Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,950 --> 00:00:06,450
In our next section we will talk about Cisco wireless infrastructure
2
00:00:09,100 --> 00:00:17,740
let's start with the access point types and connecting to Cisco access point as Cisco wireless network
3
00:00:17,740 --> 00:00:25,720
can consist of autonomously access points or light the way to access points that are coupled with one
4
00:00:25,780 --> 00:00:28,850
or more wireless LAN controllers.
5
00:00:30,180 --> 00:00:38,280
As you can see in the screen we have an autonomous API in here and we have the lightweight HP in here.
6
00:00:38,490 --> 00:00:49,410
The autonomous AP is connected to a switched network wire at wrinkling and this lightweight AP is connected
7
00:00:49,500 --> 00:00:59,490
to a switch lan mostly with an access link but lightweight AP is communicating with the wireless controller
8
00:00:59,490 --> 00:01:02,970
also as you can see in here with cap wrap.
9
00:01:03,990 --> 00:01:04,350
Okay.
10
00:01:04,350 --> 00:01:13,860
After this brief information let's talk about in some more detail about these two types and autonomous
11
00:01:13,950 --> 00:01:22,590
a access point is a standalone device and nothing else is needed to forward to Ethernet frames from
12
00:01:22,610 --> 00:01:28,430
a wired we lend to a wireless LAN and vice versa.
13
00:01:28,550 --> 00:01:38,600
In effect the AP maps each wheel then to a wireless LAN and the assess the autonomous AP has a single
14
00:01:38,600 --> 00:01:44,950
wired Ethernet interface as shown in the left portion of fear and as I showed you.
15
00:01:45,140 --> 00:01:54,890
Which means that multiple villains must be brought to it over at CERN Klink a lightweight AP also has
16
00:01:54,890 --> 00:01:57,670
a single wide Internet interface.
17
00:01:57,770 --> 00:02:04,400
However it must be paired with a wireless controller to be fully functional.
18
00:02:04,480 --> 00:02:10,940
Why do we Lance that terminate at the wireless controller can be mapped to wireless local area network
19
00:02:11,000 --> 00:02:20,420
that emerge at the access point even though multiple villains are being extended from the wireless controller
20
00:02:20,420 --> 00:02:27,860
to the access point they are all carried over and they kept that tunnel between the two.
21
00:02:27,860 --> 00:02:36,350
That means the access point needs only an access link to connect to the network infrastructure and terminate
22
00:02:36,410 --> 00:02:38,080
its end of the tunnel.
23
00:02:38,090 --> 00:02:41,600
As shown in the right portion of the figure.
24
00:02:41,780 --> 00:02:49,370
So if you want to configure and manage Cisco access points you can connect to a serial console cable
25
00:02:49,370 --> 00:02:57,800
from your P.C. to the console port of the access point once the access point is operational and has
26
00:02:57,800 --> 00:02:59,480
an IP address.
27
00:02:59,540 --> 00:03:08,720
You can also use 10 that or SSA to connect to it CLIA over the wired network autonomous APIs support
28
00:03:08,720 --> 00:03:17,270
browser beach browser based management sessions via ETP and Asian shitty as you can manage the light
29
00:03:17,280 --> 00:03:22,490
weight a piece from a browser session to the wireless controller
30
00:03:25,050 --> 00:03:25,620
okay.
31
00:03:26,500 --> 00:03:34,090
But how are we going to access to the Cisco wireless controller to connect to and configure Cisco wireless
32
00:03:34,090 --> 00:03:35,190
controller.
33
00:03:35,290 --> 00:03:43,150
You will need to open a web browser to the wireless controllers management to address with either ATP
34
00:03:43,150 --> 00:03:45,110
or H2 G.P.S..
35
00:03:45,340 --> 00:03:53,140
This can be done only after the wireless controller has an initial configuration and management IP address
36
00:03:53,200 --> 00:03:56,770
assigned to its management interface.
37
00:03:56,770 --> 00:04:06,580
The web based G UI provides an effective way to monitor configure and troubleshoot a wireless network.
38
00:04:06,610 --> 00:04:15,040
You can also connect to Cisco wireless controller with an SSD each session where you can use it CLIA
39
00:04:15,040 --> 00:04:26,110
to monitor configure and debug activity both the web based G U and the S.L. I require management users
40
00:04:26,110 --> 00:04:27,630
to log in.
41
00:04:27,700 --> 00:04:36,220
Users can be authenticated against an internal list of local user names or against an authentication
42
00:04:36,550 --> 00:04:44,560
authorization and accounting through Apple a server such as tax plus or radius.
43
00:04:44,740 --> 00:04:52,280
When you first open a web browser to the management address you will see the initial Logan's screen.
44
00:04:52,330 --> 00:05:00,820
Once you click the logging button you can see in here once you click this button and then you enter
45
00:05:00,820 --> 00:05:04,500
your credentials as you are prompted for them
46
00:05:08,310 --> 00:05:16,470
when you successfully log in the wireless controller will display and monitoring dashboard similar to
47
00:05:16,470 --> 00:05:18,930
the one you can see in the figure.
48
00:05:18,930 --> 00:05:25,160
Guys you will not be able to make any configuration change here.
49
00:05:25,230 --> 00:05:33,960
You must click on the advanced link a you can see it here to make some configuration changes.
50
00:05:34,050 --> 00:05:42,720
And even here you can see some network summary and total wireless network counts how many access points
51
00:05:42,720 --> 00:05:43,340
you have.
52
00:05:43,350 --> 00:05:49,380
How many active clients do you have and some rogue IP information and interfere.
53
00:05:49,380 --> 00:05:59,580
Is here also once you click the advanced button this will bring up the full wireless control or G you
54
00:05:59,600 --> 00:06:06,960
I as shown in the figure you can select categories of functions from among in here.
55
00:06:07,040 --> 00:06:21,530
You can also see that monitor wireless LAN controller wireless security management commands help and
56
00:06:21,530 --> 00:06:31,070
feedback saw at the vertical list of functions at the left side of the screen and will change accordingly.
57
00:06:31,070 --> 00:06:40,190
Once you select one of these options you can expand the list to entries if needed and select one to
58
00:06:40,190 --> 00:06:47,300
work on the main screen area will display all of relevant fields and options.
59
00:06:47,300 --> 00:06:51,600
You can edit as you make a configuration change.
60
00:06:53,560 --> 00:07:01,950
So how we can connect to Cisco wireless control or let's talk in detail about this one.
61
00:07:02,080 --> 00:07:11,320
So guys connecting a Cisco wireless LAN controller to the network is not quite as straight forward because
62
00:07:11,350 --> 00:07:15,430
it has several different types of connections.
63
00:07:15,700 --> 00:07:25,330
Control of ports are physical connections made to an external wired or switched network whereas interfaces
64
00:07:25,420 --> 00:07:30,430
are logical connections made internally within the controller.
65
00:07:31,450 --> 00:07:36,470
You can connect several different types of controller ports to your network.
66
00:07:36,490 --> 00:07:42,340
As you can see in the screen so you can see here we have service part.
67
00:07:42,490 --> 00:07:51,380
This port is used for out of pain management system recovery and initial built functions always come
68
00:07:51,380 --> 00:08:01,090
next to a switch port in Access mode and we have also distribution ports in here then these ports are
69
00:08:01,090 --> 00:08:10,600
used for all normal access point and management traffic and usually connect to a switch port in trying
70
00:08:11,710 --> 00:08:14,190
so here is mostly trying.
71
00:08:14,320 --> 00:08:17,290
And here is the access parts.
72
00:08:18,040 --> 00:08:22,130
And we have also console port in here you can see that.
73
00:08:22,240 --> 00:08:31,240
And this port is used for out bands of management system recovery and initial boot functions.
74
00:08:31,240 --> 00:08:40,360
And we also have the redundancy port and that is used to connect to a pier controller for high availability
75
00:08:43,420 --> 00:08:52,270
so let's go ahead with connecting to Cisco wireless controller through its distribution system ports.
76
00:08:52,320 --> 00:08:58,960
A controller can connect to multiple villains on the switch network.
77
00:08:58,960 --> 00:09:09,190
Internally the controller must somehow map those wide valence to actual and logical wireless networks
78
00:09:09,940 --> 00:09:10,840
for example.
79
00:09:10,850 --> 00:09:11,300
Guys.
80
00:09:11,330 --> 00:09:22,780
So let's suppose that we land 10 is set aside for wireless users in the engineering division of the
81
00:09:22,780 --> 00:09:33,070
company that we land must be connected to a unique wireless local area network that exists on air controller
82
00:09:33,100 --> 00:09:42,040
and its associated access point the wireless local area network must then be extended to every client
83
00:09:42,340 --> 00:09:50,890
that associates with the service set identifier and SS I.D. engineering.
84
00:09:50,980 --> 00:10:00,580
So Cisco wireless controllers provide the necessary connectivity through internal logical interfaces
85
00:10:00,880 --> 00:10:08,750
which must be configured with an IP address subnet mask default gateway and AD D.
86
00:10:08,750 --> 00:10:19,000
Hey the HBP server each interface is then assigned to a physical port and we land I.D. You can't think
87
00:10:19,000 --> 00:10:25,150
of an interface as Layer three termination of real long guys.
88
00:10:25,150 --> 00:10:32,600
So Cisco controller support following interface types that you can see in screen also.
89
00:10:32,620 --> 00:10:42,250
And the first one is the dynamic interface dynamic interface is used to connect to a villain to a violence
90
00:10:42,250 --> 00:10:43,800
local area network.
91
00:10:43,900 --> 00:10:45,730
You can see in here.
92
00:10:45,790 --> 00:10:49,330
We also have the management interface.
93
00:10:49,420 --> 00:10:56,680
You can see also in here and management the interface is used for normal management traffic such as
94
00:10:56,680 --> 00:11:02,940
ready as user authentication web based and SSA sessions as an MP.
95
00:11:02,940 --> 00:11:11,830
A.P. and so on the management the interface is also used to terminate kep tunnels between the controller
96
00:11:11,860 --> 00:11:14,670
and it has access point.
97
00:11:14,710 --> 00:11:22,120
And also we have the redundancy management interface and this is the management the IP address of a
98
00:11:22,120 --> 00:11:24,070
redundant wireless controller.
99
00:11:24,070 --> 00:11:32,270
That is part of our high availability pair of controllers the active wireless controller uses the management
100
00:11:32,270 --> 00:11:40,540
the interface address while this thing by wireless controller uses the redundancy management address.
101
00:11:40,540 --> 00:11:50,200
And we have also in here the service part interface and this interface is bound to the service port
102
00:11:50,230 --> 00:11:53,270
and the used for out of bond management.
103
00:11:53,290 --> 00:12:01,420
Also we also have the virtual interface and IP address facing wireless clients.
104
00:12:01,420 --> 00:12:09,280
When controller is relaying climbed the H.S. peer requests performing client work authentication and
105
00:12:09,430 --> 00:12:17,350
supporting client mobility and we also have the virtual interface which is the IP address facing wireless
106
00:12:17,350 --> 00:12:25,300
clients when the controller is relaying client ACP requests performing client web authentication and
107
00:12:25,570 --> 00:12:27,550
supporting client mobility
108
00:12:31,370 --> 00:12:40,030
so let's talk about the configuring our wireless local area network and wireless local area network
109
00:12:40,060 --> 00:12:49,660
controller and an access point work in concert to provide network connectivity to wireless clients from
110
00:12:49,860 --> 00:12:51,580
a wireless perspective.
111
00:12:51,580 --> 00:13:03,080
The AP advertises a service said identifier which is known as SSI I.D. for declined to join from a wide
112
00:13:03,100 --> 00:13:12,670
perspective the controller connects to a virtual lan villain through one of its dynamic interfaces and
113
00:13:12,670 --> 00:13:19,990
to complete the path between the SS I.D. and the villain as illustrated in the screen.
114
00:13:19,990 --> 00:13:25,720
You must first define a wireless local area network on the controller
115
00:13:28,740 --> 00:13:39,480
so let's go step by step how we can call for your local wireless local area network if your need wireless
116
00:13:39,480 --> 00:13:50,040
local area network will use a security scheme that requires a radio server such as WPA WPA to enterprise
117
00:13:50,070 --> 00:13:58,640
or WPA 3 enterprise you will need to define the server first guys and a unit to select.
118
00:13:58,670 --> 00:14:07,440
You can see in here security triple A and the authentication and you need to click new
119
00:14:10,040 --> 00:14:15,920
once you click the name you will go to the screen that you can create a new server.
120
00:14:16,430 --> 00:14:20,970
And next you need to enter servers IP address firstly.
121
00:14:21,510 --> 00:14:22,680
OK.
122
00:14:23,000 --> 00:14:35,130
And shared scripts key and the port number if you already had two other radio servers configured the
123
00:14:35,160 --> 00:14:37,880
server at two.
124
00:14:37,910 --> 00:14:44,060
That 30 will be index number three as you can see in here.
125
00:14:44,060 --> 00:14:53,120
Be sure to set these server status to enabled so that the controller can begin using it at the bottom
126
00:14:53,120 --> 00:14:53,880
of the page.
127
00:14:53,880 --> 00:15:02,410
Also guys you can see the type of user that will be authenticated with the server you can check the
128
00:15:02,410 --> 00:15:11,020
network user to authenticate wireless clients or management to authenticate wireless administrators
129
00:15:11,290 --> 00:15:15,100
that will access the controls management functions.
130
00:15:15,100 --> 00:15:22,680
Then you need to click apply button in here to save your configuration.
131
00:15:22,860 --> 00:15:33,060
The next step is creating a dynamic interface a dynamic interface is used to connect the controller
132
00:15:33,090 --> 00:15:36,300
to every LAN on the wired network.
133
00:15:36,300 --> 00:15:44,930
As I explained you before when you create a wireless LAN you will bind the dynamic interface to our
134
00:15:44,940 --> 00:15:49,590
wireless network to create a new dynamic interface.
135
00:15:49,590 --> 00:15:58,440
You navigate the controller and the interfaces and you just click the new button to define the new interface.
136
00:15:58,440 --> 00:16:06,690
Then you enter and name as you can see in here the name is engineering and you just defined the villain
137
00:16:06,720 --> 00:16:10,620
idea which is defined one hundred four days.
138
00:16:10,650 --> 00:16:11,340
Example
139
00:16:14,480 --> 00:16:22,300
next you need to enter the IP address subnet mask and Gateway address for the interface.
140
00:16:22,340 --> 00:16:22,700
Okay.
141
00:16:22,700 --> 00:16:32,690
You can see in here and they are all defined and also you should define primary and secondary DCP server
142
00:16:32,780 --> 00:16:41,000
addresses that the controller will use when it relays the ACP requests from clients that are bound to
143
00:16:41,030 --> 00:16:42,200
that interface.
144
00:16:42,200 --> 00:16:46,810
And here is the DCP information defined as you can see in here.
145
00:16:47,020 --> 00:16:47,330
Okay.
146
00:16:47,330 --> 00:16:56,030
As a summary it is defined as an IP address with one hundred and ten and with a net mask with 255 255
147
00:16:56,060 --> 00:16:59,660
255 that zero and Gateway is one hundred.
148
00:16:59,670 --> 00:17:07,670
That that that that one and we have to DTP service and they are one that 17 and one that 18 once we
149
00:17:08,420 --> 00:17:14,000
accomplish here we just can click apply to save our configuration.
150
00:17:14,060 --> 00:17:14,390
Okay.
151
00:17:14,390 --> 00:17:21,890
After creating the dynamic interface then step three is creating a new wireless local area network.
152
00:17:22,220 --> 00:17:29,780
You can display a list of the currently defined wireless local area networks by selecting wireless local
153
00:17:29,780 --> 00:17:34,610
area networks from the top menu bar in feed your abode.
154
00:17:34,610 --> 00:17:40,650
The controller does not have any wireless local area networks defined already.
155
00:17:40,790 --> 00:17:49,040
You can't create a new wireless local area network by selecting create new from the drop down menu and
156
00:17:49,040 --> 00:17:51,450
then clicking the Go button.
157
00:17:51,840 --> 00:18:01,420
OK next enter a descriptive name as the profile name and the SSA I.D. text string.
158
00:18:01,700 --> 00:18:09,860
You can see all these definitions on the figure below and the profile name and SS I.D. are identical
159
00:18:09,890 --> 00:18:16,830
and they are both set the engineering as you can see in here and this is just to keep things straight
160
00:18:16,830 --> 00:18:18,170
forward.
161
00:18:18,230 --> 00:18:26,600
The idea number is used as an index into the list of wireless local area networks that are defined on
162
00:18:26,600 --> 00:18:35,780
the controller didn't next page will allow you to edit for categories of parameters corresponding to
163
00:18:35,780 --> 00:18:37,970
the tops across the top.
164
00:18:37,970 --> 00:18:46,820
As shown in the figure you can control whether the wireless local area network is enabled or disabled
165
00:18:46,850 --> 00:18:53,250
with the status check box in here you can see the checkbox regarding the status.
166
00:18:53,390 --> 00:19:00,080
And even though the general page shows a specific security policy word for the wireless local area network
167
00:19:00,530 --> 00:19:09,440
you can make changes in a later step through these security tap and under read your policy you can see
168
00:19:09,440 --> 00:19:18,450
that one here select the type of the radio that will offer the wireless local area network and by default
169
00:19:18,540 --> 00:19:28,100
the wireless local area network will be offered on all radios that are joint with the controller and
170
00:19:28,110 --> 00:19:35,390
next unit to select which of the controllers dynamic interfaces will be bumped to the wireless local
171
00:19:35,390 --> 00:19:40,450
area network you can see in here we are binding the engineering right.
172
00:19:40,940 --> 00:19:41,770
Okay.
173
00:19:41,930 --> 00:19:52,550
The drop down list contains all the interfaces names that are available and a new engineering violence
174
00:19:52,550 --> 00:19:59,990
local network will be bound to the engineering interface that we already created on our previous step
175
00:20:00,650 --> 00:20:05,100
and finally use the broadcast to access ideas.
176
00:20:05,110 --> 00:20:13,980
There is a box in here that you can check so I use the broadcast SSI the checkbox to select whether
177
00:20:14,470 --> 00:20:23,600
a piece should broadcast the SSI Dean name in beacons they transmit broadcasting SSI I.D. is usually
178
00:20:23,600 --> 00:20:33,620
more convenient for users because their devices can learn and displayed the SSI I.D. names automatically.
179
00:20:33,620 --> 00:20:43,820
In fact most devices actually need the SS I.D. in the big beacons to understand and that the AP is still
180
00:20:43,820 --> 00:20:51,410
available for that SS I.D. hiding the SS I.D. name by not broadcasting it.
181
00:20:51,470 --> 00:20:56,540
I mean does not really provide any worthwhile security.
182
00:20:56,540 --> 00:21:05,030
Instead it just prevents user devices from discovering an SS I.D. and trying to use it as a default
183
00:21:05,150 --> 00:21:05,710
network.
184
00:21:07,070 --> 00:21:10,110
And also lets go ahead with the security tab.
185
00:21:10,130 --> 00:21:18,350
That is the 2nd tab and this is the place that you can configure the security sector settings as you
186
00:21:18,350 --> 00:21:20,640
select a security type.
187
00:21:20,660 --> 00:21:29,240
Be sure to remember which choices are types that have been deprecated or proven to be weak and avoid
188
00:21:29,450 --> 00:21:40,310
them if possible further down the screen you can select which specific WPA wpa 2 and WPA 3 methods to
189
00:21:40,310 --> 00:21:44,990
support on the wireless local area network.
190
00:21:45,350 --> 00:21:52,220
You can select more than one if you need to support different types of wireless clients that require
191
00:21:52,250 --> 00:21:57,430
several security methods and also in the screen.
192
00:21:57,490 --> 00:22:08,680
WPA plus wpa 2 has been selected from the pull down menu then only wpa 2 and i e s and corruption have
193
00:22:08,680 --> 00:22:18,700
been selected WPA and tiki T.K. IP have been avoided because they are legacy and deprecated methods
194
00:22:19,270 --> 00:22:22,720
under the authentication key management section.
195
00:22:22,720 --> 00:22:30,470
You can select the authentication methods the villain wireless local area network will use only appreciate.
196
00:22:30,470 --> 00:22:39,490
Key has been selected in the figure so the wireless local area network will only WPA to personal with
197
00:22:39,490 --> 00:22:47,570
the appreciate key authentication and the venue switch to the true police service tap.
198
00:22:47,590 --> 00:22:57,430
You will have an option to define different radio servers for authentication will be used for W lan
199
00:22:57,430 --> 00:22:58,350
authentication.
200
00:22:58,360 --> 00:23:07,960
And here you can see that a 3 different ready servers are defined already and by default a controller
201
00:23:07,960 --> 00:23:15,940
will contact a radio server from its management interface and you can overwrite this behavior by checking
202
00:23:15,940 --> 00:23:26,040
the box next to radius so overwrite interface so that the controller sources reduce requests from the.
203
00:23:26,080 --> 00:23:34,330
Dynamic interface that is associated with the W LAN and here is that option you can see.
204
00:23:35,350 --> 00:23:38,030
The option in here OK.
205
00:23:41,420 --> 00:23:41,730
OK.
206
00:23:41,740 --> 00:23:52,300
Once you add change to the a curious a we can define some cure as parameters for our wireless local
207
00:23:52,300 --> 00:24:01,540
area networks so you can simply select the cures tab to configure quality of service settings for the
208
00:24:01,570 --> 00:24:09,040
wireless local area network as shown in the figure by default the controller will consider all frames
209
00:24:09,070 --> 00:24:16,540
in the wireless local area network to be normal data to be handled in a best effort manner.
210
00:24:16,540 --> 00:24:25,780
I mean you can't set the cure as drew up the menu to classify a classify all frames in one of the following
211
00:24:25,780 --> 00:24:37,050
ways and they are platinum was gold video silver best effort and the bronze background finally you can
212
00:24:37,050 --> 00:24:44,880
select the advanced tab to configure a variety of advanced wireless local area network settings as you
213
00:24:44,880 --> 00:24:51,510
can see in the figure you can enable functions such as coverage hole detection peer to peer blocking
214
00:24:51,510 --> 00:24:56,790
client exclusion client load limits and so on and so on.
215
00:24:57,240 --> 00:25:04,470
Although most of the advanced settings are beyond the scope of the CCMA objectives you should be aware
216
00:25:04,470 --> 00:25:14,710
of a few defaults that might affect your wireless clients so the first thing is here by default client
217
00:25:14,710 --> 00:25:21,760
sessions with the wireless local area network are limited to one thousand and eight hundred seconds
218
00:25:21,790 --> 00:25:24,580
which equals to 30 minutes.
219
00:25:24,730 --> 00:25:33,250
Once the session time expires a client will be required to re authenticate this setting is controlled
220
00:25:33,310 --> 00:25:38,750
by the enabled session time out checkbox and the timeout failed.
221
00:25:38,900 --> 00:25:47,260
The controller maintains a set of security policies that are used to detect potentially malicious violence
222
00:25:47,260 --> 00:25:49,270
clients as well.
223
00:25:49,270 --> 00:25:57,100
If a client exhibits as certain behavior the controller can exclude it from the wireless local area
224
00:25:57,100 --> 00:26:01,710
network for a period of time by default.
225
00:26:01,710 --> 00:26:10,060
Again all clients are subject to the policies configured on their security wireless protection policies
226
00:26:10,330 --> 00:26:13,450
and client exclusion block policies.
227
00:26:13,450 --> 00:26:22,990
These policies include the excessive 810 to that eleven association failures eight hundred and two that
228
00:26:22,990 --> 00:26:31,810
eleven authentication failures and 800 words and two that one ex authentication failures web authentication
229
00:26:31,810 --> 00:26:42,220
failures and sorry and IP addresses theft or reuse or offending clients will be automatically excluded
230
00:26:42,340 --> 00:26:53,250
or blocked for six seconds as a deterrent to attacks on the wireless network and finally when you are
231
00:26:53,250 --> 00:27:01,200
satisfied with the settings in each of the wireless local area network configuration taps you can click
232
00:27:01,200 --> 00:27:08,670
the play button in the upper right corner of the wireless local area network edit screen the wireless
233
00:27:08,670 --> 00:27:15,870
local area network will be created and edit the controller configuration and in here you can see we
234
00:27:15,870 --> 00:27:26,070
created any wireless local network and will an I.D. is w lan I.D. one type is wireless local area network
235
00:27:26,430 --> 00:27:36,150
our profile name and they w lan SSI is set to engineering and admits that this is already enabled and
236
00:27:36,150 --> 00:27:38,520
here is the security policies.
27367
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.