iuwne10 lg v2
Post on 07-Aug-2018
218 Views
Preview:
TRANSCRIPT
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 1/294
IUWNE
Implementing CiscoUnified Wireless
Networking Essentials Version 1.0
Lab Guide
Text Part Number: 97-2700-02
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 2/294
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 3/294
Table of ContentsLab Guide 1
Overview 1
Outline 1
Lab 1-1: Becoming Familiar with Antennae and Ranges 2
Activity Objective 2
Visual Objective 2
Required Resources 2 Task 1: Complete These Power Conversions 3
Task 2: Calculate EIRP and Choose the Correct Antenna 4
Task 3: Determine the Type of Antenna Represented, Its Use, and the Best Location for It 5
Lab 1-2: Creating an Ad Hoc (IBSS) Network and Analyzing the Communication 7
Activity Objective 7
Visual Objective 7
Required Resources 7
Command List 9
Job Aids 9
Task 1: Connect to the Remote Lab 10
Task 2: Connect to Your Remote Lab Wireless Laptop 13
Task 3: Verify the Internal Card Settings 15
Task 4: Create an Ad Hoc Network and Analyze the Communication 19 Lab 2-1: Configuring a Cisco 2106 WLC 34
Activity Objective 34
Visual Objective 34
Required Resources 34
Job Aids 35
Task 1: Connect to the WLAN Controller Serial Interface and Configure Your Controller for theFirst Time 37
Task 2: Connect to Your Controller 42
Task 3: Allow Limited Remote Management 44
Task 4: Allow Open Authentication 45
Task 5: Create a DHCP Scope 47
Task 6: Look for APs 48
Lab 2-2: Configuring and Migrating a Standalone AP 50
Activity Objective 50
Visual Objective 50
Required Resources 50
Job Aids 51
Task 1: Check the AP Parameters 51
Task 2: Configure Your Standalone AP 54
Task 3: Convert Your Standalone AP to LWAPP 64
Lab 2-3: Installing and Configuring a Cisco Mobility Express Wireless Controller and AP 76
Activity Objective 76
Visual Objective 76
Required Resources 76
Job Aids 77
Task 1: Configure Your Cisco Mobility Express Wireless Controller 80
Task 2: Create a DHCP Scope 85
Task 3: Manage the AP 88
Task 4: Use the Cisco Configuration Assistant 91
Lab 3-1: Installing and Using the Cisco ADU 104
Activity Objective 104
Visual Objective 104
Required Resources 104
Job Aids 105
Task 1: Installing the Software 105
Task 2: Use the Cisco ADU and the Cisco Site Survey Utility 110
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 4/294
ii Implementing Cisco Unified Wireless Networking Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 3-2: Experimenting with Connections and Roaming 124
Activity Objective 124
Visual Objective 124
Required Resources 124
Job Aids 125
Task 1: Create a Common WLAN 125
Task 2: Connect to the Right AP 134
Task 3: Use Roaming 141
Lab 4-1: 802.1Q and Web Authentication 146
Activity Objective 146
Visual Objective 146
Required Resources 147
Job Aids 147
Task 1: Create a VLAN Interface 148
Task 2: Create the WLAN 152
Task 3: Configure a Trunk Port 155
Task 3: Create a Local Net User 159
Task 4: Have the AP Rejoin the Controller 160
Task 5: Client Configuration 162
Task 6: Client Exclusion 169
Lab 4-2: Configuring EAP-FAST Authentication with WPA 171
Activity Objective 171
Visual Objective 171
Required Resources 171 Job Aids 172
Task 1: Create the WLAN 172
Task 2: Configure the Client and Access the Network 178
Lab 5-1: Configuring Controllers and APs from the Cisco WCS 188
Activity Objective 188
Visual Objective 188
Required Resources 188
Job Aids 189
Task 1: Create Credentials on the Cisco WCS and Customize the Interface 189
Task 2: Add a Controller and AP 194
Task 3: Manage the Controller and AP from the Cisco WCS 198
Lab 5-2: Working with Maps 202
Activity Objective 202 Visual Objective 202
Required Resources 202
Job Aids 203
Task 1: Add Maps 203
Task 2: Enhance the Map 207
Task 3: Positioning APs 211
Lab 5-3: Monitoring the Network and Containing Devices 218
Activity Objective 218
Visual Objective 218
Required Resources 218
Job Aids 219
Task 1: Monitoring Events 219
Task 2: Contain a Rogue 224
Lab 6-1: Back Up the Controller Configuration and the Cisco WCS Database Files 231
Activity Objective 231
Visual Objective 231
Required Resources 231
Task 1: Examine Controller Configuration Files 232
Task 2: Save the Configuration Using TFTP 240
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 5/294
© 2008 Cisco Systems, Inc. Implementing Cisco Unified Wireless Networking Essentials (IUWNE) v1.0 iii
Lab 6-2: Troubleshooting 247
Activity Objective 247
Visual Objective 247
Required Resources 247
Command List 248
Job Aids 248
Lab 6-3: Optional Lab Troubleshooting with Wireshark and Converting an AP to Autonomous Mode 253
Activity Objective 253
Visual Objective 253
Required Resources 253
Job Aids 254
Task 1: Use Wireshark to Analyze a Connection Issue 258
Task 2: Migrate Your LWAPP 1252 AP to Autonomous Mode 265
Answer Key 272
Lab 1-1 Answer Key: Power Conversions 272
Lab 1-2 Answer Key: Creating an Ad Hoc Network (IBSS) and Analyzing the Communication 273
Lab 2-1 Answer Key: Configuring a Cisco 2106 WLC 273
Lab 2-2 Answer Key: Configuring and Migrating a Standalone AP 275
Lab 2-3 Answer Key: Installing and Configuring a Cisco Mobility Express Wireless Controller and AP 276
Lab 3-1 Answer Key: Installing and Using the Cisco ADU 276
Lab 3-2 Answer Key: Experimenting with Connections and Roaming 277
Lab 4-1 Answer Key: 802.1Q and Web Authentication 278 Lab 4-2 Answer Key: Configuring EAP-FAST Authentication with WPA 279
Lab 5-1 Answer Key: Configuring Controllers and APs from the Cisco WCS Interface 280
Lab 5-2 Answer Key: Working with Maps 280
Lab 5-3 Answer Key: Monitoring the Network and Containing Devices 280
Lab 6-1 Answer Key: Backing Up Controller Configuration and the Cisco WCS Database Files 281
Lab 6-2 Answer Key: Troubleshooting 288
Lab 6-3 Answer Key: Troubleshooting with Wireshark 288
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 6/294
iv Implementing Cisco Unified Wireless Networking Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 7/294
IUWNE
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for thiscourse. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Lab 1-1: Becoming Familiar with Antennae and Ranges
Lab 1-2: Creating an Ad Hoc Network (IBSS) and Analyzing the Communication
Lab 2-1: Configuring a Cisco 2106 WLC
Lab 2-2: Configuring and Migrate a Standalone AP
Lab 2-3: Configuring a Cisco Mobility Express Wireless Controller and AP
Lab 3-1: Installing and Using the Cisco ADU
Lab 3-2: Experimenting with Connections and Roaming
Lab 4-1: Configuring Web Authentication
Lab 4-2: Configuring EAP-FAST Authentication with WPA
Lab 5-1: Configuring Controllers and APs from the Cisco WCS Interface
Lab 5-2: Working with Maps
Lab 5-3: Monitoring the Network and Containing Devices
Lab 6-1: Backing Up the Controller Configuration and the Cisco WCS Database
Lab 6-2: Troubleshooting Games
Lab 6-3: Optional Lab
Answer Key
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 8/294
2 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 1-1: Becoming Familiar with Antennae andRanges
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will work with antennae and powers. After completing this activity, you
will be able to meet these objectives:
Convert milliwatts to dBm and back
Determine the EIRP from the AP, cable, and antenna specifications provided
Determine which AP is the best choice for which situation
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—5
Visual Objective for Lab 1-1: BecomingFamiliar with Antennas and Ranges
x mW = y dBm
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with Microsoft Excel or OpenOffice Calc
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 9/294
© 2008 Cisco Systems, Inc. Lab Guide 3
Task 1: Complete These Power Conversions
In this task, you will work with various powers to familiarize yourself with decibel
conversions.
Activity Procedure
Complete these steps:
Step 1 Convert 20 mW to its dBm equivalent.
Step 2 Convert 40 mW to its dBm equivalent.
Step 3 Convert 2 W to its dBm equivalent.
Step 4 Convert 23 dBm to its milliwatts equivalent.
Step 5 Convert -13 dBm to its milliwatts equivalent.
Step 6 A station receives 0.000001 mW RSSI from an AP. The noise level is around
0.00000025 mW. Convert these values to dBm and determine the SNR level. Is the
SNR level acceptable?
Step 7 How many dBd is a 7.24 dBi antenna?
Step 8 How many dBd is a 13.56 dBi antenna?
Step 9 How many dBi is a 13.56 dBd antenna?
Step 10 How many dBi is an 18.86 dBd antenna?
Step 11 What is the dBd gain of a 21 dBi dish antenna?
Step 12 Which antenna has more gain: 2.14 dBi or 3.28 dBd?
Step 13 Which antenna has more gain: 3.41 dBi or 4.18 dBm?
Activity Verification
You have successfully completed this task when you attain this result:
You have found the correct values as per the answer key.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 10/294
4 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Task 2: Calculate EIRP and Choose the Correct Antenna
In this task, you will work with hardware specifications to determine the EIRP or to choose
which hardware matches the link specifications.
Activity Procedure
Complete these steps:
Step 1 Which antenna would work best for a point-to-point 26-mile (42-km) link? A 21 dBi
dish, a 5.2 dBi omnidirectional, or an 8.1 dBi patch?
Step 2 Which antenna would work best for large lobby coverage from a wall? A 21 dBi
dish, a 5.2 dBi omnidirectional, or an 8.1 dBi patch?
Step 3 Which antenna would work best for coverage of a meeting room from the ceiling?
21 dBi dish, 5.2 dBi omni, 8.1 dBi patch?
Step 4 An AP transmitter emits 40 mW of power through a cable that is “adding” 3 dB loss.
The Yagi antenna that is being used has 13.5 dBi gain. What is the EIRP?
Step 5 An AP transmitter emits 20 mW of power through a cable that is “adding” 4 dB loss
per 100 feet. The cable is 20 feet long. The omnidirectional antenna that is being
used is 5.2 dBi gain. What is the EIRP?
Step 6 An AP transmitter emits 100 mW of power to an antenna directly connected to it.
The antenna that is being used is an 8.5 dBi patch antenna. What is the EIRP?
Step 7 You have been asked not to exceed 20 dBm EIRP on a 3.0 dBi omnidirectional
antenna. Which power level should you set your AP to knowing that you use 50 feet
of 6 dB/100 feet loss cable?
Step 8 You have been asked not to exceed 17 dBm EIRP on a 13.5 dBi Yagi antenna.
Which power level should you set your AP to knowing that you will use 150 feet of
6 dB/100 feet loss cable and that the cable connectors add an extra 0.5 dB loss?
Step 9 You have been asked not to exceed 17 dBm EIRP on a 5.2 patch antenna. How
much length of 2.8 dB loss per 100 feet cable should you use, knowing that the AP
power level is statically set to 40 mW?
Activity Verification
You have successfully completed this task when you attain this result:
You have found the right values as per the answer key.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 11/294
© 2008 Cisco Systems, Inc. Lab Guide 5
Task 3: Determine the Type of Antenna Represented, Its Use,and the Best Location for It
In this task, you will work with AP coverage patterns to determine the type of antenna and its
usage.
Activity Procedure
Complete these steps:
Step 1 Look at the following radiation pattern:
Step 2 Which type of antenna does it represent?
____________________________________________________________________
Step 3 What type of use is the antenna best suited for?
____________________________________________________________________
Step 4 What is the best place for the antenna to be mounted?
□ pillar
□ rooftop
□ wall
Step 5 Look at the following radiation pattern:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 12/294
6 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 6 Which type of antenna does it represent?
____________________________________________________________________
Step 7 What type of use is the antenna best suited for?
____________________________________________________________________
Step 8 What is the best place for the antenna to be mounted?
□ pillar□ rooftop
□ wall
Step 9 Look at the following radiation pattern:
Step 10 Which type of antenna does it represent?
____________________________________________________________________
Step 11 What type of use is the antenna best suited for?
____________________________________________________________________
Step 12 What is the best place for the antenna to be mounted?
□ mast
□ rooftop
□ wall
Activity Verification
You have successfully completed this task when you attain this result:
You have found the right values as per the answer key.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 13/294
© 2008 Cisco Systems, Inc. Lab Guide 7
Lab 1-2: Creating an Ad Hoc (IBSS) Network andAnalyzing the Communication
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will connect to the remote lab and create an ad hoc network between two
machines. You will then analyze the communication to understand what exactly is exchanged
between the laptops. After completing this activity, you will be able to meet these objectives:
Connect to the remote lab
Connect to your remote laptop
Verify the internal card settings
Create an ad hoc network and analyze the communication
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—6
Visual Objective for Lab 1-2: Creating anAd Hoc (IBSS) Network and Analyzingthe Communication
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
The remote desktop application
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 14/294
8 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
IP addresses assigned to your group
Lab map diagram
In the remote lab, a laptop with preinstalled sniffer and wireless card
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 15/294
© 2008 Cisco Systems, Inc. Lab Guide 9
Command List
The table describes the command that is used in this activity.
ping Command
Command Description
ping Tests Layer 3 reachability.
Job Aids
These job aids are available to help you complete the lab activity:
Remote laptop, already loaded with appropriate applications
Lab map IP addressing and naming convention
Lab Map—Groups 1 to 4
Group 1 Group 2 Group 3 Group 4
Remote laptop address 10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote laptop login student1 student2 student3 student4
Remote laptoppassword
cisco cisco cisco cisco
Ad hoc channel 1 1 6 6
Ad hoc SSID IUWNE-AD1 IUWNE-AD1 IUWNE-AD2 IUWNE-AD2
Ad hoc IP address 192.168.10.1 192.168.10.2 192.168.10.5 192.168.10.6
Ad hoc mask 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252
Lab Map—Groups 5 to 8
Group 5 Group 6 Group 7 Group 8
Remote laptop address 10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote laptop login student5 student6 student7 student8
Remote laptoppassword
cisco cisco cisco cisco
Ad hoc channel 11 11 1 1
Ad hoc SSID IUWNE-AD3 IUWNE-AD3 IUWNE-AD4 IUWNE-AD4
Ad hoc IP address 192.168.10.9 192.168.10.10 192.168.10.13 192.168.10.14
Ad hoc mask 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 16/294
10 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Task 1: Connect to the Remote Lab
In this task, you will use the Cisco VPN client to connect to the remote lab. You will install it,
import the profile containing the parameters required to access the remote lab, and test the
connection.
Activity Procedure
Complete these steps:
Step 1 Check to see if the Cisco VPN client is already installed on your PC: Choose Start >
Programs, and verify that the Cisco VPN client folder is present in the list of
available programs. If the folder is present, go directly to Step 4.
Step 2 If the folder is not present, ask your instructor to provide you with the Cisco VPN
client installer and the profile file (.pcf) required to access the remote lab.
Step 3 Double-click the Cisco Systems VPN Client Installer, and use the default values to
install the program. You may be asked to reboot your PC.
Step 4 Chose Start > Programs, go to the Cisco Systems VPN Client folder, and click the
VPN Client icon.
Step 5 Click Connection Entries, and choose Import.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 17/294
© 2008 Cisco Systems, Inc. Lab Guide 11
Step 6 Browse through the list and choose the .pcf file provided by your instructor. This
action should add a new entry in your Cisco VPN client window.
Step 7 Double-click the new entry in your Cisco VPN Client Window. Ask your instructor
to provide the credentials used in your class.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 18/294
12 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 8 The connection is established when a small lock appears in the bottom-right corner
of your screen.
Step 9 Verify that you were assigned an IP address in the VPN network: Choose Start >
Run, enter cmd, and click OK .
Step 10 In the MS-DOS window, enter ipconfig/all. Check to verify that an adapter called
Cisco VPN adapter appears in the list and that it has an IP address in the range
10.X0.1.0 (where X is your group number).
Step 11 In the command prompt window, enter ping 10.100.1.254 to ping the common
gateway. Verify that the ping is successful.
Activity VerificationYou have successfully completed this task when you attain these results:
You are connected to the VPN gateway.
Your VPN adapter has an IP address in the 10.X0.1.0/24 range.
You can ping one of the remote lab routers.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 19/294
© 2008 Cisco Systems, Inc. Lab Guide 13
Task 2: Connect to Your Remote Lab Wireless Laptop
In this task, you will use your VPN connection and the windows remote desktop service to
connect to your remote lab wireless laptop.
Activity Procedure
Complete these steps:
Step 1 Verify that your VPN connection to the remote lab is working properly.
Step 2 Connect to your remote laptop using the remote desktop: Choose Start > Programs
> Accessories > Communications > Remote Desktop Connection.
Note In each group, only one person at a time can be connected to the remote lab wireless
laptop. Choose with your partner who will be connecting.
Step 3 Use the lab map table shown in the Job Aids section to determine the destination IP
address that should be used to connect to your remote laptop. The address should be
in the format 10.X0.1.240, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 20/294
14 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 In the remote desktop connection pop-up window, in the computer field, enter the IP
address of your remote laptop, and click Connect.
Step 5 You will be presented with a new window where you are asked to enter the
credentials required to access your remote lab wireless laptop. Use the lab map table
to find out which username and password are used to connect to your group’s laptop.
They should be in the format username, studentX, (where X is your group number),
and password, cisco.
Step 6 Enter the credentials, and click OK . You should see the Windows desktop of your
remote laptop. You will use this same method of access for all remaining labs, so
keep this procedure available for reference for the subsequent labs.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 21/294
© 2008 Cisco Systems, Inc. Lab Guide 15
Step 7 Take some time to familiarize yourself with the remote desktop interface. It is a
remote desktop on top of your class PC desktop. The upper bar shows that you are in
the remote desktop interface and displays the IP address of the remote laptop. To
minimize the remote desktop window, click the Minimize button. The remote
desktop window is minimized to your class PC taskbar. You can then access other
applications in your class PC. Click the remote desktop program in the task bar to
restore it to its full size. Click the Maximize button to increase or the Restore down
button to reduce the size of the remote desktop application. To end the remote
desktop session, click the Close button in the remote desktop window. Neverdisconnect the VPN session without closing the remote desktop application first.
You would be disconnected from the remote laptop without any possibility of
connecting back.
Activity Verification
You have successfully completed this task when you attain these results:
You are connected to the remote lab wireless laptop.
You can see your remote lab wireless laptop IP address in a tab at the top of your screen.
You see your remote lab wireless laptop desktop and can interact with it.
Task 3: Verify the Internal Card Settings
In this task, you will document how your internal card reacts when being configured to connect
to an ad hoc network.
Activity Procedure
Complete these steps:
Step 1 From your remote lab wireless laptop, click Start > Connect To > Show All
Connections.
Step 2 Locate your wireless connection. It should be called Intel(R) Wireless WiFi Link
4965AGN.
Step 3 Right-click the wireless connection and choose Enable.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 22/294
16 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 Right-click Intel(R) Wireless WiFi link 4965AGN again and choose Properties.
Step 5 A new window opens. Click the Configure button located at the right of the
physical card description.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 23/294
© 2008 Cisco Systems, Inc. Lab Guide 17
Step 6 A new window appears. Click the Advanced tab. In the Property list, choose Ad
Hoc Channel, and then choose the right value for your group from the drop-down
menu next to 802.11b/g. Refer to the following table:
Pod Pod1 Pod2 Pod3 Pod4 Pod5 Pod6 Pod7 Pod8
Channel 1 1 6 6 11 11 1 1
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 24/294
18 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 7 Choose Ad Hoc Power Management, and verify that the default value is set to
Disabled. Choosing Disabled ensures that your card does not turn to the power save
mode while you are in ad hoc mode.
Step 8 You can see your wireless card MAC address at the bottom of the window.
Document it here.
Intel card MAC address:________________________________________________
Step 9 Click OK to validate your changes.
Activity Verification
You have successfully completed this task when you attain these results:
You have configured the channel used by your card to connect to ad hoc networks.
You have documented your internal wireless card MAC address.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 25/294
© 2008 Cisco Systems, Inc. Lab Guide 19
Task 4: Create an Ad Hoc Network and Analyze theCommunication
In this task, you will work with a peer group to analyze ad hoc networks. You need to
coordinate your action with the peer group to perform the steps at the same time so that both
laptops can capture the right frames. The following table shows peer groups:
Pod Peer Group
Pod 1 Pod 2
Pod 3 Pod 4
Pod 5 Pod 6
Pod 7 Pod 8
Activity Procedure
Complete these steps:
Step 1 Prepare your wireless connection. If you closed the Wireless Network Connection
Properties window, click Start > Connect to > Show all connections.
Step 2 A new window appears showing all your network adapters.
Step 3 Locate your wireless connection. It should be called Intel(R) Wireless WiFi Link
4965AGN.
Step 4 Right-click your Intel Wireless 4965AGN adapter and click Properties.
Step 5 To create an ad hoc network you must have a common subnet IP address, and create
a common SSID. You need the IP address because neither of the two laptops is
configured to act as a DHCP server. In the Wireless Network Connection Properties
window, click the General tab, choose Internet Protocol TCP/IP, and then click
Properties.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 26/294
20 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 6 In the General tab, click the Use the following IP address radio button.
Step 7 Enter the IP address assigned to your group for this lab. Refer to the lab map.
Step 8 In Subnet mask, enter 255.255.255.252.
Step 9 Leave the other fields empty, and click OK .
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 27/294
© 2008 Cisco Systems, Inc. Lab Guide 21
Step 10 In the Wireless Network Connection Properties window, click the Wireless
Networks tab.
Step 11 If any networks are in the Preferred networks list, click them one by one and click
the Remove button until the Preferred network list is empty.
Step 12 Click Add.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 28/294
22 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 A new window appears. In the Network name (SSID) field, enter your ad hoc SSID.
Refer to the lab map.
Step 14 Leave the default of Open in the Network Authentication field.
Step 15 For Data encryption field, choose Disabled.
Step 16 At the bottom of the page, check the This is a computer-to-computer (ad-hoc)
network; wireless access points are not used check box.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 29/294
© 2008 Cisco Systems, Inc. Lab Guide 23
Step 17 Click OK to activate the profile.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 30/294
24 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 18 Click OK to close the Wireless Network Connection Properties window and initiate
the connection.
Step 19 After a few seconds, your Intel wireless card should show the status as Connected.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 31/294
© 2008 Cisco Systems, Inc. Lab Guide 25
Step 20 Right-click your wireless connection, and choose Status.
Step 21 You should see that you are connected to the ad hoc network you created.
Step 22 Open a command prompt. Choose Start > All programs > Accessories >
Command prompt.
Step 23 Try to ping the peer group IP address. The command should be in the form of ping
192.168.10.Z, where Z is the peer group host address. The ping should be
successful.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 32/294
26 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 24 You have now confirmed that the peer-to-peer connection worked. The next step is
to sniff the connection process and analyze it. Right-click your Intel 4965 card and
choose Disable.
Step 25 To start Wireshark, click Start > All Programs > Wireshark > Wireshark .
Step 26 Choose the Airpcap passive interface. In Wireshark, click Capture and choose
Interfaces.
Step 27 In the Interfaces list, you should see Airpcap USB wireless capture adapter. Click
Options at the right end of the Airpcap USB wireless capture adapter line.
Step 28 A new window appears. Verify that Capture packets in promiscuous mode is
checked.
Step 29 Click Wireless Settings.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 33/294
© 2008 Cisco Systems, Inc. Lab Guide 27
Step 30 In the Channel field, choose the ad hoc channel used by your group. Refer to the lab
map.
Step 31 Verify that the Capture Type is set to 802.11 + Radio. Click OK .
Step 32 You should filter the capture to only display frames coming from and to your Intel
adapter. In the Capture Filter field, enter ether host followed by the MAC address
of your Intel card documented in Step 8 of the previous task 1. For example: ether
host 00:0b:85:72:17:10.
1 The Capture Filter menu presents a drop-down list from which some classical filters can be selected directly. The ether
host filter is not in the list, and must be entered manually.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 34/294
28 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 33 Make sure that your partner group is at the same step. Then, in the bottom section of
the Wireshark capture option window, click Start to launch the capture.
Step 34 In the task bar, click your network card properties.
Step 35 Locate your wireless connection. You should see Intel(R) Wireless WiFi link
4965AGN.
Step 36 Right-click the connection and choose Enable.
Step 37 After a few seconds, your Intel wireless card should show the status as Connected.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 35/294
© 2008 Cisco Systems, Inc. Lab Guide 29
Step 38 Right-click your wireless connection, and choose Status.
Step 39 You should see that you are connected to the ad hoc network you created.
Step 40 Open a command prompt window. Click Start > All programs > Accessories >
Command prompt.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 36/294
30 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 41 Try to ping the peer group IP address. The command should be in the form ping
192.168.10.Z, where Z is the peer group host address. The ping should be
successful.
Step 42 From the Wireshark window, stop the capture. Click the Stop capture icon.
Step 43 Try to analyze the capture with your partner group and answer the following
questions: What is the most common frame type seen in the capture? Pings? Probe
requests/ probe answers? Beacons?
_________________________________________________________________
Step 44 Do you see any data packets? __________________________________________
Step 45 Click one beacon. Expand the Radiotap section. What is the peak frequency of the
channel used? The channel you defined for your network? Another one?
__________________________________________________________________
Step 46 At what speed (data rate) was it sent? The lowest possible speed? The fastest? An
intermediate speed?
__________________________________________________________________
Step 47 How often, on average, is the beacon sent? (Intervals between frames in the uppersection of the program window are given in seconds. You can also expand the IEEE
802.11 wireless management frame section and the Fixed Parameters subsection.)
Every second? Every tenth of a second? One hundred times a second?
___________________________________________________________________
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 37/294
© 2008 Cisco Systems, Inc. Lab Guide 31
Step 48 Expand the Tagged parameters section of the IEEE 802.11 wireless management
frame section. What are the supported rates? All the 802.11b rates? Only some of
them? More than the 802.11b rates?
___________________________________________________________________
Step 49 From these supported rates, what type of network protocol do you think is used?
802.11b? 802.11g? 802.11b/g? 802.11a?
___________________________________________________________________
Step 50 In the same Tagged parameters section of the IEEE 802.11 wireless LAN
management frame section, which flag indicates that it is an ad hoc network? An “ad
hoc” field? IBSS? BSSID?
____________________________________________________________________
Step 51 Does your card support WMM/WME? Yes / No____________________________
Step 52 Try to find frames that were not sent at the lowest speed. Why were they sent faster?
Because only beacon frames are sent slowly? To optimize the transmission to the
recipient?
____________________________________________________________________
Step 53 Close the Wireshark software. Save the capture on your desktop for future reference.
Give it the name Ad-hoc1.
Step 54 From the Wireless Network Connection Properties window, right-click your
wireless connection and choose Properties.
Step 55 Click the General tab, choose Internet Protocol TCP/IP, and click Properties.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 38/294
32 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 56 Click the Obtain an IP address automatically radio button.
Step 57 Click the Obtain DNS server address automatically radio button.
Step 58 Click OK to validate.
Step 59 Close the Wireless Network Connection Properties window.
Step 60 Right-click your Intel 4965 card and choose Disable.
Step 61 Close the Network Connections window.
Step 62 Disconnect from your remote laptop.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 39/294
© 2008 Cisco Systems, Inc. Lab Guide 33
Activity Verification
You have successfully completed this task when you attain these results:
You could create an ad hoc connection.
You could connect to your peer group.
You could capture some traffic and analyze it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 40/294
34 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 2-1: Configuring a Cisco 2106 WLCComplete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will connect to your Cisco 2106 WLC through the serial connection and
configure it for the first time. After completing this activity, you will be able to meet theseobjectives:
Configure a Cisco 2106 WLC using the CLI setup wizard
Connect to your configured controller using the web interface
Allow Telnet connections to your controller
Allow open authentication access through your WLAN
Create a DHCP scope to support your local clients
Verify the presence of your AP
Visual ObjectiveThe figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—7
Visual Objective for Lab 2-1: Configuringa Cisco 2106 WLC
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 41/294
© 2008 Cisco Systems, Inc. Lab Guide 35
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 WLC
Job Aids
These job aids are available to help you complete the lab activity:
IP addresses assigned to your group
Lab table
Lab Table—IP Addressing, Naming, and Information: Pods 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Remote laptop address 10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote laptop login student1 student2 student3 student4
Remote laptoppassword
cisco cisco cisco cisco
Controller system name 2106-1 2106-2 2106-3 2106-4
Administrative user admin1 admin2 admin3 admin4
Administrativepassword
cisco cisco cisco cisco
Management interfaceIP address
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
AP manager IP address 10.10.1.11 10.20.1.11 10.30.1.11 10.40.1.11
AP Manager DHCPserver
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name pod1 pod2 pod3 pod4
Enable symmetrictunneling
No No No No
Network name IUWNE-1 IUWNE-2 IUWNE-3 IUWNE-4
Allow static IPaddresses
Yes Yes Yes Yes
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 42/294
36 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 1 Pod 2 Pod 3 Pod 4
Configure NTP No No No No
Configure time No No No No
DHCP scope name Scope 1-1 Scope 2-1 Scope 3-1 Scope 4-1
DHCP start address 10.10.1.21 10.20.1.21 10.30.1.21 10.40.1.21
DHCP end address 10.10.1.25 10.20.1.25 10.30.1.25 10.40.1.25
DHCP Network 10.10.1.0 10.20.1.0 10.30.1.0 10.40.1.0
DHCP Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP lease time 14400 14400 14400 14400
DHCP default router 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Netbios Srvr 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP status Enabled Enabled Enabled Enabled
Lab Table—IP Addressing, Naming, and Information: Pods 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Remote laptop address 10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote laptop login student5 student6 student7 student8
Remote laptoppassword
cisco cisco cisco cisco
Controller system name 2106-5 2106-6 2106-7 2106-8
Administrative user admin5 admin6 admin7 admin8
Administrativepassword
cisco cisco cisco cisco
Management interfaceIP address
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
AP manager IP address 10.50.1.11 10.60.1.11 10.70.1.11 10.80.1.11
AP Manager DHCPserver
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name pod5 pod6 pod7 pod8
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 43/294
© 2008 Cisco Systems, Inc. Lab Guide 37
Pod 5 Pod 6 Pod 7 Pod 8
Enable symmetrictunneling
No No No No
Network name IUWNE-5 IUWNE-6 IUWNE-7 IUWNE-8
Allow static IPaddresses
Yes Yes Yes Yes
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
Configure NTP No No No No
Configure time No No No No
DHCP scope name Scope 5-1 Scope 6-1 Scope 7-1 Scope 8-1
DHCP start address 10.50.1.21 10.60.1.21 10.70.1.21 10.80.1.21
DHCP end address 10.50.1.25 10.60.1.25 10.70.1.25 10.80.1.25
DHCP Network 10.50.1.0 10.60.1.0 10.70.1.0 10.80.1.0
DHCP Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP lease time 14400 14400 14400 14400
DHCP default router 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Netbios Srvr 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP status Enabled Enabled Enabled Enabled
Task 1: Connect to the WLAN Controller Serial Interface andConfigure Your Controller for the First Time
In this task, you will connect to your remote WLAN controller serial interface using the remote
lab terminal server, and you will go through the initial CLI setup for your respective wireless
LAN controller.
Activity Procedure
Complete these steps:
Step 1 From your class PC, start the VPN client and double-click the remote lab connection
to activate it.
Step 2 From your class PC, choose Start > Programs > Accessories > Command
Prompt.
Step 3 At the command prompt, enter telnet followed by the IP address of the remote
terminal server (10.1.1.252 or other if provided by your instructor).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 44/294
38 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 Enter the credentials (username student, password cisco or other if provided by your
instructor) to access the terminal server.
Step 5 After successful login you will be asked to select the correct pod (Podx), where x is
your pod number.
Step 6 You will see a new menu, allowing you to connect to several devices in your group.
Take some time to familiarize yourself with the different options that are available.
Step 7 You now need to connect to the Cisco 2106 WLC, which is WLC2106, or Item 2.
Notice that once you are connected to your controller, you can go back to the devicemenu at any time by using the usual escape sequence CTRL + SHIFT + 6 then X.
Selecting 2 from the device menu should bring you to the controller’s serial interface
which, since the controller is not configured yet, should be the initial CLI setup
wizard.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 45/294
© 2008 Cisco Systems, Inc. Lab Guide 39
Note VERY IMPORTANT: Verify that the first question you see is System Name. When enabling
the HyperTerminal session to your controller, you may have pressed Enter to test the
connection, and the setting you had at that time may have become the default answer to the
first questions. If that has become the default, and if the first question you see is not System
Name, enter “-” (minus sign) and press Enter ; this action will take you back one question.
Repeat the procedure as many times as needed to get back to the System Name question.
Step 8 Choose the parameters for your pod (X is the number of your pod). Username is
adminX, where X is your pod number, and the password is cisco. Additional
parameters are given below and summarized in the table “Lab Table—IP
Addressing, Naming, and Information: Pods X to Y.”
System Name [Cisco_34:26:a3]: 2106-1
Enter Administrative User Name (24 characters max): admin1Enter Administrative Password (24 characters max): *******
Re-enter Administrative Password : *******
Management Interface IP Address: 10.X0.1.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.X0.1.254
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1 to 8]: 1
Note The port number is important because it must match the connection leading from the WLAN
controller to the network infrastructure.
Management Interface DHCP Server IP Address: 10.X0.1.10
Note Later your controller will be configured as a DHCP server. When using an internal WLAN
controller DHCP server, the IP address needs to match the management interface.
Therefore the DHCP server and management address will be the same and point to itself for
this lab. The remaining DHCP configuration will be completed later via the GUI.
AP Manager Interface IP Address: 10.X0.1.11
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 46/294
40 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Note AP Manager is on the same Management subnet using a different host value.
AP Manager Interface DHCP Server (10.X0.1.10): 10.X0.1.10Virtual Gateway IP Address: 1.1.1.1
Note The Virtual Gateway provides Layer 3 features such as the DHCP relay to wireless clients.
This value must match among mobility groups.
Mobility/RF Group Name: PodX
Note Mobility/RF Group allows multiple wireless controllers to be clustered into one logical
controller group to allow dynamic RF adjustments and roaming for wireless clients.
Enable Symmetric Mobility Tunneling [yes][NO]: noNetwork Name (SSID): IUWNE-1
Allow Static IP Addresses [YES][no]: yesConfigure a RADIUS Server now? [YES][no]: no
Note By default one WLAN SSID is configured on the WLC already and it is using server-based
authentication. If you skip RADIUS configuration during the startup wizard, the result is a
preconfigured SSID using 802.1x EAP requiring a RADIUS server; however, no server isdefined. This choice is to prevent open authentication security vulnerabilities.
Enter Country Code list (enter 'help' for a list of countries)[US]: USEnable 802.11b Network [YES][no]: yesEnable 802.11a Network [YES][no]: yesEnable 802.11g Network [YES][no]: yes
Note On your controller, you enable all radios, 802.11b, 802.11g and 802.11a. The AP provided
for this controller will only have one 802.11a radio. You still allow all protocols, which means
that if an 802.11b/g AP were to join the controller, its radios would be enabled.
Enable Auto-RF [YES][no]: yesConfigure a NTP server now? [YES][no]: noConfigure the system time now? [YES][no]: noWarning! No AP will come up unless the time is set.Please see documentation for more details.
Note You do not configure the time on this controller. In a real deployment, you would configure
the time during the initial configuration of a controller. In this remote lab scenario, the time
has already been configured and is consistent with the time of the other devices in the lab.
Configuration correct? If yes, system will save it and reset.[yes][NO]:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 47/294
© 2008 Cisco Systems, Inc. Lab Guide 41
Step 9 Read the warning. Take some time to review your configuration to make sure it
matches the lab map. Then answer yes to the “Configuration correct?”
question. The controller will save the configuration and reboot directly.
Step 10 Wait for the controller to reboot completely, until you are prompted for a username.
Enter your administrative username, and then press Enter.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 48/294
42 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 11 Enter your password, and then press Enter. Verify that you get the prompt
(Cisco Controller)>.
Step 12 Verify your configuration by entering: show sysinfo. The display should be similar
to the one displayed here, with the values that are relevant to your pod.
Activity Verification
You have successfully completed this task when you attain these results:
You have a CLI session open to your controller.
Your initial setup is complete and you see the (Cisco Controller)> prompt.
Task 2: Connect to Your Controller
In this task, you will connect to your controller’s web GUI. Because your controller now has a
basic configuration, you can connect to its Management Interface IP address through the VPN
tunnel without relying on the serial connection.
Activity Procedure
Complete these steps:
Step 1 Check that you are connected through the VPN tunnel to the remote lab network.
Step 2 If your remote desktop connection is still open, close it.
Note Now that the controller has a web interface, all members of the group can connect
simultaneously to the controller. Use this possibility to explore the controller interface, but
keep in mind that it is preferable to avoid having two people working on the same feature to
avoid any confusion in the changes that could be made.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 49/294
© 2008 Cisco Systems, Inc. Lab Guide 43
Step 3 From your class PC, open a browser session to your controller Management
Interface IP address. Use https. You may have to disable your local proxy to access
the web interface through the VPN tunnel.
Step 4 Click Yes to accept the self-signed certificate sent by the controller.
Step 5 Click the login button.
Step 6 Enter the administrative username (adminX, where X = Pod number) you defined in
the previous lab, and cisco as the password.
Step 7 You should see the controller Monitor Summary page.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 50/294
44 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Activity Verification
You have successfully completed this task when you attain these results:
You are successfully connected to your controller web interface and see the Monitor
Summary page.
Task 3: Allow Limited Remote Management
Through the terminal server, you have a serial connection to your controller. In this task, you
will allow Telnet connections so that all members of your group can access the CLI, which will
be used mainly for debugging purposes.
Note This is a lab environment. In a production environment, you might want to consider your
company’s security strategy before allowing Telnet connections.
Activity Procedure
Complete these steps:
Step 1 From the controller’s web interface, in the upper menu, navigate to Management >
Telnet-SSH.
Step 2 Notice that SSH sessions are already allowed. From the drop-down menu for Allow
New Telnet sessions, choose Yes. Notice that Telnet sessions are limited to five
minutes.
Step 3 Click Apply in the upper-right corner. You are now set up to allow Telnet sessions
and SSH sessions.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 51/294
© 2008 Cisco Systems, Inc. Lab Guide 45
Step 4 Test the connectivity: From your class PC choose Start > Programs > Accessories
> Command Prompt.
Step 5 Enter telnet followed by the IP address of your controller service interface. The
entry should be in the format telnet 10.X0.1.10, where X is your Pod number.
Step 6 When prompted, enter the administrative username (adminX, where X = Pod
number) you defined in the previous lab, and cisco as the password. Press Enter.
Step 7 You should get the prompt (Cisco Controller)>.
Activity Verification
You have successfully completed this task when you attain these results:
You can successfully connect to your controller using Telnet.
Task 4: Allow Open Authentication
In this task, you will modify the WLAN created during the initial setup, so that openauthentication and associations are allowed.
Note This is a lab environment. In a production environment, you might want to consider your
company’s security strategy before allowing open authentication WLANs into your network.
Activity Procedure
Complete these steps:
Step 1 From your controller web interface, in the upper menu, navigate to WLAN.
Step 2 Look at the profile you created during the initial setup, by default it should use
WPA2/802.1x for authentication.
Step 3 Click your profile, IUWNE-X, where X is your Pod number, to edit it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 52/294
46 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 Make sure that, in the General tab, your WLAN status is set to Enable. Notice that
the SSID is broadcast by default.
Step 5 Click the Security tab.
Step 6 In the Layer 2 Security drop-down list, choose None to allow open authentication.
Step 7 Click Apply in the upper-right corner to validate the changes, read the warning, and
click OK to continue. Your security policies field should now be empty, which
means that you allow open authentication to your WLAN.
Activity Verification
You have successfully completed this task when you attain this result:
You successfully modified your WLAN to allow open authentication.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 53/294
© 2008 Cisco Systems, Inc. Lab Guide 47
Task 5: Create a DHCP Scope
In this task, you will create a DHCP scope to provide IP addresses to your wireless clients.
Note This is a lab environment. In a production environment, you might have an external DHCP
server for all your clients. In such a case, the management Interface DHCP server IP
address and the AP Manager DHCP server IP address would be the network DHCP server
IP address instead of being the IP address of the controller itself. This limited internal DHCP
server is recommended for 10 or fewer APs and their respective clients. DHCP option 43 is
not supported.
Activity Procedure
Complete these steps:
Step 1 From your controller web interface, in the upper menu, navigate to Controller.
Step 2 In the left menu click Internal DHCP server.
Step 3 A new screen appears. Click New to create a new scope.
Step 4 In the Scope Name field, enter Scope X-1, where X is your Pod number.
Step 5 Click Apply to create the scope.
Step 6 A new window appears, showing your new scope in the list. It is disabled by default
and does not have any range. Click its name to edit its settings.
Step 7 A new window appears. In the Pool Start Address field, enter the parameters listed
in the table, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 54/294
48 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Internal DHCP Server Parameters
Parameter Value
Pool Start Address 10.X0.1.21
Pool End Address 10.X0.1.25
Network 10.X0.1.0
Netmask 255.255.255.0
Lease time 14400
Default Router 10.X0.1.254
DNS Server 10.100.1.1
Netbios Name Server 10.100.1.1
Status Enabled
Step 8 Review your scope to check the values entered, and then click Apply to create the
scope.
Step 9 Your new scope now appears in the list, with a status of Enabled.
Step 10 Save your configuration. In the upper menu, click Save configuration. Click OK to
confirm that you want to save the configuration.
Activity Verification
You have successfully completed this task when you attain this result:
You have successfully created a scope for your clients that are on your controller.
Task 6: Look for APs
In this task, you will look for the APs on the controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 55/294
© 2008 Cisco Systems, Inc. Lab Guide 49
Activity Procedure
Complete these steps:
Step 1 From your controller web interface, in the upper menu, navigate to Monitor. The
Access Point Summary should not show any AP. One AP is allocated to your Pod.
You were told that the AP should automatically join the controller. It clearly does
not. The source of this issue can be in the AP configuration (standalone mode) or, if
the AP is in LWAPP mode, in the dialogue process between the AP and the
controller
Step 2 First check the controller. Navigate to Management.
Step 3 In the left menu, click SNMP.
Step 4 In the submenu, choose Trap Logs.
AP events are usually mentioned in the trap logs, but you should not see anything relevant to an
AP failure here. This means that the AP did not fail to associate. Two possibilities remain: the
AP cannot reach the controller, or there is something wrong on the AP. Actually, the AP
allocated to your pod should still be in standalone mode. In the next lab, you will convert the
autonomous AP to LWAPP and manage it with the tools used in this task to find whether the
AP has joined your controller properly.
Note Because the controller does not have an AP, the WLAN you created will not be available for
any client. The AP is needed for the client to see the WLANs configured on the controller. Ifyou are unsure about this point, connect to your remote laptop and try to detect the WLAN
created on your controller, IUWNE-X. You should not be able to see it.
Activity Verification
You have successfully completed this task when you attain this result:
You have checked for the presence of your AP in the Management menu and on the CLI,
but could not find it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 56/294
50 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 2-2: Configuring and Migrating aStandalone AP
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will give your autonomous AP a basic configuration and test it. You will
then migrate this AP to LWAPP. After completing this activity, you will be able to meet these
objectives:
Check your autonomous AP parameters
Configure your autonomous AP via its web interface
Migrate your autonomous AP to LWAPP
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—8
Visual Objective for Lab 2-2: Configuringand Migrating a Standalone AP
Required ResourcesThese are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a standalone Cisco Aironet 1252AG AP
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 57/294
© 2008 Cisco Systems, Inc. Lab Guide 51
Job Aids
These job aids are available to help you complete the lab activity:
In the remote lab, a folder with the required files
Lab map
Lab Table—IP Addressing, Naming, and Information: Pods 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Remote laptop address 10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote laptop login student1 student2 student3 student4
Remote laptoppassword
cisco cisco cisco cisco
AP IP address 10.10.1.50 10.20.1.50 10.30.1.50 10.40.1.50
AP IP mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
AP SNMP RWcommunity
private1 private2 private3 private4
Autonomous SSID IUWNE-11 IUWNE-21 IUWNE-31 IUWNE-41
LWAPP channel 36 40 44 48
Lab Table—IP Addressing, Naming, and Information: Pods 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Remote laptop address 10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote laptop login student5 student6 student7 student8
Remote laptoppassword
cisco cisco cisco cisco
AP IP address 10.50.1.50 10.60.1.50 10.70.1.50 10.80.1.50
AP IP mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
AP SNMP RWcommunity
private5 private6 private7 private8
Autonomous SSID IUWNE-51 IUWNE-61 IUWNE-71 IUWNE-81
LWAPP channel 52 56 60 64
Task 1: Check the AP Parameters
In this task, you will connect to your AP and verify that it is in standalone mode. You will then
check its IP address.
Activity Procedure
Complete these steps:
Step 1 Connect to your Cisco Aironet 1252 AP. From your class PC, choose Start >
Programs > Accessories > Command Prompt.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 58/294
52 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 2 At the command prompt, enter telnet followed by the IP address of the remote
terminal server (10.1.1.252 or other if provided by your instructor).
Step 3 Enter the credentials (username student, password cisco or other if provided by your
instructor) to access the terminal server.
Step 4 After successful login you will be asked to choose the correct pod (Podx), where x
is your pod number.
Step 5 You will see a new menu, allowing you to connect to several devices in your group.
Take some time to familiarize yourself with the different options that are available.
Step 6 Choose the device you want to connect to, AP1252, Item 4.
Step 7 You should be able to see the AP prompt. You may have to press Enter to activate
the CLI.
Step 8 Enter enable to access privileged mode. The password is Cisco (with Capital C).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 59/294
© 2008 Cisco Systems, Inc. Lab Guide 53
Step 9 Enter show ip interface brief to check the IP addresses that are present on the AP.
Step 10 You should see that the IP address is assigned to the BVI interface, which is anindication that the AP is back to standalone mode. All the usual Cisco IOS
commands, such as configure terminal, are available.
Note The Bridge Virtual Interface, or BVI, is an IP address common to radio interfaces and the
Ethernet interface. Because it is not assigned to a specific physical interface but is common
to several of them, it is considered virtual, and is a bridge between interfaces.
Step 11 Start by configuring your CLI interface for better ease of use. Enter configure
terminal to enter configuration mode.
Step 12 Enter no ip domain-lookup. Using this command avoids a situation in which, if youmistype a command, the switch tries to resolve what you entered as a host name.
Step 13 The system returns status messages to the console. This feature is sometimes
disturbing if you are entering an instruction. You can ask the system to redisplay
what you were entering if a system message is to be sent to the console and
interrupts what you were doing. To use this command, go to the console by typing
line console 0.
Step 14 Then enter logging synchronous. From then on, when a message is sent to the
console, what you were typing will be displayed again for you to continue typing
exactly from where you were interrupted by the message.
Step 15 Configure your AP with a static IP address. You want to configure the first andunique BVI interface. Enter interface BVI 1.
Step 16 Enter your AP IP address. It should be in the format 10.X0.1.50, where X is your
group number. Enter ip address, followed by your AP’s IP address and mask.
Step 17 Enter end to return to privileged mode.
Step 18 Enter copy running-config startup-config to save the configuration.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 60/294
54 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 19 Verify that your AP is in range of your controller. Try to ping your controller. Enter
ping followed by your controller Management Interface IP address. It should be in
the format ping 10.X0.1.10 where X is your pod number. The ping should be
successful.
Step 20 Reduce the window but do not close it.
Activity Verification
You have successfully completed this task when you attain these results:
You have made sure that your AP is in standalone mode, and have its IP address statically
defined.
The AP is ready to be migrated to LWAPP.
Task 2: Configure Your Standalone AP
In this task, you will provide basic configuration to your AP in standalone mode and verify that
the configuration is correct. This task is not necessary for the migration process itself. It aims at
training the running of basic configuration tasks on an autonomous AP, and checks to see, once
the migration is complete, which parameters were kept and which were removed during the
upgrade.
Note In a real environment, you would migrate the AP directly, knowing in advance which
parameters would be left.
Activity Procedure
Complete these steps:
Step 1 Make sure that you have a VPN connection to the remote lab.
Step 2 From your class PC, open a browser HTTP session to your AP address, which was
configured from during the previous task and should be 10.X0.1.50 where X = pod
number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 61/294
© 2008 Cisco Systems, Inc. Lab Guide 55
Step 3 Use HTTP, not HTTPS. The username is blank; the password is Cisco (with a
capital C).
Step 4 You should be at the home page of your AP.
Step 5 In the left menu, click Express set-up.
Step 6 In the Hostname field, enter your AP name in the form 1252-X where X is your
group number.
Step 7 Leave the IP address assignment that was assigned during the previous task of
manual configuration. Do not change the values that are already present.
Note In this configuration, no gateway information is entered. In a production environment, a
gateway would be needed for the AP to be able to communicate with devices outside of its
subnet. In this lab environment, all the devices that the AP needs to connect to are inside its
own VLAN and subnet, so the gateway configuration can be ignored.
Step 8 In the SNMP Community field, enter privateX, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 62/294
56 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 9 Click the Read-Write radio button to make sure that the AP can be managed usingthis SNMP community.
Step 10 At the bottom right of the page, click Apply to validate the changes. Read the
warning and click OK to continue.
Step 11 In the left menu, click Express Security.
Step 12 In the SSID field, enter IUWNE-X1, where X is your pod number.
Step 13 Click Broadcast SSID in Beacon.
Step 14 In the VLAN section, click No VLAN because you do not want to tag frames
coming from this simple SSID.
Step 15 In the security section, choose No Security for an open authentication-based SSID,
without any encryption.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 63/294
© 2008 Cisco Systems, Inc. Lab Guide 57
Step 16 At the bottom-right corner of the Express Security Set Up window, click Apply to
validate the changes. Read the warning and click OK to continue.
Step 17 You now need to enable your radio to allow this SSID to be sent out. In the left
menu, click Network Interfaces, and then click the Radio1-802.11N5Ghz tab.
Step 18 The radio’s status is set to Disabled, which is the default. Click the Settings tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 64/294
58 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 19 In the Enable Radio options, click Enable.
Step 20 Click Apply at the bottom right of the page to validate the change.
Step 21 In the left menu, click Home.
Step 22 In the Network Interfaces section of the Home: Summary Status, you should see
your radio Interface status at green, with a green “up” arrow. In the event log, you
should see that the line protocol on interface Dot11Radio1 was changed to “up.”
Step 23 Your AP is ready to provide connections. The configuration entered from the web
interface is saved automatically. Close the AP web browser.
Step 24 Use your local class PC to initiate a remote connection to the remote wireless laptopto verify that it can see this new broadcast SSID being broadcasted by the standalone
AP. Choose Start > Programs > Accessories > Communications > Remote
Desktop Connection.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 65/294
© 2008 Cisco Systems, Inc. Lab Guide 59
Note In each pod, only one connection at a time is possible to the remote laptop. Choose with
your partner who will be connecting.
Step 25 Use the lab table in the job aids to verify what IP address you should use to connect
to your remote laptop. It should be in the format 10.X0.1.240, where X is your pod
number.
Step 26 In the Remote Desktop Connection window, in the Computer field, enter the IPaddress of your remote laptop, and click cConnect.
Step 27 A new window appears where you are asked to enter the credentials required to
access your remote laptop. Use the lab table in the job aids to verify which username
and password are used to connect to your group laptop. They should be in the format
studentX/cisco, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 66/294
60 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 28 Enter the credentials and click OK . You should see the Windows desktop of your
remote laptop.
Step 29 From your remote lab wireless laptop, click Start > Connect To > Show All
Connections.
Step 30 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 31 Right-click it and choose Enable.
Step 32 Right-click the Intel Wireless network icon.
Step 33 Click View Available Wireless Networks.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 67/294
© 2008 Cisco Systems, Inc. Lab Guide 61
Step 34 You should see the WLAN you just created. Click it, and click Connect.
Step 35 Read the warning. In this lab environment, it is acceptable to connect to an
unsecured network. Click Connect Anyway to continue.
Step 36 After a few seconds, the connection status should change to Waiting for the network
to be ready.
Note Your AP does not provide any IP address. The state Waiting for the network to be ready
indicates that the Layer 2 connection (authentication and association) was successful, and
that the client is waiting for an IP address to be assigned via DHCP. Because there is no
DHCP server, this step fails. This failure is expected. Your goal at this stage is simply to
verify the Layer 2 association, not to get full connectivity to the network.
Step 37 When the connection displays “Limited or No Connectivity,” click the Limited or
No Connectivity message. A new window appears.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 68/294
62 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 38 Click Details to check the connectivity limitation. Verify that you obtained an
address in the Automatic Private IP addressing range (APIPA), 169.254.0.0, which
shows that no DHCP server could be found2.
Step 39 Your WLAN works properly for the purpose of the connection verification. Close
the Network Connection Details window. Close the Wireless Network
Connection Status window.
Step 40 You do not need to stay connected to this WLAN anymore. Click it and choose
Disconnect.
2 If you obtain an address in the range 192.168.1.0/24, verify that your card is set to DHCP and ask your instructor to
shut the port to your Cisco 526 controller on the main switch.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 69/294
© 2008 Cisco Systems, Inc. Lab Guide 63
Step 41 Read the warning and click OK to continue.
Step 42 In the Wireless Network Connection window, right-click your Intel card icon and
choose Disable.
Step 43 Close the Wireless Network Connection window. Do not close your remote desktop
connection.
Activity Verification
You have successfully completed this task when you attain these results:
Your AP has a configured SSID.
You could associate to it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 70/294
64 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Task 3: Convert Your Standalone AP to LWAPP
In this task, you will convert your standalone AP to LWAPP mode. Converting to LWAPP
implies providing a new LWAPP able image to the AP. You can use a software utility to do
this, as shown in the course, or directly use the AP CLI. You will try the second method here.
Activity Procedure
Complete these steps:
Step 1 On your remote desktop locate a folder called IOS-TO-LWAPP. If you cannot
locate it, check with your instructor.
Step 2 Inside the folder, locate a file called c1250-rcvk9w8-tar.124-10b.JA. This file is the
LWAPP-enabled image that is for your AP.
Step 3 Still on your remote laptop desktop, locate the tftpd32 icon. Double-click it to start
the program.
Step 4 In the Current Directory field, browse to choose the IOS-TO-LWAPP folder.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 71/294
© 2008 Cisco Systems, Inc. Lab Guide 65
Step 5 Click OK to open the folder.
Step 6 In Server interface, choose your wired connection IP address. It should be in the
form 10.X0.1.240, where X is your pod number.
Step 7 You now need to connect to your AP serial port to enter the required commands to
upgrade it to LWAPP. Your serial connection should be still open at this point and
connected to your AP. If it is closed, use steps 1 to 7 of Task 1 to connect to your
AP CLI.
Step 8 Enter enable to get to privileged mode. The password is Cisco (with a capital C).
Step 9 Verify that you can ping your remote laptop. Enter ping followed by your remote
laptop IP address. It should be in the form ping 10.X0.1.240, where X is your pod
number. The ping should be successful.
Step 10 Enter the command to download the new image file containing the LWAPP code.
Enter archive download-sw /force-reload /overwrite tftp://10.X0.1.240/c1250-
rcvk9w8-tar.10bJA.tar, where X is your pod number. The /force-reload option
asks for a reboot after the new image download, the /overwrite option asks to replace
the original code with the new one.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 72/294
66 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 11 In the background, your TFTP server starts sending the file to the AP. Monitor the
progression, and verify that the file has been completely sent.
Step 12 Once the AP has upgraded its code, it should reboot and load the new code. You can
recognize the AP by its name, c1250-rcvk9w8.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 73/294
© 2008 Cisco Systems, Inc. Lab Guide 67
Step 13 The AP tries to join a controller, and find yours. It moves to a join state. Upon
joining the controller, the AP needs to download the same code version as the
version on the controller. Watch the download sequence, and see the AP reboot.
Step 14 At the end of the second reboot, the AP then tries to find a controller using the DNS
server, looking for CISCO-LWAPP-CONTROLLER host. In this lab, the DNSserver does not provide the controller address, so this process fails. The AP then
broadcasts in the subnet, discovers your controller, and goes to the join phase. You
can see that it then moves to CFG (configuration) phase and receives its
configuration from the controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 74/294
68 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 15 Press Enter. The AP should prompt you for a user name and password. The
username is Cisco and the password is Cisco. If these credentials are not valid, your
AP might have a remaining configuration from a previous class. In such a case, use
root as the username and Public1! as the password.
Step 16 The AP prompt should appear. Its name is still maintained. Enter enable to go to
privileged exec mode. The password is Cisco. If this password is invalid, your AP
might have a remaining configuration from a previous class. In such a case usePublic1! as the password.
Step 17 Enter the command: show ip interface brief to check the AP’s IP address.
Step 18 The IP address is now connected to the Gigabit Ethernet interface, and not to the
BVI.
Step 19 Enter show running-config. Browse through the configuration file. You should not
be able to see any information relevant to a WLAN. Apart from the main
configuration, the AP configuration now shows a long certificate, used to encrypt
the exchanges with the controller.
Step 20 Try to enter configure terminal. The command is not available anymore.
Step 21 Try to open a web session to your AP; it should fail. The AP is not reachable
anymore; only some limited commands are supported on the CLI.
Step 22 Close the command prompt. Close the TFTP server.
Step 23 Reduce your remote desktop window, but do not close it.
Step 24 Connect to your controller. From your class PC, open an HTTPS session to
10.X0.1.10, where X is your group number.
Step 25 You controller’s initial screen should appear. Click Login. Enter your credentials
and click OK . You should be on your controller monitor page.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 75/294
© 2008 Cisco Systems, Inc. Lab Guide 69
Step 26 From this page, you should see that your migrated AP is now present. Its b/g/n radio
is set to 0 because it only has an 802.11a/n radio.
Step 27 From the upper menu, click Wireless. Your AP appears. You can see that it has kept
its name.
Step 28 Click the AP name to check its settings. No other apparent configuration should be
seen.
Step 29 For stability, enter your controller name in the Primary Controller Name field. It
should be in the form 2106-X, where X is your pod number 3.
Step 30 The AP does not need to have a static IP anymore. In the right side of the screen,
uncheck Static IP.
Note Your controller has an integrated DHCP server. This server provides IP addresses to
wireless clients and LWAPP APs. As long as your AP was in standalone mode, it could not
receive an IP address from the controller. Now that it is in LWAPP mode, it will receive an IP
address from the controller at each reboot.
3 The value to enter here is your controller name, as it is seen from Management > SNMP > General. Do not enter an
IP address because the AP will compare the name sent from the controller in the LWAPP discovery answer to this
value, and the names have to be the same string.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 76/294
70 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 31 The AP also has direct credentials. Verify that Over-ride Global credentials is
checked. In the username field, enter root. Use Public1! as the password.
Step 32 Click Apply in the upper-right section of the page to validate the change. Read the
warning, and click OK to continue.
Step 33 In the upper menu, navigate to WLAN.
Step 34 You should see the WLAN you created on the controller, but not the WLAN you
created on the AP when it was in standalone mode. The AP keeps the parameters
relevant to itself (its identity in the network), but the parameters relevant to the
wireless communication are now sent from the controller.
Step 35 Navigate back to wireless, and click in the left menu Access Points > Radios >
802.11a/n radios. You will change the channel on which the AP is set.
Step 36 You should see your AP transmit power and channel. There should be an asterisk
next to the channel and power level values, indicating that the values can be changed
dynamically.
Step 37 Click the blue arrow at the right end of the line and choose Configure.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 77/294
© 2008 Cisco Systems, Inc. Lab Guide 71
Step 38 A new window appears with your AP 802.11a parameters. In the RF channel
assignment, click Custom, and choose the channel for your group as per the
following table:
Pod 1 2 3 4 5 6 7 8
Channel 36 40 44 48 52 56 60 64
Step 39 In TX Power Level assignment, click Custom, and choose 5 for the Channel power
value4.
Step 40 Click Apply to validate the changes.
Step 41 The values you chose should now appear, instead of the previous values.
Step 42Still in the same window, and leaving the values you chose, in RF ChannelAssignment, click Global. In Tx Power Level Assignment, click Global.
4 Power level 1 is the maximum transmit power allowed in your country. Power level 2 is half this value, 3 is half again
(25%) and so on. Power level 5 is 6.125 percent of the maximum power allowed in your country on this channel.
Depending on the model, there can be up to 8 levels.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 78/294
72 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Note Choosing Global will make the AP transmit with the parameters you defined, but if any new
event in the network condition makes these parameters not optimal anymore, the controller
is allowed to change them automatically. Turning these values back to global will not force
the power to max power, as long as the AP does not report a coverage hole.
Step 43 Click Apply to validate the changes.
Step 44 Click Back to return to the list. Your AP should now show the values you chose,with the asterisk still next to them.
Step 45 Save your configuration. In the upper menu, click Save configuration. Click OK to
confirm when prompted.
Step 46 Reopen the window to your remote wireless laptop.
Step 47 Click Start > Control Panel > Network connections.
Step 48 Right-click your Intel wireless adapter and choose Enable.
Step 49 Right-click your Intel wireless adapter and choose Properties.
Step 50 Go to Internet Protocol TCP/IP and click Properties.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 79/294
© 2008 Cisco Systems, Inc. Lab Guide 73
Step 51 Make sure that your card is set to receive an IP address automatically (DHCP).
Step 52 Click OK and close the Properties window and the Control Panel.
Step 53 In the bottom-right corner of your desktop, right-click your wireless connection icon
and choose View Available Wireless Networks.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 80/294
74 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 54 The WLAN created on your controller, IUWNE-X (X = pod number), should appear
in the list. The WLAN created on the AP in standalone mode should not be here5.
Step 55 Choose the WLAN and click Connect.
Step 56 After a few seconds, the status should turn to Connected.
Step 57 In the remote laptop, open a command prompt and click Start > All Programs >
Accessories > Command Prompt.
Step 58 Enter ipconfig to check if you received an IP address from your controller. You
should have received an IP address from the scope you created before.
Step 59 Try to ping the controller management IP address (10.X0.1.10). The ping should be
successful.
Step 60 From your remote lab wireless laptop, click Start > Connect To > Show All
Connections.
Step 61 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 62 Right-click it and choose disable.
5 It may be possible that the WLAN you created on the autonomous AP still appears. If this is the case, try to connect to
it. It will fail. The WLAN still appears because Windows caches some of the SSIDs heard in the past even when they
are not in range anymore. In this lab the AP MAC address is still heard by the Windows client, which may make it
assume that a WLAN heard before associated to this MAC address should still be available.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 81/294
© 2008 Cisco Systems, Inc. Lab Guide 75
Step 63 Close the other open windows in your remote wireless laptop and close the remote
desktop connection to that remote wireless laptop.
Step 64 Close the other open windows to such items as terminal server. Remember to use
Control-Shift-6 +X to use the terminal server menu to correctly terminate sessions
and close your sessions.
Activity Verification
You have successfully completed this task when you attain these results:
Your Cisco 1252 AP is converted to LWAPP mode.
You could change some of the parameters from the controller.
You could associate to the WLAN now displayed.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 82/294
76 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 2-3: Installing and Configuring a CiscoMobility Express Wireless Controller and AP
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this lab, you will configure your Cisco Mobility Express Wireless Controller and your Cisco
Mobility Express AP. After completing this activity, you will be able to meet these objectives:
Configure your Cisco Mobility Express Wireless Controller
Manage your Cisco Mobility Express AP
Use the Cisco Configuration Assistant
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—9
Visual Objective for Lab 2-3: Installingand Configuring a Cisco MobilityExpress Wireless Controller and AP
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 526 Mobility Express controller
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 83/294
© 2008 Cisco Systems, Inc. Lab Guide 77
Command List
The table describes the commands that are used in this activity.
CLI Connection Command
Command Description
telnet Establishes Layer 7 command line connectivity to a remote
device
Job Aids
These job aids are available to help you complete the lab activity:
IP addresses assigned to your group
Lab map diagram
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 84/294
78 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab Table—IP Addressing, Naming, and Information: Pods 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Remote laptop address 10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote laptop login student1 student2 student3 student4
Remote laptoppassword
cisco cisco cisco cisco
Controller name 526-1 526-2 526-3 526-4
Administrative user admin1 admin2 admin3 admin4
Administrativepassword
cisco cisco cisco cisco
Management interfaceIP address
10.10.1.100 10.20.1.100 10.30.1.100 10.40.1.100
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.10.1.253 10.20.1.253 10.30.1.253 10.40.1.253
AP manager IP address 10.10.1.101 10.20.1.101 10.30.1.101 10.40.1.101
AP Manager DHCPserver
10.10.1.253 10.20.1.253 10.30.1.253 10.40.1.253
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name Pod1 Pod2 Pod3 Pod4
Enable symmetrictunneling No No No No
Network name IUWNE-101 IUWNE-201 IUWNE-301 IUWNE-401
Allow static IPaddresses
Yes Yes Yes Yes
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
521 AP name 521-1 521-2 521-3 521-4
Layer 3 switchusername
student1 student2 student3 student4
Layer 3 switchpassword
cisco cisco cisco cisco
DHCP scope 10.10.1.31-10.10.1.35
10.20.1.31-10.20.1.35
10.30.1.31-10.30.1.35
10.40.1.31-10.40.1.35
DHCP Pool name Pod1 Pod2 Pod3 Pod4
DHCP network 10.10.1.0 10.20.1.0 10.30.1.0 10.40.1.0
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 85/294
© 2008 Cisco Systems, Inc. Lab Guide 79
Pod 1 Pod 2 Pod 3 Pod 4
DHCP netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP gateway 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
DHCP lease 0 4 0 4 0 4 0 4
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Option 60 Cisco AP c520 Cisco AP c520 Cisco AP c520 Cisco AP c520
DHCP option 43 10.10.1.100 10.20.1.100 10.30.1.100 10.40.1.100
Cisco Configuration Assistant community
IUWNE-1 IUWNE-2 IUWNE-3 IUWNE-4
Cisco Configuration Assistant WLAN
IUWNE-102 IUWNE-202 IUWNE-302 IUWNE-402
Lab Table—IP Addressing, Naming, and Information: Pods 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Remote laptop address 10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote laptop login student5 student6 student7 student8
Remote laptoppassword
cisco cisco cisco cisco
Controller name 526-5 526-6 526-7 526-8
Administrative user admin5 admin6 admin7 admin8
Administrativepassword
cisco cisco cisco cisco
Management interfaceIP address
10.50.1.100 10.60.1.100 10.70.1.100 10.80.1.100
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.50.1.253 10.60.1.253 10.70.1.253 10.80.1.253
AP manager IP address 10.50.1.101 10.60.1.101 10.70.1.101 10.80.1.101
AP Manager DHCPserver
10.50.1.253 10.60.1.253 10.70.1.253 10.80.1.253
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name Pod5 Pod6 Pod7 Pod8
Enable symmetrictunneling
No No No No
Network name IUWNE-501 IUWNE-601 IUWNE-701 IUWNE-801
Allow static IPaddresses
Yes Yes Yes Yes
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 86/294
80 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 5 Pod 6 Pod 7 Pod 8
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
521 AP name 521-5 521-6 521-7 521-8
Layer 3 switchusername
student5 student6 student7 student8
Layer 3 switchpassword
cisco cisco cisco cisco
DHCP scope 10.50.1.31-10.50.1.35
10.60.1.31-10.60.1.35
10.70.1.31-10.70.1.35
10.80.1.31-10.80.1.35
DHCP Pool name Pod5 Pod6 Pod7 Pod8
DHCP network 10.50.1.0 10.60.1.0 10.70.1.0 10.80.1.0
DHCP netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP gateway 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
DHCP lease 0 4 0 4 0 4 0 4
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Option 60 Cisco AP c520 Cisco AP c520 Cisco AP c520 Cisco AP c520
DHCP option 43 10.10.1.100 10.20.1.100 10.30.1.100 10.40.1.100
Cisco Configuration Assistant community
IUWNE-5 IUWNE-6 IUWNE-7 IUWNE-8
Cisco Configuration Assistant WLAN
IUWNE-502 IUWNE-602 IUWNE-702 IUWNE-802
Task 1: Configure Your Cisco Mobility Express WirelessController
In this task, you will provide an initial configuration to your Mobility Express controller
exactly the same way you did it for the Cisco 2106 controller, using the CLI.
Note In a real environment, you would be more likely to use the Mobility Express web interface for
this initial setting, or the Cisco Configuration Assistant.
Activity Procedure
Complete these steps:
Step 1 Make sure that you have a VPN connection to the remote lab.
Step 2 From your class PC, choose Start > Programs > Accessories > Command
Prompt.
Step 3 At the command prompt, enter telnet followed by the IP address of the remote
terminal server (10.1.1.252 or other if provided by your instructor).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 87/294
© 2008 Cisco Systems, Inc. Lab Guide 81
Step 4 Enter the credentials (username student, password cisco or other if provided by your
instructor) to access the terminal server.
Step 5 After successful login you will be asked to choose the correct pod (Podx), where x
is your pod number.
Step 6 You will see a new menu, allowing you to connect to several devices in your group.
Take some time to familiarize yourself with the different options provided.
Step 7 You now need to connect to the Cisco 526 controller, which is WLC526, Item 1.
Notice that once connected to your controller, you can go back to the device menu atany time by using the usual escape sequence CTRL + SHIFT + 6 then X. Choosing
1 from the device menu should bring you to the controller serial interface which,
since the controller is not configured yet, should be the initial CLI setup wizard.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 88/294
82 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Note VERY IMPORTANT: Verify that the first question you see is System Name. When enabling
the HyperTerminal session to your controller, you may have pressed Enter to test the
connection, and the setting you had at that time may have become the default answer to the
first questions. If that has become the default, and if the first question you see is not System
Name, enter “-” (minus sign) and press Enter ; this action will take you back one question.
Repeat the procedure as many times as needed to get back to the System Name question.
Choose the parameters for your pod (x is the number of your pod). Username is
adminX, where X is your pod number, and the password is cisco. Additional
parameters are given below and summarized in the “Lab Map—IP Addressing,
Naming Conventions, and Information” table.
System Name [Cisco_34:26:a3]: 526-1Enter Administrative User Name (24 characters max): admin1
Enter Administrative Password (24 characters max): *******Re-enter Administrative Password : *******Management Interface IP Address: 10.10.1.100Management Interface Netmask: 255.255.255.0Management Interface Default Router: 10.10.1.254Management Interface VLAN Identifier (0 = untagged): 0Management Interface Port Num [1 to 2]: 1
Note The port number is important because it must match the connection leading from the
wireless LAN controller to the network infrastructure.
Management Interface DHCP Server IP Address: 10.10.1.253
Note You will configure later on a DHCP scope on the switch to which this controller connects.
The Cisco 526 controller does not have an internal DHCP server.
AP Manager Interface IP Address: 10.10.1.101
Note AP Manager is on the same Management subnet using a different host value.
AP Manager Interface DHCP Server (10.10.1.253): 10.10.1.253Virtual Gateway IP Address: 1.1.1.1
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 89/294
© 2008 Cisco Systems, Inc. Lab Guide 83
Note Virtual Gateway provides Layer 3 features such as DHCP relay to wireless clients. This
value must match among mobility groups.
Mobility/RF Group Name: Pod1
Note Mobility/RF Group allows multiple wireless controllers to be clustered into one logical
controller group to allow dynamic RF adjustments and roaming for wireless clients.
Enable Symmetric Mobility Tunneling [yes][NO]: noNetwork Name (SSID): IUWNE-101
Allow Static IP Addresses [YES][no]: yesConfigure a RADIUS Server now? [YES][no]: no
Note By default one WLAN SSID is configured on the WLC already, and it is using server-based
authentication. If you skip RADIUS configuration during the startup wizard, the result is a
preconfigured SSID using 802.1x EAP requiring a RADIUS server; however, there is no
server defined. This is to prevent open authentication security vulnerabilities.
Enter Country Code list (enter 'help' for a list of countries)[US]: USEnable 802.11b Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Note On your controller, you enable all radios, 802.11b and 802.11g. Notice that the wizard does
not prompt you for 802.11a. The Cisco Mobility Express solution APs are 802.11b and g
only, so there is no need for an 802.11a network.
Enable Auto-RF [YES][no]: yesConfigure a NTP server now? [YES][no]: noConfigure the system time now? [YES][no]: noWarning! No AP will come up unless the time is set.Please see documentation for more details.
Note You do not configure the time on this controller. In a real deployment, you would configurethe time during the initial configuration of a controller. In this remote lab scenario, the time
has already been configured and is consistent with the time of the other devices in the lab.
Configuration correct? If yes, system will save it and reset.[yes][NO]:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 90/294
84 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Read the warning. Take some time to review your configuration to make sure it
matches the lab map. Then answer yes to the Configuration Correct question.
The controller will save the configuration and reboot directly
Step 8 Wait for the controller to reboot completely, until you are prompted for a username.
Enter your administrative username, and then press Enter.
Step 9 Enter your password, and then press Enter. Verify that you get the prompt
(Cisco Controller)>.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 91/294
© 2008 Cisco Systems, Inc. Lab Guide 85
Step 10 Verify your configuration, by entering show sysinfo. The display should be similar
to the one displayed here, with the values relevant to your pod.
Activity Verification
You have successfully completed this task when you attain these results:
You have a CLI session open to your controller.
Your initial setup is complete and you see the (Cisco Controller)> prompt.
You could verify your configuration using the show sysinfo command.
Task 2: Create a DHCP Scope
The Cisco 526 controller does not have an integrated DHCP server. The Cisco 2106 provides
IP addresses only to APs and its own clients. In this task, you need to set up a DHCP scope
somewhere else for your own clients. An ideal location for this scope is the Layer 3 switch to
which your controller connects. In this task, you will create this scope on the switch and correct
your management interface DHCP server to point to it.
Activity Procedure
Complete these steps:
Step 1 Verify that you have a VPN connection to the remote lab.
Step 2 From your class PC, connect to the class switch using Telnet. Click Start > All
Programs > Accessories > Command Prompt.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 92/294
86 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 3 At the command prompt, enter telnet followed by the IP address of the remote
switch which should be 10.X0.1.253 where X is your pod number or other if
provided by your instructor.
Step 4 Enter your credentials. The username should be in the form studentX, where X is
your pod number. The password should be cisco.
Step 5 Once at the switch prompt, enter configure terminal6.
Step 6 To configure a DHCP scope from the command line, you need to create the scope. It
is created by allocating a whole subnet to a DHCP scope. You also need to exclude
some addresses from the range, so that you will only allocate a few addresses and
not the whole range itself. Use the following table:
Pod 1 Pod 2 Pod 3 Pod 4
DHCP excludedaddresses
10.10.1.1 -10.10.1.30
10.10.1.36 –10.10.1.255
10.20.1.1 -10.20.1.30
10.20.1.36 –10.20.1.255
10.30.1.1 -10.30.1.30
10.30.1.36 –10.30.1.255
10.40.1.1 -10.40.1.30
10.40.1.36 –10.40.1.255
DHCP scope 10.10.1.31-10.10.1.35
10.20.1.31-10.20.1.35
10.30.1.31-10.30.1.35
10.40.1.31-10.40.1.35
DHCP Pool name Pod1 Pod2 Pod3 Pod4
DHCP network 10.10.1.0 10.20.1.0 10.30.1.0 10.40.1.0
DHCP netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP gateway 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
DHCP lease 0 4 0 4 0 4 0 4
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Option 60 Cisco AP c520 Cisco AP c520 Cisco AP c520 Cisco AP c520
DHCP option 43 10.10.1.100 10.20.1.100 10.30.1.100 10.40.1.100
Pod 5 Pod 6 Pod 7 Pod 8
DHCP excludedaddresses
10.50.1.1 -10.50.1.30
10.50.1.36 –10.50.1.255
10.60.1.1 -10.60.1.30
10.60.1.36 –10.60.1.255
10.70.1.1 -10.70.1.30
10.70.1.36 –10.70.1.255
10.80.1.1 -10.80.1.30
10.80.1.36 –10.80.1.255
DHCP scope 10.50.1.31-10.50.1.35
10.60.1.31-10.60.1.35
10.70.1.31-10.70.1.35
10.80.1.31-10.80.1.35
DHCP Pool name Pod5 Pod6 Pod7 Pod8
DHCP network 10.50.1.0 10.60.1.0 10.70.1.0 10.80.1.0
6 Your privilege level on the switch means that you do not need to type enable first.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 93/294
© 2008 Cisco Systems, Inc. Lab Guide 87
DHCP netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP gateway 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
DHCP lease 0 4 0 4 0 4 0 4
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Option 60 Cisco AP c520 Cisco AP c520 Cisco AP c520 Cisco AP c520
DHCP option 43 10.10.1.100 10.20.1.100 10.30.1.100 10.40.1.100
Step 7 In this scope, you want to allocate addresses from 10.X0.1.31 to 10.X0.1.35 (where
X is your pod number). Therefore, you need to exclude 10.X0.1.1 to 10.X0.1.30,
and then 10.X0.1.36 to 10.X0.1.255. Enter ip dhcp excluded-address followed by
the first range. It should be in the form ip dhcp excluded-address 10.X0.1.1
10.X0.1.30 (notice the space between the two IP addresses of 10.X0.1.1 and
10.X0.1.30).
Step 8 Exclude the second part. Enter ip dhcp excluded-address followed by the second
range. It should be in the form ip dhcp excluded-address 10.X0.1.36 10.X0.1.255.
The addresses between these two ranges are not excluded and are therefore allocated
once you create the scope.
Step 9 To create the scope, enter ip dhcp pool PodX (your scope name), where X is your
pod number.
Step 10 Enter a subcommand prompt where you will configure the scope details. The first
element is, of course, the subnet. Enter network followed by your subnet number
and mask. It should be in the form network 10.X0.1.0 255.255.255.0, where X is
your pod number.
Step 11 The next information is the gateway you want your clients to use. Enter default-
router followed by the gateway IP address. It should be in the form default-router
10.X0.1.254, where X is your pod number.
Step 12 The next information is the lease duration. On the Cisco 2106 controller, you used 4hours. Use the same duration here. Enter lease followed by its duration in days and
hours. It should be in the form: lease 0 4 (0 days, 4 hours).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 94/294
88 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 The next information is the DNS server address. Enter dns-server followed by the
server address. It should be in the form dns-server 10.100.1.1.
Step 14 A final, interesting, option to configure in this DHCP scope is Option 43. Your AP
has a static IP address and uses broadcast in its subnet to discover the controller. A
DHCP server can be used to provide APs with an IP address and a Controller
Management Interface IP address. To achieve this, the DHCP server must first
recognize that the DHCP discover message comes from an AP. This is done via an
identification mechanism: the AP identifies itself sending a specific string. The
Cisco 521 AP sends Cisco AP c520, and the Cisco 1252 AP sends Cisco AP c1250.The first element is to recognize these strings. Enter option 60 ascii “Cisco AP
c520” (inclusive of the quotes “”).
Step 15 The second element is to send back the controller IP address, upon receipt of the
option 60 string. This is Option 43 itself. Enter option 43 ascii followed by your
controller management IP address. It should be in the form option 43 ascii
“10.X0.1.100” where X is your group number (inclusive of the quotes “”).
Step 16 This last option, specific to APs, will not actually be used by your AP because the
AP has a static IP address and will not query the DHCP server. This option mightstill be useful if another AP was connected to your LAN. Your DHCP scope is ready
to provide IP addresses. Enter end to exit the configuration mode.
Step 17 Verify your scope. Enter show running-config and you should see the configuration
file and your DHCP scope near the top along with other pods DHCP scope. Verify
each element carefully.
Step 18 Close the Telnet window.
Activity Verification
You have successfully completed this task when you attain this result:
You have successfully created a DHCP pool on the Layer 3 switch.
Task 3: Manage the AP
In this task, you will connect to your controller web interface and configure some parameters
on your AP.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 95/294
© 2008 Cisco Systems, Inc. Lab Guide 89
Activity Procedure
Complete these steps:
Step 1 Connect to your Cisco Mobility Express 526 Controller. From your class PC, open
an HTTPS session to your controller’s management interface. It should be in the
form https://10.X0.1.100, where X is your group number.
Step 2 The controller login Window should appear. Click Login.
Step 3 Enter your administrative user and password credentials (username = adminX and
password = cisco where X = Pod number).
Step 4 You should see the controller main monitor window. Your AP, already in LWAPP
mode, should be there. If it is not, check with your instructor.
Step 5 In the upper menu, navigate to Wireless. You should see your AP listed.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 96/294
90 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 6 Click its name to edit its settings.
Step 7 A new window appears. Change the AP name. The new name should be in the form
521-X, where X is your group number. Refer to the lab table in the job aids.
Step 8 Your AP has a static IP address. Document the IP address it has here:
____________________________________________________________________
Step 9 Enter a proper location for your AP: IUWNE-LAB.
Step 10 Enter your controller name as the primary controller. It should be in the form 526-X,
where X is your group number.
Step 11 At the bottom of the screen, check that your AP has one single 802.11b/g radio, and
that it is set to Enable.
Step 12 Click the Advanced tab. Check that the Cisco Discovery Protocol check box is
checked. Your AP can be discovered using Cisco Discovery Protocol.
Step 13 Click Apply to validate the changes. Read the warning and click OK to continue.
Step 14 In the upper menu, navigate to WLAN.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 97/294
© 2008 Cisco Systems, Inc. Lab Guide 91
Step 15 The WLAN you created during the initial setup should be listed. You could modify
it here, but do not change it now. You will use the Cisco Configuration Assistant in
the next task.
Step 16 Reduce the web browser but do not close it.
Activity Verification
You have successfully completed this task when you attain these results:
Your AP is seen on your controller.
You could change its name and location, and check its IP address.
Task 4: Use the Cisco Configuration Assistant
In this task, you will use the Cisco Configuration Assistant to configure a WLAN and verify it
on your Cisco Mobility Express Controller. Most configurations can be done directly on the
Cisco 526 controller web interface, just like on the Cisco 2106 controller, but the Cisco
Configuration Assistant provides a single interface from which all the Cisco Smart Business
Communication System devices can be configured. You will learn how to use it in this task.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote wireless laptop: from your class PC, choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
Note In each pod, only one connection at a time is possible to the remote laptop. Choose with
your partner who will be connecting.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 98/294
92 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 2 Use the lab table in the job aid to know what IP address you should use to connect to
your remote wireless laptop. It should be in the format 10.X0.1.240, where X is your
pod number.
Step 3 In the Remote Desktop Connection window, in the Computer field, enter the IP
address of your remote laptop, and click Connect.
Step 4 You will be presented with a new window where you are asked to enter the
credentials required to access your remote wireless laptop. Use the lab table in the
job aid to know which username and password are used to connect to your grouplaptop. They should be in the format studentX/cisco, where X is your pod number.
Step 5 Enter the credentials and click OK . You should see the Windows desktop of your
remote laptop.
Step 6 On the desktop locate the Cisco Configuration Assistant icon.
Step 7 Double-click it to start the program.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 99/294
© 2008 Cisco Systems, Inc. Lab Guide 93
Step 8 The initial window should ask if you want to connect to a community or create a
new one. There should not be any community listed, so choose to create one and
click OK to proceed. If there is already a community, ask your instructor to remove
it.
Step 9 A new window appears. In the Name field, enter IUWNE-X, where X is your pod
number. This will become the community name. A community is a common group
name for the devices that you administrate. It can be arbitrarily defined on the Cisco
Configuration Assistant, and does not need to be preconfigured on the devices.
Step 10 In the Company Name field, enter Cisco.
Step 11 Click Advanced. This setting shows how the Cisco Configuration Assistant will
connect to the devices you manage. Cisco Configuration Assistant uses
HTTP/HTTPS, which immediately shows that it will not be able to connect to your
AP because it is managed via the controller and does not offer any direct web
interface. Click OK to continue.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 100/294
94 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 12 In the Discover devices section, choose A single device by IP address7. In the IP
address field, enter your Cisco 526 controller Management IP address. It should be
in the form 10.X0.1.100, where X is your pod number.
Step 13 Click Start to start the discovery process.
Step 14 After a few seconds a popup window should appear, warning you about a self-sign
certificate. It is the certificate generated at boot time by your Cisco 526 controller.Click Yes to accept it.
Step 15 A new window appears, asking the credentials to connect to the Cisco 526
controller. Enter the credentials. Username should be adminX, where X is your pod
number, and password cisco. Click OK to continue.
7 If your controller was connected to an SMB switch of CE520 series, it would support the Cisco Configuration
Assistant communities, and you could use it to discover the whole network. On an enterprise type of switch,
communities are not supported. You can still discover devices, if they are directly manageable (like a controller) and if
you provide their IP address directly, as is done here.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 101/294
© 2008 Cisco Systems, Inc. Lab Guide 95
Step 16 Your controller should then appear in the device list. It is now discovered and can bemanaged through the Cisco Configuration Assistant as well.
Step 17 In the Discover devices section, enter the IP address of your Cisco 521 AP. You
documented the IP address in the previous task. Keep the Discover field set to a
single device by IP address.
Step 18 Click Start.
Step 19 After a few seconds, a new box showing Unable to connect should appear.
Step 20 It is expected that the box will appear. The AP cannot be contacted directly using
HTTP or HTTPS. Was the AP discovered?
Step 21 Click OK to close the community window.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 102/294
96 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 22 A new window appears, showing a graphical representation of the community tree.
You can see the Cisco 526 controller, and the switch to which it connects. Right-
click your controller, and choose Properties.
Step 23 You see information about your controller. Click OK to close.
Step 24 Your AP is not shown on the topology. Is that because it is not seen by the Cisco
Configuration Assistant8 but still managed when Cisco Configuration Assistant
connects to the controller, or is it because it was not added at all and is ignored? Tocheck, click Monitor in the left menu.
Step 25 In the submenu, unfold the reports menu, and click Reports > Inventory. It will
show you the devices known in your community.
8 Another reason is because the main switch is not a CE520, and therefore not community-aware.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 103/294
© 2008 Cisco Systems, Inc. Lab Guide 97
Step 26 You see that the Cisco 521 was indeed brought along with the controller, and is
known to the Cisco Configuration Assistant. The tool cannot display Cisco 521 on
the graphical map. This is because the main switch is not community-aware, so the
tool does not know where the AP is connected. However, it still knows that it is
managed by the Cisco 526 controller. There is just a graphical presentation
disconnect, but the AP is here.
Step 27 Close the Inventory window. The topology reappears. Right-click controller and
choose Annotation. The annotation field allows the administrator to write a short
memo.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 104/294
98 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 28 Enter a short text such as Plus 521-X AP, where X is your pod number.
Step 29 Click OK .
Step 30 The text should now appear under your controller.
Step 31 There are many ways of working with the Cisco Configuration Assistant. Now
change the Cisco 526 controller previously configured to add an open authentication
SSID9. You could click the left menu on Configure > Wireless > WLAN, but the
simplest way is, once again, to right-click your controller, and choose WLAN
(SSID).
9 In a real network, you would probably not set all the WLANs you create to Open, no encryption. In Module 4 you will
learn how to configure the infrastructure for security. Until then, you are temporarily creating simple WLANs.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 105/294
© 2008 Cisco Systems, Inc. Lab Guide 99
Step 32 A new window appears, showing the WLAN you created on the Cisco 526
controller during the first setup.
Step 33 You will create a new WLAN. You do not need this one anymore. Click it, and clickDelete at the bottom. The WLAN list should be empty.
Step 34 Click Create at the bottom.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 106/294
100 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 35 A new window appears, warning you that no Radius server was created. The default
settings of a WLAN on Cisco controllers are WPA/WPA2 with a central server-
based authentication, which is done through a RADIUS server. A WLAN cannot
work because no Radius information is provided. You will create a new WLAN with
open authentication, therefore a Radius is still not needed at this stage; Click No to
continue.
Step 36 A new window appears. In the SSID field, enter IUWNE-X02, where X is your pod
number.
Step 37 There is no VLAN configured yet, leave the field to its default value of 1. Leave
QoS to Data, and security to No Security.Step 38 Click OK to create the new WLAN.
Step 39 The new WLAN should appear in the list.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 107/294
© 2008 Cisco Systems, Inc. Lab Guide 101
Step 40 Click OK to validate the WLAN creation. If OK or Apply at the bottom are notclicked, all the operations remain local to the Cisco Configuration Assistant
software. As soon as you click OK or Apply, they are written to the Cisco 526
controller.
Step 41 The system prompts you for your 526 controller username and password. Enter your
administrative user credentials. They should be in the form adminX for the
username and cisco for the password, where X is your pod number.
Step 42 In the upper-left part of the Window, click Application > Exit. Click Yes to
confirm.
Step 43 Reduce the remote desktop window, but do not close it.
Step 44 Reopen the web browser session to your Cisco 526 controller, and click WLAN
(even if you are already in WLAN, to refresh).
Step 45 You should see the new WLAN created, its status should be set to enabled, and
security policies should be empty, which implies open authentication and no
encryption.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 108/294
102 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 46Go back to your remote desktop connection. From your remote lab wireless laptop,choose Start > Connect To > Show All Connections.
Step 47 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 48 Right-click it and choose enable.
Step 49 Right-click your wireless connection again and choose View Available Wireless
Networks.
Step 50 The WLAN you created should appear in the list. If it does not appear, click Refresh
network list.
Step 51 Click the WLAN name, and click Connect.
Step 52 Read the warning about an unsecured network, and click Connect Anyway.
Step 53 The connection should be successful.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 109/294
© 2008 Cisco Systems, Inc. Lab Guide 103
Step 54 Verify the connection. Choose Start > All Programs > Accessories > Command
Prompt.
Step 55 Enter ipconfig. You should see that your wireless card has an address in the range
you created on the class switch, which acts now as a DHCP server here also.
Step 56 Try to ping your 526 controller. Enter ping followed by the Management IP address
of your controller. It should be in the form ping 10.X0.1.100 where X is your pod
number. The ping should be successful.
Step 57 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections. Locate your wireless connection. It should be called Intel Wireless
WiFi Link 4965AGN.
Step 58 Right-click it and choose Disable.
Activity Verification
You have successfully completed this task when you attain these results:
You could create a new WLAN from the Cisco Configuration Assistant.
You could verify its transfer to the Cisco 526 controller.
You could test it by connecting to it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 110/294
104 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 3-1: Installing and Using the Cisco ADUComplete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will install and configure the Cisco Aironet Desktop Utility. After
completing this activity, you will be able to meet these objectives: Install the Cisco ADU
Configure the Cisco ADU and implement the Cisco Site Survey Utility
Observe the association process though Wireshark sniffer
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—10
Visual Objective for Lab 3-1: Installingand Using the Cisco ADU
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a remote laptop with the Cisco card inserted and the Cisco ADU software
installed on the desktop
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 111/294
© 2008 Cisco Systems, Inc. Lab Guide 105
Job Aids
These job aids are available to help you complete the lab activity:
Lab table
Lab Table—IP Addressing, Naming, and Information: Pods 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
WLAN IUWNE-102 IUWNE-202 IUWNE-302 IUWNE-402
Profile name Mobility Express Mobility Express Mobility Express Mobility Express
Static IP 10.10.1.26 10.20.1.26 10.30.1.26 10.40.1.26
Static netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 10.10.1.254 10.20.1.254 10.30.1.254 10.1.40.254
DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
Lab Table—IP Addressing, Naming, and Information: Pods 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
WLAN IUWNE-502 IUWNE-602 IUWNE-702 IUWNE-802
Profile name Mobility Express Mobility Express Mobility Express Mobility Express
Static IP 10.50.1.26 10.60.1.26 10.70.1.26 10.80.1.26
Static netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 10.50.1.254 10.60.1.254 10.70.1.254 10.1.80.254
DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
Task 1: Installing the Software
In this task, you will install the Cisco ADU software. The Cisco CB21AG is already physically
installed on your remote laptop, but no driver is installed yet.
Activity Procedure
Complete these steps:
Step 1 Check that you are connected, through the VPN tunnel, to the remote lab network.
Step 2 Connect to your remote wireless laptop; from your class PC choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 112/294
106 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Note In each pod, only one connection to the remote laptop is possible at a time. Choose with
your partner who will be connecting.
Step 3 Use the lab table located in the job aid to know what IP address you should use to
connect to your remote laptop. It should be in the format 10.X0.1.240, where X is
your pod number.
Step 4 In the Remote Desktop Connection pop-up window, in the computer field, enter theIP address of your remote laptop, and click connect.
Step 5 You will be presented with a new window where you are asked to enter the
credentials required to access your remote laptop. Use the lab map to know which
username and password are used to connect to your group laptop. They should be in
the format studentX/cisco, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 113/294
© 2008 Cisco Systems, Inc. Lab Guide 107
Step 6 Enter the credentials and click OK . You should see the Windows desktop of your
remote laptop.
Step 7 On the desktop locate the Cisco WinClient-802.11a-b-g-Ins-Wizard-v35 icon.
Double-click it to start the installation process.
Step 8 Click Next when you see the initial Welcome page.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 114/294
108 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 9 Choose to install both the driver and the client utility.
Step 10 Click Next.
Step 11 Check the check box Install the Cisco Aironet Site Survey Utility.
Step 12 Click Next.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 115/294
© 2008 Cisco Systems, Inc. Lab Guide 109
Step 13 Keep the default values in the next two windows (directory location for installation
and program folder name) and click Next to proceed. Read the information page
about the card management, and click Next to proceed.
Step 14 Choose Next to acknowledge the notice of client utility choice that you are about to
be presented with in follow window. Choose to configure the Cisco card using the
Cisco Aironet Desktop Utility. During the labs for this course, you will use the
Windows client for the internal Intel 4965 card and the Cisco ADU for the Cisco
card bus.
Step 15 Click Next.
Step 16 Read the warning informing you that the laptop will be rebooted at the end of the
install, and click Yes to continue.
Step 17 Read the information about the WLAN adapter. Because it is already inserted, click
OK to continue.
Step 18 The wizard will proceed to the program installation.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 116/294
110 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 19 Read the final installation status and the reminder about laptop reboot and click OK
to continue. You will lose connection to your remote laptop.
Step 20 Wait about a minute and connect back to your remote wireless laptop.
Step 21 You should see now in the right part of the taskbar the ASTU green icon. You now
have two WLAN adapters available.
Activity Verification
You have successfully completed this task when you attain these results:
The Cisco ADU is successfully installed.
You could reconnect to your remote laptop after the Cisco ADU installation.
Task 2: Use the Cisco ADU and the Cisco Site Survey Utility
In this task, you will learn to use the Cisco ADU to create a profile, and the Cisco Site Survey
Utility to understand the wireless environment.
Activity Procedure
Complete these steps:
Step 1 Choose Start > All programs > Cisco Aironet > Aironet Site Survey Utility.
Step 2 A new window appears where you see the received signal on a given channel.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 117/294
© 2008 Cisco Systems, Inc. Lab Guide 111
Step 3 Click AP scan list. The list of all APs detected appears. In a busy environment, there
may be quite a few APs. Wait a few seconds for the list to be created, and then clickPause List Update.
Step 4 Browse down to find the Network Name created on the Cisco 526 controller. It
should be in the form IUWNE-X02, where X is your pod number. Adjust your
display window as needed.
Step 5 Once you have found the controller, click View AP Details.
Step 6 Document the channel and the MAC address of the AP:
AP 521 is on channel ___________. Its MAC address is ______________________
Step 7 Close the AP Detailed Information window.
Step 8 Minimize the Cisco Aironet Site Survey Utility window, but do not close it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 118/294
112 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 9 In the task bar, right-click ASTU10, and choose Open Aironet Desktop Utility.
Step 10 The current status may show that you are already connected to a profile. Click the
Profile Management tab.
Step 11 Click New to create a new profile.
Step 12 In Profile Name, enter Mobility Express.
Step 13 Leave the Client name to its default.
Step 14 In the SSID1 field, enter the name of the SSID on your Cisco 526 controller. It
should be in the form IUWNE-X02, where X is your pod number.
Step 15 Click the Security tab.
10 The ASTU, Aironet System Tray Utility, is the Green icon installed with the Cisco ADU in the bottom-right portion
of your desktop.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 119/294
© 2008 Cisco Systems, Inc. Lab Guide 113
Step 16 Check that Security is set to None because this WLAN uses open authentication.
Step 17 Click the Advanced tab.
Step 18 Because the WLAN is on the b/g network, uncheck 5 GHz 54 Mbps. Leave the
other parameters as they are. You could enter the AP MAC address in Preferred AP,
but do not do it yet. Click OK to create the profile. Do not activate it yet.
Step 19 Click the Diagnostic tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 120/294
114 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 20 Click Adapter Information. A new window appears, showing information about
your Cisco WLAN adapter.
Step 21 Document your Cisco card MAC address: _________________________________
Step 22 Click OK to close the Adapter Information window.
Step 23 Choose at the top: Action > Disable the radio. You need to have the radio off so
you can turn it on when you are ready to sniff the communication. Notice that both
Adaptor information and Advanced statistics become grayed.
Step 24 Try to connect with a static IP address. This will verify the prior lab where you
configured YES for Allow static IP address during initial setup on your controller.
Step 25 Right-click your wireless connections in the taskbar, and choose Open Network
Connections.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 121/294
© 2008 Cisco Systems, Inc. Lab Guide 115
Step 26 In your network adapters list, try to identify the Cisco WLAN card. It should be
labeled Cisco Aironet 802.11a/b/g Wireless Adapter. Right-click the name and
choose Properties.
Step 27 In this Wireless Network Connection window, choose Internet Protocol TCP/IP,
and click Properties.
Step 28 Click Use the following IP address.
Step 29 Enter new IP address values as per the following table.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 122/294
116 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 1 Pod 2 Pod 3 Pod 4
Static IP 10.10.1.26 10.20.1.26 10.30.1.26 10.40.1.26
Static netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
Pod 5 Pod 6 Pod 7 Pod 8
Static IP 10.50.1.26 10.60.1.26 10.70.1.26 10.80.1.26
Static netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
Step 30 Click OK to validate the settings.
Step 31 Close the Network properties window.
Step 32 Close the network connection window. Your card is ready for the association. This
window may take a few seconds because windows activate this change in address
information.
Step 33 You will sniff the card connection to the network. Start Wireshark. Click Start > All
Programs > Wireshark > Wireshark.
Step 34 You will first filter only frames going to or coming from your Cisco WLAN adapter.
In the upper menu, click Capture > Interfaces.
Step 35 Click Options at the right side of the Airpcap USB wireless capture adapter line.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 123/294
© 2008 Cisco Systems, Inc. Lab Guide 117
Step 36 In the Capture Filter field, enter ether host followed by the MAC address of your
Cisco WLAN adapter. You documented it at Step 21. It should be in the form ether
host ab:cd:ef:gh:ij:kl, where ab:cd:ef:gh:ij:kl is your Cisco card MAC address.
Step 37 In the upper-right part of the same window, click Wireless Settings.
Step 38 A new window opens. In Channel, choose the channel on which your Cisco 521 AP
operates. You documented it at Step 6 of this task. Click OK to validate.
Step 39 Click Start to begin the capture.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 124/294
118 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 40 The number of packets accepted as per your filter should stay to 0 or very low.
Step 41 In the taskbar, click the Cisco ADU to bring it back to front.
Step 42 Choose at the top: Action > Enable radio.
Step 43 Click the Profile management tab and double-click the Mobility Express profile
to activate it, or you may be connected to another SSID.
Step 44 Click the Current Status tab.
Step 45 As soon as you see the status set to Associated, click the Stop Capture icon in theWireshark window.
Step 46 In the upper part of the Wireshark window, find the probe request. Write the name
of the SSID you see in it. Is your card looking for a null SSID? A broadcast SSID?A named SSID?
____________________________________________________________________
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 125/294
© 2008 Cisco Systems, Inc. Lab Guide 119
Step 47 At what speed was it sent? 1 Mb/s? 6 Mb/s? 11 Mb/s? 54 Mb/s?
____________________________________________________________________
Step 48 Find the probe response. Does the AP accept 802.11b speeds?
__________________________________________________________________
Step 49 Try to find the authentication request, authentication response, association request,
and association response. Document at what speed the association request was sent,
and what speed the association response was sent? Were they all sent at the same
speed? 1 Mb/s? 6 Mb/s? 11 Mb/s? 54 Mb/s?
Association request___________________________________________________
Association response__________________________________________________
Step 50 Document if the AP accepts short preambles: Yes / No
Step 51 Can you see the Cisco proprietary information (Cisco Compatible Extensions) in the
exchange? Yes / No
Step 52 Close Wireshark. Do not save the capture.
Step 53 Reopen the Cisco Site Survey Utility.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 126/294
120 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 54 Click Associated AP status. It should now show your connection to the IUWNE-
X02 SSID along with your pod’s respective 2.4-GHz channel.
Step 55 Document the RSSI and the SNR read:
RSSI_________________________________SNR__________________________
Step 56 At the bottom left of the window, check the Display in percent check box. Did youhave the same perception of the link quality level?
Step 57 Close the Cisco Site Survey Utility.
Step 58 Reopen the web session window from your local classroom PC to your Cisco 526
controller (https://10.X0.1.100).
Step 59 In the upper menu, click Monitor.
Step 60 In the lower part of the screen, locate the Client Summary section. Current clients
should show at least one client11. Click Detail at the right end of the Current Clients
line.
Step 61 At least one client should be associated: your remote laptop. Some neighboring
laptops may also be seen. Check with the MAC address documented at Step 21 that
one of the clients is your Cisco card.
11 You may see more than one client because each card sending a probe request will be flagged as a client in your
network, even if it does not actively try to associate afterwards.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 127/294
© 2008 Cisco Systems, Inc. Lab Guide 121
Step 62 Check to verify that the client is authenticated and associated. Check to verify that it
is using the WLAN-Profile12.
Step 63 Click its MAC address to verify its settings.
Step 64 Can you see which interface it is using? Can you see which AP it is connectingthrough? Which authentication parameters of the WLAN are used?
Step 65 Document the client Cisco Compatible Extensions version:
_______________________________________
Step 66 Close the web session. You now have a validation of your Layer 2 connection. You
want to check the Layer 3 connectivity via a ping. From your remote wireless
laptop, open a command prompt and choose Start > All Programs > Accessories >
Command Prompt.
Step 67 Enter ipconfig. You should see that your wireless card has the static address you
defined.
Step 68 Try to ping your Cisco 526 controller. Enter ping followed by the Management IP
address of your controller. It should be in the form: ping 10.X0.1.100 where X is
your pod number. The ping should be successful.
12 The WLAN Profile shown is the one seen from the controller perspective, IUWNE-X02, not the profile from the
client perspective, Cisco Mobility Express.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 128/294
122 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 69 At this point, the verification is complete. You need to return your WLAN card to its
default mode before shutting it down to be ready for the next lab. Right-click your
wireless connections in the taskbar, and choose Open Network Connections.
Step 70 In your network adapters list, try to identify the Cisco WLAN card. It should be
labeled Cisco Aironet 802.11a/b/g Wireless Adapter. Right-click it and choose
Properties.
Step 71 In this Wireless Network Connection window, choose the Internet Protocol
TCP/IP and click Properties.
Step 72 Click Obtain an IP address automatically.
Step 73 Click Obtain DNS Server address automatically.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 129/294
© 2008 Cisco Systems, Inc. Lab Guide 123
Step 74 Click OK to close the TCP/IP properties window.
Step 75 In the Windows Network Properties window, right-click your Cisco WLAN card
and choose Disable.
Step 76 Close the Wireless Network Properties window.
Step 77 Close the remote desktop session and all the other open windows.
Activity Verification
You have successfully completed this task when you attain these results:
Complete Cisco ADU installation inclusive of the Cisco Site Survey Utility.
You could associate to your IUWNE-X02 SSID using the Cisco ADU client.
You could capture the traffic using the Wireshark software.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 130/294
124 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 3-2: Experimenting with Connections andRoaming
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will experiment with connections features and roaming. For this lab, you
will work in a team with another group. Both will create the same WLAN, and you will see
how your client can roam from one to the other. After completing this activity, you will be able
to meet these objectives:
Create a WLAN common to two groups
Connect to a specific AP
Force roaming from one AP to the other
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—11
Visual Objective for Lab 3-2:Experimenting with Connections andRoaming
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 131/294
© 2008 Cisco Systems, Inc. Lab Guide 125
In the remote lab, a Cisco 2106 controller
In the remote lab, a remote laptop with a Cisco WLAN adapter
Job Aids
These job aids are available to help you complete the lab activity:
Lab map
Partner group table
Lab Table—Naming and Information: Pods 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
WLAN IUWNE-ROAM12 IUWNE-ROAM12 IUWNE-ROAM34 IUWNE-ROAM34
Mobility group Pod12 Pod12 Pod34 Pod34
Lab Table—Naming, and Information: Pods 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
WLAN IUWNE-ROAM56 IUWNE-ROAM56 IUWNE-ROAM78 IUWNE-ROAM78
Mobility group Pod56 Pod56 Pod78 Pod78
Task 1: Create a Common WLAN
In this task you will create a WLAN common to two pods.
Activity Procedure
Complete these steps:
Step 1 Check that you are connected, through the VPN tunnel, to the remote lab network.
Step 2 From your class PC, open a browser session to your Cisco 2106 controller
Management Interface IP address. (https://10.X0.1.10) You may have to disable
your local proxy to access the web interface through the VPN tunnel.
Step 3 Click OK to accept the self-signed certificate sent by the controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 132/294
126 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 Click Login.
Step 5 Enter the administrative username you defined in the previous lab and the password
(adminX for the username and cisco for the password).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 133/294
© 2008 Cisco Systems, Inc. Lab Guide 127
Step 6 You should see the controller Monitor Summary page.
Step 7 In the upper menu, click WLAN.
Step 8 You should see the WLAN you created before. Click its name to edit its settings.
Step 9 Uncheck the Status Enabled check box. You do not want this WLAN to currently be
active13. Click Apply to validate the change.
Step 10 Now, at the WLAN page list, in the upper-right part of the window, click New tocreate a new WLAN.
13 The Cisco 2106 and the AP are perfectly capable of supporting several WLANs at the same time, but in a crowded
environment, you do not want to see too many SSID names that you will not use. For this reason you will disable the
WLANs you do not use for each new lab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 134/294
128 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 11 In Profile Name field, enter Roaming. In the WLAN SSID field, enter the name of
the WLAN. Refer to the lab table (IUWNE-ROAMX, where X = shared group
number between two pods).
Note The name is in capitals and is case-sensitive.
Step 12 Click Apply to validate the name.
Step 13 A new window opens showing the WLAN details.
Step 14 Check the Status Enabled check box.
Step 15 In the Radio Policy drop-down list, choose 802.11a only. Because your Cisco 1252
AP operates only in the 802.11a spectrum, there is no point in allowing this WLAN
in the 802.11b/g band.
Step 16 Click the Security tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 135/294
© 2008 Cisco Systems, Inc. Lab Guide 129
Step 17 In Layer 2 Security, choose None.
Step 18 Click Apply to create the WLAN with these settings.
Step 19 You should now have two WLAN Profile Names in the list, but only the Roaming
show a status of Enabled.
Step 20 In the upper menu, click Wireless.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 136/294
130 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 21 You should see your AP. Note that its Ethernet MAC address is shown. You want to
know its radio MAC address. In the left menu, choose radio > 802.11a/n.
Step 22 You should see your AP, along with its radio MAC address. Document this MAC
address here:
1252 AP 802.11a MAC address:_________________________________________
Step 23 You want to allow your clients to connect at 802.11n speeds. Position your mouse
on the arrow at the end of the AP description line and choose Configure.
Step 24 A new screen appears. In the 11n Parameters section, verify that your AP supports
802.11n. You will be using 20-MHz-wide channels, compatible with non-802.11n
clients. Verify that the Channel Width is set to 20 MHz.
Step 25 Click Apply to validate.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 137/294
© 2008 Cisco Systems, Inc. Lab Guide 131
Step 26 Navigate to Wireless > 802.11a/n > High Throughput (802.11n).
Step 27 In the General section, verify that 802.11n is activated. In the MCS Data Rate
Settings, verify that all data rates are checked. Document the highest possible rate:
___________________________________________________________________
Step 28 To be able to roam, not only do you need to have a common WLAN, but the
controllers also need to be in the same mobility group. In the upper menu, click
Controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 138/294
132 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 29 In Default Mobility Domain Name and RF-Network Name, enter your common
group name. Refer to the table:
Pod 1 2 3 4 5 6 7 8
Name Pod12 Pod12 Pod34 Pod34 Pod56 Pod56 Pod78 Pod78
Note Names are case-sensitive.
Step 30 Click Apply to validate the change.
Step 31 Controllers are now in the same mobility group, but they do not communicate with
each other yet. In the left menu, unfold Mobility Management, and choose Mobility
groups.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 139/294
© 2008 Cisco Systems, Inc. Lab Guide 133
Step 32 You see your controller’s details. Document its Management IP address and built-in
MAC address14:
Management IP address: ______________________________________________
Built in MAC address: ________________________________________________
Step 33 In the upper-right part of the screen, click New to create a new member to yourmobility group.
Step 34 Ask your partner group for their controller IP address and built-in Mac address, and
enter the values in the right fields.
Step 35 Click Apply to create the new member.
Step 36 Your mobility group list now shows two members.
14 The built-in MAC address is a MAC address common to the whole system, and not relevant to a specific port. This
MAC address is reachable through any port, and characterizes the system as a whole.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 140/294
134 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 37 To verify connectivity to the other controller, put the mouse over the arrow at the
right end of the line describing your partner controller, and choose Ping.
Step 38 The ping should be successful. If it is not, check your values.
Step 39 Your controllers are now ready to offer intercontroller connectivity and roaming. Do
not close the web browser window.
Activity Verification
You have successfully completed this task when you attain these results:
You could create a roaming WLAN.
Your controller is in the same mobility group as your partner controller, and they could
ping each other successfully.
Task 2: Connect to the Right AP
In this task, you will associate to this WLAN, and make sure both partners associate to the
same AP. To achieve it, you need to make sure that only one AP is available at a time.
Activity Procedure
Complete these steps:
Step 1 Steps 1 through 8 are for even-numbered pods (2, 4, 6, and 8) to disable their radios.
Odd-numbered pods can proceed to Step 9. In the controller web browser window,
click Wireless in the upper menu.
Step 2 In the left menu, choose Radio > 802.11a/n.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 141/294
© 2008 Cisco Systems, Inc. Lab Guide 135
Step 3 You should now see your AP.
Step 4 Put your mouse on the arrow at the end of the line and choose configure.
Step 5 A new window appears with your AP 802.11a/n radio details.
Step 6 In the General section, set the Admin Status to Disable to turn your radio off.
Step 7 Click Apply to validate the change. Click Back to return to the radio list.
Step 8 The AP should show in the list, with its radio status set to DOWN and Disable.
Even-numbered pods can now proceed to Step 16 to configure their remote lab
wireless laptop.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 142/294
136 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 9 Steps 9 through 15 are for odd-numbered pods (1, 3, 5, and 7) to remove any
existing client associations. Even-numbered pods should have finished Step 8 and
proceeded to step 16. On the odd-numbered pod controllers, the AP radio should still
be up. At this point, only one of the APs in the mobility group is up, which
guarantees that the client will connect to this AP only.
Step 10 One last step needs to be performed; remove the clients trace from the controllers.
Otherwise, the client will not connect to the controller you expect. You will see why
later on. In the upper menu, click Monitor.
Step 11 In the left menu, click Clients.
Step 12 A new window appears. You should see at least one client. If you do not see any
clients, move directly to Step 16.
Step 13 Put your mouse on the arrow at the right end of the line describing each client, and
choose Remove. Be careful not to choose Disable.
Step 14 Click OK to confirm that you want to delete this client from the controller cache.Repeat the operation for all the other clients you may see in the list.
Step 15 No client should be left in the list.
Step 16 Connect to your remote laptop from your class PC; choose Start > Programs >
Accessories > Communications > Remote Desktop Connection.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 143/294
© 2008 Cisco Systems, Inc. Lab Guide 137
Note In each pod, only one connection at a time is possible to the remote laptop. With your
partner choose who will be connecting.
Step 17 Use the lab table to know what IP address you should use to connect to your remote
lab wireless laptop. It should be in the format 10.X0.1.240, where X is your pod
number.
Step 18 In the remote desktop connection pop-up window, in the computer field, enter the IPaddress of your remote laptop, and click Connect.
Step 19 You will be presented with a new window where you are asked to enter the
credentials required to access your remote laptop. Use the lab table to know which
username and password are used to connect to your group laptop. They should be in
the format studentX for username and cisco for the password, where X is your pod
number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 144/294
138 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 20 Enter the credentials and click OK . You should see the Windows desktop of your
remote laptop.
Step 21 From your remote lab wireless laptop, click Start > Connect To > Show All
Connections.
Step 22 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 23 Right-click it and choose Enable.
Step 24 Right-click your internal Intel 4965 wireless card connection again (not the Cisco
wireless card) and choose View Available Wireless Networks.
Step 25 The IUWNE-ROAM XY SSID should appear in the list. Click Connect. Read the
warning about unsecured networks, and click Connect Anyway to continue.
Step 26 The connection should be successful.
Step 27 Once connected, right-click your network connection and choose Status.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 145/294
© 2008 Cisco Systems, Inc. Lab Guide 139
Step 28 A new window appears. Verify that you are connected to the correct WLAN
(IUWNE-ROAM X ). Also check the speed of the connection. It should be of 802.11n
type.
Step 29 Click the Support tab. Then click Details.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 146/294
140 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 30 Document the IP address obtained: _______________________________________
Step 31 Notice the DHCP Server address: Which machine is it?
____________________________________________________________________
Step 32 Click Close to close the Network Connection Details window. Close the status
window.
Step 33 Try to ping your partner laptop wireless connection. Open a command prompt and
choose Start > All Programs > Accessories > Command Prompt.
Step 34 Ask for your partner pod respective IP address documented at Step 30. Notice that,
in the wireless space, both machines are in the same subnet because they connected
to the same WLAN connected to the same controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 147/294
© 2008 Cisco Systems, Inc. Lab Guide 141
Step 35 At the command prompt, enter ping –t followed by your partner’s laptop IP address.
Step 36 The ping should be successful and carry on without interruption. Notice the variable
time taken by each ping. The frame needs to travel from your laptop to the AP, then
from the AP to your partner laptop. It answers with a frame that has to travel all the
way back. At each step, CSMA/CA and contention windows may imply a different
delay. Let the ping continue without interrupting it and proceed to the next task
while leaving the command prompt window open.
Activity Verification
You have successfully completed this task when you attain these results:
You have successfully connected to the roaming profile.
Both partners are connected within the same subnet.
Task 3: Use Roaming
In this task, you will force your clients to roam from one AP to the other.
Activity Procedure
Complete these steps:
Step 1 Reopen the web session to your controller.
Step 2 Click Monitor. On the left menu click Clients.
Step 3 A new window appears. On the odd-numbered pods’ (1, 3, 5, 7) controllers, you
should see both laptops as clients to your controller. They are connecting through
the controller 1252 AP.
Step 4 On the even-numbered pods’ (2, 4, 6, 8) controllers, you should still see no client
because your AP radio is disabled.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 148/294
142 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 5 Steps 5 through 12 are for even-numbered pods (2, 4, 6, and 8) to enable their
respective AP radios. In the controller web browser window, click Wireless in the
upper menu.
Step 6 In the left menu, choose Radio > 802.11a/n.
Step 7 You should see your AP set to Disable.
Step 8 Put your mouse on the arrow at the end of the line and choose Configure.
Step 9 A new window appears with your AP 802.11a/n radio details.
Step 10 In the General section, set the Admin Status to Enable. This will turn your radio
back on.
Step 11 Click Apply to validate the change. Click Back to return to the radio list.
Step 12 The AP should show in the list, with its radio status set to UP / Enable. Notice the
channel is on.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 149/294
© 2008 Cisco Systems, Inc. Lab Guide 143
Step 13 On the odd-numbered pods’ (1, 3, 5, 7) controllers, the AP radio should also be up.
At this point, both APs are up, but on different channels.
Step 14 Repeat Steps 2 to 4 to make sure that, even though two APs are available now, the
clients did not hop to the second AP15.
Step 15 Now is the time to force the hop, disabling the first AP to force the client to look for
another AP serving the same SSID and hop to it.
Step 16 Steps 16 through 23 are for the odd-numbered pods (1, 3, 5, 7) to disable their radiosto force clients to search for another AP for association, In the controller web
browser window, click Wireless in the upper menu
Step 17 In the left menu, choose Radio > 802.11a/n.
Step 18 You should see your AP.
Step 19 Put your mouse on the arrow at the end of the line and choose Configure.
Step 20 A new window appears with your AP 802.11a/n radio details.
Step 21 In the General section, set the Admin Status to Disable. This will turn your radio
down. Do not click Apply yet.
Step 22 Before clicking Apply, make sure you have a connection to your remote laptop and
see the window where the machine is still pinging your partner’s IP address. Be
ready to go back to it as soon as you click Apply in the web browser session. Then,
click Apply to validate the change.
Step 23 In your laptop session, look at the ping window.
15 The clients have no reason to hop if the connection on the first AP offers a good enough connection.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 150/294
144 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 24 A few pings should be timing out, while your WLAN card realizes that the
connection is not available anymore (no ACK to one of the pings), then scans all the
channels to find another AP serving the same SSID and reassociates. With a rate of
about 1 ping per second, try to evaluate how many seconds were lost in the process.
Step 25 Now both clients associate through the second (even-numbered) pods’ controllerAP.
Step 26 Reopen the web session to your controller.
Step 27 Click Monitor. On the left menu click Clients.
Step 28 A new window appears. On the even-numbered controllers, you should still not see a
client.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 151/294
© 2008 Cisco Systems, Inc. Lab Guide 145
Step 29 On the odd-numbered pod controllers, you should still see both laptops as clients to
your controller. The AP name has changed now. It indicates the other controller as
the AP, and the protocol changed from 802.11n to Mobile the new controller proxies
the connection for your clients, but keeps in memory that they have to remain on the
same subnet as they were before, and that they come from the first controller.
Step 30 If your AP 802.11a radio was disabled, re-enable it.
Step 31 From you controller web interface click in the upper menu Save configuration.
Click OK to confirm.
Step 32 Close the remote laptop command prompt window.
Step 33 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 34 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 35 Right-click it and choose Disable.
Step 36 Close the open windows in the remote desktop connection. Close the remote desktop
connection and the web interface to your controller.
Activity Verification
You have successfully completed this task when you attain these results:
You could roam from one AP to the other.
You could see the roaming and client caching feature.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 152/294
146 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 4-1: 802.1Q and Web AuthenticationComplete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity you will set up a WLAN with Web Authentication as the security policy. This
implementation provides an open connection to a user that requires a username and passwordsecurity exchange. All network traffic is then transmitted in the clear. In order to provide that
support, a new WLAN instance must be created that provides an SSID that the Web
Authentication client will use. You must also define a Local Net User database and create the
username and password entries. Once the support for Web Authentication is configured
correctly on your controller, you will log in using the Local Net User username and password
using a browser connection from your remote lab wireless laptop. After completing this
activity, you will be able to meet these objectives:
Create a VLAN interface on the controller
Create a Web Authentication WLAN
Create a trunk port on a switch
Connect to the WLAN
Experiment with exclusion policies
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—12
Visual Objective for Lab 4-1: 802.1Q and
Web Authentication
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 153/294
© 2008 Cisco Systems, Inc. Lab Guide 147
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 526 controller
In the remote lab, a remote lab wireless laptop with a Cisco WLAN adapter
Job Aids
These job aids are available to help you complete the lab activity:
Pod IP addresses
Lab map
Lab Table—IP Addressing, Naming, and Information: Pods: 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Remote lab wirelesslaptop address
10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote lab wirelesslaptop login
student1 student2 student3 student4
Remote lab wirelesslaptop password
cisco cisco cisco cisco
526 WLC VLAN 90 ID 90 90 90 90
526 WLC VLAN 90 IP 172.16.90.10 172.16.90.20 172.16.90.30 172.16.90.40
526 WLC VLAN90netmask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
526 WLC VLAN 90gateway
172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
526 WLC VLAN 90 port 1 1 1 1
526 WLC VLAN 90DHCP server
172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
WLAN IUWNE-Web1 IUWNE-Web2 IUWNE-Web3 IUWNE-Web4
Switch IP address 10.10.1.253 10.20.1.253 10.30.1.253 10.40.1.253
Switch username student1 student2 student3 student4
Switch password cisco cisco cisco cisco
Controller interface onthe switch
Gigabitethernet0/3 Gigabitethernet0/8 Gigabitethernet0/13 Gigabitethernet0/18
Native VLAN 10 20 30 40
Local Net user name webuser1 webuser2 webuser3 webuser4
Local net password cisco cisco cisco cisco
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 154/294
148 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab Table—IP Addressing, Naming, and Information: Pods: 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Remote lab wirelesslaptop address
10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote lab wirelesslaptop login
student5 student6 student7 student8
Remote lab wireless
laptop password
cisco cisco cisco cisco
526 WLC VLAN 90 ID 90 90 90 90
526 WLC VLAN 90 IP 172.16.90.50 172.16.90.60 172.16.90.70 172.16.90.80
526 WLC VLAN90netmask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
526 WLC VLAN 90gateway
172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
526 WLC VLAN 90port
1 1 1 1
526 WLC VLAN 90
DHCP server
172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
WLAN IUWNE-Web1 IUWNE-Web2 IUWNE-Web3 IUWNE-Web4
Switch IP address 10.50.1.253 10.60.1.253 10.70.1.253 10.80.1.253
Switch username student5 student6 student7 student8
Switch password cisco cisco cisco cisco
Controller interface onthe switch
Gigabitethernet0/23 Gigabitethernet0/28 Gigabitethernet0/33 Gigabitethernet0/38
Native VLAN 50 60 70 80
Local Net user name webuser5 webuser6 webuser7 webuser8
Local net password cisco cisco cisco cisco
Task 1: Create a VLAN Interface
In this scenario, the guest user WLAN is to send all users to VLAN 90, which links to a
theoretical DMZ. You will use the Cisco 526 controller web interface to configure a VLAN
interface that is needed to support the Web Authentication client traffic. In the next task, you
will create a WLAN that will be mapped to this VLAN.
Activity Procedure
Complete these steps:
Step 1 Make sure you have a VPN connection to the remote lab.
Step 2 From your class PC, connect to your Cisco 526 controller web interface. Open a
secured browser session to 10.X0.1.100, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 155/294
© 2008 Cisco Systems, Inc. Lab Guide 149
Step 3 Enter your administrative user credentials, adminX as the username and cisco as the
password, where X is your pod number.
Step 4 From the upper Menu bar, choose the Controller > Interfaces option. Notice the
Controller options available in the left sidebar.
Step 5 In the main Interfaces window, click the New button.
Step 6 A new screen appears. In the Interface Name field, enter VLAN90.
Step 7 In the VLAN id field, enter 90.
Step 8 Click Apply to create the interface.
Step 9 A new screen appears where you can configure your interface details. Enter the
values for this new dynamic interface as per the following table:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 156/294
150 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 1 Pod 2 Pod 3 Pod 4
VLAN 90 ID 90 90 90 90
VLAN 90 IP 172.16.90.10 172.16.90.20 172.16.90.30 172.16.90.40
VLAN90 netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
VLAN 90 gateway 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
VLAN 90 WLC port 1 1 1 1
VLAN 90 DHCP server 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
Pod 5 Pod 6 Pod 7 Pod 8
VLAN 90 ID 90 90 90 90
VLAN 90 IP 172.16.90.50 172.16.90.60 172.16.90.70 172.16.90.80
VLAN90 netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
VLAN 90 gateway 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
VLAN 90 WLC port 1 1 1 1
VLAN 90 DHCP server 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 157/294
© 2008 Cisco Systems, Inc. Lab Guide 151
Step 10 The gateway, 172.16.90.253, will act as a DHCP server for clients of this subnet.
The DHCP server is already configured on the gateway. Click Apply to validate the
settings. Read the warning message and click OK to continue.
Step 11 Notice in the upper-right corner of your window the three options; Save
Configuration, Ping, and Logout. Click the Save Configuration option. This saves
the running configuration to the NVRAM.
Activity Verification
You have successfully completed this task when you attain these results:
You created a VLAN interface on your Cisco 526 controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 158/294
152 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Task 2: Create the WLAN
In this task, you will create a specific WLAN to support web authentication.
Activity Procedure
Complete these steps:
Step 1 Navigate to WLAN.
Step 2 Disable your IUWNE-X02 SSID from the previous lab. Click it. A new screen
appears.
Step 3 Uncheck the WLAN Status Enabled check box. Click Apply.
Step 4 Your WLAN still appears in the list, but is disabled. No connection will be allowed
to this WLAN, and it will not be seen on the AP16.
Step 5 Click the New button to create a new WLAN.
Step 6 In the screen that appears, leave the WLAN type to its default. Enter the profile
name of Web _ authentication.
16 Your controller could have several active WLANs, but in a crowded lab environment it is better to limit the WLANs
to the one you really need.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 159/294
© 2008 Cisco Systems, Inc. Lab Guide 153
Step 7 Assign the correct SSID as indicated on your lab map. It should be in the form
IUWNE-WEBX, where X is your pod number.
Step 8 Click the Apply button to create the new WLAN. A new edit screen will appear.
Step 9 Set Admin status to Enabled to activate the WLAN.
Step 10 Choose the VLAN90 interface you created earlier.
Step 11 Click the Security tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 160/294
154 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 12 Set the Layer 2 Security to None, because this WLAN will just use web
authentication (which is Layer 3) but no Layer 2 encryption or authentication.
Step 13 Click the Layer 3 Security tab.
Step 14 Click Web Policy. Read the warning about DNS and click OK to acknowledge.
Step 15 There are two possible web policies. Leave the policy to its default, Authentication.
Step 16 Click Apply to validate the WLAN settings.
Step 17 Review your WLAN configuration. Creating web authentication requires a
controller reboot. In the upper menu, click Commands.
Step 18 In the left menu, choose Reboot.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 161/294
© 2008 Cisco Systems, Inc. Lab Guide 155
Step 19 A new screen appears; choose Reboot in the upper-right portion of the window.
Step 20 Two new options appear, Save and reboot and Reboot without save. Click Save and
reboot. Read the warning and click OK to continue.
Step 21 After a few minutes, your controller should be accessible again, and your Cisco 521
AP should also be accessible. Do not close your controller web browser.
Activity Verification
You have successfully completed this task when you attain these results:
You have disabled the WLAN from the previous lab.
You have successfully created a WLAN on your Cisco 526 Controller associated to theVLAN 90 interface.
Task 3: Configure a Trunk Port
In this task you will connect to the switch to allow VLAN 90 to link to your controller.
Activity Procedure
Complete these steps:
Step 1 From the controller upper-right menu, choose Ping.
Step 2 Try to ping your management interface gateway. Enter the switch IP address. It
should be in the form 10.X0.1.253.
Step 3 The ping should be successful. You can ping the switch to which your controller
connects. Click OK to close.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 162/294
156 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 Click Ping again. Enter your interface 90 IP address. It should be in the form
172.16.90.X0, where X is your pod number.
Step 5 The ping is again successful. You can ping your own interface in VLAN 90. Click
OK to close.
Step 6 Click Ping again. Enter the switch IP address in VLAN 90. It should be
172.16.90.253.
Step 7 This time the ping fails. You can reach the switch on the management subnet, but
not on VLAN 90. The problem could come from the switch IP address, but it is
configured properly. The second possibility is a misconfiguration in your controller
link to the switch. To verify, connect to the switch and from your local classroom
PC, choose Start > All Programs > Accessories > Command Prompt.
Step 8 Enter telnet followed by your switch IP address. It should be in the form telnet
10.X0.1.253, where X is your pod number.
Step 9 Enter your credentials. Login should be in the form studentX, where X is your pod
number. Password is cisco.
Step 10 Refer to the table below to know on which port your Cisco 526 controller is
connected. Enter show running-config interface gigabitethernet 0/X, where
gigabitethernet 0/X is your Cisco 526 controller interface on the switch. Refer to the
following table:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 163/294
© 2008 Cisco Systems, Inc. Lab Guide 157
Pod 1 Pod 2 Pod 3 Pod 4
Switch IP address 10.10.1.253 10.20.1.253 10.30.1.253 10.40.1.253
Switch username student1 student2 student3 student4
Switch password cisco cisco cisco cisco
526 Controllerinterface on theswitch
Gigabitethernet0/3 Gigabitethernet0/8 Gigabitethernet0/13 Gigabitethernet0/18
Native VLAN 10 20 30 40
Pod 5 Pod 6 Pod 7 Pod 8
Switch IP address 10.50.1.253 10.60.1.253 10.70.1.253 10.80.1.253
Switch username student5 student6 student7 student8
Switch password cisco cisco cisco cisco
526 Controllerinterface on theswitch
Gigabitethernet0/23 Gigabitethernet0/28 Gigabitethernet0/33 Gigabitethernet0/38
Native VLAN 50 60 70 80
Step 11 Your controller port is in a VLAN on the switch. This fact means that the controller
can access anything that is the same VLAN, such as the AP, the remote lab wireless
laptop, or the switch itself as long as your controller does not apply any tag to the
frame it sends. This method worked previously because the management interface
was untagged. If you want to send tagged frames from your controller, you will need
to allow the switch to receive them. This implies changing the port mode from
access, in a VLAN, to a trunk. The switch will then accept receiving tags on thistrunk 17.
Step 12 Enter configure terminal to configure the switch.
17 This configuration is not specific to the Cisco 526 controller. On your Cisco 2106 controller, you have, up to this
point, used only the management interface. As soon as you would need to use more than one interface on a port, this
port must be turned into a trunk.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 164/294
158 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 Enter interface followed by your controller interface name.
Step 14 The port is not in the VLAN specified. Enter no switchport access vlan X0, where
X0 is the VLAN number displayed by the switch for this port.
Step 15 You will need to use 802.1Q type of tagging, which is the one supported by the
controller. Enter switchport trunk encapsulation dot1q.
Step 16 The port is a trunk. Enter switchport mode trunk .
Step 17 This configuration allows your controller to send and receive tagged frames, but one
element is missing. Until now, your controller was connecting to your Cisco 521 AP
and your remote lab wireless laptop because they all were in the same VLAN.
Frames were sent from one port of the VLAN to the other as if the VLAN itself was
an independent switch. If you change the controller port to trunk mode, all frames
coming for the different VLANs will still be sent to it, but with a VLAN tag. This
means that frames coming from your AP, your remote lab wireless laptop, or even
your local classroom PC will be sent to the controller with the VLAN tag you saw
before for your controller port. The problem is that your management and APmanager interfaces are set with “VLAN TAG 0”, which means that they are
untagged, and do not understand tagged traffic. Try to access the controller web
interface. It should have become inaccessible. There are two ways of solving this
problem. The first one is to tag the management and AP manager interface, so that
they understand the tags sent from the other devices. The second one is to tell the
switch not to tag the frames that originate from the controller’s old VLAN. This
second way is the easiest way. To do it, you need to tell the switch that, on this trunk
port, the native VLAN is your controller’s old VLAN number.
Step 18 Still at the controller interface configuration level, enter switchport trunk native
vlan X0, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 165/294
© 2008 Cisco Systems, Inc. Lab Guide 159
Step 19 You should immediately regain access to your controller’s web interface, and your
Cisco 521 AP should be back after a few seconds. If you still cannot access your
switch web interface, notify your instructor.
Step 20 From the switch interface, enter end to exit the configuration mode.
Step 21 Enter ping followed by your controller IP address in VLAN 90. It should be in the
form ping 172.16.90.X0, where X is your pod number. The ping should be
successful. You can ping your controller from the switch. Close the command
prompt window.
Step 22 Verify the connectivity from the controller side. Click Ping again. Enter the switch
IP address in VLAN 90. It should be 172.16.90.253. The ping should this time besuccessful. Close the popup window.
Activity VerificationYou have successfully completed this task when you attain these results:
You created a trunk for your controller port on the switch.
You assigned the right native VLAN to this trunk port.
Task 3: Create a Local Net User
You must create a Local Net User and define a password that you will provide when logging in
as a Web Authentication client.
Activity ProcedureComplete these steps:
Step 1 From the upper menu, navigate to Security.
Step 2 In the left menu, click the Local Net Users button.
Step 3 Click New to create a new local user.
Step 4 In username, enter webuserX, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 166/294
160 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 5 In Password and Confirm Password, enter cisco.
Step 6 Do not click Guest User because you do not want to restrict the user lifetime18.
Step 7 IN WLAN Profile, choose Web_Authentication.
Step 8 Fill in the description for this user. It should be in the form User for the Web based
WLAN.
Step 9 Click the Apply button to save the new user configuration.
Activity Verification
You have successfully completed this task when you attain these results:
You have successfully created a Local Net User on your controller.
Task 4: Have the AP Rejoin the Controller
In this task, you will reboot your AP for it to rejoin the controller.
Activity Procedure
Complete these steps:
Step 1 Navigate to Monitor. Your AP should not be seen anymore19. If you see your AP,
proceed directly to Task 5.
18 When clicking guest user, you can restrict the user credentials lifetime. You could use this setting here, but youchoose instead not to restrict the credential’s lifetime and leave the Guest user box unchecked.19 In this lab environment, when you rebooted your controller, your Cisco 521 AP tried to join your controller but could
not. It then probably joined another controller while you were still rebooting. Now that your controller is back,
rebooting the AP is the easiest way to have it discover your controller again and rejoin it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 167/294
© 2008 Cisco Systems, Inc. Lab Guide 161
Step 2 You need to connect to your Cisco 521 AP serial interface to reboot it locally. From
your class PC, choose Start > Programs > Accessories > Command Prompt.
Step 3 At the command prompt, enter telnet followed by the IP address of the remote
terminal server (10.1.1.252 or other if provided by your instructor).
Step 4 Enter the credentials (username student, password cisco or other if provided by your
instructor) to access the terminal server.
Step 5 After successful login, you will be asked to choose the correct pod (Podx), where x
is your pod number.
Step 6 You will see a new menu, allowing you to connect to several devices in your group.
Take some time to familiarize yourself with the different options that are available.
Step 7 You now need to connect to the Cisco 521 AP, which is AP521, or Item 3.
Step 8 Once connected, enter enable to access the privileged mode. The password is Cisco.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 168/294
162 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 9 Enter reload to reboot the AP. Press Enter to confirm. After a few minutes, you
should see that the AP is fully rebooted and an indication that it joined your
controller. Close the command prompt window.
Activity Verification
You have successfully completed this task when you attain these results:
Your access point has successfully joined your controller.
Task 5: Client Configuration
In this task, you will configure your remote lab wireless laptop to connect to this new WLAN.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote lab wireless laptop; from your class PC, choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 169/294
© 2008 Cisco Systems, Inc. Lab Guide 163
Note In each pod, only one connection at a time is possible to the remote lab wireless laptop.
Choose with your partner who will be connecting.
Step 2 Use the lab table to know what IP address you should use to connect to your remote
lab wireless laptop. It should be in the format 10.X0.1.240, where X is your pod
number.
Step 3 In the Remote Desktop Connection pop-up window, in the Computer field, enter theIP address of your remote lab wireless laptop, and click Connect.
Step 4 You will be presented with a new window where you are asked to enter the
credentials required to access your remote lab wireless laptop. Use the lab map to
know which username and password are used to connect to your pod remote lab
wireless laptop. They should be in the format studentX/cisco, where X is your pod
number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 170/294
164 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 5 Enter the credentials and click OK . You should see the Windows desktop of your
remote lab wireless laptop.
Step 6 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 7 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 8 Right-click it and choose Enable.
Step 9 Right-click the Intel Wireless network icon again and click View All Available
Wireless Networks.
Step 10 You should see the WLAN you just created. Click it and click Connect.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 171/294
© 2008 Cisco Systems, Inc. Lab Guide 165
Step 11 Read the warning about unsecured networks, and click Connect anyway to proceed.
Step 12 After a few seconds, you should be connected. Open a command prompt to verify
your IP address. Choose Start > All Programs > Accessories > Command
Prompt.
Step 13 Enter ipconfig.
Step 14 Your wireless connection should have an IP address in the 172.16.90.0 range. This
implies that you could reach the gateway as a DHCP client to obtain an IP address
from it. Enter ipconfig /all.
Step 15 Make sure that you have only one DNS server obtained through the wireless
interface of 10.100.1.1. If you have more than one DNS server, report to your
instructor 20.
20 You will need DNS server contact to resolve an URL next page. If you have a DNS server on your LAN interface,
Windows will always prefer it to the wireless one, and DNS resolution will fail for our example URL.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 172/294
166 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 16 Try to ping through the controller to the gateway; enter ping 172.16.90.253. The
ping should fail.
Step 17 Now back up to only ping your controller IP address in VLAN 90. Enter ping
172.16.90.X0, where X is your pod number. The ping should fail. This means that
although you had DHCP reachability, you do not have IP reachability as a client.
This WLAN is based on web authentication, to actually access the network you needto be authenticated.
Step 18 Your controller will not present itself to a wireless client as the VLAN interface, but
will always try to emulate the virtual IP address, 1.1.1.1, regardless of which VLAN
the wireless client should be sent once on the wired side of the network. Try to ping
this virtual IP address. Enter ping 1.1.1.1. The ping should fail.
Step 19 In this specific lab environment, your remote lab wireless laptop has two ways ofgetting to your controller: via the wired interface, or via the wireless interface. For
the wireless connection to be successful, you need to access the controller from the
wireless interface. This implies creating a static route. Still from your command
prompt, enter a host route: route add 1.1.1.1 mask 255.255.255.255 172.16.90.253.
This informs your remote lab wireless laptop that to reach your controller’s virtual
IP address (1.1.1.1), only the wireless gateway should be used.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 173/294
© 2008 Cisco Systems, Inc. Lab Guide 167
Step 20 Still from the command prompt, enter route add 10.100.1.1 mask 255.255.255.255
172.16.90.253. This number informs your remote lab wireless laptop that reaching
the DNS server should be done via the wireless interface, so that traffic flows via
your controller and not your wired interface.
Step 21 From your remote lab wireless laptop, open a browser. Verify that the popup blocker
is disabled21. In the address bar enter test.example.com.
Step 22 Click OK to accept the certificate. You should be redirected to your controller
authentication page.
Step 23 In username, enter the local net user name you created before. It should be in the
form webuserX, where X is your pod number.
Step 24 In password, enter your local net user password. It should be cisco.
21 Web authentication page opens a popup window when connected. This page is not necessary in itself, but failure to
see it makes it difficult to know if you are successfully connected or not. Disabling popup blocker for your browser is
required in this lab environment.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 174/294
168 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 25 Click Submit. The authentication should be successful. You should be redirected to
a sample web page.
Notice that to close the session, you will need use the page https://1.1.1.1/logout.html, and then
click Logout.
Step 26 From the command prompt, enter ping 172.16.90.253. The ping should be
successful. Now that you are authenticated, you have full access to the network.
Step 27 In the web interface, click Logout.
Step 28 Close the web browser.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 175/294
© 2008 Cisco Systems, Inc. Lab Guide 169
Activity Verification
You have successfully completed this task when you attain this result:
You have successfully logged in to the web authentication-based WLAN you created.
Task 6: Client Exclusion
In the previous example you logged in correctly and were granted access. This time you will
provide the wrong password each time you attempt to log in.
Activity Procedure
Complete these steps:
Step 1 Open a new IE browser session.
Step 2 In the browser’s address bar, enter the address http://test.example.com.
Step 3 Press Enter to initiate the browser session.
Step 4 When the security alert screen comes up, click Yes to continue.
Step 5 When the Login screen appears, log in using the name of the Local Net User you
created, but this time use iforgot as the password.
Step 6 Continue to try and log in to the system counting each failed attempt.
Step 7 After three failed attempts, you should be excluded.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 176/294
170 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 8 Close the browser session.
Step 9 In the command prompt, enter: route delete 10.100.1.1. Traffic to the DNS server
does not need to go via the wireless interface anymore. Close the command prompt.
Step 10 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 11 Locate your wireless connection. It should be called Intel Wireless WiFi Link
4965AGN.
Step 12 Right-click it and choose Disable.
Step 13 Close the connection to your remote desktop.
Step 14 From your class PC, open a web browser session to your 526 controller. Its IP
address should be in the form 10.X0.1.100.
Step 15 Navigate to Management in the menu bar.
Step 16 Choose the Trap Logs option in the left sidebar menu to bring up a list of recent
trap events.
Step 17 Examine the information found there. You should see the Client exclusion event.
Step 18 Document how many failed attempts were reported before you were excluded:
_______________________________________________________________
Step 19 Close the browser session to your controller.
Activity Verification
You have successfully completed this activity when you have attained these results:
You have successfully been excluded from the controller
You have viewed the Alarm logs
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 177/294
© 2008 Cisco Systems, Inc. Lab Guide 171
Lab 4-2: Configuring EAP-FAST Authenticationwith WPA
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will create a secured WLAN on your Cisco 2106 controller, using EAP-
FAST for authentication, based on a local EAP, and WPA for encryption. After completing this
activity, you will be able to meet these objectives:
Create and configure a local EAP-based EAP-FAST WLAN
Configure the Cisco ADU to associate to this WLAN
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—13
Visual Objective for Lab 4-2: ConfiguringEAP-FAST Authentication with WPA
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 controller
In the remote lab, a remote lab wireless laptop with a WLAN adapter
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 178/294
172 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity:
IP addresses assigned to your pod
Lab table
Lab Table—IP Addressing, Naming, and Information: Pods: 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Profile EAP-FAST EAP-FAST EAP-FAST EAP-FAST
WLAN IUWNE-FAST1 IUWNE-FAST2 IUWNE-FAST3 IUWNE-FAST4
Local user name Fastuser1 Fastuser2 Fastuser3 Fastuser4
Local user password cisco cisco cisco cisco
Lab Table—IP Addressing, Naming, and Information: Pods: 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Profile EAP-FAST EAP-FAST EAP-FAST EAP-FAST
WLAN IUWNE-FAST5 IUWNE-FAST6 IUWNE-FAST7 IUWNE-FAST8
Local user name Fastuser5 Fastuser6 Fastuser7 Fastuser8
Local user password cisco cisco cisco cisco
Task 1: Create the WLAN
In this task you will create a new WLAN to support this secure authentication. You will then
configure your controller to use local EAP with EAP FAST.
Activity Procedure
Complete these steps:
Step 1 From your class PC, open a secured web session to your Cisco 2106 controller. Its
IP address should be in the form 10.X0.1.10, where X is your pod number.
Step 2 Click Login. Enter your credentials. Your administrative username should be in the
form adminX, where X is your pod number, and password should be cisco.
Step 3 Navigate to WLAN.
Step 4 Disable your IUWNE-ROAMX SSID from the previous lab (IUWNE-X should still be disabled). Click it. A new screen appears.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 179/294
© 2008 Cisco Systems, Inc. Lab Guide 173
Step 5 Uncheck WLAN Status Enabled. Click Apply.
Step 6 Your WLAN still appears in the list, but is disabled. No connection will be allowed
to this WLAN, and it will not be seen on the AP22.
Step 7 Click the New button to create a new WLAN.
Step 8 In the screen that appears, leave the WLAN Type to its default, WLAN. Enter the
profile name. It should be EAP_FAST.
Step 9 Assign the correct SSID as indicated on your lab map. It should be in the form
IUWNE-FASTX, where X is your pod number.
22 You controller could have several active WLANs, but in a crowded lab environment it is better to limit the WLANs
to the one you really need.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 180/294
174 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 10 Click the Apply button to create the new WLAN. A new edit screen will appear.
Step 11 Set Admin status to Enabled to activate the WLAN.
Step 12 In Radio Policy, choose the 802.11a only.
Step 13 Leave the Interface to management.
Step 14 Click Apply to create the WLAN. Its security parameters are not configured yet;
you will return to them later in this task.
Step 15 Create a local user. From the upper menu, navigate to Security.
Step 16 In the left menu, click the Local Net Users button.
Step 17 Click New to create a new local user.
Step 18 In username, enter FastuserX, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 181/294
© 2008 Cisco Systems, Inc. Lab Guide 175
Step 19 In password, enter cisco.
Step 20 Do not click Guest User. You will not limit the user session in this task, and guest
user only applies to web authentication-based WLANs.
Step 21 In WLAN Profile, chose EAP_FAST.
Step 22 Fill in the description for this user; Local user for the EAP FAST WLAN.
Step 23 Click the Apply button to save the new user configuration.
Step 24 Specify to the controller that the user credentials should be retrieved from the
controller. Choose Security > Local EAP > Authentication Priority.
Step 25 The column on the right is the one that is used to authenticate the client’s
credentials. Verify that LDAP is in the left column so that it will not be used. If not,
elect LDAP, click the "<" button, and click Apply. This puts the user credentials in
the local database first.
Step 26 Create a new EAP profile. This profile will be used to apply your policy to the EAP
FAST WLAN. Choose Security > Local EAP > Profiles.
Step 27 Click New.
Step 28 When the new window appears, enter the Profile Name. It should be in the form
EAP-FASTX, where X is your pod number.
Step 29 Click Apply to create the profile.
Step 30 In the new window, click EAP-FAST to apply your policy to EAP-FAST
authentications.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 182/294
176 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 31 Click Apply.
Step 32 Click your profile name to check its settings.
Step 33 In the left menu, click EAP FAST parameters.
Step 34 This window defines the EAP –FAST parameters for your EAP FAST policy.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 183/294
© 2008 Cisco Systems, Inc. Lab Guide 177
Step 35 You can leave the parameters to their default configuration. In a real network, you
may want to define these parameters according to your network security policy.
Step 36 Go back to your WLAN configuration. Navigate to WLAN. Click your EAP- FAST
WLAN to configure it.
Step 37 Click the Security tab.
Step 38 Click AAA servers. This is where you will indicate to the controllers to use local
EAP for the incoming clients of the WLAN.
Step 39 In local EAP Authentication, check the Local EAP Authentication check box.
Step 40 Make sure that the EAP profile name is the one you created in this task (EAP-
FASTX, where X is your pod number).
Step 41 Click Layer 2 Security. This field is where you will define how authentication and
encryption should work for this WLAN.
Step 42 Make sure that Layer 2 Security is set to WPA+WPA2 because you will use WPA
for this WLAN.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 184/294
178 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 43 Lower in the same tab, in WPA+WPA2 parameters, click WPA Policy.
Step 44 WPA encryption should be set to TKIP.
Step 45 Unclick WPA2 Policy because WPA is the only encryption you wish to use for this
WLAN.
Step 46 Leave Auth Key Mgmt to 802.1X, which means that the client key rotation and
values will be managed by the AAA server, in this case your controller. Click Apply
to validate the changes.
Step 47 In the upper part of your controller screen, click Save Configuration.
Step 48 For the local EAP values to be applied to your APs, you need to reboot your
controller. Navigate to Command.
Step 49 In the left menu click Reboot.
Step 50 Click Reboot again to confirm.
Activity Verification
You have successfully completed this task when you attain these results:
You configured your controller for EAP FAST local authentication.
Task 2: Configure the Client and Access the Network
In this task, you will configure your client for EAP-FAST and test the connection.
Note VERY IMPORTANT: During step 32 to step 39 of client authentication, make sure NOT TO
DISCONNECT from the remote desktop connection to your remote wireless lab laptop. If
you disconnect during these steps, your remote wireless lab laptop may be blocked and not
respond. You would be unable to proceed with the rest of the labs. This issue is known and
cannot be avoided as a result of user action needed to confirm request for 2nd
attempt to
download the final PAC file used for authentication.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 185/294
© 2008 Cisco Systems, Inc. Lab Guide 179
Activity Procedure
Complete these steps:
Step 1 Connect to your remote lab wireless laptop using remote desktop; choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
Note In each pod, only one connection at a time is possible to the remote lab wireless laptop.
Choose with your partner who will be connecting.
Step 2 Use the lab map to know what IP address you should use to connect to your remote
lab wireless laptop. It should be in the format 10.X0.1.240, where X is your pod
number.
Step 3 In the remote desktop connection pop-up window, in the Computer field, enter the
IP address of your remote lab wireless laptop, and click Connect.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 186/294
180 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 You will be presented with a new window where you are asked to enter the
credentials required to access your remote lab wireless laptop. Use the lab map to
know which username and password are used to connect to your pod remote lab
wireless laptop. They should be in the format studentX for the username and cisco
for the password, where X is your pod number.
Step 5 Enter the credentials and click OK . You should see the Windows desktop of your
remote lab wireless laptop.
Step 6 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 7 Locate your wireless connection. It should be called Cisco Aironet 802.11a/b/g
wireless adapter.
Step 8 Right-click it and choose Enable.
Step 9 Right-click your Cisco ASTU (the Cisco Aironet System Tray Utility, which is the
green icon on the system tray) icon and choose Open Aironet Desktop Utility.
Step 10 Click the Profile Management tab. Click the Default profile23.
23 Do not use the Cisco Mobility Express profile; it is set to work on the 2.4-Ghz band only, and will not display SSIDs
in the 80.211a band.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 187/294
© 2008 Cisco Systems, Inc. Lab Guide 181
Step 11 Click Scan.
Step 12 The IUWNE-FAST X SSID should appear in the list.
Step 13 Click it, and click Activate.
Step 14 A new window opens.
Step 15 In the Profile Name field, enter EAP FAST.
Step 16 Click the Security tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 188/294
182 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 17 In Set security options, choose WPA/WPA2/CCKM.
Step 18 In the drop-down list at the right of the same line, choose EAP FAST.
Step 19 Click the Configure button on the Profile Management screen.
Step 20 In EAP Fast Authentication Method, verify or change the setting to MSCHAP v2
User Name and Password.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 189/294
© 2008 Cisco Systems, Inc. Lab Guide 183
Step 21 Notice that the Protected Access Credential zone is empty. Make sure that the Allow
Automatic PAC provisioning box is checked. Your client will automatically receive
its PAC from the controller.
Step 22 Make sure that the other check boxes are unchecked (meaning uncheck the default
No Network Connection Unless User Is Logged In).
Step 23 Click the Configure button at the right end of the MSCHAP v2 User name and
password line.
Step 24 Make sure the Validate Server identity box is unchecked.
Step 25 Click User Saved User Name and Password.
Step 26 In the user name field, enter the local net user name you created in the previous task.
It should be in the form FastuserX, where X is your pod number.
Step 27 Enter the password you created along with the local net user in the previous task. It
should be cisco.
Step 28 Confirm the password.
Step 29 Make sure the Include Windows Logon Domain with User Name is unchecked
because you do not use Windows credentials here, but a name created for this
WLAN.
Step 30 Click the Advanced button.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 190/294
184 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 31 Both the Server or Domain Name and Login Name fields should be empty.
Note VERY IMPORTANT: During Steps 32 to step 39, make sure NOT TO DISCONNECT from
the remote desktop connection to your remote wireless lab laptop. If you disconnect during
these steps, your remote wireless lab laptop may be blocked and not respond. You would be
unable to proceed with the rest of the labs. This issue is known and cannot be avoided as a
result of user action needed to confirm request for 2nd
attempt to download the final PAC file
used for authentication.
Step 32 Click OK to continue.
Step 33 Click OK to close the MSCHAP v2 User Name and Password Configuration
window.
Step 34 Click OK to close the Configure EAP FAST window.
Step 35 Click OK to close the Profile Configuration window.
Step 36 As soon as you click OK , the profile is activated, and a warning about the fact that
you did not receive any valid PAC appears. Click Yes to receive the PAC
automatically24. The process will take a few seconds, and then fail the first attempt.
Step 37 You should be prompted for a second attempt. Click Yes. If you are not prompted,
choose Action > Re-authenticate.
24 If you do not see this message, choose Action > Re-authenticate.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 191/294
© 2008 Cisco Systems, Inc. Lab Guide 185
Step 38 Now that you have a valid PAC, the process should succeed.
Step 39 Verify from the current status window that you did receive an IP address.
Step 40 Click the Profile Management tab, choose EAP-FAST profile, and click Modify
to edit its settings.
Step 41 Click the Security tab.
Step 42 Click the Configure button.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 192/294
186 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 43 In Protected Access Credential, there is now a value, which is the PAC sent from
your controller.
Step 44 Click Manage to edit it.
Step 45 Click the + sign; at the left of Not Grouped, you should see your controller EAP
FAST Authority ID information and the PAC generated for your FastuserX.
Step 46 Close the manage PAC window, cancel the Configure EAP FAST window, and
cancel the configure Profile window or click OK.
Step 47 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 48 Locate your wireless connection. It should be called Aironet 802.11a/b/g wireless
adapter.
Step 49 Right-click it and choose Disable.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 193/294
© 2008 Cisco Systems, Inc. Lab Guide 187
Activity Verification
You have successfully completed this task when you attain these results:
You successfully associated to your EAP FAST WLAN.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 194/294
188 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 5-1: Configuring Controllers and APs fromthe Cisco WCS
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will connect to the Cisco WCS and use it to manage your controller and
AP. After completing this activity, you will be able to meet these objectives:
Create credentials on the Cisco WCS and personalize the interface
Add a controller and AP to the Cisco WCS
Manage the controller and AP from the Cisco WCS
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—14
Visual Objective for Lab 5-1: ConfiguringControllers and APs from the Cisco WCSInterface
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 controller
In the remote lab, a Cisco 1252 LAP
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 195/294
© 2008 Cisco Systems, Inc. Lab Guide 189
In the remote lab, a Cisco WCS server
Job Aids
These job aids are available to help you complete the lab activity:
IP addresses assigned to your pod
Lab table
Lab Table—IP Addressing, Naming, and Information: Pods: 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Cisco WCS user Admin1 Admin2 Admin3 Admin4
Cisco WCS password Public1! Public1! Public1! Public1!
Controller IP address 10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
AP new channel 40 44 48 52
Lab Table—IP Addressing, Naming, and Information: Pods: 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Cisco WCS user Admin5 Admin6 Admin7 Admin8
Cisco WCS password Public1! Public1! Public1! Public1!
Controller IP address 10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
AP new channel 56 60 64 36
Task 1: Create Credentials on the Cisco WCS and Customize
the InterfaceIn this task, you will connect to the Cisco WCS and create the credentials you need.
Activity Procedure
Complete these steps:
Step 1 Verify that you have a VPN connection to the remote lab.
Step 2 From your local classroom PC, open a secure web browser session to the address:
https://10.100.1.125.
Step 3 After a few seconds, a popup window appears informing you that the certificate isself-signed. Click OK to continue.
Step 4 You should see a login screen similar to this figure.
25 On this server, the default web server is used for a previous lab. Do make sure to use https, and not http.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 196/294
190 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 5 Connect using the credentials root for a username and Wlan2day for a password.
Step 6 If you log in successfully you should see a monitor screen similar to that shown
below. Take some time to look at what is displayed.
Step 7 You are logged in as root. You need to create your own account. In the upper menu,
click Administration, and choose AAA.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 197/294
© 2008 Cisco Systems, Inc. Lab Guide 191
Step 8 Before creating a new user, you need to check the password policy on this Cisco
WCS instance. In the left-hand menu, click Local Password Policy.
Step 9 A new window appears, showing the local policy. This is where password
complexity level is defined. Take some time to examine the parameters, but do not
change them because they impact the whole Cisco WCS system.
Step 10 In the left menu, click Users.
Step 11 A new screen appears. In the upper-right drop-down list, choose Add User. Click
Go to continue.
Step 12 A new screen appears. In Username, enter AdminX, where X is your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 198/294
192 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 In New Password, enter Public1!. It conforms to the local policy password strength.
Step 14 Confirm the password.
Step 15 In Groups Assigned to This User, click Admin.
Step 16 Click Submit to validate.
Step 17 The message “User added successfully” should appear in the upper part of the
screen.
Step 18 Click Users in the left menu to verify.
Step 19 Your new user should appear in the list.
Step 20 In the upper-right menu, choose Logout. Log in again using your user credentials.
Step 21 Read the message.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 199/294
© 2008 Cisco Systems, Inc. Lab Guide 193
Step 22 Cisco WCS allows each user to have a specific home page. As an administrator, youwant to optimize this welcome page (a newer feature staring in v4.2). As an example
for this lab, you do not need the Mesh tab, and would also like to monitor controllers
CPU and memory load. Click Edit Tabs in the upper-right corner.
Step 23 A new window appears. Click the Mesh name, and choose Delete. Notice at the
bottom that you can always reset to factory defaults from this page.
Step 24 Click Save.
Step 25 You are back to the Home screen, and the Mesh tab is removed. Click EditContents in the upper-right part of the screen.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 200/294
194 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 26 A new screen appears. In the upper part, choose General.
Step 27 In available content, click Controller CPU Utilization, and click Add to Left
Column.
Step 28 In available content, click Controller Memory Utilization, and click Add to Right
Column.
Step 29 Click Save.
Step 30 You are back to the WCS Home, and the General tab now also shows Controller
CPU and Memory values.
Activity Verification
You have successfully completed this task when you attain these results:
You are connected to the Cisco WCS with the user you created.
You have a personalized home page.
Task 2: Add a Controller and AP
In this task, you will add your controller and your AP to the Cisco WCS.
Activity ProcedureComplete these steps:
Step 1 To add your Controller to Cisco WCS you must click Configure.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 201/294
© 2008 Cisco Systems, Inc. Lab Guide 195
Step 2 Click the Controllers option.
Step 3 Open the drop-down window on the right, choose the Add Controllers option, andthen choose GO.
Step 4 You will be prompted with a new screen where you will enter the IP address and net
mask of the Management interface on your WLAN controller. It should be in the
form 10.X0.1.10, where X is your pod number 26.
26 Notice the SNMP parameters part of the screen. Your controller will be discovered using SNMP, for which the read
and write community is defaulted to private on the controllers. In a production environment, you would change these
defaults, which present a high security risk, both on the WAC and on the controller, in Management > SNMP.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 202/294
196 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 5 Click OK to start the search.
Step 6 After a short search, you should get a message that your controller has been added to
Cisco WCS.
Step 7 Click the Home symbol in the upper-left part of the screen.
Step 8 Choose Monitor > Controllers.
Step 9 Click the IP address of your controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 203/294
© 2008 Cisco Systems, Inc. Lab Guide 197
Step 10 A new window appears, showing your controller’s main monitor page, seen from the
Cisco WCS. You could configure your controller directly from here.
Step 11 Port No 1 is green. Click the green circle.
Step 12 You should see a new screen displaying the port statistics.
Step 13 Click WLAN on the left menu.
Step 14 A new page appears, showing the WLANs configured on the controller. You could
manage them directly from here.
Step 15 In the upper menu, click Monitor > Access Points.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 204/294
198 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 16 You should see your AP in the list. Its status should be green. Click its name.
Step 17 You can see your AP details. Take some time to examine its parameters.
Activity Verification
You have successfully completed this task when you attain these results:
You added your controller to the Cisco WCS.
You could monitor its parameters.
You could verify that your AP was brought along with it.
Task 3: Manage the Controller and AP from the Cisco WCS
In this task, you will configure your controller and AP from the Cisco WCS.
Activity Procedure
Complete these steps:
Step 1 From Cisco WCS, navigate to Configure, and choose Controllers. Notice that it is
also possible to choose Controller templates, to deploy a configuration parameter to
several controllers in one click. Do not choose that option; choose Controllers.
Step 2 In the list, click your controller IP address.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 205/294
© 2008 Cisco Systems, Inc. Lab Guide 199
Step 3 In the new page, showing your controller properties, click the left WLANs, and the
subgroup WLANs.
Step 4 You see the list of all the WLANs you created before. You do not use the Roaming
profile anymore.
Step 5 Check the check box on its left to choose the Roaming profile, then in the upper
right menu, choose Delete WLANs in the pull-down options, and click GO.
Step 6 Read the popup warning message and click OK to confirm.
Step 7 The WLAN should be removed from the list.
Step 8 From the upper menu, choose Configure > Access Points. Notice that it is also possible to choose AP templates, to deploy a configuration parameter to several APs
in one click. Do not choose that option; choose Access Points.
Step 9 Click your AP name.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 206/294
200 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 10 A new screen appears with your AP parameters. Change its location to IUWNE-
Module 5.
Step 11 Verify that Override Global Username Password is checked. AP UserName
should be root and Public1! should be the password.
Step 12 Click Save to validate the new location.
Step 13 In the lower part of the screen, locate your 802.11a/n radio parameters. Click it to
edit its settings.
Step 14 A new window appears with your AP 802.11a parameters. In the RF channel
assignment, click Custom, and choose the channel for your pod. Refer to the
following table.
Pod 1 Pod 2 Pod 3 Pod 4
AP new channel 40 44 48 52
Pod 5 Pod 6 Pod 7 Pod 8
AP new channel 56 60 64 36
Step 15 In TX power Level assignment, click Custom, and choose 4 for the Channel power
value.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 207/294
© 2008 Cisco Systems, Inc. Lab Guide 201
Step 16 Click Save to validate the changes.
Step 17 The values you chose should appear now, instead of the previous values.
Step 18 As in a previous lab, Click Global for both the RF Channel Assignment and TX
Power level Assignment without changing the values you chose.
Step 19 Click Save to validate.
Step 20 Verify the status of the WLAN change the same way you did before. Click
Configure > Controllers.
Step 21 Check the check box at the left of your controller IP address. In the upper-right
drop-down list, choose Audit Now. Click GO.
Step 22 After a few seconds, an audit report should appear, informing you that there is no
difference between the controller and the Cisco WCS configurations.
Step 23 To confirm, open a web session to your controller and navigate to WLAN. The
Roaming profile should have disappeared.
Step 24 Click Wireless. In the left menu, choose Radio > 802.11a/n radio. Verify that your
AP has the values transmitted by the Cisco WCS.
Activity Verification
You have successfully completed this task when you attain these results:
You could change controller AP parameter from the Cisco WCS.
You could audit for differences between the network devices configuration and the one
seen on the Cisco WCS.
You could verify that changes were propagated to the network devices.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 208/294
202 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 5-2: Working with MapsComplete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will add a map to the Cisco WCS and position your AP on it. After
completing this activity, you will be able to meet these objectives: Add maps to the Cisco WCS
Enhance the map by adding walls
Position an AP on the map and manage it
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—15
Visual Objective for Lab 5-2: Workingwith Maps
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 controller
In the remote lab, a Cisco 1252 LAP
In the remote lab, a Cisco WCS server
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 209/294
© 2008 Cisco Systems, Inc. Lab Guide 203
Job Aids
These job aids are available to help you complete the lab activity:
IP address for your pod
Lab table
Maps provided by your instructor
Lab Table—IP Addressing, Naming, and Information: Pods: 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Campus name Campus1 Campus2 Campus3 Campus4
Building name Building1 Building2 Building3 Building4
Floor name Floor1 Floor2 Floor3 Floor4
Lab Table—IP Addressing, Naming, and Information: Pods: 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Campus name Campus5 Campus6 Campus7 Campus8
Building name Building5 Building6 Building7 Building8
Floor name Floor5 Floor6 Floor7 Floor8
Task 1: Add Maps
In this task, you will check the map properties to ensure that they conform to the values you
will use in the later tasks. You will then add maps to the Cisco WCS.
Activity ProcedureComplete these steps:
Step 1 Navigate to Monitor > Maps.
Step 2 From the drop-down menu in the upper right part of the screen, under Select a
command, choose Properties, and click Go.
Step 3 In the Unit of dimension field, make sure that Meter is selected.
Note Even if you would prefer to work in feet and inches, do not change these parameters without
the agreement of your instructor because they globally affect the Cisco WCS and the other
pods.
Step 4 In the Refresh map from Network field, make sure that Enable is chosen.
Step 5 Leave the Wall Usage calibration field to its default Auto value.
Step 6 Leave the Advanced debug mode field to its default Disable value.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 210/294
204 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Note Choosing to refresh a map from the network affects the polling parameters of the system,
and may impact the performances of your system. This is a lab environment, but you may
want to consider this impact before enabling the feature in a production environment.
Step 7 Click OK to apply.
Step 8 From the drop-down menu in the upper right part of the screen, under Select a
command, choose New Campus, and click Go.
Step 9 In the Campus Name field, enter CampusX (X = pod number).
Step 10 In the Contact field, enter StudentX (X = pod number).
Step 11 Click Browse and navigate to the folder on your local classroom PC containing the
campus maps. Choose Campus-Bldg 14.jpg campus map.
Step 12 Click Next to continue.
Step 13 You need to specify the size of your campus. Verify that the Maintain aspect ratio
box is chosen, and enter the horizontal span of the map you imported: 387 m (1270
feet).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 211/294
© 2008 Cisco Systems, Inc. Lab Guide 205
Step 14 Notice that as you change the horizontal span, the vertical span is dynamically
adjusted. Click OK to continue.
Step 15 You should now see your campus under the map list. Click its name (CampusX) to
see its details.
Step 16 In the upper-right drop-down list, choose New building. Click GO.
Step 17 In the Name fields, enter your Building name. It should be in the format BuildingX
(X = pod number).
Step 18 In the Contact field, enter your name. This building has 4 floors and 1 basement.
Adjust your respective fields accordingly.
Step 19 Your building horizontal position should be 140.5, and vertical position 15.6. Its
span should be 92 m wide (301 feet) and 54 m height (177 feet).
Step 20 Click Place to validate your building specifications, and then click Save.
Step 21 The square around your building should become green. Click the building name
(BuildingX) to edit its settings.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 212/294
206 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 22 A new screen appears. It is empty because there are no floors yet in this building. In
the upper-right drop-down list, choose New Floor Area. Click GO.
Step 23 In the Floor Area Name fields, enter your floor name FloorPodX (X = pod number).
Step 24 In the Contact field, enter your student name (StudentX).
Step 25 In the Floor drop-down list, choose 1.
Step 26 The type is Cubes and Walled Office.
Step 27 The floor height is 3.0 m.
Step 28 Click Browse and navigate to the folder on your local classroom PC containing the
maps. Choose West-Wing.png map.
Step 29 Click Next.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 213/294
© 2008 Cisco Systems, Inc. Lab Guide 207
Step 30 Click OK to create the floor.
Step 31 You should see your map in colors.
Activity Verification
You have successfully completed this task when you attain these results:
You added a campus, a building, and a floor in this building.
Task 2: Enhance the Map
In this task, you will improve your map to input some wall information.
Activity Procedure
Complete these steps:
Step 1 In the upper-right drop-down window, choose Map Editor. Click Go.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 214/294
208 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 2 A new window appears with your floor map.
Step 3 The first element you need to work on is the map scale. A mistake was made while
entering the floor size, and the floor needs to be rescaled. For now the scale appears
to be close to 82m wide, which is the size of the whole building. The map you have
represents only part of this building, so the scale needs to be corrected. You know
that the Lab 151 room is 8m wide.
Step 4 In the toolbar, there is an icon that looks like a caliper. When moving your mouse
over it, a label shows Scale floor. Click it.
Step 5 Click the left wall (and hold click) and pull it to the right wall of the Lab 151 room,
and then release the click.
Step 6 A popup window appears asking the length of the line. As you enter a value, the
total new width of the map appears. Enter 8 m as the value of LAB 151 width, so
that the new total width of the map is close to 36m. Click OK to validate.
Step 7 Your floor is now properly rescaled.
Step 8 In this scenario, Lab 153 is the area to which you are asked to provide wirelesscoverage.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 215/294
© 2008 Cisco Systems, Inc. Lab Guide 209
Step 9 You want to know the size of Lab 153 for your future reference. In the toolbar in the
upper left, there is an icon that looks like a ruler. Click it. Click the left wall of the
lab, then drag the mouse to the right wall (while holding the click) and release the
click. As you move the mouse, the distance appears in the upper-left corner under
“distance.” Repeat the same operation to obtain the vertical distance from Lab 153’s
lower wall to the lab door.
Step 10 Document the size of Lab 153:
Horizontal distance _____________Vertical distance:
_________________________
Step 11 It is time to give the Cisco WCS an awareness of the walls’ thicknesses. For now, on
this map, walls are just background lines. Under the Map Editor, you can tell the
Cisco WCS what kind of wall they actually are. Click the line icon in the upper-left
part of the screen. It is labeled Draw Obstacles.
Step 12 Click the arrow at the right of the blue rectangle (upper-left part of the screen).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 216/294
210 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 A new window appears where you can choose the type of wall you want to represent
in the pull-down options. Choose Thick Wall, and click Done. Notice the respective
change in approximate dB signal related to option.
Step 14 The mouse becomes a cross. The external walls are thick walls. Place the mouse at
the upper-right corner of the building, beyond the meeting room, and click the first
time. Move the mouse down following the wall. Click a second time to define this
next corner of the building and continue on the right. Carry on drawing the external
wall until you reach the bottom-left end of the building; press Escape to interrupt
the wall. You now have a thick wall obstacle (13 dB).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 217/294
© 2008 Cisco Systems, Inc. Lab Guide 211
Step 15 In the obstacle menu, choose a light wall obstacle (2 dB). Draw the interior walls
around Lab 151, Lab 152, Lab 153 and the storages rooms in the upper-left part of
Lab 15327. Do not go over the doors.
Step 16 In the obstacle menu, choose a light door obstacle, and draw the doors of the
different rooms around the lab. You can use the zoom option to make sure that the
walls are in contact, and that there is not a one-dot-wide opening between an
obstacle and the next one where there is continuity.
Step 17 Once the obstacles are there, click Command > Save.
Step 18 Click Command > Exit.
Step 19 Read the warning about unsaved changes. Since you just saved, you can safely click
OK to continue and exit.
Activity Verification
You have successfully completed this task when you attain these results:
You could resize the map to match the actual area size.
You could draw walls around the area you want to cover.
Task 3: Positioning APs
In this task, you will add your AP to the map and monitor its heat map coverage.
Activity Procedure
Complete these steps:
Step 1 Make sure you are on your Floor map area.
27 The main area of coverage is Lab 153, but the signal will obviously spread through the thin walls, and you need to
know the actual area of coverage.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 218/294
212 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 2 In the upper-right drop-down menu, click Add Access Points. Click Go to continue.
Step 3 A new window appears, showing the list of the available APs. Click yours. Click
OK to continue.
Step 4 Choose your AP from the list.
Step 5 Position your AP exactly in the center of the grid in the middle of the lab. Position is
25 horizontal, 15 vertical.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 219/294
© 2008 Cisco Systems, Inc. Lab Guide 213
Step 6 In the left menu, verify or choose your antenna. The 802.11a/n radio is using the
AIR-ANT5135D-R antenna. It is pointing towards the Lab door (270 degrees). It isalso slightly pointing downwards (10 degrees).
Step 7 In the upper part, your AP height is 2.95m from the floor. Click Save to validateyour AP position.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 220/294
214 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 8 The map is refreshed, taking your AP into consideration. The heat map does not
show because the view is by default on the 802.11b/g/n radio.
Step 9 Click Layers.
Step 10 Click the arrow at the right end of Access point. A new window appears.
Step 11 In Protocol, choose 802.11a/n.
Step 12 In Display, choose channels.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 221/294
© 2008 Cisco Systems, Inc. Lab Guide 215
Step 13 In RSSI Cutoff, choose the recommended -65 dBm.
Step 14 Click OK to validate.
Step 15 Click Save Settings to make this view your default.
Step 16 Close the Layer menu.
Step 17 Position your mouse over your AP. A new menu shows with your AP
characteristics. Document your AP channel: _________________
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 222/294
216 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 18 Click AP Info. Document your AP uptime : _____________________________
Step 19 Document the LWAPP uptime28: :________________________________________
Step 20 Click 802.11 b/g/n/ radio. Verify that the radio is not seen at present.
Step 21 Click 802.11a/n. In the window, click View Rx Neighbors. Document the first two
neighbors you see:
Neighbor 1 Name:______________________________RSSI__________________
Neighbor 1 Name:______________________________RSSI__________________
Step 22 Close the RX neighbor window.
Step 23 The AP is placed incorrectly. It is actually exactly over the “Lab” word on the map.
From the upper-right drop-down list, choose Position APs.
Step 24 Click OK to continue.
Step 25 Click your AP and move it to position it over the LAB word.
Step 26 Click Save to validate the changes.
28 The difference between the AP uptime and the LWAPP uptime is the time it took for your AP to join the controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 223/294
© 2008 Cisco Systems, Inc. Lab Guide 217
Step 27 You want to verify the coverage pattern of your AP. In the upper right drop-down
list, choose Recompute RF Prediction. Notice the other available options.
Step 28 Click Go.
Step 29 The map refreshes with the latest values.
Activity Verification
You have successfully completed this task when you attain these results:
You have successfully added your AP.
You see its heat map.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 224/294
218 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Lab 5-3: Monitoring the Network and ContainingDevices
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will use the Cisco WCS tools to manage alarms and locate devices. After
completing this activity, you will be able to meet these objectives:
Use the Cisco WCS to monitor events
Use the Cisco WCS to located devices
Use the Cisco WCS to contain a rogue
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—16
Visual Objective for Lab 5-3: Monitoringthe Network and Containing Devices
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the remote lab
In the remote lab, connectivity to a controller using the web interface
An LWAPP AP
A remote lab wireless laptop
Connectivity to the Cisco WCS
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 225/294
© 2008 Cisco Systems, Inc. Lab Guide 219
Job Aids
These job aids are available to help you complete the lab activity:
IP addresses assigned to your pod
Task 1: Monitoring Events
In this task, you will connect to the Cisco WCS and check the event dashboard. You will learn
to use the events, and to create reports.
Activity Procedure
Complete these steps:
Step 1 Verify that you have a VPN connection to the remote lab.
Step 2 Verify that you are still connected to the Cisco WCS, having a secure web browser
session to the address: https://10.100.1.129.
Step 3 Navigate to the Home page.
Step 4 At the bottom-left of the page, locate the dashboard called Alarm Summary.
Step 5 There should be some Malicious AP messages. Click the number you see for
Malicious AP messages. If there are no reported malicious AP messages, click
Monitor Security. Version 5.0 of Cisco WLC and Cisco WCS changed prior
version default displays of too many rogue APs. Display is now dependant on rules-
based rogue classification in both Cisco WLC and Cisco WCS starting in version
5.0.
29 Use https, secure http, and not http.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 226/294
220 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 6 Click the number under Total Active in the Unclassified Rogue Access Points Alert
line.
Step 7 The yellow messages represent the APs not known by each controller. This means
that controller 2106-1 can report as rogue the AP on controller 2106-3, because
these two controllers are not in the same mobility group. Controllers will not report
APs seen on other controllers in the same mobility group, but will report any otherAP. This is why you may see APs from other pods, reported by your controller as
rogue, or APs from your pod, reported as rogue by the controllers outside your
mobility group.
Step 8 Look at the alarms. All states should be set to Alert.
Step 9 Click one of the APs MAC addresses.
Step 10 A new screen appears, with detailed information about the alarm.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 227/294
© 2008 Cisco Systems, Inc. Lab Guide 221
Step 11 If the rogue is on the same channel as one of your APs, you should see the rogue
channel information. If the rogue is on another channel, it may be flagged as
unknown because your AP may only hear a distant signal without being sure of the
channel. Look at the time and date the alarm was created. This was the first time the
rogue was detected on your network.
Step 12 Annotations show that the alarm was acknowledged.
Step 13 Document when this alarm was created, which is when your AP detected it for the
first time:
____________________________________________________________________
Step 14 You want to know which AP detected this rogue. From the upper right drop-down
window, choose detecting APs. Click GO.
Step 15 A new screen appears, giving you details about the AP or APs detecting it.
Step 16 You want to know if this rogue has affected your AP performances. From the upper
menu, choose Reports > Performance Report.
Step 17 In the upper-right drop-down window choose New. Click Go.
Step 18 In Report title, enter a report name. It should be in the form PerformanceX, where
X is your pod number.
Step 19 Leave Report by to AP by controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 228/294
222 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 20 In Controller, choose your controller.
Step 21 Leave Access point to All Access Points.
Step 22 In Protocol, check the 802.11a/n check box.
Step 23 For Reporting period, choose the last four days.
Step 24 Click Run Now.
Step 25 A new screen appears, showing a graphical representation of the Performance, called
Counters.
Step 26 Browse down to the FCS Error Rate report. Try to see if the rogue AP detection date
and time seen at Step 11 match with a change in the reported FCS rate.
Step 27 You also want to know how many rogue APs your controller has reported since the
beginning of the class. In Reports, choose Security Report.
Step 28 A new screen appears. In the left menu, choose Rogue APs Events.
Step 29 From the upper right drop-down menu, choose New. Click Go.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 229/294
© 2008 Cisco Systems, Inc. Lab Guide 223
Step 30 In report title, enter the report name. It should be in the format RogueX, where X is
your pod number.
Step 31 In Report By, keep AP By Controller.
Step 32 In Controller, choose your controller’s IP address.
Step 33 Leave Access Point to All Access Points.
Step 34 Leave Classification type to All Types.
Step 35 For reporting Period, choose the last 4 days.
Step 36 Click Run Now.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 230/294
224 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 37 The report shows which rogues where detected and when. Most of them were
probably reported when you first configured your controller or a few seconds later.
Count how many rogues were detected:
___________________________________________________________________
Step 38 Among them, how many do not belong to the IUWNE lab?
___________________________________________________________________
Step 39 In the upper left, click the Home icon to go back to the main page.
Activity Verification
You have successfully completed this task when you attain these results:
You detected rogues from the dashboard.
You could run some reports and analyze the rogue message.
Task 2: Contain a Rogue
In this task, you will try to contain a rogue device.
Activity Procedure
Complete these steps:
Step 1 Reopen the remote desktop connection to your remote lab wireless laptop.
Step 2 From your remote lab wireless laptop, choose Start > Connect To > Show All
Connections.
Step 3 Locate your wireless connection. It should be called Cisco Aironet 802.11a/b/g
wireless adapter.
Step 4 Right-click it and choose Enable.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 231/294
© 2008 Cisco Systems, Inc. Lab Guide 225
Step 5 Right-click your Cisco ASTU (The Aironet System Tray Utility, which is the green
icon on the system tray) icon and choose Open Aironet Desktop Utility.
Step 6 Click the Profile Management tab. Click the EAP-FAST profile. You should get
connected to the network.
Step 7 Open a command prompt. Click Start > All Programs > Accessories > Command
Prompt.
Step 8 You want to ping your controller continuously, but want to make sure that you are
using the wireless link and not the wired link.
Step 9 In the command prompt, check your IP address. Enter ipconfig.
Step 10 You will se the IP address of your Cisco WLAN adapter. Enter a static route using
this IP address to reach your controller virtual gateway IP address. Enter route add
1.1.1.1 mask 255.255.255.255 followed by your Cisco WLAN card IP address.
For example: route add 1.1.1.1 mask 255.255.255.255 10.10.1.28.
Step 11 Ping your controller continuously. Enter ping –t followed by your controller virtual
gateway IP address: ping –t 1.1.1.1.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 232/294
226 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 12 The ping should be successful.
Step 13 Reduce the remote desktop window, but do not close it.
Step 14 Reopen the Cisco WCS browser window.
Step 15 Choose Monitor > Security.
Step 16 Click Unclassified Rogue APs in Alert state.
Step 17 You will see all the detected rogues. Because some controllers are in different
mobility groups, they report the others as rogues. In the list your AP with its WLAN
should also be seen as rogue. To understand what containment does, you will try to
treat it as a rogue and contain it.
Step 18 Click the rogue MAC address that matches your WLAN, IUWNE-FASTX, where Xis your pod number.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 233/294
© 2008 Cisco Systems, Inc. Lab Guide 227
Step 19 In a real network, you would not contain your own APs. However. In this case,
suppose that a valid client of yours has connected by mistake to this rogue AP. To
contain it, from the upper drop-down window, choose 1 AP Containment30.
Step 20 Click GO.
Step 21 Read the warning. In a real network, you want to make absolutely sure that you are
containing a real rogue in your network before containing an AP. Disconnecting
valid clients from neighbor networks is usually forbidden.
Step 22 A new status screen appears, showing that the rogue AP is contained.
30A rogue AP is reported here and you decide to contain it. To contain it implies that disassociation messages will besent to this AP client. In other words, Cisco WCS will ask the other APs around this one to spoof this AP’s MAC
address, and send disassociation messages. This implies that you actually use the other group’s AP to contain your
rogue. You do not need more than one AP in this case, because all the APs and clients are in short range from each
other.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 234/294
228 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 23 To see the effect of this containment, reopen the remote desktop connection to your
remote lab wireless laptop.
Step 24 The ping should fail most of the time. This connection has become unusable. In a
real network, using more than one AP to contain the rogue, all the pings would
probably fail. In a lab environment, because all APs are busy containing the others,the connection is simply heavily disturbed.
Step 25 You suddenly realize that the “rogue” is actually one of your APs. Reopen the Cisco
WCS web browser interface.
Step 26 From the same rogue AP window, choose Set state to “Friendly internal” from the
upper-right menu. Click Go to confirm. This will stop the containment, and tell
Cisco WCS that this AP is one of the controllers’ APs.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 235/294
© 2008 Cisco Systems, Inc. Lab Guide 229
Step 27 The AP status changes to Know AP.
Step 28 Reopen the connection to your remote lab wireless laptop.
Step 29 The ping should now be successful. The ping packets should be more consistent
with response times and without multiple drops.
Step 30 Close the command prompt window. Closing the window also interrupts the ping
process.
Step 31 From your remote lab wireless laptop, click Start > Connect To > Show All
Connections.
Step 32 Locate your wireless connection. It should be called Aironet 802.11a/b/g wireless
adapter.
Step 33 Right-click it and choose Disable.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 236/294
230 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 34 Close all the open windows.
Step 35 Close the remote desktop connection.
Step 36 Close the Cisco WCS web interface.
Activity Verification
You have successfully completed this task when you attain these results:
You could identify a rogue AP and contain it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 237/294
© 2008 Cisco Systems, Inc. Lab Guide 231
Lab 6-1: Back Up the Controller Configurationand the Cisco WCS Database Files
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will perform maintenance tasks to protect your network against failures.
After completing this activity, you will be able to meet these objectives:
Use the command line to save your controller configuration files and manipulate them
Use a TFTP server to save your controller configuration files and manipulate them
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—17
Visual Objective for Lab 6-1: Backing Upthe Controller Configuration and theCisco WCS Database Files
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 controller
In the remote lab, a Cisco 1252 LAP
In the remote lab, a remote lab wireless laptop with TFTP server
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 238/294
232 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Display Controller Configuration and State Commands
Command Description
show run-config Displays the controller internal parameters
show running-config Displays the controller configuration
Task 1: Examine Controller Configuration Files
In this task, you will examine two controller configuration files and save one of the two
configuration files. You will then check to see if the file can be reinjected to your controller.
Activity Procedure
Complete these steps:
Step 1 Make sure that you have a VPN connection to the remote lab.
Step 2 Connect to your remote lab wireless laptop using remote desktop; choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
Note In each pod, only one connection to the remote lab wireless laptop is possible at a time.
Choose with your partner who will be connecting.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 239/294
© 2008 Cisco Systems, Inc. Lab Guide 233
Step 3 Use the lab map to know what IP address you should use to connect to your remote
lab wireless laptop. It should be in the format 10.X0.1.240, where X is your pod
number.
Step 4 In the remote desktop connection pop-up window, in the computer field, enter the IP
address of your remote lab wireless laptop, and click Connect.
Step 5 You will be presented with a new window where you are asked to enter the
credentials required to access your remote lab wireless laptop. Enter your credentials
to your remote lab wireless laptop. They should be in the format studentX for theusername and cisco as the password, where X is your pod number.
Step 6 Enter the credentials and click OK . You should see the Windows desktop of your
remote lab wireless laptop.
Step 7 Open a Telnet session to your controller. From your remote lab wireless laptop,
choose Start > All Programs > Accessories > Command Prompt.
Step 8 Enter telnet followed by the Management IP address of your Cisco 2106 controller.
It should be in the form telnet 10.X0.1.10, where X is your pod number.
Step 9 Enter your administrative user credentials. Username should be adminX, where X is
your pod number, and password cisco.
Step 10 At the command prompt, enter show run-config (note, not the same as “ show
running-config”).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 240/294
234 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 11 The show run-config command gives extensive information about your AP
configuration. Try to locate in the first pages the burned-in MAC address of yourcontroller (in the Inventory section, at the beginning of the first page), and document
it here:
_________________________________________________________________
Step 12 Further on, verify if your controller supports Management via wireless, that is
allows wireless users to connect to the controller for management purposes:
_______
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 241/294
© 2008 Cisco Systems, Inc. Lab Guide 235
Step 13 Browse down to your AP configuration section.
Step 14 Document your AP serial number: ________________________________
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 242/294
236 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 15 Document your AP BSSID:______________________________________
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 243/294
© 2008 Cisco Systems, Inc. Lab Guide 237
Step 16 Document your AP transmit power: _______________________________
Step 17 Browse through the rest of the configuration file.
Step 18 The configuration file displayed by show run-config command gives you extensive
information about your controller parameters, but is not replicable as a configuration
file to another controller. It is used for analysis purposes only. There is another
command, which gives information about the controller configuration in command
mode, just like a router or a switch. It is the show running-config command. Try it;
from the command prompt, enter show running-config31.
Step 19 A list of parameters appears on the command line. This is a configuration file closer
to the one you see on routers and switches, and that can be captured and saved.
31 Notice the difference between the two commands: show run-config and show running-config.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 244/294
238 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Capture the information. In the configuration file, try to locate the Virtual interface
address. This information should be about four pages down in sequence.
Step 20 From the command line window, right-click the blue bar on top of the window, and
choose Edit. In the submenu, choose Mark .
Step 21 Choose the line describing your virtual interface in the screen. It should be
highlighted as you choose it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 245/294
© 2008 Cisco Systems, Inc. Lab Guide 239
Step 22 While still having the text highlighted, right-click the blue bar, choose Edit, and
choose Copy.
Step 23 Still from the remote lab wireless laptop, open the notepad. Click Start > All
Programs > Accessories > Notepad.
Step 24 Right-click inside the Notepad page, and choose Paste.
Step 25 The copied line appears into Notepad.
Step 26 You want to verify if this configuration file can be injected to a controller. Change
the Virtual interface address in the notepad file from 1.1.1.1 to 1.1.1.2.
Step 27 Select the whole note pad file; choose Edit > Select All.
Step 28 Choose Edit > Copy
Step 29 Move back to your controller command prompt. At the prompt, enter config.
Step 30 The prompt changes to config.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 246/294
240 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 31 Right-click the blue bar, choose Edit > Paste. This will paste the line copied from
Notepad back into the controller. You may see a message informing you that the
system needs to be restarted. Do not restart.
Step 32 Still from your remote lab wireless laptop, open a secured web browser session to
your controller. Its IP address should be in the form 10.X0.1.10, where X is your
pod number.
Step 33 From the controller web interface, navigate to Controller.
Step 34 Click Interfaces on the left.
Step 35 Your virtual IP address is now 1.1.1.2. This shows that the configuration captured
from the show running-config command can be used to duplicate the configuration
to another controller, and can also be modified.
Step 36 Click Save Configuration to copy to the changes to the NVRAM.
Step 37 Close Notepad, leave the command prompt and web interface open.
Activity Verification
You have successfully completed this task when you attain these results:
You could capture the configuration file from the command prompt, modify it and reinject
it back to the controller
Task 2: Save the Configuration Using TFTP
The previous method is not very convenient and is error prone for complete configuration due
to cut and paste methods. However, the prior process of cut and paste does have limited value
during limited changes or when direct serial connection is the only possible communication. In
this task, you will save the configuration file using TFTP and examine it using an XML editor.
Activity ProcedureComplete these steps:
Step 1 From the remote lab wireless laptop, reduce the web interface and the command
prompt to access to your desktop.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 247/294
© 2008 Cisco Systems, Inc. Lab Guide 241
Step 2 Locate the tftpd32 icon. Double click it to start the program.
Step 3 In the Current directory, browse to choose the Desktop.
Step 4 In Server interface, choose your wireless (not wired) connection IP address.
Document this IP address here:
_______________________________________________________________
Step 5 In the remote laptop task bar, click the web browser to go back to the Controller
interface.
Step 6 Click Save Configuration once again to be sure that the configuration is saved to
NVRAM.
Step 7 Navigate to Controller. Choose Interfaces in the left menu.
Step 8 Click your virtual gateway IP address interface.
Step 9 Its current value is 1.1.1.2, and this is the value saved in NVRAM. Change the value
to 1.1.1.3. Click Apply to validate the change.
Step 10 Read the warning about “Please reset the system for the change to take effect.”
Click OK to continue, however, do NOT reset the system.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 248/294
242 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 11 Do not click Save configuration. The value in NVRAM is 1.1.1.2, and the value in
RAM is 1.1.1.3.
Step 12 Navigate to Commands.
Step 13 In the left menu, choose Upload File.
Step 14 In File Type, choose Configuration (versus Code).
Step 15 Do not enable file encryption32.
Step 16 In TFTP server IP address, enter your remote lab wireless laptop wireless (not
wired) interface IP address, documented in Step 4. Again, make sure that you use
the wireless interface, not the wired interface IP address.
Step 17 In File path, enter / which is the root directory of the TFTP server, which is your
desktop.
Step 18 In Filename, enter 2106-XConfig.txt, where X is your pod number.
Step 19 Click Upload.
Step 20 Read the warning about the file encryption, and click OK to continue.
Step 21 Look at the web interface. The process is said to be started, but then fails.
Step 22 The reason for this failure is that by default, management from wireless machines is
forbidden for security reasons. You could enable Management from Wireless in the
Management main menu, which would allow you to connect to your wireless
controller from a wireless machine; however, you would still not have the right to
upload and download controller configuration files via wireless. Only direct wired
Ethernet controller management would be allowed for transfer of configuration,
controller software, and so on.
Step 23 In the TFTP server window, choose your wired interface. It should be in the form
10.X0.1.240, where X is your pod number.
32 File Encryption encrypts the file before downloading it. Although this feature increases the file protection, you will
need to examine the downloaded file. It has to be unencrypted to be readable.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 249/294
© 2008 Cisco Systems, Inc. Lab Guide 243
Step 24 From your controller web interface, change the TFTP server IP address to the new
address.
Step 25 Try again to upload the configuration file from the controller to the TFTP server.
Step 26 The process should be successful.
Step 27 Reduce the web browser window. The configuration should be on your desktop. As
it is a .txt file, Notepad would be used to open it by default, but WordPad would
actually be better to read it. Right-click your file, and choose Open with, and then
choose WordPad.
Step 28 The file is an XML file. You can see tags marking areas zones. The great advantage
of XML is that it is a universal language, and the file could be used in many
applications.
Step 29 Click Edit > Find.
Step 30 In find what, enter 1.1.1.3. Click Find Next. The value cannot be found.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 250/294
244 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 31 Click Edit > Find Again, and enter this time 1.1.1.2. The value is found. This
means that the file sent when uploading the configuration file is the file in NVRAM,
not the file in RAM. A good practice is to always click Save Configuration before
saving a file to avoid differences between the controller actual configuration and the
saved file.
Step 32 In the Find dialog box, enter Checksum.
Step 33 Click Find Next. You will find several checksum areas. XML files are not normal
text files. If you were to edit this file with Notepad or WordPad and inject it back tothe controller, the process would work, but the controller would reboot and fail on
the checksum verification for this file. The result would be that the controller could
not use this file and would revert back to the initial setup wizard.
Step 34 Click Cancel to close the find dialog box.
Step 35 Click File > Exit. If the program asks if you want to save any change, answer No.
Step 36 You will now use an XML editor to look at the file. In your remote lab wireless
laptop, locate a yellow circle icon on your desktop called Cooktop. Double-click it
to start the program.
Step 37 Cooktop is an XML file free editor. It can change the file content just like a text
editor, but it will also recompute the checksums to make that the file is not corrupted
when reinjected. Click File > Open File.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 251/294
© 2008 Cisco Systems, Inc. Lab Guide 245
Step 38 In Look In, choose Desktop. Verify that you are using All Files *.* versus thedefault of All Cooktop Files for the file name extensions.
Step 39 Choose the controller configuration file (2106-XConfig.txt, where X is your pod
number), and click OK .
Step 40 Look at the configuration file, but do not change any value.
Step 41 In the XML menu, choose Validate.
Step 42 The system will validate the document and recompute the XML checksums.
Step 43Click File Save.
Step 44 Exit the program
Step 45 You will try to reinject the modified configuration file to the controller. Reopen the
web browser window to your controller.
Step 46 Navigate to Commands. You should choose Download file (versus prior Upload).
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 252/294
246 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 47 In File Type, choose Configuration (versus Code).
Step 48 Leave the Configuration File Encryption Key field empty.
Step 49 In the TFTP server section of the page, in the IP Address field, enter your remote lab
wireless laptop wired (not wireless) interface IP address. It should be in the form
10.X0.1.240, where X is your pod number.
Step 50 Leave the maximum retries and timeout to their default values.
Step 51 Enter / in the File path field.
Step 52 In File Name, enter the configuration file name saved on your desktop.
Step 53 Click Download.
Step 54 Read the warning about the key, and click OK to continue.
Step 55 The download should be successful; your controller should store the downloaded
file to flash and reboot to take it into consideration.
Step 56 Wait about a minute for your controller to reboot, and verify that you can
successfully log back into the controller, and that the configuration reinjection was
taken into consideration.
Step 57 Close the browser to your controller.
Step 58 Close the command prompt in your remote laptop. Close the remote desktop
session.
Activity Verification
You have successfully completed this task when you attain these results:
You have saved your configuration file to a TFTP server and could reinject it back to the
controller.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 253/294
© 2008 Cisco Systems, Inc. Lab Guide 247
Lab 6-2: TroubleshootingComplete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will troubleshoot controller and client misconfigurations. Your instructor
will introduce issues on your controller, and you will have to find them. After completing thisactivity, you will be able to meet these objectives:
Troubleshoot your controller for issues related to the controller itself
Troubleshoot your controller for issues related to the APs
Troubleshoot your controller for issues related to client access
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—18
Visual Objective for Lab 6-2:Troubleshooting
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 2106 controller
In the remote lab, a Cisco 1252 LAP
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 254/294
248 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
In the remote lab, a Cisco WCS server
In the remote lab, a remote lab wireless laptop
Command List
The table describes the commands that are used in this activity.
Debug LWAPP Commands
Command Description
debug lwapp errors enable Reports LWAPP errors seen on the controller to theconsole
debug lwapp events enable Reports LWAPP events to the console
Job Aids
These job aids are available to help you complete the lab activity:
Initial lab table
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 255/294
© 2008 Cisco Systems, Inc. Lab Guide 249
Lab Table—IP Addressing, Naming, and Information: Pods: 1 to 4
Pod 1 Pod 2 Pod 3 Pod 4
Remote lab wirelesslaptop address
10.10.1.240 10.20.1.240 10.30.1.240 10.40.1.240
Remote lab wirelesslaptop login
student1 student2 student3 student4
Remote lab wireless
laptop password
cisco cisco cisco cisco
Controller name 2106-1 2106-2 2106-3 2106-4
Administrative user admin1 admin2 admin3 admin4
Administrativepassword
cisco cisco cisco cisco
Management interfaceIP address
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
AP manager IP address 10.10.1.11 10.20.1.11 10.30.1.11 10.40.1.11
AP Manager DHCPserver
10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name Pod1 Pod2 Pod3 Pod4
Enable symmetrictunneling
No No No No
Network name IUWNE-1 IUWNE-2 IUWNE-3 IUWNE-4
Allow static IPaddresses
Yes Yes Yes Yes
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
Configure NTP No No No No
Configure time No No No No
DHCP scope name Scope 1-1 Scope 2-1 Scope 3-1 Scope 4-1
DHCP start address 10.10.1.21 10.20.1.21 10.30.1.21 10.40.1.21
DHCP end address 10.10.1.25 10.20.1.25 10.30.1.25 10.40.1.25
DHCP Network 10.10.1.0 10.20.1.0 10.30.1.0 10.40.1.0
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 256/294
250 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 1 Pod 2 Pod 3 Pod 4
DHCP Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP lease time 14400 14400 14400 14400
DHCP default router 10.10.1.254 10.20.1.254 10.30.1.254 10.40.1.254
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Netbios Srvr 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP status Enabled Enabled Enabled Enabled
VLAN 90 ID 90 90 90 90
VLAN 90 IP 172.16.90.10 172.16.90.20 172.16.90.30 172.16.90.40
VLAN90 netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
VLAN 90 gateway 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
VLAN 90 port 1 1 1 1
VLAN 90 DHCP server 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
WLAN IUWNE-Web1 IUWNE-Web2 IUWNE-Web3 IUWNE-Web4
Switch IP address 10.10.1.253 10.20.1.253 10.30.1.253 10.40.1.253
Switch username student1 student2 student3 student4
Switch password cisco Cisco Cisco Cisco
Controller interface onthe switch
Gigabitethernet0/3 Gigabitethernet0/8 Gigabitethernet0/13 Gigabitethernet0/18
Native VLAN 10 20 30 40
Local Net user name Webuser1 Webuser2 Webuser3 Webuser4
Local net password Cisco Cisco Cisco Cisco
Cisco WCS user Admin1 Admin2 Admin3 Admin4
Cisco WCS password Cisco Cisco Cisco Cisco
Controller IP address 10.10.1.10 10.20.1.10 10.30.1.10 10.40.1.10
AP new channel 40 44 48 52
Lab Table—IP Addressing, Naming, and Information: Pods: 5 to 8
Pod 5 Pod 6 Pod 7 Pod 8
Remote lab wirelesslaptop address
10.50.1.240 10.60.1.240 10.70.1.240 10.80.1.240
Remote lab wirelesslaptop login student5 student6 student7 student8
Remote lab wirelesslaptop password
cisco cisco cisco cisco
Controller name 2106-5 2106-6 2106-7 2106-8
Administrative user admin5 admin6 admin7 admin8
Administrativepassword
cisco cisco cisco cisco
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 257/294
© 2008 Cisco Systems, Inc. Lab Guide 251
Pod 5 Pod 6 Pod 7 Pod 8
Management interfaceIP address
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
Management interfacemask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default router 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
Management vlan id 0 0 0 0
Management port 1 1 1 1
Management DHCPserver
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
AP manager IPaddress
10.50.1.11 10.60.1.11 10.70.1.11 10.80.1.11
AP Manager DHCPserver
10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
Virtual gateway IPaddress
1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1
Mobility group name Pod5 Pod6 Pod7 Pod8
Enable symmetrictunneling
No No No No
Network name IUWNE-5 IUWNE-6 IUWNE-7 IUWNE-8
Allow static IPaddresses
Yes Yes Yes Yes
Radius server No No No No
Country code US US US US
Enable b, a, and auto-RF
yes yes yes yes
Configure NTP No No No No
Configure time No No No No
DHCP scope name Scope 5-1 Scope 6-1 Scope 7-1 Scope 8-1
DHCP start address 10.50.1.21 10.60.1.21 10.70.1.21 10.80.1.21
DHCP end address 10.50.1.25 10.60.1.25 10.70.1.25 10.80.1.25
DHCP Network 10.50.1.0 10.60.1.0 10.70.1.0 10.80.1.0
DHCP Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
DHCP lease time 14400 14400 14400 14400
DHCP default router 10.50.1.254 10.60.1.254 10.70.1.254 10.80.1.254
DHCP DNS server 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP Netbios Srvr 10.100.1.1 10.100.1.1 10.100.1.1 10.100.1.1
DHCP status Enabled Enabled Enabled Enabled
VLAN 90 ID 90 90 90 90
VLAN 90 IP 172.16.90.50 172.16.90.60 172.16.90.80 172.16.90.90
VLAN90 netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 258/294
252 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Pod 5 Pod 6 Pod 7 Pod 8
VLAN 90 gateway 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
VLAN 90 port 1 1 1 1
VLAN 90 DHCP server 172.16.90.253 172.16.90.253 172.16.90.253 172.16.90.253
WLAN IUWNE-Web5 IUWNE-Web6 IUWNE-Web7 IUWNE-Web8
Switch IP address 10.50.1.253 10.60.1.253 10.70.1.253 10.80.1.253
Switch username student5 student6 student7 student8
Switch password cisco cisco cisco cisco
Controller interface onthe switch
Gigabitethernet0/3 Gigabitethernet0/8 Gigabitethernet0/13 Gigabitethernet0/18
Native VLAN 50 60 70 80
Local Net user name Webuser5 Webuser6 Webuser7 Webuser8
Local net password Cisco Cisco Cisco Cisco
Cisco WCS user Admin5 Admin6 Admin7 Admin8
Cisco WCS password Cisco Cisco Cisco CiscoController IP address 10.50.1.10 10.60.1.10 10.70.1.10 10.80.1.10
AP new channel 56 60 64 36
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 259/294
© 2008 Cisco Systems, Inc. Lab Guide 253
Lab 6-3: Optional LabTroubleshooting with Wireshark and Convertingan AP to Autonomous Mode
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will use the Wireshark software to troubleshoot connection issues. Your
instructor will introduce issues to your configuration, and you will have to find them. You will
then convert your Cisco 1252 AP back to autonomous mode. After completing this activity,
you will be able to meet these objectives:
Use Wireshark to troubleshoot a connection
Convert an LWAPP AP to standalone mode
Visual Objective
The figure illustrates what you will accomplish in this activity.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—19
Visual Objective for Lab 6-3: OptionalLab
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with connectivity to the Internet
The Cisco VPN client
A connection to the remote terminal server with serial connection to your controller
In the remote lab, a Cisco 526 controller
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 260/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 261/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 262/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 263/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 264/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 265/294
© 2008 Cisco Systems, Inc. Lab Guide 261
Step 16 In Profile Name, enter Webauth.
Step 17 Leave the Client name to its default.
Step 18 In the SSID1 field, enter the name of the web authentication SSID on your 526
controller. It should be in the form IUWNE-WebX, where X is your pod number.
Step 19 Click the Security tab.
Step 20 Check that security is set to None, because this WLAN uses open authentication.
Step 21 Click the Advanced tab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 266/294
262 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 22 Because the WLAN is on the b/g network, uncheck 5 GHz 54 Mbps. Leave the
other parameters to their default values.
Step 23 Click OK to validate your profile.
Step 24 Do not associate to it yet. Click the Diagnostic tab, and click Adapter information.
Step 25 Document your Cisco card MAC address:
__________________________________________________________________
Step 26 Close the adaptor information window.
Step 27 Start Wireshark. Click Start > All Programs > Wireshark > Wireshark .
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 267/294
© 2008 Cisco Systems, Inc. Lab Guide 263
Step 28 Choose the right interface to capture from. You will use the Airpcap passive
interface. In Wireshark, click Capture and choose Interfaces.
Step 29 In the interfaces list, you see Airpcap USB wireless capture adapter. Click Options
at the right end of the Airpcap USB wireless capture adapter line.
Step 30 A new window appears. Make sure that Capture in promiscuous mode is checked.
Step 31 Click Wireless settings.
Step 32 In Channel, choose the channel used by your authentication WLAN documented at
Step 13.
Step 33 Make sure that capture type is set to 802.11 + Radio. Click OK to validate.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 268/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 269/294
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 270/294
264 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 34 You want to filter the capture to only display frames coming from and to your Cisco
WLAN adapter. In the capture filter field, enter ether host followed by the MACaddress of your Cisco WLAN card documented in step 25 of the previous task. For
example: ether host 00:0b:85:72:17:10
Step 35 Go back to the Cisco ADU, and double click the Webauth profile to associate to the
WLAN.
Step 36 The association should be successful.
Step 37 Try to open the web authentication page via the example URL test.example.com.
The page cannot be found.
Step 38 Go back to Wireshark. Stop the capture.
Step 39 Use the capture to try to understand what went wrong. Keep in mind that each frame
should be acknowledged, that your client is very close to the AP and should get agood speed. Also keep in mind that the connection process for a web authenticated
WLAN is authentication request, authentication response, association request,
association response, DHCP exchange, and then Web authentication.
Activity Verification
You have successfully completed this task when you attain these results:
You found the issue and could correct it.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 271/294
© 2008 Cisco Systems, Inc. Lab Guide 265
Task 2: Migrate Your LWAPP 1252 AP to Autonomous Mode
In this task, you will learn how to migrate your LWAPP AP back to standalone mode. To do it,
you will need to have a TFTP server running on your remote lab wireless laptop with the
correct image. You will then configure the AP from the controller CLI to reboot and download
the image.
Activity Procedure
Complete these steps:
Step 1 Make sure that you have a VPN tunnel to the remote lab.
Step 2 Connect to your remote lab wireless laptop using remote desktop; choose Start >
Programs > Accessories > Communications > Remote Desktop Connection.
Note In each pod, only one connection at a time is possible to the remote lab wireless laptop.
Choose with your partner who will be connecting.
Step 3 Use the lab map to know what IP address you should use to connect to your remote
lab wireless laptop. It should be in the format 10.X0.1.240, where X is your podnumber.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 272/294
266 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 4 In the Remote Desktop Connection pop-up window, in the Computer field, enter the
IP address of your remote lab wireless laptop, and click Connect.
Step 5 You will be presented with a new window where you are asked to enter the
credentials required to access your remote lab wireless laptop. Use the lab map to
know which username and password are used to connect to your pod remote lab
wireless laptop. They should be in the format studentX and cisco, where X is your
pod number.
Step 6 Enter the credentials and click OK . You should see the Windows desktop of your
remote lab wireless laptop.
Step 7 Locate on your Desktop a folder called IOS-TO-LWAPP. If you cannot locate it,
check with your instructor. Also locate the tftpd32 program.
Step 8 Open the IOS-to-LWAPP folder, and make sure it contains the “c1250-k9w7-
tar.default” image file. This is the file that the AP will be looking for: it contains a
default Cisco IOS image for the Cisco 1252 platform. If the file is not there, ask
your instructor. Otherwise, close the folder.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 273/294
© 2008 Cisco Systems, Inc. Lab Guide 267
Step 9 Double-click the tftpd32 icon to launch the program.
Step 10 Click the browse button on the right side of the Current directory line in the tftpd32
application, navigate to your desktop, and choose the IOS-TO-LWAPP folder.
Step 11 In the server interface drop-down list, make sure to choose 10.X0.1.240, where X is
your pod number.
Step 12 Your TFTP server is ready to send the right image for the Cisco 1252 AP. Keep the
remote desktop session in the background.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 274/294
268 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 13 Open a CLI session to your Cisco 2106 controller: still from your remote wireless
laptop, choose Start > Programs > Accessories > Command Prompt.
Step 14 Enter telnet followed by the IP address of your controller Service Interface IP
address. It should be in the format telnet 10.X0.1.10, where X is your pod number.
Step 15 Enter your administrative user credentials. Username should be adminX, where X is
your pod number, and password cisco.
Step 16 You should get the (Cisco Controller)> prompt.
Step 17 Enter show ap summary to verify that your AP is here.
Step 18 You should see your AP name.
Step 19 Enter the following command: config ap tftp-downgrade 10.X0.1.240 c1250-
k9w7-tar.default 1252-X where X is your pod number. The “1252-X” is the AP
name given earlier in the lab exercises.
Step 20 This command does not generate any prompt on the controller. Navigate back to
your remote lab wireless laptop PC, and check if the TFTP server is providing the
image to the rebooting AP.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 275/294
© 2008 Cisco Systems, Inc. Lab Guide 269
Step 21 If the TFTP server is not providing the image, wait a few minutes, go back to your
controller and restart from Step 19.
Step 22 While the image is being provided to your AP, connect to the terminal server. From
your class PC, choose Start > Programs > Accessories > Command Prompt.
Step 23 At the command prompt, enter telnet followed by the IP address of the remote
terminal server (10.1.1.252 or other if provided by your instructor).
Step 24 Enter the credentials (username student, password cisco or other if provided by your
instructor) to access the terminal server.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 276/294
270 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Step 25 After successful login you will be asked to choose the correct pod (Podx), where x
is your pod number.
Step 26 You will see a new menu, allowing you to connect to several devices in your group.
Take some time to familiarize yourself with the different options provided.
Step 27 You now need to connect to the 1252 AP, Item 4.
Step 28 You should be able to follow your AP download process, and see the AP reboot,
using the new image. While the AP boots, you should be able to see at different
steps that it is using the c1250-k9w7 image, which is the default autonomous image.
Step 29 Once this process completes, you should be able to access to the AP CLI. You may
have to press Enter to activate the CLI.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 277/294
© 2008 Cisco Systems, Inc. Lab Guide 271
Step 30 Enter enable to access privileged mode. The password is Cisco (with Capital C).
Step 31 Enter show ip interface brief to check the ip addresses present on the AP.
Step 32 You should see that the IP address is assigned to the BVI interface, which is an
indication that the AP is back to standalone mode. All the usual IOS commands,
such as configure terminal, are available. Do not configure this AP further.
Activity Verification
You have successfully completed this task when you attain these results:
Your LWAPP based 1252 AP is back to standalone mode.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 278/294
272 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Answer KeyThe correct answers and expected solutions for the activities that are described in this guide
appear here.
Lab 1-1 Answer Key: Power Conversions
When you complete this activity, you will get answers similar to the results here:
Task 1
Q1) 13 dBm
Q2) 16 dBm
Q3) 33 dBm
Q4) 200 mW
Q5) 0.05 mW
Q6) The station receives -60 dBm and the noise level is -66 dBm. The SNR is (-66 – (-60)) 6 dBm. This level is
not an acceptable SNR level. It is far too weak.
Q7) dBi = dBd + 2.14, and dBd = dBi - 2.14. 7.24 dBi = 7.24 - 2.14 = 5.1 dBi.
Q8) 11.44 dBi
Q9) dBi = dBd + 2.14, and dBd = dBi - 2.14. 13.56 dBd = 13.56 + 2.14 = 15.7 dBd.
Q10) 21 dBi
Q11) 18.86 dBd
Q12) 2.14 dBi = 0 dBd. 3.28 dBd = 5.42 dBi. 3.28 dBd is far more powerful than 2.14 dBi. The difference is
3.28 dB (dBi or dBd), more than twice the power.
Q13) 3.41 dBi = 2.55 dBd. dBm cannot be converted to dBi or dBd. dBm expresses a power with the milliwatt
as a reference, whereas dBd and dBi compare powers with antenna references. If the second value had
been 4.18 dBd, the comparison would have been possible: 4.18 dBd = 6.32 dBi, which is 2.91 dB
difference (dBi or dBd), almost twice the power.
Task 2
Q1) A 21 dBi dish antenna would be best.
Q2) An 8.1 dBi patch antenna would be best.
Q3) A 5.2 dBi omnidirectional antenna would be best.
Q4) EIRP = Tx (dBm) – cable loss + antenna gain. 40 mW is 16 dBm.
EIRP = 16 – 3 + 13.5 = 26.5 dBm.
Q5) 20 mW is 13 dBm. 20 feet of cable incurs a 1 dB loss.
EIRP = 13 – 1 + 5.2 = 17.2 dBm.
Q6) 100 mW is 20 dBm.
EIRP = 20 + 8.5 = 28.5 dBm.
Q7) EIRP = Tx (dBm) – cable loss + antenna gain.
Here: 20 = Tx – 3 + 3. Tx should be 20 dBm, or 100 mW.
Q8) EIRP = Tx (dBm) – cable loss + antenna gain.
Here: 17 = Tx – 9 -0.5 + 13.5. Tx should be 13 dBm or 20 mW.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 279/294
© 2008 Cisco Systems, Inc. Lab Guide 273
Q9) EIRP = Tx (dBm) – cable loss + antenna gain. 40 mW is 16 dBm.
Here: 17 = 16 - cable loss + 5.2. Cable loss should be 4.2 dB. 2.8 dB per 100 feet implies the need to use
150 feet of cable.
Task 3
Step 2) dual patch antenna
Step 3) a large hall or warehouse
Step 4) a pillar (with each patch on one side)
Step 6) directional antenna
Step 7) point-to-point long-range link
Step 8) a rooftop
Step 10) omnidirectional antenna
Step 11) open space or meeting room coverage
Step 12) ceiling
Lab 1-2 Answer Key: Creating an Ad Hoc Network (IBSS) and
Analyzing the CommunicationWhen you complete this activity, you will get similar results to the ones displayed here:
Task 4
Step 43 The most common frame is the beacon, which is sent 10 times per seconds.
Step 44 You should see data packets such as the pings.
Step 45 The frequency depend on the group.
Step 46 The data was sent at 1 Mb/s.
Step 47 100 ms.
Step 48 1, 2, 5.5 and 11 Mb/s.
Step 49 802.11b.
Step 50 IBSSID
Step 51 Yes, the Intel 4965AGN supports WMM.
Step 52 Data frames are sent at the optimum speed from the sender perspective and ACKs
are sent at the mandatory speed immediately below the speed used for the data
frame.
Lab 2-1 Answer Key: Configuring a Cisco 2106 WLC
When you complete this activity, you will get a similar configuration to the one displayed here:
Show running-config802.11a cac voice tspec-inactivity-timeout ignore802.11a cac video tspec-inactivity-timeout ignore802.11a cac voice stream-size 84000 max-streams 2802.11b cac voice tspec-inactivity-timeout ignore802.11b cac video tspec-inactivity-timeout ignore
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 280/294
274 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
802.11b cac voice stream-size 84000 max-streams 2aaa auth mgmt local radiuslocation rssi-half-life tags 0location rssi-half-life client 0location rssi-half-life rogue-aps 0location expiry tags 5location expiry client 5location expiry calibrating-client 5location expiry rogue-aps 5ap syslog host global 255.255.255.255dhcp create-scope pod1-1
dhcp address-pool pod1-1 10.10.1.21 10.10.1.26dhcp default-router pod1-1 10.10.1.254dhcp enable pod1-1dhcp dns-servers pod1-1 10.100.1.1dhcp netbios-name-server pod1-1 10.100.1.1dhcp network pod1-1 10.10.1.0 255.255.255.0interface address ap-manager 10.10.1.11 255.255.255.0 10.10.1.254interface address management 10.10.1.10 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface dhcp ap-manager primary 10.10.1.10interface dhcp management primary 10.10.1.10interface port ap-manager 1interface port management 1load-balancing window 5logging buffered 6
logging syslog host 0.0.0.0mesh security eapmgmtuser add admin1 **** read-writemobility group domain Pod1mobility dscp value for inter-controller mobility packets 0network telnet enablenetwork otap-mode disablenetwork rf-network-name Pod1radius fallback-test mode offradius fallback-test username cisco-proberadius fallback-test interval 300sessions timeout 0snmp version v2c enablesnmp version v3 enablesysname 2106-1
wlan create 1 IUWNE-1 IUWNE-1wlan radio 2 802.11awlan session-timeout 1 disablewlan session-timeout 2 1800wlan wmm allow 1wlan wmm allow 2wlan security wpa disable 1wlan radius_server acct disable 2wlan security static-wep-key encryption 1 104 <mode unknown> <passwd hidden> 1wlan security static-wep-key encryption 2 104 <mode unknown> <passwd hidden>1wlan security wpa akm ft reassociation-time 20 1wlan security wpa akm ft over-the-air enable 1wlan security wpa akm ft over-the-ds enable 1wlan security wpa akm ft reassociation-time 20 2
wlan security wpa akm ft over-the-air enable 2wlan security wpa akm ft over-the-ds enable 2wlan security wpa wpa1 enable 2wlan security wpa wpa1 ciphers tkip enable 2wlan security wpa wpa2 disable 2wlan enable 2
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 281/294
© 2008 Cisco Systems, Inc. Lab Guide 275
Lab 2-2 Answer Key: Configuring and Migrating a StandaloneAP
When you complete this activity, you will get a similar configuration to the one displayed here:
(Cisco Controller) >show ap summaryNumber of APs.................................... 1Global AP User Name.............................. Not Configured AP Name Slots AP Model Ethernet MAC LocationPort Country
------------------ ----- ------------------- ----------------- ---------------- ---- -------1252-1 2 AIR-LAP1252AG-A-K9 00:1d:45:91:37:10 IUWNEModule 5 1 US(Cisco Controller) >show ap config general 1252-1
Cisco AP Identifier.............................. 2Cisco AP Name.................................... 1252-1Country code..................................... US - United StatesRegulatory Domain allowed by Country............. 802.11bg:-AB 802.11a:-AB AP Country code.................................. US - United States AP Regulatory Domain............................. 802.11a:-ASwitch Port Number .............................. 1MAC Address...................................... 00:1d:45:91:37:10IP Address Configuration......................... DHCP
IP Address....................................... 10.10.1.22IP NetMask....................................... 255.255.255.0Gateway IP Addr.................................. 10.10.1.254Telnet State..................................... DisabledSsh State........................................ DisabledCisco AP Location................................ IUWNE LabCisco AP Group Name.............................. nonePrimary Cisco Switch Name........................ 2601-1Primary Cisco Switch IP Address.................. Not ConfiguredSecondary Cisco Switch Name......................Secondary Cisco Switch IP Address................ Not ConfiguredTertiary Cisco Switch Name.......................Tertiary Cisco Switch IP Address................. Not Configured Administrative State ............................ ADMIN_ENABLEDOperation State ................................. REGISTERED
Mirroring Mode .................................. Disabled AP Mode ......................................... LocalPublic Safety ................................... Global: Disabled, Local:DisabledRemote AP Debug ................................. DisabledS/W Version .................................... 5.0.148.0Boot Version ................................... 12.4.10.0Mini IOS Version ................................ 3.0.51.0Stats Reporting Period .......................... 180LED State........................................ EnabledPoE Pre-Standard Switch.......................... EnabledPoE Power Injector MAC Addr...................... DisabledNumber Of Slots.................................. 2 AP Model......................................... AIR-LAP1252AG-A-K9IOS Version...................................... 12.4(13d)JA
Reset Button..................................... Enabled AP Serial Number................................. FTX1201906W AP Certificate Type.............................. Manufacture InstalledManagement Frame Protection Validation........... Enabled (Global MFPDisabled) AP User Mode..................................... Not Configured AP User Name..................................... Not ConfiguredCisco AP system logging host..................... 255.255.255.255 AP Up Time....................................... 0 days, 05 h 33 m 30 s AP LWAPP Up Time................................. 0 days, 05 h 32 m 29 sJoin Date and Time............................... Sat Feb 16 00:24:51 2008
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 282/294
276 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
Join Taken Time.................................. 0 days, 00 h 01 m 00 sEthernet Port Duplex............................. AutoEthernet Port Speed.............................. Auto
Lab 2-3 Answer Key: Installing and Configuring a CiscoMobility Express Wireless Controller and AP
When you complete this activity, you will get a similar configuration to the one displayed here:
Task 1:(Cisco Controller) >show running-config802.11a cac voice tspec-inactivity-timeout ignore802.11a cac voice stream-size 84000 max-streams 2802.11b cac voice tspec-inactivity-timeout ignore802.11b cac voice stream-size 84000 max-streams 2advanced location expiry tags 1200advanced location expiry client 150advanced location expiry calibrating-client 30advanced location expiry rogue-aps 1200interface address ap-manager 10.10.1.101 255.255.255.0 10.10.1.254interface address management 10.10.1.100 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface dhcp ap-manager primary 255.255.255.255interface dhcp management primary 255.255.255.255
interface port ap-manager 1interface port management 1logging buffered 1mesh security eapmgmtuser add admin1 **** read-writemobility group domain Pod1msglog level criticalnetwork telnet enablenetwork rf-network-name Pod1sysname 526-1wlan create 1 IUWNE-102 IUWNE-102wlan security wpa disable 1wlan security wpa disable 2wlan dhcp_server 1 10.10.1.11 required802.11a disable network
wlan enable 2
Task 3
On the switch:Show running-config… output omitted …Ip dhcp excluded-address 10.10.1.1 10.10.1.30Ip dhcp excluded-address 10.10.1.36 10.10.1.255Ip dhcp pool Pod1Network 10.10.1.0 255.255.255.0Default-router 10.10.1.254Lease 0 4Dns-server 10.100.1.1… output omitted…
Lab 3-1 Answer Key: Installing and Using the Cisco ADU
There is no answer key for this lab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 283/294
© 2008 Cisco Systems, Inc. Lab Guide 277
Lab 3-2 Answer Key: Experimenting with Connections andRoaming
When you complete this activity, you will get a similar configuration to the one displayed here:
Show running-config802.11a cac voice tspec-inactivity-timeout ignore802.11a cac video tspec-inactivity-timeout ignore802.11a cac voice stream-size 84000 max-streams 2
802.11b cac voice tspec-inactivity-timeout ignore802.11b cac video tspec-inactivity-timeout ignore802.11b cac voice stream-size 84000 max-streams 2aaa auth mgmt local radiusLocation Summary Algorithm used: AverageClient
RSSI expiry timeout: 5 secHalf life: 0 secNotify Threshold: 0 db
Calibrating ClientRSSI expiry timeout: 5 secHalf life: 0 sec
Rogue APRSSI expiry timeout: 5 sec
Half life: 0 secNotify Threshold: 0 db
RFID TagRSSI expiry timeout: 5 secHalf life: 0 secNotify Threshold: 0 db
location rssi-half-life tags 0location rssi-half-life client 0location rssi-half-life rogue-aps 0location expiry tags 5location expiry client 5location expiry calibrating-client 5location expiry rogue-aps 5ap syslog host global 255.255.255.255dhcp create-scope Scope1-1
dhcp address-pool Scope1-1 10.10.1.21 10.10.1.25dhcp default-router Scope1-1 10.10.1.254dhcp enable Scope1-1dhcp dns-servers Scope1-1 10.100.1.1dhcp lease Scope1-1 14400dhcp netbios-name-server Scope1-1 10.100.1.1dhcp network Scope1-1 10.10.1.0 255.255.255.0local-auth method fast server-key 736563726574interface address ap-manager 10.10.1.11 255.255.255.0 10.10.1.254interface address management 10.10.1.10 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface dhcp ap-manager primary 10.10.1.10interface dhcp management primary 10.10.1.10interface port ap-manager 1interface port management 1
load-balancing window 5mesh security eapmgmtuser add admin1 **** read-writemobility group domain Pod12mobility group member add 00:1e:13:50:a6:60 10.20.1.10mobility dscp value for inter-controller mobility packets 0network webmode enablenetwork telnet enablenetwork mgmt-via-dynamic-interface enablenetwork otap-mode disablenetwork rf-network-name Pod12radius fallback-test mode off
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 284/294
278 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
radius fallback-test username cisco-proberadius fallback-test interval 300snmp version v2c enablesnmp version v3 enablesysname 2106-1wlan create 1 IUWNE-1 IUWNE-1wlan create 2 Roaming IUWNE-ROAM1wlan session-timeout 1 1800wlan session-timeout 2 1800wlan wmm allow 1wlan wmm allow 2
wlan security wpa disable 1wlan security wpa disable 2wlan security wpa akm ft reassociation-time 20 1wlan security wpa akm ft over-the-air enable 1wlan security wpa akm ft over-the-ds enable 1wlan security wpa akm ft reassociation-time 20 2wlan security wpa akm ft over-the-air enable 2wlan security wpa akm ft over-the-ds enable 2wlan enable 2
Lab 4-1 Answer Key: 802.1Q and Web Authentication
When you complete this activity, you will get a similar configuration to the one displayed here:
(Cisco Controller) >show running-config
802.11a cac voice tspec-inactivity-timeout ignore802.11a cac voice stream-size 84000 max-streams 2802.11b cac voice tspec-inactivity-timeout ignore802.11b cac voice stream-size 84000 max-streams 2advanced location expiry tags 1200advanced location expiry client 150advanced location expiry calibrating-client 30advanced location expiry rogue-aps 1200interface create vlan90 90interface address ap-manager 10.10.1.101 255.255.255.0 10.10.1.254interface address management 10.10.1.100 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface address dynamic-interface vlan90 90.90.90.10 255.255.255.090.90.90.253interface dhcp ap-manager primary 255.255.255.255
interface dhcp management primary 255.255.255.255interface dhcp dynamic-interface vlan90 primary 90.90.90.254interface vlan vlan90 90interface port ap-manager 1interface port management 1interface port vlan90 1logging buffered 1mesh security eapmgmtuser add admin1 **** read-writemobility group domain Pod12msglog level criticalnetuser add webuser1 cisco 2 userType permanent description User for the Webbased WLANnetuser wlan-id webuser1 2network telnet enable
network rf-network-name Pod12sysname 526-1wlan create 1 IUWNE-102 IUWNE-102wlan create 2 Web_Authentication IUWNE-Web1wlan interface 2 vlan90wlan security wpa disable 1wlan security wpa disable 2wlan dhcp_server 1 10.10.1.11 required802.11a disable networkwlan enable 2
On the switch:
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 285/294
© 2008 Cisco Systems, Inc. Lab Guide 279
Show running-config interface g0/3Switchport trunk encapsulation dot1qSwitchport mode trunkSwitchport trunk native vlan 10
Lab 4-2 Answer Key: Configuring EAP-FAST Authenticationwith WPA
When you complete this activity, you will get a similar configuration to the one displayed here:
Show running-config802.11a cac voice tspec-inactivity-timeout ignore802.11a cac video tspec-inactivity-timeout ignore802.11a cac voice stream-size 84000 max-streams 2802.11b cac voice tspec-inactivity-timeout ignore802.11b cac video tspec-inactivity-timeout ignore802.11b cac voice stream-size 84000 max-streams 2aaa auth mgmt local radiuslocation rssi-half-life tags 0location rssi-half-life client 0location rssi-half-life rogue-aps 0location expiry tags 5location expiry client 5location expiry calibrating-client 5location expiry rogue-aps 5
ap syslog host global 255.255.255.255dhcp create-scope Pod1dhcp address-pool Pod110.10.1.21 10.10.1.26dhcp default-router Pod110.10.1.254dhcp enable Pod1dhcp dns-servers Pod110.100.1.1dhcp netbios-name-server Pod110.100.1.1dhcp network Pod110.10.1.0 255.255.255.0local-auth eap-profile add EAP-FAST1local-auth eap-profile cert-issuer cisco EAP-FAST1local-auth eap-profile method add fast EAP-FAST1local-auth user-credentials ldaplocal-auth method fast server-key 736563726574local-auth eap-profile cert-verify ca-issuer disable EAP-FAST1interface address ap-manager 10.10.1.11 255.255.255.0 10.10.1.254
interface address management 10.10.1.10 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface dhcp ap-manager primary 10.10.1.10interface dhcp management primary 10.10.1.10interface port ap-manager 1interface port management 1ldap retransmit-timeout 1 30load-balancing window 5logging buffered 6logging syslog host 0.0.0.0mesh security eapmgmtuser add admin1 **** read-writemobility group domain Group1mobility dscp value for inter-controller mobility packets 0netuser add Fastuser1 **** wlan 2 userType permanent description
netuser wlan-id fastuser1 2network telnet enablenetwork otap-mode disablenetwork rf-network-name Pod1radius fallback-test mode offradius fallback-test username cisco-proberadius fallback-test interval 300sessions timeout 0snmp version v2c enablesnmp version v3 enablesysname 2106-1wlan create 1 IUWNE-1 IUWNE-1
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 286/294
280 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
wlan create 2 EAP_FAST IUWNE-FAST1wlan local-auth enable EAP-FAST1 2wlan radio 2 802.11awlan session-timeout 1 disablewlan session-timeout 2 1800wlan wmm allow 1wlan wmm allow 2wlan security wpa disable 1wlan radius_server acct disable 2wlan ldap add 2 1wlan security static-wep-key encryption 1 104 <mode unknown> <passwd hidden>
1wlan security static-wep-key encryption 2 104 <mode unknown> <passwd hidden>1wlan security wpa akm ft reassociation-time 20 1wlan security wpa akm ft over-the-air enable 1wlan security wpa akm ft over-the-ds enable 1wlan security wpa akm ft reassociation-time 20 2wlan security wpa akm ft over-the-air enable 2wlan security wpa akm ft over-the-ds enable 2wlan security wpa wpa1 enable 2wlan security wpa wpa1 ciphers tkip enable 2wlan security wpa wpa2 disable 2wlan enable 2
Lab 5-1 Answer Key: Configuring Controllers and APs from theCisco WCS Interface
When you complete this activity, will get similar results to the one displayed here:
Task 2
Step 18: You should see the class main switch; the port depends on the group.
Lab 5-2 Answer Key: Working with Maps
When you complete this activity, you will get similar results to the one displayed here:
Task 2:
Step 9: The lab is about 10 m wide and 11 m high in its longer dimension.
Lab 5-3 Answer Key: Monitoring the Network and ContainingDevices
There is no answer key for this lab.
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 287/294
© 2008 Cisco Systems, Inc. Lab Guide 281
Lab 6-1 Answer Key: Backing Up Controller Configuration andthe Cisco WCS Database Files
When you complete this activity, will get similar results to those displayed here:
Show running-configShow running-config802.11a cac voice tspec-inactivity-timeout ignore802.11a cac video tspec-inactivity-timeout ignore
802.11a cac voice stream-size 84000 max-streams 2802.11b cac voice tspec-inactivity-timeout ignore802.11b cac video tspec-inactivity-timeout ignore802.11b cac voice stream-size 84000 max-streams 2aaa auth mgmt local radiuslocation rssi-half-life tags 0location rssi-half-life client 0location rssi-half-life rogue-aps 0location expiry tags 5location expiry client 5location expiry calibrating-client 5location expiry rogue-aps 5ap syslog host global 255.255.255.255dhcp create-scope Pod1dhcp address-pool Pod110.10.1.21 10.10.1.26
dhcp default-router Pod110.10.1.254dhcp enable Pod1dhcp dns-servers Pod110.100.1.1dhcp netbios-name-server Pod110.100.1.1dhcp network Pod110.10.1.0 255.255.255.0local-auth eap-profile add EAP-FAST1local-auth eap-profile cert-issuer cisco EAP-FAST1local-auth eap-profile method add fast EAP-FAST1local-auth user-credentials ldaplocal-auth method fast server-key 736563726574local-auth eap-profile cert-verify ca-issuer disable EAP-FAST1interface address ap-manager 10.10.1.11 255.255.255.0 10.10.1.254interface address management 10.10.1.10 255.255.255.0 10.10.1.254interface address virtual 1.1.1.1interface dhcp ap-manager primary 10.10.1.10interface dhcp management primary 10.10.1.10interface port ap-manager 1interface port management 1ldap retransmit-timeout 1 30load-balancing window 5logging buffered 6logging syslog host 0.0.0.0mesh security eapmgmtuser add admin1 **** read-writemobility group domain Pod1mobility dscp value for inter-controller mobility packets 0netuser add Fastuser1 **** wlan 2 userType permanent descriptionnetuser wlan-id Fastuser1 2network telnet enablenetwork otap-mode disablenetwork rf-network-name Pod1
radius fallback-test mode offradius fallback-test username cisco-proberadius fallback-test interval 300sessions timeout 0snmp version v2c enablesnmp version v3 enablesysname 2106-1wlan create 1 IUWNE-1 IUWNE-1wlan create 2 EAP_FAST IUWNE-FAST1wlan local-auth enable EAP-FAST1 2wlan radio 2 802.11awlan session-timeout 1 disable
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 288/294
282 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
wlan session-timeout 2 1800wlan wmm allow 1wlan wmm allow 2wlan security wpa disable 1wlan radius_server acct disable 2wlan ldap add 2 1wlan security static-wep-key encryption 1 104 <mode unknown> <passwdhidden> 1wlan security static-wep-key encryption 2 104 <mode unknown> <passwdhidden> 1wlan security wpa akm ft reassociation-time 20 1
wlan security wpa akm ft over-the-air enable 1wlan security wpa akm ft over-the-ds enable 1wlan security wpa akm ft reassociation-time 20 2wlan security wpa akm ft over-the-air enable 2wlan security wpa akm ft over-the-ds enable 2wlan security wpa wpa1 enable 2wlan security wpa wpa1 ciphers tkip enable 2wlan security wpa wpa2 disable 2wlan enable 2
Controller XML version:
<XML_config_variables><XML_config_variables-aaaLocalEapCfg.xml-7741ad65>
<LocalAuth-EAP-Configuration><DataBaseName>Local EAP Database</DataBaseName>
<method><fast>
<serverKeyEnc><iv>02a73af1a97673be3790122d2ecacec1</iv><mac>a6aa51e29b7c2485d490570211a7cb6f7c28a4ae</mac>
<passwd>01179a42d90d1bd06a1e7caa18fee13a00000000000000000000000000000000</passwd>
</serverKeyEnc></fast>
</method><EAP-Profiles index="0">
<active>ENABLE</active><profileName>prfMaP1500LlEAuth93</profileName><profileHandle>195437080</profileHandle>
<certIssuer>legacy</certIssuer><Enable-Disable-flags>-123</Enable-Disable-flags><methodParams><localCertRequired>Required</localCertRequired><clientCertRequired>Required</clientCertRequired>
</methodParams><methods index="0">
<methodType>43</methodType><methodName>fast</methodName>
</methods><data>195437180</data>
</EAP-Profiles></LocalAuth-EAP-Configuration><XML_crc_file_size>1023</XML_crc_file_size><XML__CRC__CHECKSUM>3969282295</XML__CRC__CHECKSUM>
</XML_config_variables-aaaLocalEapCfg.xml-7741ad65><XML_config_variables-aaaapiFileDbCfgData.xml-ba700b76><User-Access-Configuration>
<numItems>1</numItems><length>223424</length><maxItems>512</maxItems><numOfRWUsers>1</numOfRWUsers><userDatabase index="0" arraySize="512">
<userName>admin1</userName><serviceType>6</serviceType><passwordStore>
<ps_type>PS_STATIC_AES128CBC_SHA1</ps_type><iv>d988dbd8ca6ed6d3b885885adca8474f</iv>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 289/294
© 2008 Cisco Systems, Inc. Lab Guide 283
<mac>c52df09a410ea11f3a0ebae6b5d188aaf258726f</mac><max_passwd_len>50</max_passwd_len><passwd_len>64</passwd_len>
<passwd>3f33b257d1d5bf8f73f7f88a4b27113b4620283bd06892b0bb45e84dabbdbb874c95fa1a6d252523aa776805b8080259756658316f5623cd4d44e57c35e972250000</passwd>
</passwordStore></userDatabase>
</User-Access-Configuration><XML_crc_file_size>782</XML_crc_file_size><XML__CRC__CHECKSUM>3297450704</XML__CRC__CHECKSUM>
</XML_config_variables-aaaapiFileDbCfgData.xml-ba700b76><XML_config_variables-apfCfgData.xml-82be6d39><APCommon-Configuration>
<ConfigIsComplete>0</ConfigIsComplete><NumOfWLANs>2</NumOfWLANs><WirelessLANData index="1">
<ProfileName>IUWNE-1</ProfileName><ProfileNameLen>7</ProfileNameLen><Identifier>1</Identifier><Status>ENABLED</Status><BroadcastSSIDEnabled>1</BroadcastSSIDEnabled><CcxAironetIeSupportEnabled>1</CcxAironetIeSupportEnabled><Security>
<SecurityType>16384</SecurityType><wepPolicy>
<configData><Dot11Encryption>WEP104</Dot11Encryption><KeyIndex>1</KeyIndex>
</configData></wepPolicy><dot1xPolicy>
<configData><AuthTimeout>1800</AuthTimeout>
</configData></dot1xPolicy><wifiPolicy>
<configData><mcastCipher>4</mcastCipher>
<rsnIeData>30160100000fac040100000fac040100000fac012800000000000000000000000000000000000000000000000000000000000000000000000000000000000000</rsnIeData>
<rsnIeLen>24</rsnIeLen>
<warpIeData>dd0a00c0b90100000008010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</warpIeData>
<warpIeLen>12</warpIeLen></configData>
</wifiPolicy><ipsecPolicy>
<configData><IpsecIkePhase1Mode>MAIN</IpsecIkePhase1Mode>
</configData></ipsecPolicy><VlanLocalAddress>10.10.1.10</VlanLocalAddress><VlanLocalNetmask>255.255.255.0</VlanLocalNetmask><GWAddress>10.10.1.254</GWAddress>
<BlacklistTimeout>60</BlacklistTimeout><InterfaceName>management</InterfaceName><WmePolicy>ALLOWED</WmePolicy>
</Security><Ssid>IUWNE-1</Ssid><apfVapSsidLen>7</apfVapSsidLen>
</WirelessLANData><Dot11BConfig>
<Dot11bBand><Dot11NumberOfChannels>11</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>27</Dot11MaximumTransmitPowerLevel>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 290/294
284 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
<Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed></Dot11bBand><Dot11gSupported>Supported</Dot11gSupported>
</Dot11BConfig><Dot11AConfig>
<Dot11aBand index="0"><Dot11FirstChannelNumber>36</Dot11FirstChannelNumber><Dot11NumberOfChannels>4</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>17</Dot11MaximumTransmitPowerLevel><Dot11FirstDCAChannelNumber>36</Dot11FirstDCAChannelNumber><Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed>
</Dot11aBand><Dot11aBand index="1"><Dot11BandState>1</Dot11BandState><RequiresRadar>1</RequiresRadar><Dot11FirstChannelNumber>52</Dot11FirstChannelNumber><Dot11ChannelSpacing>4</Dot11ChannelSpacing><Dot11NumberOfChannels>4</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>23</Dot11MaximumTransmitPowerLevel><Dot11FirstDCAChannelNumber>52</Dot11FirstDCAChannelNumber><Dot11DCAChannelSpacing>4</Dot11DCAChannelSpacing><Dot11DCANumberOfChanels>4</Dot11DCANumberOfChanels><Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed>
</Dot11aBand><Dot11aBand index="2">
<Dot11BandState>1</Dot11BandState>
<RequiresRadar>1</RequiresRadar><Dot11FirstChannelNumber>100</Dot11FirstChannelNumber><Dot11ChannelSpacing>4</Dot11ChannelSpacing><Dot11NumberOfChannels>5</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>23</Dot11MaximumTransmitPowerLevel><Dot11FirstDCAChannelNumber>100</Dot11FirstDCAChannelNumber><Dot11DCAChannelSpacing>4</Dot11DCAChannelSpacing><Dot11DCANumberOfChanels>5</Dot11DCANumberOfChanels><Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed>
</Dot11aBand><Dot11aBand index="3">
<Dot11BandState>1</Dot11BandState><RequiresRadar>1</RequiresRadar><Dot11FirstChannelNumber>132</Dot11FirstChannelNumber><Dot11ChannelSpacing>4</Dot11ChannelSpacing><Dot11NumberOfChannels>3</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>23</Dot11MaximumTransmitPowerLevel><Dot11FirstDCAChannelNumber>132</Dot11FirstDCAChannelNumber><Dot11DCAChannelSpacing>4</Dot11DCAChannelSpacing><Dot11DCANumberOfChanels>3</Dot11DCANumberOfChanels><Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed>
</Dot11aBand><Dot11aBand index="4">
<Dot11BandState>1</Dot11BandState><Dot11FirstChannelNumber>149</Dot11FirstChannelNumber><Dot11ChannelSpacing>4</Dot11ChannelSpacing><Dot11NumberOfChannels>5</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>30</Dot11MaximumTransmitPowerLevel><Dot11FirstDCAChannelNumber>149</Dot11FirstDCAChannelNumber><Dot11DCAChannelSpacing>4</Dot11DCAChannelSpacing><Dot11DCANumberOfChanels>4</Dot11DCANumberOfChanels>
<Dot11MaxAntennaGainAllowed>6</Dot11MaxAntennaGainAllowed></Dot11aBand><Dot11aBand index="5">
<Dot11BandState>1</Dot11BandState><Dot11FirstChannelNumber>190</Dot11FirstChannelNumber><Dot11ChannelSpacing>6</Dot11ChannelSpacing><Dot11NumberOfChannels>2</Dot11NumberOfChannels>
<Dot11MaximumTransmitPowerLevel>20</Dot11MaximumTransmitPowerLevel><Dot11MaxAntennaGainAllowed>17</Dot11MaxAntennaGainAllowed>
</Dot11aBand><Dot11aDefaultCfg>
<defaultChan>36</defaultChan>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 291/294
© 2008 Cisco Systems, Inc. Lab Guide 285
</Dot11aDefaultCfg></Dot11AConfig><Dot11CountryCode>US</Dot11CountryCode><networkName>Group1</networkName><Dot11MultiCountryCode index="0">US</Dot11MultiCountryCode>
</APCommon-Configuration><XML_crc_file_size>5811</XML_crc_file_size><XML__CRC__CHECKSUM>3881916614</XML__CRC__CHECKSUM>
</XML_config_variables-apfCfgData.xml-82be6d39><XML_config_variables-apfRogueData.xml-114ab423>
<RogueAP-Configuration>
<RogueList index="0"><level>1</level></RogueList>
</RogueAP-Configuration><XML_crc_file_size>142</XML_crc_file_size><XML__CRC__CHECKSUM>1488059387</XML__CRC__CHECKSUM>
</XML_config_variables-apfRogueData.xml-114ab423><XML_config_variables-cliWebCfgData.xml-a3523f1a>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-cliWebCfgData.xml-a3523f1a><XML_config_variables-dhcpCfgData.xml-92584a2f>
<DHCP-Configuration><scopes index="0">
<scopeName>Scope 1-1</scopeName>
<DHCPEnabled>ENABLED</DHCPEnabled><leaseTime>14400</leaseTime><poolStart>21.1.10.10</poolStart><poolEnd>29.1.10.10</poolEnd><poolLastAllocated>25.1.10.10</poolLastAllocated><defaultRoute index="0">254.1.10.10</defaultRoute><network>0.1.10.10</network><netmask>0.255.255.255</netmask><dnsServer index="0">1.1.100.10</dnsServer><wins index="0">1.1.100.10</wins>
</scopes></DHCP-Configuration><XML_crc_file_size>575</XML_crc_file_size><XML__CRC__CHECKSUM>393978620</XML__CRC__CHECKSUM>
</XML_config_variables-dhcpCfgData.xml-92584a2f><XML_config_variables-dot1qCfg.xml-3cf45304>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-dot1qCfg.xml-3cf45304><XML_config_variables-ldapCfgData.xml-1778a2ce>
<LDAP-Configuration><LDAP-Database-Name>LDAP Database</LDAP-Database-Name>
</LDAP-Configuration><XML_crc_file_size>129</XML_crc_file_size><XML__CRC__CHECKSUM>3519211832</XML__CRC__CHECKSUM>
</XML_config_variables-ldapCfgData.xml-1778a2ce><XML_config_variables-logCfgData.xml-3d9622e2>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-logCfgData.xml-3d9622e2><XML_config_variables-meshFileCfg.xml-436a659c>
<MESH-Configuration><cfg>
<isChanged>1</isChanged><profileName>prfMaP1500LlEAuth93</profileName>
</cfg></MESH-Configuration><XML_crc_file_size>175</XML_crc_file_size><XML__CRC__CHECKSUM>3717743609</XML__CRC__CHECKSUM>
</XML_config_variables-meshFileCfg.xml-436a659c><XML_config_variables-mmCfgData.xml-2a91608>
<Mobility-Manager-Configuration><group>Group1</group>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 292/294
286 Implementing Cisco Unified Wireless Network Essentials (IUWNE) v1.0 © 2008 Cisco Systems, Inc.
</Mobility-Manager-Configuration><XML_crc_file_size>120</XML_crc_file_size><XML__CRC__CHECKSUM>2303725361</XML__CRC__CHECKSUM>
</XML_config_variables-mmCfgData.xml-2a91608><XML_config_variables-nimSlot0.xml-bcd6b57f>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-nimSlot0.xml-bcd6b57f><XML_config_variables-policyCfgData.xml-40f47081>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-policyCfgData.xml-40f47081><XML_config_variables-rrmCfgData.xml-89a365cb><RadioResourceManager-Configuration>
<rrm2 index="1"><rrmAllowedChans>
<chanCnt>20</chanCnt><chans index="8">100</chans><chans index="9">104</chans><chans index="10">108</chans><chans index="11">112</chans><chans index="12">116</chans><chans index="13">132</chans><chans index="14">136</chans><chans index="15">140</chans><chans index="16">149</chans>
<chans index="17">153</chans><chans index="18">157</chans><chans index="19">161</chans>
</rrmAllowedChans></rrm2>
</RadioResourceManager-Configuration><XML_crc_file_size>668</XML_crc_file_size><XML__CRC__CHECKSUM>1600534478</XML__CRC__CHECKSUM>
</XML_config_variables-rrmCfgData.xml-89a365cb><XML_config_variables-sigCfg.xml-2d0c8484>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-sigCfg.xml-2d0c8484><XML_config_variables-simCfgData.xml-47629dc4>
<System-Interface-Configuration><systemName>2106-1</systemName><systemIpAddress>192.168.1.1</systemIpAddress><systemGateway>0.0.0.0</systemGateway>
</System-Interface-Configuration><XML_crc_file_size>224</XML_crc_file_size><XML__CRC__CHECKSUM>3204326577</XML__CRC__CHECKSUM>
</XML_config_variables-simCfgData.xml-47629dc4><XML_config_variables-simQosCfgData.xml-11069211>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-simQosCfgData.xml-11069211><XML_config_variables-simVlanCfgData.xml-a2f725a>
<VLAN-Configuration><simInterface index="0">
<InterfaceName>management</InterfaceName><vlanStatus>CREATED</vlanStatus>
<vlanLocalAddress>10.10.1.10</vlanLocalAddress><vlanLocalNetmask>255.255.255.0</vlanLocalNetmask><vlanLocalGateway>10.10.1.254</vlanLocalGateway><vlanDhcpProtocolState>1</vlanDhcpProtocolState><vlanDhcpPrimaryServer>10.10.1.10</vlanDhcpPrimaryServer><vlanPortNumber>1</vlanPortNumber><GatewayResolvedState>RESOLVED</GatewayResolvedState><vlanGatewayMac>0:1e:7a:ad:52:a9</vlanGatewayMac>
</simInterface><simInterface index="1">
<InterfaceName>service-port</InterfaceName><vlanId>-1</vlanId>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 293/294
© 2008 Cisco Systems, Inc. Lab Guide 287
<vlanInterfaceType>Service-Port</vlanInterfaceType><vlanDhcpProtocolState>3</vlanDhcpProtocolState><vlanInterfaceId>3</vlanInterfaceId>
</simInterface><simInterface index="2">
<InterfaceName>virtual</InterfaceName><vlanId>-1</vlanId><vlanStatus>CREATED</vlanStatus><vlanInterfaceType>Virtual</vlanInterfaceType><vlanLocalAddress>1.1.1.2</vlanLocalAddress><vlanDhcpProtocolState>1</vlanDhcpProtocolState>
</simInterface><simInterface index="3"><InterfaceName>ap-manager</InterfaceName><vlanStatus>CREATED</vlanStatus><vlanInterfaceType>VLAN</vlanInterfaceType><vlanLocalAddress>10.10.1.11</vlanLocalAddress><vlanLocalNetmask>255.255.255.0</vlanLocalNetmask><vlanLocalGateway>10.10.1.254</vlanLocalGateway><vlanDhcpProtocolState>1</vlanDhcpProtocolState><vlanDhcpPrimaryServer>10.10.1.10</vlanDhcpPrimaryServer><vlanPortNumber>1</vlanPortNumber><vlanInterfaceId>1</vlanInterfaceId><GatewayResolvedState>RESOLVED</GatewayResolvedState><vlanGatewayMac>0:1e:7a:ad:52:a9</vlanGatewayMac><vlanFlags>1</vlanFlags>
</simInterface></VLAN-Configuration><XML_crc_file_size>1949</XML_crc_file_size><XML__CRC__CHECKSUM>3145401149</XML__CRC__CHECKSUM>
</XML_config_variables-simVlanCfgData.xml-a2f725a><XML_config_variables-snmpCfgData.xml-4f1f9d7c>
<SNMP-Configuration><snmpV3User index="0">
<agentUserAuthKeyStore><iv>9af0c956b3ef198c2bbe657e02cb5746</iv><mac>b5b769a4a62137da506ed909dfd4f3e1fe2605bb</mac>
<passwd>df9e7cc2d2bbc09cbfa42c4942b3ddb00000000000000000000000000000000000000000000000000000000000000000</passwd>
</agentUserAuthKeyStore><agentUserPrivKeyStore>
<iv>e9460c2cc054846a9399f6ca905c808e</iv><mac>d043b534f8587048cf403886b6254f4600b4f35e</mac>
<passwd>ff7682febf472d078b453ca2c0574a480000000000000000000000000000000000000000000000000000000000000000</passwd>
</agentUserPrivKeyStore></snmpV3User><snmpTrapMgr index="0">
<agentTrapMgrCommunityName>127.0.0.1</agentTrapMgrCommunityName><agentTrapMgrIpAddr>127.0.0.1</agentTrapMgrIpAddr><agentTrapMgrStatus>1</agentTrapMgrStatus>
</snmpTrapMgr></SNMP-Configuration><XML_crc_file_size>925</XML_crc_file_size><XML__CRC__CHECKSUM>3737039482</XML__CRC__CHECKSUM>
</XML_config_variables-snmpCfgData.xml-4f1f9d7c><XML_config_variables-sshpmCfgData.xml-41181e3e>
<SSHPolicyManagerConfigData><sshpmIPv4VirtualAddress>1.1.1.2</sshpmIPv4VirtualAddress><sshpmIPv4VirtualIPString>1.1.1.1</sshpmIPv4VirtualIPString>
</SSHPolicyManagerConfigData><XML_crc_file_size>214</XML_crc_file_size><XML__CRC__CHECKSUM>755129620</XML__CRC__CHECKSUM>
</XML_config_variables-sshpmCfgData.xml-41181e3e><XML_config_variables-trapMgrCfgData.xml-bd5b2af3>
<XML_crc_file_size>22</XML_crc_file_size><XML__CRC__CHECKSUM>1389374175</XML__CRC__CHECKSUM>
</XML_config_variables-trapMgrCfgData.xml-bd5b2af3><XML_config_variables-webCustomizations.xml-3adfbbe>
8/20/2019 Iuwne10 Lg v2
http://slidepdf.com/reader/full/iuwne10-lg-v2 294/294
<Custom-WEB-Configuration><wlans index="3">
<useGlobalFlag>0</useGlobalFlag>/ l
top related