CCNP Wireless Tips:
Wireless Local Area Networks (WLANs)
A WLAN is a shared network
An access point is a shared device that functions like a shared Ethernet hub
Data is transmitted over radio waves
Two-way radio communication (half-duplex) is used
The same radio frequency is used for transmitting and receiving
WLANs vs. LANs
WLANs use radio waves as the physical layer
WLANs transmit data over the air instead of over wires
WLANs use CSMA/CA instead of CSMA/CD to access the media
Radio waves have problems that are not encountered in wires
Connectivity issues
Coverage problems
Multipath issues
Interference, noise
Privacy issues
WLANs use mobile clients
Battery-powered
WLANs must meet country-specific RF regulations
SSIDs
An SSID (network name) is used to logically separate WLANs
APs are configured with SSIDs
An AP broadcasts the SSID
An SSID must match on the client and the AP
A client can be configured with an SSID (hotspot mode)
SSID and VLAN support
One SSID per VLAN
SSID mapped to a VLAN, security, and QoS configuration
802.1Q trunk on the wired side
Cisco currently supports 16 SSIDs and 16 VLANs
Client Roaming
Roaming occurs when a client moves out of a wireless cell and into new wireless cell
Client initiates roaming when signal strength decreases and error rate increases
MAC address table of the switches is updated when the client roams into a new AP
Roaming without interruption requires the same as SSID and security configuration on all APs
Security on the WLANs and LANs
Data can be encrypted on a wireless link (WLAN)
Data is unencrypted on unwired link (LAN)
Open wireless networks allow access in the text to the wired network
Solutions
Implement authentication to control access to the wireless network
Encrypt data on the wireless link
Implement firewall, IPS, and NAC to secure access to the network
Use of VPN encryption on the wired network is required
Stand-Alone WLAN Solution
ACS: RADIUS or TACACS+ Server
Cisco WLSE: Centralized management and monitoring
WDS: Management support for Cisco WLSE
Network infrastructure: PoE switch and router
Stand-alone AP
Traffic between wireless clients flows via switch SSIDs, VLANs, and Trunks
Mapping SSID, VLAN, and subnet at stand-alone AP
The client becomes a station within a VLAN connected to the AP
The client gets an IP address from a VLAN for subnet connected to the AP
The same VLANs or subnets on all APs
Layer 2 connection between APs
Layer 2 roaming only
Controller-Based WLAN Solution
ACS: RADIUS or TACACS+ Server
Cisco WCS: Centralized management and monitoring
Cisco Wireless Location Appliance: Location tracking
Cisco WLC: AP and WLAN configuration
Network infrastructure: PoE switch and router
Controller-based AP
Traffic between wireless clients flows via Controller
AP MAC Functions
802.11: Beacons, probe responses
802.11 control: Packet acknowledgement and transmission
802.11e: Frame queuing and packet prioritization
802.11i: MAC layer data encryption and decryption
Controller MAC Functions
802.11: MAC management association requests and actions
802.11e: Resource reservation
802.11i: Authentication and key management
SSIDs, VLANs, and Trunks
Mapping of SSID, VLAN, and subnet at the WLAN controller
The client becomes a station within a VLAN for subnet connected to the WLAN controller
Any VLAN or subnets can be connected to the APs
APs and W.LAN controller can be on same or different subnet
Layer 3 IP connection between APs and WLAN controller
Layer 2 and layer 3 roaming are supported via WLAN controller
SSIDs, VLANs, and Trunks with the H.-REAP
AP needs to connect to the WLC
Some WLANs are Locally Switched
Some WLANs are centrally switched
Trunk needs to allow locally switched VLANs
Native VLAN is the AP VLAN
WLC ports and protocols
The WLC uses these ports and protocols for communication with APs and management
These ports and protocols must be allowed in the ACLs and firewall
Other ports and protocols may be used in future
CAPWAP: UDP ports 5246, 5247
LWAPP: UDP ports 12222, 12223
HTTPS: TCP Port 443
SSH: TCP Port 22
RADIUS: UDP ports 1812, 1813
SNMP: UDP ports 161, 162
Mobility: UDP ports 16666, 16667, EoIP protocol
AP and Controller Placement
The APs are connected to access switches
The WLC is connected to the network
Distribution switches
Server farm or data center
Centralized deployment is recommended
Minimize inter-controller roaming
Implement deterministic redundancy
Centralized deployment with the integrated platforms
Catalyst 3750G Integrated Wireless LAN Controller for small to medium deployments
Catalyst 6500 series WiSM for medium to large deployments
Distributed deployment can be an alternative for existing networks
Configuration for Stand-Alone AP and H-REAP
Switch(config)# interface fa 0/1
Switch(config-if)# switchport encapsulation dot1q
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 10, 20
Switch(config-if)# switchport mode trunk
Switch(config-if)# spanning-tree portfast trunk
Switch(config-if)# mls qos trust [cos | dscp]
Configuration for Controller-Based AP
Switch(config)# interface fa0/2
Switch(config-if)# switchport access the vlan 10
Switch(config-if)# switchport mode access
Switch(config-if)# spanning — tree portfast
Switch(config-if)# mls qos trust dscp
Configuration for WLAN Controller
Switch(config)# interface fa 0/3
Switch(config-if)# switchport encapsulation dot1q
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# switchport trunk allowed vlan 10, 20
Switch(config-if)# switchport mode trunk
Switch(config-if)# spanning-tree portfast trunk
Switch(config-if)# mls qos trust cos
4400 Series Controller with link aggregation
One link aggregation group (LAG) for Cisco Wireless LAN Controller
Packets are forwarded from the controller on the same port on which they arrived
Load balancing is performed on the switch
A connection is made to a single switch or stack
EtherChannel configuration on switch is required
Implementation Plan
Collect the required
Check the existing network
Plan for additional equipment
Plan the implementation
Implement the new network components
Test the implemented network
Test Plan
Can you reach the AP or WLC from management station
Can the AP reach the DHCP server
Does the AP get an IP address
Can the WLC reach RADIUS server
Do the clients get an IP address
Can the client access the network, server, Internet
Make sure you can configure:
Stand-alone AP and H-REAP
Controller-based AP
WLAN controller
Make sure you are familiar with:
Differences between WLAN and LAN
Client roaming
Security on the WLAN and LAN
Stand-alone WLAN solution
Controller-based WLAN solution
AP MAC functions
Controller MAC function
WLC ports and protocols
AP and Controller placement
H-REAP
LAG
WLAN Implementation and test plans
Credit goes to: http://blog.globalknowledge.com/certification
Wireless Local Area Networks (WLANs)
A WLAN is a shared network
An access point is a shared device that functions like a shared Ethernet hub
Data is transmitted over radio waves
Two-way radio communication (half-duplex) is used
The same radio frequency is used for transmitting and receiving
WLANs vs. LANs
WLANs use radio waves as the physical layer
WLANs transmit data over the air instead of over wires
WLANs use CSMA/CA instead of CSMA/CD to access the media
Radio waves have problems that are not encountered in wires
Connectivity issues
Coverage problems
Multipath issues
Interference, noise
Privacy issues
WLANs use mobile clients
Battery-powered
WLANs must meet country-specific RF regulations
SSIDs
An SSID (network name) is used to logically separate WLANs
APs are configured with SSIDs
An AP broadcasts the SSID
An SSID must match on the client and the AP
A client can be configured with an SSID (hotspot mode)
SSID and VLAN support
One SSID per VLAN
SSID mapped to a VLAN, security, and QoS configuration
802.1Q trunk on the wired side
Cisco currently supports 16 SSIDs and 16 VLANs
Client Roaming
Roaming occurs when a client moves out of a wireless cell and into new wireless cell
Client initiates roaming when signal strength decreases and error rate increases
MAC address table of the switches is updated when the client roams into a new AP
Roaming without interruption requires the same as SSID and security configuration on all APs
Security on the WLANs and LANs
Data can be encrypted on a wireless link (WLAN)
Data is unencrypted on unwired link (LAN)
Open wireless networks allow access in the text to the wired network
Solutions
Implement authentication to control access to the wireless network
Encrypt data on the wireless link
Implement firewall, IPS, and NAC to secure access to the network
Use of VPN encryption on the wired network is required
Stand-Alone WLAN Solution
ACS: RADIUS or TACACS+ Server
Cisco WLSE: Centralized management and monitoring
WDS: Management support for Cisco WLSE
Network infrastructure: PoE switch and router
Stand-alone AP
Traffic between wireless clients flows via switch SSIDs, VLANs, and Trunks
Mapping SSID, VLAN, and subnet at stand-alone AP
The client becomes a station within a VLAN connected to the AP
The client gets an IP address from a VLAN for subnet connected to the AP
The same VLANs or subnets on all APs
Layer 2 connection between APs
Layer 2 roaming only
Controller-Based WLAN Solution
ACS: RADIUS or TACACS+ Server
Cisco WCS: Centralized management and monitoring
Cisco Wireless Location Appliance: Location tracking
Cisco WLC: AP and WLAN configuration
Network infrastructure: PoE switch and router
Controller-based AP
Traffic between wireless clients flows via Controller
AP MAC Functions
802.11: Beacons, probe responses
802.11 control: Packet acknowledgement and transmission
802.11e: Frame queuing and packet prioritization
802.11i: MAC layer data encryption and decryption
Controller MAC Functions
802.11: MAC management association requests and actions
802.11e: Resource reservation
802.11i: Authentication and key management
SSIDs, VLANs, and Trunks
Mapping of SSID, VLAN, and subnet at the WLAN controller
The client becomes a station within a VLAN for subnet connected to the WLAN controller
Any VLAN or subnets can be connected to the APs
APs and W.LAN controller can be on same or different subnet
Layer 3 IP connection between APs and WLAN controller
Layer 2 and layer 3 roaming are supported via WLAN controller
SSIDs, VLANs, and Trunks with the H.-REAP
AP needs to connect to the WLC
Some WLANs are Locally Switched
Some WLANs are centrally switched
Trunk needs to allow locally switched VLANs
Native VLAN is the AP VLAN
WLC ports and protocols
The WLC uses these ports and protocols for communication with APs and management
These ports and protocols must be allowed in the ACLs and firewall
Other ports and protocols may be used in future
CAPWAP: UDP ports 5246, 5247
LWAPP: UDP ports 12222, 12223
HTTPS: TCP Port 443
SSH: TCP Port 22
RADIUS: UDP ports 1812, 1813
SNMP: UDP ports 161, 162
Mobility: UDP ports 16666, 16667, EoIP protocol
AP and Controller Placement
The APs are connected to access switches
The WLC is connected to the network
Distribution switches
Server farm or data center
Centralized deployment is recommended
Minimize inter-controller roaming
Implement deterministic redundancy
Centralized deployment with the integrated platforms
Catalyst 3750G Integrated Wireless LAN Controller for small to medium deployments
Catalyst 6500 series WiSM for medium to large deployments
Distributed deployment can be an alternative for existing networks
Configuration for Stand-Alone AP and H-REAP
Switch(config)# interface fa 0/1
Switch(config-if)# switchport encapsulation dot1q
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 10, 20
Switch(config-if)# switchport mode trunk
Switch(config-if)# spanning-tree portfast trunk
Switch(config-if)# mls qos trust [cos | dscp]
Configuration for Controller-Based AP
Switch(config)# interface fa0/2
Switch(config-if)# switchport access the vlan 10
Switch(config-if)# switchport mode access
Switch(config-if)# spanning — tree portfast
Switch(config-if)# mls qos trust dscp
Configuration for WLAN Controller
Switch(config)# interface fa 0/3
Switch(config-if)# switchport encapsulation dot1q
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# switchport trunk allowed vlan 10, 20
Switch(config-if)# switchport mode trunk
Switch(config-if)# spanning-tree portfast trunk
Switch(config-if)# mls qos trust cos
4400 Series Controller with link aggregation
One link aggregation group (LAG) for Cisco Wireless LAN Controller
Packets are forwarded from the controller on the same port on which they arrived
Load balancing is performed on the switch
A connection is made to a single switch or stack
EtherChannel configuration on switch is required
Implementation Plan
Collect the required
Check the existing network
Plan for additional equipment
Plan the implementation
Implement the new network components
Test the implemented network
Test Plan
Can you reach the AP or WLC from management station
Can the AP reach the DHCP server
Does the AP get an IP address
Can the WLC reach RADIUS server
Do the clients get an IP address
Can the client access the network, server, Internet
Make sure you can configure:
Stand-alone AP and H-REAP
Controller-based AP
WLAN controller
Make sure you are familiar with:
Differences between WLAN and LAN
Client roaming
Security on the WLAN and LAN
Stand-alone WLAN solution
Controller-based WLAN solution
AP MAC functions
Controller MAC function
WLC ports and protocols
AP and Controller placement
H-REAP
LAG
WLAN Implementation and test plans
Credit goes to: http://blog.globalknowledge.com/certification
No comments:
Post a Comment