Search

Thursday, October 17, 2013

10-17-2013 - CCNP Wireless Tips - Courtesy of Global Knowledge

CCNP Wireless Tips:

Wireless Local Area Networks (WLANs)

    A WLAN is a shared network
    An access point is a shared device that functions like a shared Ethernet hub
    Data is transmitted over radio waves
    Two-way radio communication (half-duplex) is used
    The same radio frequency is used for transmitting and receiving

WLANs vs. LANs

    WLANs use radio waves as the physical layer
        WLANs transmit data over the air instead of over wires
        WLANs use CSMA/CA instead of CSMA/CD to access the media
    Radio waves have problems that are not encountered in wires
        Connectivity issues
        Coverage problems
        Multipath issues
        Interference, noise
    Privacy issues
    WLANs use mobile clients
        Battery-powered
    WLANs must meet country-specific RF regulations

SSIDs

    An SSID (network name) is used to logically separate WLANs
    APs are configured with SSIDs
    An AP broadcasts the SSID
    An SSID must match on the client and the AP
    A client can be configured with an SSID (hotspot mode)

SSID and VLAN support

    One SSID per VLAN
    SSID mapped to a VLAN, security, and QoS configuration
    802.1Q trunk on the wired side
    Cisco currently supports 16 SSIDs and 16 VLANs

Client Roaming

    Roaming occurs when a client moves out of a wireless cell and into new wireless cell
    Client initiates roaming when signal strength decreases and error rate increases
    MAC address table of the switches is updated when the client roams into a new AP
    Roaming without interruption requires the same as SSID and security configuration on all APs

Security on the WLANs and LANs

    Data can be encrypted on a wireless link (WLAN)
    Data is unencrypted on unwired link (LAN)
    Open wireless networks allow access in the text to the wired network
    Solutions
        Implement authentication to control access to the wireless network
        Encrypt data on the wireless link
        Implement firewall, IPS, and NAC to secure access to the network
        Use of VPN encryption on the wired network is required

Stand-Alone WLAN Solution

    ACS: RADIUS or TACACS+ Server
    Cisco WLSE: Centralized management and monitoring
    WDS: Management support for Cisco WLSE
    Network infrastructure: PoE switch and router
    Stand-alone AP
    Traffic between wireless clients flows via switch SSIDs, VLANs, and Trunks
    Mapping SSID, VLAN, and subnet at stand-alone AP
    The client becomes a station within a VLAN connected to the AP
    The client gets an IP address from a VLAN for subnet connected to the AP
    The same VLANs or subnets on all APs
    Layer 2 connection between APs
    Layer 2 roaming only

Controller-Based WLAN Solution

    ACS: RADIUS or TACACS+ Server
    Cisco WCS: Centralized management and monitoring
    Cisco Wireless Location Appliance: Location tracking
    Cisco WLC: AP and WLAN configuration
    Network infrastructure: PoE switch and router
    Controller-based AP
    Traffic between wireless clients flows via Controller

AP MAC Functions

    802.11: Beacons, probe responses
    802.11 control: Packet acknowledgement and transmission
    802.11e: Frame queuing and packet prioritization
    802.11i: MAC layer data encryption and decryption

Controller MAC Functions

    802.11: MAC management association requests and actions
    802.11e: Resource reservation
    802.11i: Authentication and key management

SSIDs, VLANs, and Trunks

    Mapping of SSID, VLAN, and subnet at the WLAN controller
    The client becomes a station within a VLAN for subnet connected to the WLAN controller
    Any VLAN or subnets can be connected to the APs
    APs and W.LAN controller can be on same or different subnet
    Layer 3 IP connection between APs and WLAN controller
    Layer 2 and layer 3 roaming are supported via WLAN controller

SSIDs, VLANs, and Trunks with the H.-REAP

    AP needs to connect to the WLC
    Some WLANs are Locally Switched
    Some WLANs are centrally switched
    Trunk needs to allow locally switched VLANs
    Native VLAN is the AP VLAN

WLC ports and protocols

    The WLC uses these ports and protocols for communication with APs and management
    These ports and protocols must be allowed in the ACLs and firewall
    Other ports and protocols may be used in future

    CAPWAP: UDP ports 5246, 5247
    LWAPP: UDP ports 12222, 12223
    HTTPS: TCP Port 443
    SSH: TCP Port 22
    RADIUS: UDP ports 1812, 1813
    SNMP: UDP ports 161, 162
    Mobility: UDP ports 16666, 16667, EoIP protocol

AP and Controller Placement

    The APs are connected to access switches
    The WLC is connected to the network
        Distribution switches
        Server farm or data center

    Centralized deployment is recommended
    Minimize inter-controller roaming
    Implement deterministic redundancy

Centralized deployment with the integrated platforms

    Catalyst 3750G Integrated Wireless LAN Controller for small to medium deployments
    Catalyst 6500 series WiSM for medium to large deployments
    Distributed deployment can be an alternative for existing networks

Configuration for Stand-Alone AP and H-REAP

    Switch(config)# interface fa 0/1
    Switch(config-if)# switchport encapsulation dot1q
    Switch(config-if)# switchport trunk native vlan 10
    Switch(config-if)# switchport trunk allowed vlan 10, 20
    Switch(config-if)# switchport mode trunk
    Switch(config-if)# spanning-tree portfast trunk
    Switch(config-if)# mls qos trust [cos | dscp]

Configuration for Controller-Based AP

    Switch(config)# interface fa0/2
    Switch(config-if)# switchport access the vlan 10
    Switch(config-if)# switchport mode access
    Switch(config-if)# spanning — tree portfast
    Switch(config-if)# mls qos trust dscp

Configuration for WLAN Controller

    Switch(config)# interface fa 0/3
    Switch(config-if)# switchport encapsulation dot1q
    Switch(config-if)# switchport trunk native vlan 99
    Switch(config-if)# switchport trunk allowed vlan 10, 20
    Switch(config-if)# switchport mode trunk
    Switch(config-if)# spanning-tree portfast trunk
    Switch(config-if)# mls qos trust cos

4400 Series Controller with link aggregation

    One link aggregation group (LAG) for Cisco Wireless LAN Controller
    Packets are forwarded from the controller on the same port on which they arrived
    Load balancing is performed on the switch
    A connection is made to a single switch or stack
    EtherChannel configuration on switch is required

Implementation Plan

    Collect the required
    Check the existing network
    Plan for additional equipment
    Plan the implementation
    Implement the new network components
    Test the implemented network

Test Plan

    Can you reach the AP or WLC from management station
    Can the AP reach the DHCP server
    Does the AP get an IP address
    Can the WLC reach RADIUS server
    Do the clients get an IP address
    Can the client access the network, server, Internet

Make sure you can configure:

    Stand-alone AP and H-REAP
    Controller-based AP
    WLAN controller

Make sure you are familiar with:

    Differences between WLAN and LAN
    Client roaming
    Security on the WLAN and LAN
    Stand-alone WLAN solution
    Controller-based WLAN solution
    AP MAC functions
    Controller MAC function
    WLC ports and protocols
    AP and Controller placement
    H-REAP
    LAG
    WLAN Implementation and test plans



Credit goes to:  http://blog.globalknowledge.com/certification

No comments: