wireless mod5 accesspoints
TRANSCRIPT
-
8/10/2019 Wireless Mod5 AccessPoints
1/49
Ch. 5Access Points
-
8/10/2019 Wireless Mod5 AccessPoints
2/49
Overview
-
8/10/2019 Wireless Mod5 AccessPoints
3/49
Access Point Connection
-
8/10/2019 Wireless Mod5 AccessPoints
4/49
-
8/10/2019 Wireless Mod5 AccessPoints
5/49
-
8/10/2019 Wireless Mod5 AccessPoints
6/49
Cable and Power
WARNINGNever connect both the DC power to the APpower port and inline power simultaneously
-
8/10/2019 Wireless Mod5 AccessPoints
7/49
AP Installation
-
8/10/2019 Wireless Mod5 AccessPoints
8/49
LED indicators
The LED lights on an access point convey status information. When the access point is powering on, all three LEDs normally blink.
After bootup, the colors of the LEDs represent the following: GreenLEDs indicate normal activity.
AmberLEDs indicate errors or warnings.
RedLEDs mean the unit is not operating correctly or is being
upgraded.
1100 AP 1200 AP
-
8/10/2019 Wireless Mod5 AccessPoints
9/49
Reset the AP (Power On)
When beginning a lab, to make sure the AP has the default settings,you will reset the AP.
Follow these steps to reset the access point to factory default settingsusing the access point MODE button:
Step 1Disconnect power (the power jack for external power or theEthernet cable for in-line power) from the access point.
Step 2Press and hold the MODEbutton while power to the accesspoint is reconnected.
Step 3Hold the MODEbutton until the Status LED turns amber(approximately 1 to 2 seconds), and release the button. All access
point settings return to factory defaults.
1100 AP 1200 AP
-
8/10/2019 Wireless Mod5 AccessPoints
10/49
Connecting to the AP (Configuration)
Wired Wireless: Requires Association
-
8/10/2019 Wireless Mod5 AccessPoints
11/49
Connecting to the AP (Console)
ConsoleSerial
Rollover Cable
IOS CLI
-
8/10/2019 Wireless Mod5 AccessPoints
12/49
Connecting to the AP (Telnet)
Requires a network connection either Ethernetor Wireless
AP Defaults IP Address = 10.0.0.1/24
Username and Password =Cisco (C not c)
This password is theprivilege password, not theWEP password.
Cisco
-
8/10/2019 Wireless Mod5 AccessPoints
13/49
Connecting to the AP (Browser)
Wired Wireless: Requires AssociationPreferred Method!
-
8/10/2019 Wireless Mod5 AccessPoints
14/49
Connecting to the AP (Wireless)
Wireless adapter: If configuring using the wireless adapter, you must first associate
with the AP. Make sure the settings on the ACU match the AP.
Cisco 1100 and 1200 Aps have the following defaults:
IP Address = 10.0.0.1/24
SSID = tsunami
Password = Cisco (C not c)
SSID = tsunami
SSID = tsunami
-
8/10/2019 Wireless Mod5 AccessPoints
15/49
Connecting to the AP (Wired)
Wired Ethernet: No association necessary
Make sure the IP Address on the Ethernet interface is on the samesubnet as the AP.
AP Defaults
IP Address = 10.0.0.1/24
Password = Cisco (C not c)
Preferred Method!
SSID = tsunami
SSID = tsunami
-
8/10/2019 Wireless Mod5 AccessPoints
16/49
Connecting to the AP (Wired)
Wired Ethernet: We will use the browser via wired methodto initially configure
APs during labs so we do not configure the wrong AP via wireless. IOS CLIOptional, but you can do those labs if you wish. We
will cover some of the basic commands.
Preferred Method!
SSID = tsunami
SSID = tsunami
-
8/10/2019 Wireless Mod5 AccessPoints
17/49
Basic Configuration
The labs will really help you understand this.
Lab 5.4.4: Configuring Radio Interfaces Through the
GUI
Skip step # 4
Refer to the next few slides to complete the lab
-
8/10/2019 Wireless Mod5 AccessPoints
18/49
The APs IP address
Same IP address whether you are connecting via the wiredor wireless interface. (For configuring the AP.)
-
8/10/2019 Wireless Mod5 AccessPoints
19/49
ACU - Verifying
Right click
N t k I t f R di 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
20/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
21/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
22/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
23/49
Network InterfacesRadio-802.11B
(Settings)
PLCP
frame!
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
24/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
25/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
26/49
Network InterfacesRadio-802.11B
(Settings)
Network Interfaces Radio 802 11B
-
8/10/2019 Wireless Mod5 AccessPoints
27/49
Network InterfacesRadio-802.11B
(Settings)
-
8/10/2019 Wireless Mod5 AccessPoints
28/49
Using the CLI
-
8/10/2019 Wireless Mod5 AccessPoints
29/49
Lab 5.4.5 Page 118
Configuring Radio Interfaces through the IOS CLI
Stop at step # 10
-
8/10/2019 Wireless Mod5 AccessPoints
30/49
Wired equivalent privacy (WEP)
The IEEE 802.11standard includes WEP to protect authorized users ofa WLAN from casual eavesdropping.
The IEEE 802.11 WEP standard specified a 40-bit key, so that WEPcould be exported and used worldwide.
Most vendors have extended WEP to 128 bits or more. When using WEP, both the wireless client and the access point must
have a matching WEP key.
WEP is based upon an existing and familiar encryption type, RivestCipher 4 (RC4).
128 bit WEP is sometimes
referred to, and more
accurately, as 104 bit WEP.
Also, be sure that Transmit
Key numbers match, I.e. Key1 on both AP and ACU.
AP
ACU
-
8/10/2019 Wireless Mod5 AccessPoints
31/49
Authentication Process (Review)
On a wired network, authentication is implicitly provided by the physicalcable from the PC to the switch.
Authentication is the process to ensure that stations attempting toassociate with the network (AP) are allowed to do so.
802.11 specifies two types of authentication: Open-system
Shared-key (makes use of WEP)
-
8/10/2019 Wireless Mod5 AccessPoints
32/49
Open Authentication
Typical Open Authentication onboth AP and Client with No WEP
keys
-
8/10/2019 Wireless Mod5 AccessPoints
33/49
Open Authentication and WEP
Remember there are three steps to Association: Probe
Authentication
Association
A client can associate with an AP, but use WEP to send the encrypted
data packets. Authentication and data encryption are two different things.
AuthenticationIs the client allowed to associate with this AP?
EncryptionEncrypts the data (payload) and ICV (Integrity Check
Value) fields of the 802.11 MAC, not the other fields.
So a client could Associate with the AP, using Open Authentication(basically no authentication), but use WEP to encrypt the data frames
sent after its associated.
-
8/10/2019 Wireless Mod5 AccessPoints
34/49
Open Authentication and WEP
In some configurations, a client can associate to the access point with anincorrect WEP key or even no WEP key.
The AP must be configured to allow this (coming).
A client with the wrong WEP key will be unable to send or receive data, sincethe packet payload will be encrypted.
Keep in mind that the header is not encrypted by WEP. Only the payload or data is encrypted.
Associated but data
cannot be sent or
received, since it
cannot be
unencrypted.
Open Authentication - Optional WEP
-
8/10/2019 Wireless Mod5 AccessPoints
35/49
Open Authentication - Optional WEP
Encryption (AP)
802.11 allows client to associate with AP. Cisco AP must have WEP Encryption set to Optional Association successful with any of these options on the client:
Matching WEP key
Non-matching WEP key
No WEP key
-
8/10/2019 Wireless Mod5 AccessPoints
36/49
Encryption Modes
Indicates whether clients should use data encryption when
communicating with the device. The three options are: None- The device communicates only with client devices that are not
using WEP.
WEP Encryption- Choose Optional or Mandatory. If optional, client devices can communicate with this access point or
bridge with or without WEP. If mandatory, client devices must use WEP when communicating withthe access point. Devices not using WEP are not allowed tocommunicate. WEP (Wired Equivalent Privacy) is an 802.11 standardencryption algorithm originally designed to provide with a level ofprivacy experienced on a wired LAN. The standard defines WEP base
keys of size 40 bits or 104 bits.
-
8/10/2019 Wireless Mod5 AccessPoints
37/49
In Summary
Client Use Open Authentication on the client (does not use WEP, challenge
transaction, during authentication).
Use WEP for Data Encryption.
AP Use Open Authentication
Use Mandatory WEP Encryption, Devices not using WEP are not allowed
to communicate.
-
8/10/2019 Wireless Mod5 AccessPoints
38/49
Lab 8.3.3.1: Page 225
Configuring WEP on AP and client
C / C
-
8/10/2019 Wireless Mod5 AccessPoints
39/49
MAC Authentication/MAC Filters
Allows you to accept/deny specific MAC or IP addresses.
L b 8 3 2 P 218
-
8/10/2019 Wireless Mod5 AccessPoints
40/49
Lab 8.3.2: Page 218
Configuring Filters on AP
-
8/10/2019 Wireless Mod5 AccessPoints
41/49
Services
We will not configure all of these options or use all ofthe features.
S i
-
8/10/2019 Wireless Mod5 AccessPoints
42/49
Services
The Services Summarypage shows whether all of themain services are currently enabled or disabled.
T l t/SSH
-
8/10/2019 Wireless Mod5 AccessPoints
43/49
Telnet/SSH
L b 8 3 1 1 P 198
-
8/10/2019 Wireless Mod5 AccessPoints
44/49
Lab 8.3.1.1 Page 198
Configuring Basic AP Security Via GUI
E t L
-
8/10/2019 Wireless Mod5 AccessPoints
45/49
Event Log
L b 11 5 6 1 335
-
8/10/2019 Wireless Mod5 AccessPoints
46/49
Lab 11.5.6.1: page 335
Configuring Syslog on AP
HTTP
-
8/10/2019 Wireless Mod5 AccessPoints
47/49
HTTP
This feature enables Web-based GUI management by providing support forHTML Web pages and Common Gateway Interface (CGI) scripts usingcommon Web browsers.
The Services>Web Serverpage is used to enable browsing to the web-basedmanagement system, specify the location of the Help files, and enter settingsfor a custom-tailored web system for management.
With the Allow Web-based Configuration Management enabled, access to theGUI management system is permitted.
If HTTP is disabled, the management system is accessible only through Telnet
or the console
C fi AP t
-
8/10/2019 Wireless Mod5 AccessPoints
48/49
Configure an AP as a repeater
Lab 5.4.8: Configure an AP as a repeater through the GUIPage 127
Lab 8.3.3.2: Configure an AP as a repeater using WEP
through the GUIpage 230
-
8/10/2019 Wireless Mod5 AccessPoints
49/49
Ch. 5Access Points