: wdbwl-15-flex on Dot11Radio0 bssid: f44e.05eb.3552 Mode: 0x192, WLAN: 3, VLAN name: Key Mgmt 4, Reap flags 0x4001, Reap flags_1 0x0, Guest Yes, Current Users 0 SSID: wdbwl-15-flex on Dot11Radio1 bssid: f44e.05eb.355d Mode: 0x192, WLAN: 3, VLAN name: Key Mgmt 4, Reap flags 0x4001, Reap flags_1 0x0, Guest Yes, Current Users 1 Select the 2504 tab. Note If your session has timed out, click the Reconnect button at the bottom of the tab. Enter admin at the User: prompt and Iforgot2 at the Password: prompt. 7 8 Enter Config port adminmode 1 enable to enable the access port on the controller. Enter show ap summary to see when the APs rejoins the controller. Note It may take approximately 2 to 3 minutes for the access point to rejoin the controller. Activity Verification You have successfully completed this task when you have completed the following objectives: You have disabled the port 1 on the controller to simulate a WAN failure. You have verified the connection to the hreap WLAN remained up. You have disassociated and re-associated to the hreap WLAN successfully. You have enabled the port 1 on the controller. 94 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

95 Task 5: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram Cisco Systems, Inc. Remote Lab Guide 95

96 Lab 4-1: Perform the Controller Configuration Using the Ease of Use Setup Wizard Introduction V4 Reference Complete this lab activity to practice what you learned in the related materials. Use the activities here to complete the controller configuration. In the following lab, you will create a basic configuration for the WLAN controller using the Ease of Use wizard. After completing this activity, you will be able to meet these objectives: Use the ease of Use wizard to configure your WLC Refer to the lab diagram to illustrate what you will accomplish in this activity. The information provided in the tables here reiterates the information in the lab diagram. In all of the details, replace X with your student pod number. Note Each student will be assigned to a pod by the instructor. The addresses for your equipment will be determined by your pod number. Admin User Name Admin User PW System Name admin-wizard Iforgot x Controller Interface IP Address Netmask Gateway VLAN Tag Management Network Name Security Passphrase VLAN DHCP Server FinalX WPA2 personal Cisco123 Management Client Density Traffic Type Virtual IP Address Local Mobility Group Typical Data Podx Task 1: Reset your WLC In this task, you will reset your WLC to factory default. Activity Procedure Complete these steps: 96 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

97 Step 3 Step 4 Step 5 Step 6 Step 7 From the Diagram page, click on the WLC 2504 icon to access the console port of your 2504 WLC. Click the grey screen area to activate the screen and press Enter. At the (Cisco Controller) > prompt, type reset system and press the Enter key. If you get the message The system has unsaved changes. Would you like to save them now? (y/n) press the n key. At the prompt Are you sure you would like to reset the system? (y/n), press the y key and the WLC 2504 reboots. Click anywhere in the grey CLI screen to be sure the screen is activated. When prompted, press ESC key to stop the system from auto-booting. Reset the controller to the factory default settings by pressing the option # 4 and press Enter. Note If you missed the pressing the ESC key go back to. Task 2: Configuring the 3650 Switch Ports In this task, you will change the VLAN assignment of your pod so the Client Laptop connects directly to the WLC port 1. Note This procedure would normally be done by connecting the Ethernet port of the laptop directly to one of the 4 available ports on the WLC Since this is a remote lab environment, you will be using VLANs to accomplishing the same connectivity. Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step From the Diagram page, click on the Podx-3650sw icon. The Pod-Sw page opens. This is your CLI access to the Podx-3650sw. Click the grey CLI screen to activate it and press Enter. For the Username: enter admin, for the Password: enter Iforgot2 From the Podx-3650sw# prompt, type the following commands shown in bold text listed in following steps. Podx-3650sw# type configure terminal and press Enter. The console displays the message Enter configuration commands, one per line. End with CNTL/Z. Podx-3650sw(config)# type vlan 222 and press the Enter key. Podx-3650sw(config-vlan)# type name set-up-wizard press the Enter key. Podx-3650sw(config-vlan)# type exit press the Enter key. Podx-3650sw(config)# type interface gigabitethernet 1/0/3 press the Enter key. Podx-3650sw(config-if)# type switchport mode access press the Enter key. Podx-3650sw(config-if)# type switchport access vlan 222 press the Enter key. Podx-3650sw(config-if)# type exit press the Enter key. Podx-3650sw(config)# type interface gigabitethernet 1/0/4 press the Enter key. Podx-3650sw(config-if)# type switchport access vlan 222 press the Enter key Cisco Systems, Inc. Remote Lab Guide 97

98 5 6 Podx-3650sw(config-if)# type exit press the Enter key. Podx-3650sw(config)# type exit press the Enter key. 7 Podx-3650sw# type show run interface gigabitethernet 1/0/3 8 Podx-3650sw# type show run interface gigabitethernet 1/0/4 9 Podx-3650sw# type show vlan brief and press the Enter key. 98 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

99 Activity Verification 2017 Cisco Systems, Inc. Remote Lab Guide 99 You have completed this activity when you have attained this result: You have reset the WLC2504 to the factory defaults, and rebooted the system. You have reconfigured the Podn-3650sw VLAN setting for the WLC2504 and Client Laptop. Task 3: Run the Ease of Use Wizard Activity Procedure In this task, you will run the Ease of Use wizard. Complete these steps using the table above: Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 0 From the Systems menu, select Client Laptop. Click the icon for PODLAPTOP\student and enter password for the password and press the Enter key. Navigate to Start > Control Panel > View network status and tasks > Change adapter settings. Right-click the Local Area Connection icon for the Realtek PCIe GBE Family Controller Ethernet and select Enable. Right-click the Local Area Connection icon for the Realtek PCIe GBE Family Controller Ethernet and select Properties. Click on Internet Protocol Version 4 (TCP/IPv4) and click the Properties button. Select the option Obtain an IP address automatically and click the OK button. Click Close to close the Local Area Connection Properties Window. Close the Network Connections window. Click on Start and type cmd in the Search programs and files box and press the Enter key.

100 1 2 Type ipconfig /renew in the command box and press the Enter key. Make a note of the IP address, Mask, gateway and DNS server assigned to the Ethernet adapter Local Area Connection: 3 You should get an IP address in the range x (x= 2-16) Step 30 Step 31 Step 32 Step 33 Step 34 Step 35 Step 36 Close the cmd prompt window. From the Systems menu, select Client Laptop and open the Firefox web browser and connect to You should see a Cisco 2500 Series welcome screen. Enter admin-wizard for Create admin username. Enter Iforgot2 for Create admin password and Confirm password. Select Start. Enter 2504-X, where X is your pod number for the System Name. Enter for the management IP address. Enter for the Subnet mask. Enter for the default gateway. Enter 0 for the Management VLAN ID. Select Next. Enter FinalX, where X is your pod number for the Network Name. Select WPA2 Personal for Security. Enter Cisco123 for the Pass Phrase. Enter Cisco123 for the Confirm Pass Phrase. Select Management VLAN for the VLAN. Enter for the DHCP Server Address. Select Next. Select RF Parameter Optimization (greyed out). Slide the Client Density option to High, and select Data for the Traffic Type. Enter for the Virtual IP Address. Enter PodX, where X is your pod number for the Local Mobility Group. Select Next. 100 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

101 Step 37 Step 38 Step 39 Step 40 Step 41 The screen prompts Please confirm settings and apply. Check the settings one last time. Select Apply. Read the warning and select OK. The WLC will now reboot. The reboot will take about 3 minutes to complete. You can observe the WLC2504 rebooting by clicking on the 2504 tab in the lab menu. Activity Verification You have completed this activity when you have attained this result: You have run the Ease of Use wizard The WLC has restarted Task 4: Reconnect to you 2504 WLC Activity Procedure In this task, you will connect to the 2504 after running the Ease of Use wizard. Complete these steps using the table above: Step 3 Step 4 From the Systems drop-down, select Client Laptop. Navigate to Start > Control Panel > View network status and tasks > Change adapter settings. Right-click the Local Area Connection Realtek PCIe GBE Family Controller Ethernet card and select Properties. Click on Internet Protocol Version 4 (TCP/IPv4) and click the Properties button. Step 5 Enable the Use the following IP address radio button and enter the following values: IP address: Subnet mask: Default gateway: Preferred DNS server: Step 6 Step 7 Step 8 Step 9 0 Activity Verification Click OK and Close. From the Systems drop-down, select Client Laptop. Open the Firefox web browser and connect to If using Firefox fails due to an invalid certificate, try using another browser. From the Systems drop-down menu, select WLC 2504 and login with username admin-wizard and password Iforgot2. Spend some time looking around the screen to check on the settings you have made. You have completed this activity when you have attained this result: You have run the Ease of Use wizard The WLC has restarted 2017 Cisco Systems, Inc. Remote Lab Guide 101

102 You have browsed through the WLC2504 controller settings configured by the Ease of Use Setup Wizard. Task 5: Resetting the 3650 Switch and WLC 2504 In this task, you will restore the 3650 switch and the WLC 2504 controller configuration back to the normal configuration. From the Diagram page and right-click the Podx-3560sw icon. Click the Reset option and click the OK button to the Message from webpage. A Reset tab appears. The guided script takes less than 2 minutes to complete. Step 3 Step 4 Step 5 Step 6 From the System menu, select WLC 2504 and login with User: admin-wizard Password: Iforgot2 At the (Cisco Controller)> prompt type clear config and press the Enter key. Display shows Are you sure you want to clear the configuration? (y/n) type y Display shows Writing to flash done Activity Verification You have completed this activity when you have attained this result: Reset the Podx3650sw. Reset the WLC. Task 6: Closing the Lab In this task, you will close the lab session. Note If you are continuing to the next Hardware Challenge Lab at this time, skip this task and continue to the next lab. Select Diagram from the Systems menu. In the upper-right corner, click the X to close the Lab Topology Diagram. 102 Deploying Basic Wireless LANs (WDBWL) v Cisco Systems, Inc.

Configuring OfficeExtend Access Points

Configuring OfficeExtend Access Points Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security

More information

Using the Web Graphical User Interface

Using the Web Graphical User Interface Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 1 Connecting the Console Port of the Device, page 3 Logging On to the Web GUI, page 3 Enabling Web and Secure Web Modes,

More information

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server Document ID: 112175 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Windows

More information

Using the Web Graphical User Interface

Using the Web Graphical User Interface Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 2 Connecting the Console Port of the Switch, page 3 Logging On to the GUI, page 4 Enabling Web and Secure Web Modes,

More information

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights

More information

Managing APs. Converting Autonomous APs to Lightweight Mode. Information About Converting Autonomous Access Points to Lightweight Mode

Managing APs. Converting Autonomous APs to Lightweight Mode. Information About Converting Autonomous Access Points to Lightweight Mode Converting Autonomous APs to Lightweight Mode, page 1 Global Credentials for APs, page 6 Embedded APs, page 10 AP Modules, page 12 Access Points with Dual-Band Radios, page 20 Link Latency, page 21 Converting

More information

Searching for Access Points

Searching for Access Points Information About, page 1 Searching the AP Filter (GUI), page 1 Monitoring the Interface Details, page 4 Searching for Access Point Radios, page 6 Information About You can search for specific access points

More information

Cisco ASA 5500 LAB Guide

Cisco ASA 5500 LAB Guide INGRAM MICRO Cisco ASA 5500 LAB Guide Ingram Micro 4/1/2009 The following LAB Guide will provide you with the basic steps involved in performing some fundamental configurations on a Cisco ASA 5500 series

More information

Cisco Mobility Express User Guide for Release 8.2

Cisco Mobility Express User Guide for Release 8.2 First Published: 2015-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE

More information

Converting Autonomous Access Points to Lightweight Mode

Converting Autonomous Access Points to Lightweight Mode Converting Autonomous Access Points to Lightweight Mode Finding Feature Information, page 1 Prerequisites for Converting Autonomous Access Points to Lightweight Mode, page 1 Information About Autonomous

More information

Editing WLAN SSID or Profile Name for WLANs (CLI), page 6

Editing WLAN SSID or Profile Name for WLANs (CLI), page 6 Prerequisites for WLANs, page 1 Restrictions for WLANs, page 2 Information About WLANs, page 3 Creating and Removing WLANs (GUI), page 3 Enabling and Disabling WLANs (GUI), page 4 Editing WLAN SSID or

More information

LAB: Configuring LEAP. Learning Objectives

LAB: Configuring LEAP. Learning Objectives LAB: Configuring LEAP Learning Objectives Configure Cisco ACS Radius server Configure a WLAN to use the 802.1X security protocol and LEAP Authenticate with an access point using 802.1X security and LEAP

More information

Cisco WLAN Express for Cisco Wireless Controllers

Cisco WLAN Express for Cisco Wireless Controllers Cisco WLAN Express for Cisco Wireless Controllers, page 1 Configuring the Controller Using the Configuration Wizard, page 8 Using the AutoInstall Feature for Controllers Without a Configuration, page 21

More information

Cisco Mobility Express User Guide for Release 8.2

Cisco Mobility Express User Guide for Release 8.2 First Published: November 30, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

More information

Wireless LAN Controller Module Configuration Examples

Wireless LAN Controller Module Configuration Examples Wireless LAN Controller Module Configuration Examples Document ID: 70530 Contents Introduction Prerequisites Requirements Components Used Conventions Basic Configuration Example 1 Basic Configuration with

More information

What Is Wireless Setup

What Is Wireless Setup What Is Wireless Setup Wireless Setup provides an easy way to set up wireless flows for 802.1x, guest, and BYOD. It also provides workflows to configure and customize each portal for guest and BYOD, where

More information

User Guide. 450Mbps/300Mbps Wireless N Access Point TL-WA901ND/TL-WA801ND REV

User Guide. 450Mbps/300Mbps Wireless N Access Point TL-WA901ND/TL-WA801ND REV User Guide 450Mbps/300Mbps Wireless N Access Point TL-WA901ND/TL-WA801ND REV4.0.0 1910011930 Contents About This Guide...1 Chapter 1. Get to Know About Your Access Point.................... 2 1. 1. Product

More information

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1 192.168.1.1 255.255.255.0 N/A

More information

High Availability (AP SSO) Deployment Guide

High Availability (AP SSO) Deployment Guide High Availability (AP SSO) Deployment Guide Document ID: 113681 Contents Introduction Prerequisites Requirements Components Used Conventions Topology New HA Overview HA Connectivity Using Redundant Port

More information

Identity Services Engine Guest Portal Local Web Authentication Configuration Example

Identity Services Engine Guest Portal Local Web Authentication Configuration Example Identity Services Engine Guest Portal Local Web Authentication Configuration Example Document ID: 116217 Contributed by Marcin Latosiewicz, Cisco TAC Engineer. Jun 21, 2013 Contents Introduction Prerequisites

More information

DHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy

DHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy Proxy, page 1 Link Select and VPN Select, page 4 Option 82, page 7 Internal Server, page 10 for WLANs, page 13 Proxy Information About Configuring Proxy When proxy is enabled on the controller, the controller

More information

Mobility Groups. Information About Mobility

Mobility Groups. Information About Mobility Information About Mobility, page 1 Information About, page 5 Prerequisites for Configuring, page 10 Configuring (GUI), page 12 Configuring (CLI), page 13 Information About Mobility Mobility, or roaming,

More information

Yamaha Router Configuration Training ~ Web GUI ~

Yamaha Router Configuration Training ~ Web GUI ~ Yamaha Router Configuration Training ~ Web GUI ~ Equipment RTX810 Gigabit VPN Router SWX2200-8G/24G Smart L2 Switch GbE 5, USB 3G modem 1Gbps throughput All GbE Cooperation with RTX810 200Mbps VPN throughput

More information

Configuring FlexConnect Groups

Configuring FlexConnect Groups Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points,

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

DWS-4000 Series DWL-3600AP DWL-6600AP

DWS-4000 Series DWL-3600AP DWL-6600AP Unified Wired & Wireless Access System Configuration Guide Product Model: Release 1.0 DWS-4000 Series DWL-8600AP DWL-6600AP DWL-3600AP Page 1 Table of Contents 1. Scenario 1 - Basic L2 Edge Setup: 1 Unified

More information

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Web Authentication Proxy on a Wireless LAN Controller Configuration Example Web Authentication Proxy on a Wireless LAN Controller Configuration Example Document ID: 113151 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Proxy on

More information

MSC-5100 Promotional Bundle Quickstart

MSC-5100 Promotional Bundle Quickstart MSC-5100 Promotional Bundle Quickstart This Quickstart shows you how to install, configure, and use the MSC-5100 Promotional Bundle. For detailed configuration and operating information on the MSC-5100

More information

UNIFIED ACCESS POINT ADMINISTRATOR S GUIDE

UNIFIED ACCESS POINT ADMINISTRATOR S GUIDE UNIFIED ACCESS POINT ADMINISTRATOR S GUIDE PRODUCT MODEL: DWL-2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, DWL-8610AP UNIFIED WIRED & WIRELESS ACCESS SYSTEM RELEASE 5.00 OCTOBER 2014 COPYRIGHT 2014. ALL

More information

Cisco NCS Overview. The Cisco Unified Network Solution CHAPTER

Cisco NCS Overview. The Cisco Unified Network Solution CHAPTER CHAPTER 1 This chapter describes the Cisco Unified Network Solution and the Cisco Prime Network Control System (NCS). It contains the following sections: The Cisco Unified Network Solution, page 1-1 About

More information

Configure the Cisco DNA Center Appliance

Configure the Cisco DNA Center Appliance Review Cisco DNA Center Configuration Wizard Parameters, page 1 Configure Cisco DNA Center Using the Wizard, page 5 Review Cisco DNA Center Configuration Wizard Parameters When Cisco DNA Center configuration

More information

Lab Student Lab Orientation

Lab Student Lab Orientation Lab 1.1.1 Student Lab Orientation Objective In this lab, the students will complete the following tasks: Review the lab bundle equipment Understand the security pod topology Understand the pod naming and

More information

Deploying Cisco UCS Central

Deploying Cisco UCS Central This chapter includes the following sections: Obtaining the Cisco UCS Central Software from Cisco, page 1 Using the Cisco UCS Central OVA File, page 2 Using the Cisco UCS Central ISO File, page 4 Logging

More information

MIMO Wireless Broadband Route r User s Manual 1

MIMO Wireless Broadband Route r User s Manual 1 MIMO Wireless Broadband Router User s Manual 1 Introduction...4 Features...4 Minimum Requirements...4 Package Content...4 Note...4 Get to know the Broadband Router...5 Back Panel...5 Front Panel...6 Setup

More information

Lab 6-1 Configuring a WLAN Controller

Lab 6-1 Configuring a WLAN Controller Lab 6-1 Configuring a WLAN Controller Topology Diagram Scenario Step 1 In the next two labs, you will configure a wireless solution involving a WLAN controller, two lightweight wireless access points,

More information

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) Document ID: 70333 Introduction Prerequisites Requirements Components Used Conventions Background Information Register the LAP with

More information

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi VMware vsphere 5.5: Install, Configure, Manage Lab Addendum Lab 3: Configuring VMware ESXi Document Version: 2014-07-08 Copyright Network Development Group, Inc. www.netdevgroup.com NETLAB Academy Edition,

More information

Lab 6-1 Configuring a WLAN Controller

Lab 6-1 Configuring a WLAN Controller Lab 6-1 Configuring a WLAN Controller Topology Diagram Scenario In the next two labs, you will configure a wireless solution involving a WLAN controller, two lightweight wireless access points, and a switched

More information

Packet Tracer Create a Simple Network Using Packet Tracer

Packet Tracer Create a Simple Network Using Packet Tracer Using Packet Tracer Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway PC Ethernet0 DHCP 192.168.0.1 Wireless Router Cisco.com Server LAN 192.168.0.1 255.255.255.0 Internet

More information

Your partner for Success. CCIE Security Lab Access Guide

Your partner for Success. CCIE Security Lab Access Guide Your partner for Success CCIE Security Lab Access Guide Contents Getting Access to the POD... 3 DEVICE ACCESS... 5 How to access the devices... 5 Starting the lab environment: https://www.youtube.com/watch?v=rymvbjci70e...

More information

Lab Viewing Wireless and Wired NIC Information

Lab Viewing Wireless and Wired NIC Information Objectives Part 1: Identify and Work with PC NICs Part 2: Identify and Use the System Tray Network Icons Background / Scenario This lab requires you to determine the availability and status of the network

More information

Lab - Remote Desktop in Windows 8

Lab - Remote Desktop in Windows 8 Lab - Remote Desktop in Windows 8 Introduction In this lab, you will remotely connect to another Windows 8 computer. Recommended Equipment The following equipment is required for this exercise: Two Windows

More information

Cisco 8500 Series Wireless Controller Deployment Guide

Cisco 8500 Series Wireless Controller Deployment Guide Cisco 8500 Series Wireless Controller Deployment Guide Document ID: 113695 Contents Introduction Prerequisites Requirements Components Used Conventions Product Overview Product Specifications Features

More information

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid Deploying Devices Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION,

More information

User Manual DIR-850L. Wireless AC1200 Dual Band Gigabit Router.

User Manual DIR-850L. Wireless AC1200 Dual Band Gigabit Router. User Manual DIR-850L Wireless AC1200 Dual Band Gigabit Router USER MANUAL: DIR-850L Wireless AC1200 Dual Band Gigabit Router SYSTEM REQUIREMENTS Network Requirements Web-based Configuration Utility Requirements

More information

Congratulations on purchasing Hawking s HWPS12UG 1-Port Parallel + 2 USB Ports Wireless G Print Server. The Hawking HWPS12UG is a powerful and

Congratulations on purchasing Hawking s HWPS12UG 1-Port Parallel + 2 USB Ports Wireless G Print Server. The Hawking HWPS12UG is a powerful and Congratulations on purchasing Hawking s HWPS12UG 1-Port Parallel + 2 USB Ports Wireless G Print Server. The Hawking HWPS12UG is a powerful and convenient network printing solution that will connect your

More information

A Division of Cisco Systems, Inc. GHz g. Wireless-G. User Guide. Access Point WIRELESS. WAP54G v2. Model No.

A Division of Cisco Systems, Inc. GHz g. Wireless-G. User Guide. Access Point WIRELESS. WAP54G v2. Model No. A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G Access Point User Guide Model No. WAP54G v2 Copyright and Trademarks Specifications are subject to change without notice. Linksys is

More information

Ports and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10

Ports and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports Information About Ports A port is a physical entity that is used for connections on the Cisco WLC platform. Cisco WLCs have two types of

More information

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All

More information

Wireless a CPE User Manual

Wireless a CPE User Manual NOTICE Changes or modifications to the equipment, which are not approved by the party responsible for compliance, could affect the user's authority to operate the equipment. Company has an on-going policy

More information

Lab - Remote Desktop in Windows 7 and Vista

Lab - Remote Desktop in Windows 7 and Vista Lab - Remote Desktop in Windows 7 and Vista Introduction In this lab, you will remotely connect to another Windows 7 or Vista computer. Recommended Equipment The following equipment is required for this

More information

Architecting Network for Branch Offices with Cisco Unified Wireless

Architecting Network for Branch Offices with Cisco Unified Wireless Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth - Sr. Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 2 Agenda Learn

More information

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5 Multicast VLAN Information About Multicast Optimization Prior to the 7.0.116.0 release, multicast

More information

TECHNICAL NOTE MSM & CLEARPASS HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016

TECHNICAL NOTE MSM & CLEARPASS HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016 HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016 CONTENTS Introduction... 5 MSM and AP Deployment Options... 5 MSM User Interfaces... 6 Assumptions... 7 Network Diagram...

More information

Lab 6-1 Configuring a WLAN Controller

Lab 6-1 Configuring a WLAN Controller Lab 6-1 Configuring a WLAN Controller Topology Diagram Scenario In the next two labs, you will configure a wireless solution involving a router with a built-in WLAN controller, two lightweight wireless

More information

Cisco 440X Series Wireless LAN Controllers Deployment Guide

Cisco 440X Series Wireless LAN Controllers Deployment Guide Cisco 440X Series Wireless LAN Controllers Deployment Guide Cisco customers are rapidly adopting the Cisco Unified Wireless Network architecture for next generation wireless LAN performance and advanced

More information

AOS-W 3.1. Quick Start Guide

AOS-W 3.1. Quick Start Guide AOS-W 3.1 Quick Start Guide This document describes the initial setup of an Alcatel OmniAccess system that consists of a WLAN Switch and Alcatel Access Points (APs). The installation consists of the following

More information

Cisco Modeling Labs OVA Installation

Cisco Modeling Labs OVA Installation Prepare for an OVA File Installation, page 1 Download the Cisco Modeling Labs OVA File, page 2 Configure Security and Network Settings, page 2 Deploy the Cisco Modeling Labs OVA, page 12 Edit the Virtual

More information

Dolby Conference Phone. Configuration guide for Avaya Aura Platform 6.x

Dolby Conference Phone. Configuration guide for Avaya Aura Platform 6.x Dolby Conference Phone Configuration guide for Avaya Aura Platform 6.x Version 3.2 28 June 2017 Copyright 2017 Dolby Laboratories. All rights reserved. Dolby Laboratories, Inc. 1275 Market Street San Francisco,

More information

Introduction to Change and Configuration Management

Introduction to Change and Configuration Management CHAPTER 1 Introduction to Change and Configuration Management Cisco Prime Network Change and Configuration Management provides tools that allow you to manage the software and device configuration changes

More information

Interconnecting Cisco Networking Devices Part 1 ICND1

Interconnecting Cisco Networking Devices Part 1 ICND1 Interconnecting Cisco Networking Devices Part 1 ICND1 Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

More information

NMS USER MANUAL. WAP-EN Series Wireless Access Points. Version 1.2, June 2017

NMS USER MANUAL. WAP-EN Series Wireless Access Points. Version 1.2, June 2017 NMS USER MANUAL WAP-EN Series Wireless Access Points Version 1.2, June 2017 Copyright Copyright 2017 Comtrend Corporation. All rights reserved. The information contained herein is proprietary to Comtrend

More information

Skills Assessment Student Training

Skills Assessment Student Training Skills Assessment Student Training Topology Assessment Objectives Part 1: Initialize Devices (6 points, 5 minutes) Part 2: Configure Device Basic Settings (33 points, 20 minutes) Part 3: Configure Switch

More information

Dolby Conference Phone. Configuration guide for BT MeetMe with Dolby Voice

Dolby Conference Phone. Configuration guide for BT MeetMe with Dolby Voice Dolby Conference Phone Configuration guide for BT MeetMe with Dolby Voice Version 3.2 17 May 2017 Copyright 2017 Dolby Laboratories. All rights reserved. Dolby Laboratories, Inc. 1275 Market Street San

More information

Lab - Connect to a Router for the First Time

Lab - Connect to a Router for the First Time Introduction In this lab, you will configure basic settings on a wireless router. Recommended Equipment A computer with Windows installed An Ethernet NIC installed Wireless router Ethernet patch cable

More information

Cisco Wireless LAN Controller Module Feature Guide

Cisco Wireless LAN Controller Module Feature Guide Cisco Wireless LAN Controller Module Feature Guide The Cisco wireless LAN (WLAN) controller module (WLCM) is designed to provide small and medium-sized businesses (SMBs) and enterprise branch office customers

More information

Wireless LAN Controller (WLC) Mobility Groups FAQ

Wireless LAN Controller (WLC) Mobility Groups FAQ Wireless LAN Controller (WLC) Mobility Groups FAQ Document ID: 107188 Contents Introduction What is a Mobility Group? What are the prerequisites for a Mobility Group? How do I configure a Mobility Group

More information

Managing Rogue Devices

Managing Rogue Devices Information About Rogue Devices, page 1 Configuring Rogue Detection (GUI), page 5 Configuring Rogue Detection (CLI), page 8 Information About Rogue Devices Rogue access points can disrupt wireless LAN

More information

Connecting to the NJITSecure wireless network.

Connecting to the NJITSecure wireless network. Connecting to the NJITSecure wireless network. 1. Start by going to the Start menu and selecting Control Panel 2. Your control Panel will most likely be in Category view, you will need to change it to

More information

HP M n Access Point Configuration and Administration Guide

HP M n Access Point Configuration and Administration Guide HP M220 802.11n Access Point Configuration and Administration Guide HP Part Number: 5998-5753 Published: April 2014 Edition: 3 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained

More information

Use Plug and Play to Deploy New Devices

Use Plug and Play to Deploy New Devices About Plug and Play, page 1 Prerequisites for Using Plug and Play, page 2 Plug and Play Workflow, page 2 Use the Plug and Play Dashboard to Monitor New Device Deployments, page 4 Create Plug and Play Profiles

More information

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT Avaya CAD-SV Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0 Issue 1.0 30th October 2009 ABSTRACT These Application Notes describe the steps to configure the Cisco VPN 3000 Concentrator

More information

Managing Rogue Devices

Managing Rogue Devices Finding Feature Information, page 1 Information About Rogue Devices, page 1 How to Configure Rogue Detection, page 6 Monitoring Rogue Detection, page 8 Examples: Rogue Detection Configuration, page 9 Additional

More information

WLM1200-RMTS User s Guide

WLM1200-RMTS User s Guide WLM1200-RMTS User s Guide Copyright 2011, Juniper Networks, Inc. 1 WLM1200-RMTS User Guide Contents WLM1200-RMTS Publication Suite........................................ 2 WLM1200-RMTS Hardware Description....................................

More information

SonicWALL NSA Getting Started Guide

SonicWALL NSA Getting Started Guide SonicWALL NSA Getting Started Guide This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 5000/4500/3500 running SonicOS

More information

Dolby Conference Phone. Configuration Guide for Microsoft Skype for Business

Dolby Conference Phone. Configuration Guide for Microsoft Skype for Business Dolby Conference Phone Configuration Guide for Microsoft Skype for Business Version 3.3 31 July 2017 Copyright 2017 Dolby Laboratories. All rights reserved. Dolby Laboratories, Inc. 1275 Market Street

More information

dctrack Quick Setup Guide Virtual Machine Requirements Requirements Requirements Preparing to Install dctrack

dctrack Quick Setup Guide Virtual Machine Requirements Requirements Requirements Preparing to Install dctrack dctrack Quick Setup Guide This Quick Setup Guide explains how to install and configure dctrack. For additional information on any aspect of dctrack, see the accompanying dctrack Help in other its online

More information

Click on Close button to close Network Connection Details. You are back to the Local Area Connection Status window.

Click on Close button to close Network Connection Details. You are back to the Local Area Connection Status window. How to configure EW-7228APn/EW-7416APn as a Repeater to extend wireless range This article can apply on EW-7228APn and EW-7416APn. We used screen shots of EW-7416APn in this instruction. We recommend you

More information

Lab - Configure Wireless Router in Windows

Lab - Configure Wireless Router in Windows Introduction In this lab, you will configure and test the wireless settings on a wireless router. Recommended Equipment A computer with Windows installed A Wireless NIC installed An Ethernet NIC installed

More information

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab Introduction to Enterprise Manager 11g Oracle Enterprise Manager 11g is the centerpiece of Oracle's integrated IT management strategy, which rejects

More information

Navigating Cisco EPN Manager

Navigating Cisco EPN Manager Navigating Cisco EPN Manager Cisco EPN Manager 1.2 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

More information

Cisco IP Phone Installation

Cisco IP Phone Installation Verify the Network Setup, page 1 Enable Autoregistration for Phones, page 2 Install Cisco IP Phone, page 3 Set Up Phone from Setup Menus, page 5 Enable the Wireless LAN on the Phone, page 7 Configure Network

More information

Broadband Router DC-202. User's Guide

Broadband Router DC-202. User's Guide Broadband Router DC-202 User's Guide Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband Router Features... 1 Package Contents... 3 Physical Details...3 CHAPTER 2 INSTALLATION... 5 Requirements...

More information

User Guide. EAP Controller Software

User Guide. EAP Controller Software User Guide EAP Controller Software 1910012206 REV 2.4.8 July 2017 CONTENTS 1 Quick Start... 1 1.1 Determine the Network Topology...2 1.1.1 Management in the Same Subnet... 2 1.1.2 Management in Different

More information

LAN and WLAN 802.1X Deployment Guide. February 2012 Series

LAN and WLAN 802.1X Deployment Guide. February 2012 Series LAN and WLAN 802.1X Deployment Guide Preface Who Should Read This Guide This Cisco Smart Business Architecture (SBA) guide is for people who fill a variety of roles: Systems engineers who need standard

More information

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3 Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3 Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Configuration Declare RADIUS Server on WLC Create

More information

Configuring Link Aggregation

Configuring Link Aggregation Information About Link Aggregation, page 1 Restrictions for Link Aggregation, page 1 (GUI), page 3 (CLI), page 4 Verifying Link Aggregation Settings (CLI), page 4 Configuring Neighbor Devices to Support

More information

802.11ac Wireless Access Point Model WAC104

802.11ac Wireless Access Point Model WAC104 Point Model WAC104 User Manual October 2016 202-11698-01 350 E. Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register

More information

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers. EEE00F Lab Basics of the Network Lab Student Lab Manual Before you start the lab exercises see the lab administrator or EEE00F tutor to get assigned to your routers. Contents. Resources used in the labs...

More information

WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide

WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide Document ID: 112932 Contents Introduction Prerequisites Requirements Platforms Supported Conventions VLAN Select Feature

More information

Wireless Access Point

Wireless Access Point 802.11g / 802.11b / WPA Wireless Access Point User's Guide TABLE OF CONTENTS CHAPTER 1 INTRODUCTION... 1 Features of your Wireless Access Point... 1 Package Contents... 4 Physical Details... 4 CHAPTER

More information

WiNG 5.x How-To Guide

WiNG 5.x How-To Guide WiNG 5.x How-To Guide Tunneling Remote Traffic using L2TPv3 Part No. TME-08-2012-01 Rev. A MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola

More information

This document is designed as a reference for installing AirWave using the CentOS software bundled with the.iso disc image.

This document is designed as a reference for installing AirWave using the CentOS software bundled with the.iso disc image. AirWave 7.6 Installation Guide Overview This document is designed as a reference for installing AirWave using the CentOS software bundled with the.iso disc image. Installing on a VMware Server Be sure

More information

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN

More information

CAP1750. User Manual / v1.1

CAP1750. User Manual / v1.1 CAP1750 User Manual 12-2015 / v1.1 CONTENTS I. Product Information...2 I-1. Package Contents... 2 I-2. System Requirements... 3 I-3. Hardware Overview... 3 I-4. LED Status... 4 I-5. Reset... 4 I-6. Safety

More information

CSPC OVA Getting Started Guide

CSPC OVA Getting Started Guide S M A R T N E T T O T A L C A R E S U P P O R T T E A M CSPC 2.6.1 OVA Getting Started Guide Copyright 2016 Cisco Systems, Inc. Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose,

More information

NETWORK LAB 2 Configuring Switch Desktop

NETWORK LAB 2 Configuring Switch Desktop Configuring Switch 1. Select the switch tab and then add a switch from the list of switches we have to the workspace, we will choose (2950-24) switch. 2. Add a number of PCs next to the switch in order

More information

Converting Autonomous Access Points to Lightweight Mode, page 2

Converting Autonomous Access Points to Lightweight Mode, page 2 Converting Autonomous Access Points to Lightweight Mode Information About, page 2 Restrictions for, page 2, page 2 Reverting from Lightweight Mode to Autonomous Mode, page 3 Authorizing Access Points,

More information

Implementing Cisco Unified Wireless Networking Essentials Volume 1

Implementing Cisco Unified Wireless Networking Essentials Volume 1 Volume 1 I. Course Introduction A. Learner Skills and Knowledge B. Course Goals and Objectives C. Course Flow D. Additional References 1. Cisco Glossary of Terms E. Your Training Curriculum II. Wireless

More information

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 Document ID: 72013 Contents Introduction Prerequisites Requirements Components Used Network Diagram Conventions Windows Enterprise

More information