NET-130 (NetAcad Chapter 13)
4. Change the default DHCP IPv4 addresses.
Change the default router IPv4 address. It is a best practice to use private IPv4 addressing inside your network. The IPv4 address 10.10.10.1 is used in the example but it could be any private IPv4 address you choose. Click the next step.
2. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?
private
1. Create a new DHCP scope.
A DHCP scope is very similar to a DHCP pool on a router. It can include a variety of information including a pool of addresses to assign to DHCP clients, DNS server information, lease times, and more. To configure a new DHCP scope, click Internal DHCP Server > DHCP Scope > New..., as shown in the figure. 1. Click Internal DHCP Server. 2. Click DHCP Scope. 3. Click New...
2. Apply and Enable the WLAN
After clicking Apply, the network administrator must enable the WLAN before it can be accessed by users, as shown in the figure. The Enable checkbox allows the network administrator to configure a variety of features for the WLAN, as well as additional WLANs, before enabling them for wireless client access. From here, the network administrator can configure a variety of settings for the WLAN including security, QoS, policies, and other advanced settings.
1. Log in to the router from a web browser.
After logging in, a GUI opens. The GUI will have tabs or menus to help you navigate to various router configuration tasks. It is often necessary to save the settings changed in one window before proceeding to another window. At this point, it is a best practice to make changes to the default settings. Click the next step.
Step 5 Verify Full System Functionality and Implement Preventive Measures
After you have corrected the problem, verify full functionality and, if applicable, implement preventive measures.
Step 4 Establish a Plan of Action to Resolve the Problem and Implement the Solution
After you have determined the exact cause of the problem, establish a plan of action to resolve the problem and implement the solution.
Step 2 Establish a Theory of Probable Causes
After you have talked to the user and identified the problem, you can try and establish a theory of probable causes. This step often yields more than a few probable causes to the problem.
3. Log in with the new administrative password.
After you save the new password, the wireless router will request authorization again. Enter the username and new password, as shown in the example. Click the next step.
3. Configure the SSID.
Assign an SSID to the WLANs. OfficeNet is used in the example for all three WLANs (the third WLAN is not shown). The wireless router announces its presence by sending broadcasts advertising its SSID. This allows wireless hosts to automatically discover the name of the wireless network. If the SSID broadcast is disabled, you must manually enter the SSID on each wireless device that connects to the WLAN. Click the next step.
Step 3 Test the Theory to Determine Cause
Based on the probable causes, test your theories to determine which one is the cause of the problem. A technician will often apply a quick procedure to test and see if it solves the problem. If a quick procedure does not correct the problem, you might need to research the problem further to establish the exact cause.
13.1.4 Basic Network Setup
Basic network setup includes the following steps: 1. Log in to the router from a web browser. 2. Change the default administrative password. 3. Log in with the new administrative password. 4. Change the default DHCP IPv4 addresses. 5. Renew the IP address. 6. Log in to the router with the new IP address.
13.1.5 Basic Wireless Setup
Basic wireless setup includes the following steps: 1. View the WLAN defaults. 2. Change the network mode. 3. Configure the SSID. 4. Configure the channel. 5. Configure the security mode. 6. Configure the passphrase.
13.3.11 Configure a WPA2 Enterprise WLAN
By default, all newly created WLANs on the WLC will use WPA2 with Advanced Encryption System (AES). 802.1X is the default key management protocol used to communicate with the RADIUS server. Because the network administrator already configured the WLC with the IPv4 address of the RADIUS server running on PC-A, the only configuration left to do is to create a new WLAN to use interface vlan5. Configuring a new WLAN on the WLC includes the following steps: 1. Create a new WLAN. 2. Configure the WLAN name and SSID. 3. Enable the WLAN for VLAN 5. 4. Verify AES and 802.1X defaults. 5. Configure WLAN security to use the RADIUS server. 6. Verify the new WLAN is available.
3. A user has just purchased a generic home router and would like to secure it. What should be done to help secure the wireless home router?
Change the default administrator password
13.2.4 View AP Information
Click Access Points from the left menu to view an overall picture of the AP's system information and performance, as shown in the next figure. The AP is using IP address 192.168.200.3. Because Cisco Discovery Protocol (CDP) is active on this network, the WLC knows that the AP is connected to the FastEthernet 0/1 port on the switch. This AP in the topology is a Cisco Aironet 1815i which means you can use the command-line and a limited set of familiar IOS commands. In the example, the network administrator pinged the default gateway, pinged the WLC, and verified the wired interface. AP1# ping 192.168.200.1 Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1069812.242/1071814.785/1073817.215 ms AP1# ping 192.168.200.254 Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1055820.953/1057820.738/1059819.928 ms AP1# show interface wired 0 wired0 Link encap:Ethernet HWaddr 2C:4F:52:60:37:E8 inet addr:192.168.200.3 Bcast:192.168.200.255 Mask:255.255.255.255 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2478 errors:0 dropped:3 overruns:0 frame:0 TX packets:1494 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:80 RX bytes:207632 (202.7 KiB) TX bytes:300872 (293.8 KiB) AP1#
7. View Wireless Client Details
Click Clients in the left menu to view more information about the clients connected to the WLAN, as shown in the figure. One client is attached to Wireless_LAN through AP1 and was given the IP address 192.168.5.2. DHCP services in this topology are provided by the router.
6. Verify Interfaces.
Click Interfaces. The new vlan5 interface is now shown in the list of interfaces with its IPv4 address, as shown in the figure.
13.3.8 Video - Configure a DHCP Scope
Click Play in the figure to view a demonstration of configuring DHCP services.
13.3.5 Video - Configure a VLAN for a New WLAN
Click Play in the figure to view a demonstration of configuring a VLAN on the WLC.
13.3.10 Video - Configure a WPA2 Enterprise WLAN
Click Play in the figure to view a demonstration of configuring a new WLAN with WPA2 Enterprise on the WLC.
13.1.1 Video - Configure a Wireless Network
Click Play in the figure to view a demonstration of how to configure a wireless network.
5. Verify the WLAN is Operational
Click WLANs in the menu on the left to view the newly configured WLAN. In the figure, you can verify that WLAN ID 1 is configured with Wireless_LAN as the name and SSID, it is enabled, and is using WPA2 PSK security.
13.3.3 Configure SNMP Server Information
Click the MANAGEMENT tab to access a variety of management features. SNMP is listed at the top of the menu on the left. Click SNMP to expand the sub-menus, and then click Trap Receivers. Click New... to configure a new SNMP trap receiver, as shown in the figure. 1. Click MANAGEMENT 2. Click SNMP 3. Click Trap Receivers 4. Click New... Enter the SNMP Community name and the IP address (IPv4 or IPv6) for the SNMP server. Click Apply. The WLC will now forward SNMP log messages to the SNMP server.
6. Monitor the WLAN
Click the Monitor tab at the top to access the advanced Summary page again. Here you can see that the Wireless_LAN now has one client using its services, as shown in the figure.
4. Secure the WLAN
Click the Security tab to access all the available options for securing the LAN. The network administrator wants to secure Layer 2 with WPA2-PSK. WPA2 and 802.1X are set by default. In the Layer 2 Security drop down box, verify that WPA+WPA2 is selected (not shown). Click PSK and enter the pre-shared key, as shown in the figure. Then click Apply. This will enable the WLAN with WPA2-PSK authentication. Wireless clients that know the pre-shared key can now associate and authenticate with the AP.
4. Verify AES and 802.1X defaults.
Click the Security tab to view the default security configuration for the new WLAN. The WLAN will use WPA2 security with AES encryption. Authentication traffic is handled by 802.1X between the WLC and the RADIUS server. The figure depicts verifying AES and 802.1X defaults on a WLC GUI. The WLANs tab on the main menu is selected. Under WLANs > Edit the Security sub-menu is selected and outlined with a rectangle and the number 1. Under WPA2 Encryption, AES is selected and outlined with a rectangle and the number 2. Under Authentication Key Management, 802.1X is enabled and outlined with a rectangle and the number 3. 1. Click Security tab 2. Verify AES is the encryption 3. Verify 802.1X is the authentication key management protocol
1. Create a new WLAN.
Click the WLANs tab and then Go to create a new WLAN, as shown in the figure.
13.2.3 Log in to the WLC
Configuring a wireless LAN controller (WLC) is not that much different from configuring a wireless router. The big difference is that a WLC controls APs and provides more services and management capabilities, many of which are beyond the scope of this module. Note: The figures in this topic that show the graphical user interface (GUI) and menus are from a Cisco 3504 Wireless Controller. However, other WLC models will have similar menus and features. The figure shows the user logging into the WLC with credentials that were configured during initial setup. The Network Summary page is a dashboard that provides a quick overview of the number of configured wireless networks, associated access points (APs), and active clients. You can also see the number of rogue access points and clients, as shown in the figure.
13. What is a difference between autonomous APs that operate in a home environment and controller-based APs that operate in a corporate environment?
Controller-based APs can be automatically configured and managed by a WLAN controller
13.3.9 Configure a DHCP Scope
DHCP scope configuration includes the following steps: 1. Create a new DHCP scope. 2. Name the DHCP scope. 3. Verify the new DHCP scope. 4. Configure and enable the new DHCP scope. 5. Verify the enable DHCP scope
4. Configure the channel.
Devices configured with the same channel within the 2.4GHz band may overlap and cause distortion, slowing down the wireless performance and potentially break network connections. The solution to avoid interference is to configure non-overlapping channels on the wireless routers and access points that are near to each other. Specifically, channels 1, 6, and 11 are non-overlapping. In the example, the wireless router is configured to use channel 6. Click the next step.
1. A user is configuring a wireless access point and wants to prevent any neighbors from discovering the network. What action does the user need to take?
Disable SSID broadcast
13.3.6 Topology with VLAN 5 Addressing
Each WLAN configured on the WLC needs its own virtual interface. The WLC has five physical ports for data traffic. Each physical port can be configured to support multiple WLANs, each on its own virtual interface. Physical ports can also be aggregated to create high-bandwidth links. The network administrator has decided that the new WLAN will use interface VLAN 5 and network 192.168.5.0/24. R1 already has a subinterface configured and active for VLAN 5, as shown in the topology and show ip interface brief output. Topology PC-APC-BR1S1AP1F0/0F0/18F0/6F0/5F0/1G1F0/1 RADIUS/SNMP ServerPoEWLCManagement: 192.168.200.254Interface VLAN5: 192.168.5.254802.1q trunk802.1q trunk802.1q trunkVLAN5: 192.168.5.1 R1# show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 172.16.1.1 YES manual up up FastEthernet0/1 unassigned YES unset up up FastEthernet0/1.1 192.168.200.1 YES manual up up FastEthernet0/1.5 192.168.5.254 YES manual up up (output omitted) R1#
11. A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.)
Ensure that the wireless SSID is chosen Ensure that the wireless NIC is enabled
6. Log in to the router with the new IP address.
Enter the router's new IP address to regain access to the router configuration GUI, as shown in the example. You are now ready to continue configuring the router for wireless access.
2. Configure the WLAN name and SSID.
Fill in the profile name and SSID. In order to be consistent with the VLAN that was previously configured, choose an ID of 5. However, any available value can be used. Click Apply to create the new WLAN, as shown in the figure.
13.1.6 Configure a Wireless Mesh Network
In a small office or home network, one wireless router may suffice to provide wireless access to all the clients. However, if you want to extend the range beyond approximately 45 meters indoors and 90 meters outdoors, you can add wireless access points. As shown in the wireless mesh network in the figure, two access points are configured with the same WLAN settings from our previous example. Notice that the channels selected are 1 and 11 so that the access points do not interfere with channel 6 configured previously on the wireless router. Extending a WLAN in a small office or home has become increasingly easier. Manufacturers have made creating a wireless mesh network (WMN) simple through smartphone apps. You buy the system, disperse the access points, plug them in, download the app, and configure your WMN in a few steps. Search the internet for "best wi-fi mesh network system" to find reviews of current offerings.
4. Configure the DHCP server address.
In larger enterprises, WLCs will be configured to forward DHCP messages to a dedicated DHCP server. Scroll down the page to configure the primary DHCP server as IPv4 address 192.168.5.1, as shown in the figure. This is the default gateway router address. The router is configured with a DHCP pool for the WLAN network. As hosts join the WLAN that is associated with the VLAN 5 interface, they will receive addressing information from this pool.
13.3.4 Configure RADIUS Server Information
In our example configuration, the network administrator wants to configure a WLAN using WPA2 Enterprise, as opposed to WPA2 Personal or WPA2 PSK. Authentication will be handled by the RADIUS server running on PC-A. To configure the WLC with the RADIUS server information, click the SECURITY tab > RADIUS > Authentication. No RADIUS servers are currently configured. Click New... to add PC-A as the RADIUS server. 1. Click SECURITY 2. Click RADIUS 3. Click Authentication 4. Click New... Enter the IPv4 address for PC-A and the shared secret. This is the password used between the WLC and the RADIUS server. It is not for users. Click Apply, as shown in the figure. After clicking Apply, the list of configured RADIUS Authentication Servers refreshes with the new server listed, as shown in the figure.
13.3.2 SNMP and RADIUS
In the figure, PC-A is running Simple Network Management Protocol (SNMP) and Remote Authentication Dial-In User Service (RADIUS) server software. SNMP is used to monitor the network. The network administrator wants the WLC to forward all SNMP log messages, called traps, to the SNMP server. In addition, for WLAN user authentication, the network administrator wants to use a RADIUS server for authentication, authorization, and accounting (AAA) services. Instead of entering a publicly known pre-shared key to authenticate, as they do with WPA2-PSK, users will enter their own username and password credentials. The credentials will be verified by the RADIUS server. This way, individual user access can be tracked and audited if necessary and user accounts can be added or modified from a central location. The RADIUS server is required for WLANs that are using WPA2 Enterprise authentication. Note: SNMP server and RADIUS server configuration is beyond the scope of this module. Topology PC-APC-BR1S1AP1WLCF0/0F0/1F0/5F0/18G1F0/6F0/1 RADIUS/SNMP ServerAdminPoE802.1q trunk802.1q trunk802.1q trunk
1. Create the WLAN
In the figure, the administrator is creating a new WLAN that will use Wireless_LAN as the name and service set identifier (SSID). The ID is an arbitrary value that is used to identify the WLAN in display output on the WLC.
2. Configure the VLAN name and ID.
In the figure, the network administrator configures the interface name as vlan5 and the VLAN ID as 5. Clicking Apply will create the new interface.
Step 6 Document Findings, Actions, and Outcomes
In the final step of the troubleshooting process, document your findings, actions, and outcomes. This is very important for future reference.
13.2.1 Video - Configure a Basic WLAN on the WLC
In the previous topic you learned about remote site WLAN configuration. This topic is about configuring a basic WLAN on the WLC. Click Play in the figure to view a demonstration of configuring a Cisco 3504 WLC with basic WLAN connectivity.
13.4.1 Troubleshooting Approaches
In the previous topics, you learned about WLAN configuration. Here we will discuss troubleshooting WLAN issues. Network problems can be simple or complex, and can result from a combination of hardware, software, and connectivity issues. Technicians must be able to analyze the problem and determine the cause of the error before they can resolve the network issue. This process is called troubleshooting. Troubleshooting any sort of network problem should follow a systematic approach. A common and efficient troubleshooting methodology is based on the scientific method and can be broken into the six main steps shown in the table.
13.1.8 Quality of Service
Many wireless routers have an option for configuring Quality of Service (QoS). By configuring QoS, you can guarantee that certain traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing. On some wireless routers, traffic can also be prioritized on specific ports. The figure is a simplified mockup of a QoS interface based on a Netgear GUI. You will usually find the QoS settings in the advanced menus. If you have a wireless router available, investigate the QoS settings. Sometimes, these might be listed under "bandwidth control" or something similar. Consult the wireless router's documentation or search the internet for "qos settings" for your router's make and model.
14. Which WLC tab would a network administrator typically use to see a summary view of the most heavily used WLANs including the number of clients using a particular WLAN?
Monitor
13.2.5 Advanced Settings
Most WLC will come with some basic settings and menus that users can quickly access to implement a variety of common configurations. However, as a network administrator, you will typically access the advanced settings. For the Cisco 3504 Wireless Controller, click Advanced in the upper right-hand corner to access the advanced Summary page, as shown in the figure. From here, you can access all the features of the WLC.
13.4.4 Updating Firmware
Most wireless routers and APs offer upgradable firmware. Firmware releases may contain fixes for common problems reported by customers as well as security vulnerabilities. You should periodically check the router or AP for updated firmware. In the figure, the network administrator is verifying that the firmware is up to date on a Cisco Meraki AP. On a WLC, there will most likely be the ability to upgrade the firmware on all APs that the WLC controls. In the next figure, the network administrator is downloading the firmware image that will be used to upgrade all the APs. On a Cisco 3504 Wireless Controller, Click the WIRELESS tab > Access Points from the left menu > Global Configuration submenu. Then scroll to the bottom of the page for the AP Image Pre-download section. Users will be disconnected from the WLAN and the internet until the upgrade finishes. The wireless router may need to reboot several times before normal network operations are restored.
13.1.3 Log in to the Wireless Router
Most wireless routers are ready for service out of the box. They are preconfigured to be connected to the network and provide services. For example, the wireless router uses DHCP to automatically provide addressing information to connected devices. However, wireless router default IP addresses, usernames, and passwords can easily be found on the internet. Just enter the search phrase "default wireless router IP address" or "default wireless router passwords" to see a listing of many websites that provide this information. For example, username and password for the wireless router in the figure is "admin". Therefore, your first priority should be to change these defaults for security reasons. To gain access to the wireless router's configuration GUI, open a web browser. In the address field, enter the default IP address for your wireless router. The default IP address can be found in the documentation that came with the wireless router or you can search the internet. The figure shows the IPv4 address 192.168.0.1, which is a common default for many manufacturers. A security window prompts for authorization to access the router GUI. The word admin is commonly used as the default username and password. Again, check your wireless router's documentation or search the internet.
12. In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?
NAT
13.1.7 NAT for IPv4
On a wireless router, if you look for a page like the Status page shown in the figure, you will find the IPv4 addressing information that the router uses to send data to the internet. Notice that the IPv4 address is 209.165.201.11 is a different network than the 10.10.10.1 address assigned to the router's LAN interface. All the devices on the router's LAN will get assigned addresses with the 10.10.10 prefix. The 209.165.201.11 IPv4 address is publicly routable on the internet. Any address with the 10 in the first octet is a private IPv4 address and cannot be routed on the internet. Therefore, the router will use a process called Network Address Translation (NAT) to convert private IPv4 addresses to internet-routable IPv4 addresses. With NAT, a private (local) source IPv4 address is translated to a public (global) address. The process is reversed for incoming packets. The router is able to translate many internal IPv4 addresses into public addresses, by using NAT. Some ISPs use private addressing to connect to customer devices. However, eventually, your traffic will leave the provider's network and be routed on the internet. To see the IP addresses for your devices, search the internet for "what is my IP address." Do this for other devices on the same network and you will see that they all share the same public IPv4 address. NAT makes this possible by tracking the source port numbers for every session established by a device. If your ISP has IPv6 enabled, you will see a unique IPv6 address for each device.
3. Configure the port and interface address.
On the Edit page for the interface, configure the physical port number. G1 in the topology is Port Number 1 on the WLC. Then configure the VLAN 5 interface addressing. In the figure, VLAN 5 is assigned IPv4 address 192.168.5.254/24. R1 is the default gateway at IPv4 address 192.168.5.1.
4. Configure and enable the new DHCP scope.
On the Edit screen for the Wireless_Management scope, configure a pool of addresses for the 192.168.200.0/24 network starting at .240 and ending at .249. The network address and subnet mask are configured. The default router IPv4 address is configured, which is the subinterface for R1 at 192.168.200.1. For this example, the rest of the scope is left unchanged. The network administrator selects Enabled from the Status drop down and clicks Apply.
2. Name the DHCP scope.
On the next screen, name the scope. Because this scope will apply to the wireless management network, the network administrator uses Wireless_Management as the Scope Name and clicks Apply.
5. Configure the security mode.
Out of the box, a wireless router may have no WLAN security configured. In the example, the personal version of Wi-Fi Protected Access version 2 (WPA2 Personal) is selected for all three WLANs. WPA2 with Advanced Encryption Standard (AES) encryption is currently the strongest security mode. Click the next step.
1. View the WLAN defaults.
Out of the box, a wireless router provides wireless access to devices using a default wireless network name and password. The network name is called the Service Set Identified (SSID). Locate the basic wireless settings for your router to change these defaults, as shown in the example. Click the next step.
9. What functionality is required on routers to provide remote workers with VoIP and videoconferencing capabilities?
QoS
13.1.2 The Wireless Router
Remote workers, small branch offices, and home networks often use a small office and home router. These routers are sometimes called an integrated router because they typically include a switch for wired clients, a port for an internet connection (sometimes labeled "WAN"), and wireless components for wireless client access, as shown for the Cisco Meraki MX64W in the figure. For the rest of this module, small office and home routers are referred to as wireless routers. Cisco Meraki MX64W The next figure shows a topology depicting the physical connection of a wired laptop to the wireless router, which is then connected to a cable or DSL modem for internet connectivity. These wireless routers typically provide WLAN security, DHCP services, integrated Name Address Translation (NAT), quality of service (QoS), as well as a variety of other features. The feature set will vary based on the router model. Note: Cable or DSL modem configuration is usually done by the service provider's representative either on-site or remotely through a walkthrough with you on the phone. If you buy the modem, it will come with documentation for how to connect it to your service provider which will most likely include contacting your service provider for more information.
13.5.2 What did I learn in this module?
Remote workers, small branch offices, and home networks often use a wireless router, which typically include a switch for wired clients, a port for an internet connection (sometimes labeled "WAN"), and wireless components for wireless client access. Most wireless routers are preconfigured to be connected to the network and provide services. The wireless router uses DHCP to automatically provide addressing information to connected devices. Your first priority should be to change the username and password of your wireless router. Use your router's interface to complete basic network and wireless setup. If you want to extend the range beyond approximately 45 meters indoors and 90 meters outdoors, you can add wireless access points. The router will use a process called Network Address Translation (NAT) to convert private IPv4 addresses to Internet-routable IPv4 addresses. By configuring QoS, you can guarantee that certain traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing. Lightweight APs (LAPs) use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC). Configuring a wireless LAN controller (WLC) is similar to configuring a wireless router except that a WLC controls APs and provides more services and management capabilities. Use the WLC interface to view an overall picture of the AP's system information and performance, to access advanced settings and to configure a WLAN. SNMP is used monitor the network. The WLC is set to forward all SNMP log messages, called traps, to the SNMP server. For WLAN user authentication, a RADIUS server is used for authentication, accounting, and auditing (AAA) services. Individual user access can be tracked and audited. Use the WLC interface to configure SNMP server and RADIUS server information, VLAN interfaces, DHCP scope, and a WPA2 Enterprise WLAN. There are six steps to the troubleshooting process. When troubleshooting a WLAN, a process of elimination is recommended. Common problems are: no connectivity and poorly performing wireless connection when the PC is operational. To optimize and increase the bandwidth of 802.11 dual-band routers and APs, either: upgrade your wireless clients or split the traffic. Most wireless routers and APs offer upgradable firmware. Firmware releases may contain fixes for common problems reported by customers as well as security vulnerabilities. You should periodically check the router or AP for updated firmware.
4. Which protocol could be used by a company to monitor devices such as a wireless LAN controller (WLC)?
SNMP
5. Apply and Confirm.
Scroll to the top and click Apply, as shown in the figure. Click OK for the warning message.
2. Change the network mode.
Some wireless routers allow you to select which 802.11 standard to implement. The example shows that "Legacy" has been selected. This means wireless devices connecting to the wireless router can have a variety of wireless NICs installed. Today's wireless routers configured for legacy or mixed mode most likely support 802.11a, 802.11n, and 802.11ac NICs. Click the next step.
15. Users on an IEEE 802.11n network are complaining of slow speeds. The network administrator checks the AP and verifies it is operating properly. What can be done to improve the wireless performance in the network?
Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band
3. Enable the WLAN for VLAN 5.
The WLAN is created but it still needs to be enabled and associated with the correct VLAN interface. Change the status to Enabled and choose vlan5 from the Interface/Interface Group(G) dropdown list. Click Apply and click OK to accept the popup message, as shown in the figure. 1. Click Enabled 2. Choose vlan5. 3. Click Apply. 4. Click Ok.
Step 1 Identify the Problem
The first step in the troubleshooting process is to identify the problem. While tools can be used in this step, a conversation with the user is often very helpful.
5. Verify the enable DHCP scope
The network administrator is returned to the DHCP Scopes page and can verify the scope is ready to be allocated to a new WLAN.
13.3.1 Video - Define an SNMP and RADIUS Server on the WLC
The previous topic covered configuring a basic WLAN on the WLC. Now you will learn about configuring a WPA2 Enterprise WLAN. Click Play in the figure to view a demonstration of configuring SNMP and RADIUS services on the WLC.
13.2.2 WLC Topology
The topology and addressing scheme used for the videos and this topic are shown in the figure and the table. The access point (AP) is a controller-based AP as opposed to an autonomous AP. Recall that controller-based APs require no initial configuration and are often called lightweight APs (LAPs). LAPs use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC). Controller-based APs are useful in situations where many APs are required in the network. As more APs are added, each AP is automatically configured and managed by the WLC. Topology PC-APC-BR1S1AP1WLCF0/0F0/1F0/5F0/18G1F0/6F0/1 RADIUS/SNMP ServerAdminPoE802.1q trunk802.1q trunk The AP is PoE, which means it is powered over the Ethernet cable that is attached to the switch. Addressing Table Device Interface IP Address Subnet Mask R1 F0/0 172.16.1.1 255.255.255.0 R1 F0/1.1 192.168.200.1 255.255.255.0 S1 VLAN 1 DHCP WLC Management 192.168.200.254 255.255.255.0 AP1 Wired 0 192.168.200.3 255.255.255.0 PC-A NIC 172.16.1.254 255.255.255.0 PC-B NIC DHCP Wireless NIC DHCP Laptop
10. A wireless router is displaying the IP address of 192.168.0.1. What could this mean?
The wireless router still has the factory default IP address
8. A customer installs a wireless access point at home in the closet next to the kitchen. The customer mentions that the wireless communication performance seems degraded when the cordless phone or the microwave oven is in use. What is the possible reason for this degradation?
The wireless signal is in the same radio frequency range as the household devices are in
1. Create a new interface.
To add a new interface, click CONTROLLER > Interfaces > New..., as shown in the figure. 1. Click CONTROLLER 2. Click Interfaces 3. Click New...
2. Change the default administrative password.
To change the default login password, find the administration portion of the router's GUI. In this example, the Administration tab was selected. This is where the router password can be changed. On some devices, such as the one in the example, you can only change the password. The username remains admin or whatever the default username is for the router you are configuring. Click the next step.
13.4.3 Troubleshooting When the Network Is Slow
To optimize and increase the bandwidth of 802.11 dual-band routers and APs, either: Upgrade your wireless clients - Older 802.11b, 802.11g, and even 802.11n devices can slow the entire WLAN. For the best performance, all wireless devices should support the same highest acceptable standard. Although 802.11ax was released in 2019, 802.11ac is most likely that highest standard that enterprises can currently enforce. Split the traffic - The easiest way to improve wireless performance is to split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band. Therefore, 802.11n (or better) can use the two bands as two separate wireless networks to help manage the traffic. For example, use the 2.4 GHz network for basic internet tasks, such as web browsing, email, and downloads, and use the 5 GHz band for streaming multimedia, as shown in the figure. There are several reasons for using a split-the-traffic approach: The 2.4 GHz band may be suitable for basic Internet traffic that is not time-sensitive. The bandwidth may still be shared with other nearby WLANs. The 5 GHz band is much less crowded than the 2.4 GHz band; ideal for streaming multimedia. The 5 GHz band has more channels; therefore, the channel chosen is likely interference-free. By default, dual-band routers and APs use the same network name on both the 2.4 GHz band and the 5 GHz band. The simplest way to segment traffic is to rename one of the wireless networks. With a separate, descriptive name, it is easier to connect to the right network. To improve the range of a wireless network, ensure the wireless router or AP location is free of obstructions, such as furniture, fixtures, and tall appliances. These block the signal, which shortens the range of the WLAN. If this still does not solve the problem, then a Wi-Fi Range Extender or deploying the Powerline wireless technology may be used.
6. Verify that the new WLAN is available.
To verify the new WLAN is listed and enabled, click Back or the WLANs submenu on the left. Both the Wireless_LAN WLAN and the CompanyName WLAN are listed. In the figure, notice that both are enabled. Wireless_LAN is using WPA2 with PSK authentication. CompanyName is using WPA2 security with 802.1X authentication.
13.3.7 Configure a New Interface
VLAN interface configuration on the WLC includes the following steps: 1. Create a new interface. 2. Configure the VLAN name and ID. 3. Configure the port and interface address. 4. Configure the DHCP server address. 5. Apply and Confirm. 6. Verify Interfaces.
6. Configure the passphrase.
WPA2 personal uses a passphrase to authenticate wireless clients. WPA2 personal is easier to use in a small office or home environment because it does not require an authentication server. Larger organizations implement WPA2 enterprise and require wireless clients to authenticate with a username and password.
5. Configure the RADIUS server.
We now need to select the RADIUS server that will be used to authenticate users for this WLAN. Click the AAA Servers tab. In the dropdown box select the RADIUS server that was configured on the WLC previously. Apply your changes. 1. Click the AAA servers tab. 2. Select the RADIUS server with the IP address 172.16.1.254 from the drop-down list next to Server 1. 3. Apply your changes.
13.4.2 Wireless Client Not Connecting
When troubleshooting a WLAN, a process of elimination is recommended. In the figure, a wireless client is not connecting to the WLAN. If there is no connectivity, check the following: Confirm the network configuration on the PC using the ipconfig command. Verify that the PC has received an IP address via DHCP or is configured with a static IP address. Confirm that the device can connect to the wired network. Connect the device to the wired LAN and ping a known IP address. If necessary, reload drivers as appropriate for the client. It may be necessary to try a different wireless NIC. If the wireless NIC of the client is working, check the security mode and encryption settings on the client. If the security settings do not match, the client cannot gain access to the WLAN. If the PC is operational but the wireless connection is performing poorly, check the following: How far is the PC from an AP? Is the PC out of the planned coverage area (BSA)? Check the channel settings on the wireless client. The client software should detect the appropriate channel as long as the SSID is correct. Check for the presence of other devices in the area that may be interfering with the 2.4 GHz band. Examples of other devices are cordless phones, baby monitors, microwave ovens, wireless security systems, and potentially rogue APs. Data from these devices can cause interference in the WLAN and intermittent connection problems between a wireless client and AP. Next, ensure that all the devices are actually in place. Consider a possible physical security issue. Is there power to all devices and are they powered on? Finally, inspect links between cabled devices looking for bad connectors or damaged or missing cables. If the physical plant is in place, verify the wired LAN by pinging devices, including the AP. If connectivity still fails at this point, perhaps something is wrong with the AP or its configuration. When the user PC is eliminated as the source of the problem, and the physical status of devices is confirmed, begin investigating the performance of the AP. Check the power status of the AP.
5. Renew the IP address.
When you click save, you will temporarily lose access to the wireless router. Open a command window and renew your IP address with the ipconfig /renew command, as shown in the example. Click the next step.
3. Select the Interface
When you create a WLAN, you must select the interface that will carry the WLAN traffic. The next figure shows the selection of an interface that has already been created on the WLC. We will learn how to create interfaces later in this module.
13.2.6 Configure a WLAN
Wireless LAN Controllers have ports and interfaces. Ports are the sockets for the physical connections to the wired network. They resemble switch ports. Interfaces are virtual. They are created in software and are very similar to VLAN interfaces. In fact, each interface that will carry traffic from a WLAN is configured on the WLC as a different VLAN. The Cisco 3504 WLC can support 150 access points and 4096 VLANs, however it only has five physical ports, as shown in the figure. This means that each physical port can support many APs and WLANs. The ports on the WLC are essentially trunk ports that can carry traffic from multiple VLANs to a switch for distribution to multiple APs. Each AP can support multiple WLANs. The figure shows the front of a Cisco 3504 Wireless Controller. It has 2 service ports for out-of-band management, a console port, a mini-usb console port, 3.0 USB port, a 5G port, and four gigabit ports. Basic WLAN configuration on the WLC includes the following steps: 1. Create the WLAN 2. Apply and Enable the WLAN 3. Select the Interface 4. Secure the WLAN 5. Verify the WLAN is Operational 6. Monitor the WLAN 7. View Wireless Client Information
13.1.9 Port Forwarding
Wireless routers typically block TCP and UDP ports to prevent unauthorized access in and out of a LAN. However, there are situations when specific ports must be opened so that certain programs and applications can communicate with devices on different networks. Port forwarding is a rule-based method of directing traffic between devices on separate networks. When traffic reaches the router, the router determines if the traffic should be forwarded to a certain device based on the port number found with the traffic. For example, a router might be configured to forward port 80, which is associated with HTTP. When the router receives a packet with the destination port of 80, the router forwards the traffic to the server inside the network that serves web pages. In the figure, port forwarding is enabled for port 80 and is associated with the web server at IPv4 address 10.10.10.50. Port triggering allows the router to temporarily forward data through inbound ports to a specific device. You can use port triggering to forward data to a computer only when a designated port range is used to make an outbound request. For example, a video game might use ports 27000 to 27100 for connecting with other players. These are the trigger ports. A chat client might use port 56 for connecting the same players so that they can interact with each other. In this instance, if there is gaming traffic on an outbound port within the triggered port range, inbound chat traffic on port 56 is forwarded to the computer that is being used to play the video game and chat with friends. When the game is over and the triggered ports are no longer in use, port 56 is no longer allowed to send traffic of any type to this computer.
3. Verify the new DHCP scope.
You are returned to the DHCP Scopes page and can verify the scope is ready to be configured. Click the new Scope Name to configure the DHCP scope.
5. When configuring a Cisco 3500 series wireless LAN controller (WLC) for a WPA2 Enterprise WLAN, what has to be created on the WLC before creating the new WLAN?
a VLAN for the wireless network
6. What is a DHCP scope as it relates to a WLAN configured on the WLC controller?
a pool of IP addresses for WLAN clients
7. Why would a technician configure a passphrase for a WLAN on a wireless router?
to configure wireless client authentication
