Wireless Local Area Networks (WLANs)
- A WLAN is a shared network
- An access point is a shared device that functions like a shared Ethernet hub
- Data is transmitted over radio waves
- Two-way radio communication (half-duplex) is used
- The same radio frequency is used for transmitting and receiving
WLANs vs. LANs
- WLANs use radio waves as the physical layer
- WLANs transmit data over the air instead of over wires
- WLANs use CSMA/CA instead of CSMA/CD to access the media
- Radio waves have problems that are not encountered in wires
- Connectivity issues
- Coverage problems
- Multipath issues
- Interference, noise
- Privacy issues
- WLANs use mobile clients
- Battery-powered
- WLANs must meet country-specific RF regulations
SSIDs
- An SSID (network name) is used to logically separate WLANs
- APs are configured with SSIDs
- An AP broadcasts the SSID
- An SSID must match on the client and the AP
- A client can be configured with an SSID (hotspot mode)
SSID and VLAN support
- One SSID per VLAN
- SSID mapped to a VLAN, security, and QoS configuration
- 802.1Q trunk on the wired side
- Cisco currently supports 16 SSIDs and 16 VLANs
Client Roaming
- Roaming occurs when a client moves out of a wireless cell and into new wireless cell
- Client initiates roaming when signal strength decreases and error rate increases
- MAC address table of the switches is updated when the client roams into a new AP
- Roaming without interruption requires the same as SSID and security configuration on all APs
Security on the WLANs and LANs
- Data can be encrypted on a wireless link (WLAN)
- Data is unencrypted on unwired link (LAN)
- Open wireless networks allow access in the text to the wired network
- Solutions
- Implement authentication to control access to the wireless network
- Encrypt data on the wireless link
- Implement firewall, IPS, and NAC to secure access to the network
- Use of VPN encryption on the wired network is required
Stand-Alone WLAN Solution
- ACS: RADIUS or TACACS+ Server
- Cisco WLSE: Centralized management and monitoring
- WDS: Management support for Cisco WLSE
- Network infrastructure: PoE switch and router
- Stand-alone AP
- Traffic between wireless clients flows via switch SSIDs, VLANs, and Trunks
- Mapping SSID, VLAN, and subnet at stand-alone AP
- The client becomes a station within a VLAN connected to the AP
- The client gets an IP address from a VLAN for subnet connected to the AP
- The same VLANs or subnets on all APs
- Layer 2 connection between APs
- Layer 2 roaming only
Controller-Based WLAN Solution
- ACS: RADIUS or TACACS+ Server
- Cisco WCS: Centralized management and monitoring
- Cisco Wireless Location Appliance: Location tracking
- Cisco WLC: AP and WLAN configuration
- Network infrastructure: PoE switch and router
- Controller-based AP
- Traffic between wireless clients flows via Controller
AP MAC Functions
- 802.11: Beacons, probe responses
- 802.11 control: Packet acknowledgement and transmission
- 802.11e: Frame queuing and packet prioritization
- 802.11i: MAC layer data encryption and decryption
Controller MAC Functions
- 802.11: MAC management association requests and actions
- 802.11e: Resource reservation
- 802.11i: Authentication and key management
SSIDs, VLANs, and Trunks
- Mapping of SSID, VLAN, and subnet at the WLAN controller
- The client becomes a station within a VLAN for subnet connected to the WLAN controller
- Any VLAN or subnets can be connected to the APs
- APs and W.LAN controller can be on same or different subnet
- Layer 3 IP connection between APs and WLAN controller
- Layer 2 and layer 3 roaming are supported via WLAN controller
SSIDs, VLANs, and Trunks with the H.-REAP
- AP needs to connect to the WLC
- Some WLANs are Locally Switched
- Some WLANs are centrally switched
- Trunk needs to allow locally switched VLANs
- Native VLAN is the AP VLAN
WLC ports and protocols
- The WLC uses these ports and protocols for communication with APs and management
- These ports and protocols must be allowed in the ACLs and firewall
- Other ports and protocols may be used in future
- CAPWAP: UDP ports 5246, 5247
- LWAPP: UDP ports 12222, 12223
- HTTPS: TCP Port 443
- SSH: TCP Port 22
- RADIUS: UDP ports 1812, 1813
- SNMP: UDP ports 161, 162
- Mobility: UDP ports 16666, 16667, EoIP protocol
AP and Controller Placement
- The APs are connected to access switches
- The WLC is connected to the network
- Distribution switches
- Server farm or data center
- Centralized deployment is recommended
- Minimize inter-controller roaming
- Implement deterministic redundancy
Centralized deployment with the integrated platforms
- Catalyst 3750G Integrated Wireless LAN Controller for small to medium deployments
- Catalyst 6500 series WiSM for medium to large deployments
- Distributed deployment can be an alternative for existing networks
Configuration for Stand-Alone AP and H-REAP
- Switch(config)# interface fa 0/1
- Switch(config-if)# switchport encapsulation dot1q
- Switch(config-if)# switchport trunk native vlan 10
- Switch(config-if)# switchport trunk allowed vlan 10, 20
- Switch(config-if)# switchport mode trunk
- Switch(config-if)# spanning-tree portfast trunk
- Switch(config-if)# mls qos trust [cos | dscp]
Configuration for Controller-Based AP
- Switch(config)# interface fa0/2
- Switch(config-if)# switchport access the vlan 10
- Switch(config-if)# switchport mode access
- Switch(config-if)# spanning — tree portfast
- Switch(config-if)# mls qos trust dscp
Configuration for WLAN Controller
- Switch(config)# interface fa 0/3
- Switch(config-if)# switchport encapsulation dot1q
- Switch(config-if)# switchport trunk native vlan 99
- Switch(config-if)# switchport trunk allowed vlan 10, 20
- Switch(config-if)# switchport mode trunk
- Switch(config-if)# spanning-tree portfast trunk
- Switch(config-if)# mls qos trust cos
4400 Series Controller with link aggregation
- One link aggregation group (LAG) for Cisco Wireless LAN Controller
- Packets are forwarded from the controller on the same port on which they arrived
- Load balancing is performed on the switch
- A connection is made to a single switch or stack
- EtherChannel configuration on switch is required
Implementation Plan
- Collect the required
- Check the existing network
- Plan for additional equipment
- Plan the implementation
- Implement the new network components
- Test the implemented network
Test Plan
- Can you reach the AP or WLC from management station
- Can the AP reach the DHCP server
- Does the AP get an IP address
- Can the WLC reach RADIUS server
- Do the clients get an IP address
- Can the client access the network, server, Internet
Make sure you can configure:
- Stand-alone AP and H-REAP
- Controller-based AP
- WLAN controller
Make sure you are familiar with:
- Differences between WLAN and LAN
- Client roaming
- Security on the WLAN and LAN
- Stand-alone WLAN solution
- Controller-based WLAN solution
- AP MAC functions
- Controller MAC function
- WLC ports and protocols
- AP and Controller placement
- H-REAP
- LAG
- WLAN Implementation and test plans
CCNP Exam Prep Tips and Must Knows Series
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows about Switch Security
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows about Mitigating VLAN Attacks
- CCNP Exam Prep Tips and Must Knows about DHCP Snooping
- CCNP Exam Prep Tips and Must Knows about WLANs
Please support our Sponsors here :