WLAN Configuration

Module 13: WLAN Configuration

Module Overview

  • This module focuses on WLAN configuration, covering both wireless routers and Wireless LAN Controllers (WLCs).
  • It includes instructor materials such as planning guides and class presentations.
  • It also includes activities such as videos, packet tracers, hands-on labs, and module quizzes.

Module Activities

  • Videos:
    • Configure a Wireless Network (13.1.1)
    • Configure a Basic WLAN on the WLC (13.2.1)
    • Define an SNMP and RADIUS Server on the WLC (13.3.1)
    • Configure a VLAN for a New WLAN (13.3.5)
    • Configure a DHCP Scope (13.3.8)
    • Configure a WPA2 Enterprise WLAN (13.3.10)
  • Packet Tracers:
    • Configure a Wireless Network (13.1.10)
    • Configure a Basic WLAN on the WLC (13.2.7)
    • Configure a WPA2 Enterprise WLAN on the WLC (13.3.12)
    • Troubleshoot WLAN Issues (13.4.5)
    • WLAN Configuration (13.5.1)
  • Lab:
    • Configure a Wireless Network (13.1.11)
  • Module Quiz:
    • WLAN Configuration (13.5.3)

Module Best Practices

  • Review activities and assessments before teaching.
  • Engage students with questions during the presentation.
  • The L2 Security and WLANs Exam covers Modules 10-13.

Guiding Questions for Discussions

  • Topic 13.1:
    • Why periodically change credentials on your wireless router?
    • What value does QoS provide to a home user?
  • Topic 13.2:
    • What are the benefits of deploying a network using a WLC?
    • What protocol does the WLC use to learn about the AP?
  • Topic 13.3:
    • What is a downside to centralized authentication with RADIUS?
    • Why disable SSID broadcast?
  • Topic 13.4:
    • Why is updated firmware important for network security?
    • What benefit do different wireless networks (2.4GHz and 5GHz) provide?

Module Objectives

  • Implement a WLAN using a wireless router and WLC.

    • Configure a WLAN to support a remote site.
    • Configure a WLC WLAN to use the management interface and WPA2 PSK authentication.
    • Configure a WLC WLAN to use a VLAN interface, a DHCP server, and WPA2 Enterprise authentication.
    • Troubleshoot common wireless configuration issues.

13.1 Remote Site WLAN Configuration

  • Covers configuring a WLAN for remote sites, focusing on small office and home routers.
  • Explores the use of wireless router web pages, changing passwords, and adjusting WAN/LAN settings.
The Wireless Router
  • Integrated routers include a switch for wired clients, a WAN port for internet, and wireless components.
  • These routers offer WLAN security, DHCP, NAT, QoS, and other features.
Logging into the Wireless Router
  • Default credentials should be changed immediately for security.
  • Access the configuration GUI via a web browser using the router's IP address.
  • Default username and password is often "admin".
Basic Network Setup
  • Steps to configure the WLAN:
    • Login to the router via web browser.
    • Change the default administrative password.
    • Login with the new administrative password.
    • Change the default DHCP IPv4 addresses.
    • Renew the IP address.
    • Log in to the router with the new IP address.
Basic Wireless Setup
  • Steps to configure the WLAN:
    • View the WLAN defaults.
    • Change the network mode based on the 802.11 standard.
    • Configure the SSID.
    • Configure the channel, avoiding overlapping channels.
    • Configure the security mode (Open, WPA, WPA2 Personal, WPA2 Enterprise).
    • Configure the passphrase for the chosen security mode.
Wireless Mesh Network
  • Extends wireless range beyond 45 meters indoors/90 meters outdoors.
  • Created by adding access points with the same settings but different channels.
  • Manufacturers provide smartphone apps to simplify WMN setup.
NAT for IPv4
  • Routers use NAT to allow LAN hosts to communicate with the outside world using a single public IPv4 address.
  • NAT translates private IPv4 addresses to a public IPv4 address.
  • The router tracks source port numbers for each session.
  • If IPv6 is enabled, each device gets a unique IPv6 address.
Quality of Service (QoS)
  • Prioritizes traffic types like voice and video over less time-sensitive traffic like email.
  • Traffic prioritization can occur on specific ports.
Port Forwarding
  • Wireless routers block TCP and UDP ports by default.
  • Port forwarding directs traffic between devices on separate networks.
  • Port triggering temporarily forwards data through inbound ports to a specific device based on outbound requests.

13.2 Configure a Basic WLAN on the WLC

  • Focuses on configuring a basic WLAN using a Wireless LAN Controller (WLC).
  • Covers accessing the WLC GUI, understanding network summaries, configuring new WLANs, and securing them.
WLC Topology
  • Uses controller-based APs (lightweight APs or LAPs).
  • LAPs use Lightweight Access Point Protocol (LWAPP) to communicate with a WLC.
  • Controller-based APs are ideal when multiple APs are required.
  • As APs are added, each AP is automatically configured and managed by the WLC.
Logging into the WLC
  • Login using credentials configured during the initial setup.
  • The Network Summary page provides an overview of wireless networks, associated APs, and active clients.
  • It also displays the number of rogue access points and clients.
Viewing AP Information
  • Access Points menu displays AP system information and performance.
  • CDP (Cisco Discovery Protocol) helps WLC know the connected switch port.
  • Cisco Aironet 1815i APs support command-line access with IOS commands.
Advanced Settings
  • Advanced settings allows access to all the features of the WLC.
Configuring a WLAN
  • WLCs have Layer 2 switch ports and virtual interfaces, similar to VLAN interfaces.
  • Each physical port supports multiple APs and WLANs.
  • Ports on the WLC acts like trunk ports, able to carry traffic from multiple VLANs to a switch for distribution to multiple APs.
Basic WLAN Configuration Steps:
  1. Create the WLAN
  2. Apply and Enable the WLAN
  3. Select the Interface
  4. Secure the WLAN
  5. Verify the WLAN is Operational
  6. Monitor the WLAN
  7. View Wireless Client Information

13.3 Configure a WPA2 Enterprise WLAN on the WLC

  • Explains how to configure a WPA2 Enterprise WLAN using a WLC.
  • Covers defining SNMP and RADIUS servers, configuring VLANs, DHCP scopes, and securing the WLAN.
SNMP and RADIUS
  • SNMP is used for network monitoring, and RADIUS is used for AAA (Authentication, Authorization, and Accounting).
  • WLC forwards SNMP traps to the SNMP server.
  • RADIUS server authenticates users based on their credentials.
  • RADIUS is required for WPA2 Enterprise authentication.
Configuring SNMP Server Information
  1. Click the MANAGEMENT tab to access a variety of management features.
  2. Click SNMP to expand the sub-menus.
  3. Click Trap Receivers.
  4. Click New… to configure a new SNMP trap receiver.
    • Enter the SNMP Community name and the IP address (IPv4 or IPv6) for the SNMP server and then click Apply.
Configuring RADIUS Server Information
  1. Click SECURITY.
  2. Click RADIUS
  3. Click Authentication
  4. Click New… to add PC-A as the RADIUS server.
    • Enter the IPv4 address for PC-A and the shared secret that will be used between the WLC and the RADIUS server and then click Apply.
Configuring a New Interface
  • Each WLAN requires its own virtual interface.
  • The WLC can be configured to support multiple WLANs and virtual interfaces.
VLAN Interface Configuration Steps:
  1. Create a new interface.
  2. Configure the VLAN name and ID.
  3. Configure the port and interface address.
  4. Configure the DHCP server address.
  5. Apply and Confirm.
  6. Verify Interfaces.
Configuring a DHCP Scope
  • The WLC can act as a DHCP server.
DHCP Scope Configuration Steps:
  1. Create a new DHCP scope.
  2. Name the DHCP scope.
  3. Verify the new DHCP scope.
  4. Configure and enable the new DHCP scope.
  5. Verify the enable DHCP scope
Configuring a WPA2 Enterprise WLAN
  • By default, newly created WLANs use WPA2 with AES (Advanced Encryption System).
  • 802.1X is the default key management protocol for RADIUS communication.
WPA2 Enterprise WLAN Configuration Steps:
  1. Create a new WLAN.
  2. Configure the WLAN name and SSID.
  3. Enable the WLAN for VLAN 5.
  4. Verify AES and 802.1X defaults.
  5. Configure WLAN security to use the RADIUS server.
  6. Verify the new WLAN is available.

13.4 Troubleshoot WLAN Issues

  • Covers systematic approaches to troubleshooting WLAN issues.
  • Emphasizes identifying the problem, establishing theories, testing, planning solutions, verifying functionality, and documenting findings.
Troubleshooting Approaches
  • Network problems can stem from hardware, software, or connectivity issues.
  • A systematic approach is essential for efficient troubleshooting.
Troubleshooting Steps:
  1. Identify the Problem: Talk to user.
  2. Establish a Theory of Probable Causes: Develop probable causes for the issue.
  3. Test the Theory to Determine Cause: Test theories until actual cause is determined.
  4. Establish a Plan of Action to Resolve the Problem and Implement the Solution: Once cause is known, create a resolution plan.
  5. Verify Full System Functionality and Implement Preventive Measures: After correction, verify functionality.
  6. Document Findings, Actions, and Outcomes: Document all discovery and corrections for future references.
Wireless Client Not Connecting
  • Check network configuration (ipconfig).
  • Verify connectivity to the wired network (ping).
  • Reload or try different wireless NIC drivers.
  • Check security mode and encryption settings on the client.
  • Check range and Interference of 2.4 GHz band.
  • Ensure there is power to all devices and that they are powered on?
  • Inspect links between cabled devices looking for bad connectors or damaged or missing cables.
Troubleshooting a Slow Network
  • Upgrade to newer wireless clients to 802.11n or better.
  • Split traffic between the 2.4 GHz and 5 GHz bands.
  • Improve the range of a wireless network, ensure the wireless router or AP location is free of obstructions, such as furniture, fixtures, and tall appliances.
  • Wi-Fi Range Extender or deploying the Powerline wireless technology may be used.
Updating Firmware
  • Regularly update firmware on wireless routers and APs.
  • WLCs can often upgrade firmware on controlled APs centrally.

13.5 Module Practice and Summary

  • Summarizes key concepts learned in the module.
Key Learnings:
  • Wireless routers are commonly used in remote sites, small branch offices, and home networks.
  • They integrate switching, routing, and wireless access.
  • Changing default router credentials is crucial for security.
  • NAT translates private IPv4 addresses to public ones.
  • QoS prioritizes traffic.
  • WLCs control APs and offer more management features than standalone routers.
  • SNMP monitors the network, and RADIUS handles AAA.
  • Troubleshooting involves a systematic process of elimination.
  • Split traffic across dual-band routers or upgrade wireless clients.
  • Keep firmware updated for fixes and security patches.
New Terms and Commands
  • Network Address Translation (NAT)
  • Wireless Mesh Network (WMN)
  • Port Forwarding
  • Port Triggering