Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,950 --> 00:00:06,450 In our next section we will talk about Cisco wireless infrastructure 2 00:00:09,100 --> 00:00:17,740 let's start with the access point types and connecting to Cisco access point as Cisco wireless network 3 00:00:17,740 --> 00:00:25,720 can consist of autonomously access points or light the way to access points that are coupled with one 4 00:00:25,780 --> 00:00:28,850 or more wireless LAN controllers. 5 00:00:30,180 --> 00:00:38,280 As you can see in the screen we have an autonomous API in here and we have the lightweight HP in here. 6 00:00:38,490 --> 00:00:49,410 The autonomous AP is connected to a switched network wire at wrinkling and this lightweight AP is connected 7 00:00:49,500 --> 00:00:59,490 to a switch lan mostly with an access link but lightweight AP is communicating with the wireless controller 8 00:00:59,490 --> 00:01:02,970 also as you can see in here with cap wrap. 9 00:01:03,990 --> 00:01:04,350 Okay. 10 00:01:04,350 --> 00:01:13,860 After this brief information let's talk about in some more detail about these two types and autonomous 11 00:01:13,950 --> 00:01:22,590 a access point is a standalone device and nothing else is needed to forward to Ethernet frames from 12 00:01:22,610 --> 00:01:28,430 a wired we lend to a wireless LAN and vice versa. 13 00:01:28,550 --> 00:01:38,600 In effect the AP maps each wheel then to a wireless LAN and the assess the autonomous AP has a single 14 00:01:38,600 --> 00:01:44,950 wired Ethernet interface as shown in the left portion of fear and as I showed you. 15 00:01:45,140 --> 00:01:54,890 Which means that multiple villains must be brought to it over at CERN Klink a lightweight AP also has 16 00:01:54,890 --> 00:01:57,670 a single wide Internet interface. 17 00:01:57,770 --> 00:02:04,400 However it must be paired with a wireless controller to be fully functional. 18 00:02:04,480 --> 00:02:10,940 Why do we Lance that terminate at the wireless controller can be mapped to wireless local area network 19 00:02:11,000 --> 00:02:20,420 that emerge at the access point even though multiple villains are being extended from the wireless controller 20 00:02:20,420 --> 00:02:27,860 to the access point they are all carried over and they kept that tunnel between the two. 21 00:02:27,860 --> 00:02:36,350 That means the access point needs only an access link to connect to the network infrastructure and terminate 22 00:02:36,410 --> 00:02:38,080 its end of the tunnel. 23 00:02:38,090 --> 00:02:41,600 As shown in the right portion of the figure. 24 00:02:41,780 --> 00:02:49,370 So if you want to configure and manage Cisco access points you can connect to a serial console cable 25 00:02:49,370 --> 00:02:57,800 from your P.C. to the console port of the access point once the access point is operational and has 26 00:02:57,800 --> 00:02:59,480 an IP address. 27 00:02:59,540 --> 00:03:08,720 You can also use 10 that or SSA to connect to it CLIA over the wired network autonomous APIs support 28 00:03:08,720 --> 00:03:17,270 browser beach browser based management sessions via ETP and Asian shitty as you can manage the light 29 00:03:17,280 --> 00:03:22,490 weight a piece from a browser session to the wireless controller 30 00:03:25,050 --> 00:03:25,620 okay. 31 00:03:26,500 --> 00:03:34,090 But how are we going to access to the Cisco wireless controller to connect to and configure Cisco wireless 32 00:03:34,090 --> 00:03:35,190 controller. 33 00:03:35,290 --> 00:03:43,150 You will need to open a web browser to the wireless controllers management to address with either ATP 34 00:03:43,150 --> 00:03:45,110 or H2 G.P.S.. 35 00:03:45,340 --> 00:03:53,140 This can be done only after the wireless controller has an initial configuration and management IP address 36 00:03:53,200 --> 00:03:56,770 assigned to its management interface. 37 00:03:56,770 --> 00:04:06,580 The web based G UI provides an effective way to monitor configure and troubleshoot a wireless network. 38 00:04:06,610 --> 00:04:15,040 You can also connect to Cisco wireless controller with an SSD each session where you can use it CLIA 39 00:04:15,040 --> 00:04:26,110 to monitor configure and debug activity both the web based G U and the S.L. I require management users 40 00:04:26,110 --> 00:04:27,630 to log in. 41 00:04:27,700 --> 00:04:36,220 Users can be authenticated against an internal list of local user names or against an authentication 42 00:04:36,550 --> 00:04:44,560 authorization and accounting through Apple a server such as tax plus or radius. 43 00:04:44,740 --> 00:04:52,280 When you first open a web browser to the management address you will see the initial Logan's screen. 44 00:04:52,330 --> 00:05:00,820 Once you click the logging button you can see in here once you click this button and then you enter 45 00:05:00,820 --> 00:05:04,500 your credentials as you are prompted for them 46 00:05:08,310 --> 00:05:16,470 when you successfully log in the wireless controller will display and monitoring dashboard similar to 47 00:05:16,470 --> 00:05:18,930 the one you can see in the figure. 48 00:05:18,930 --> 00:05:25,160 Guys you will not be able to make any configuration change here. 49 00:05:25,230 --> 00:05:33,960 You must click on the advanced link a you can see it here to make some configuration changes. 50 00:05:34,050 --> 00:05:42,720 And even here you can see some network summary and total wireless network counts how many access points 51 00:05:42,720 --> 00:05:43,340 you have. 52 00:05:43,350 --> 00:05:49,380 How many active clients do you have and some rogue IP information and interfere. 53 00:05:49,380 --> 00:05:59,580 Is here also once you click the advanced button this will bring up the full wireless control or G you 54 00:05:59,600 --> 00:06:06,960 I as shown in the figure you can select categories of functions from among in here. 55 00:06:07,040 --> 00:06:21,530 You can also see that monitor wireless LAN controller wireless security management commands help and 56 00:06:21,530 --> 00:06:31,070 feedback saw at the vertical list of functions at the left side of the screen and will change accordingly. 57 00:06:31,070 --> 00:06:40,190 Once you select one of these options you can expand the list to entries if needed and select one to 58 00:06:40,190 --> 00:06:47,300 work on the main screen area will display all of relevant fields and options. 59 00:06:47,300 --> 00:06:51,600 You can edit as you make a configuration change. 60 00:06:53,560 --> 00:07:01,950 So how we can connect to Cisco wireless control or let's talk in detail about this one. 61 00:07:02,080 --> 00:07:11,320 So guys connecting a Cisco wireless LAN controller to the network is not quite as straight forward because 62 00:07:11,350 --> 00:07:15,430 it has several different types of connections. 63 00:07:15,700 --> 00:07:25,330 Control of ports are physical connections made to an external wired or switched network whereas interfaces 64 00:07:25,420 --> 00:07:30,430 are logical connections made internally within the controller. 65 00:07:31,450 --> 00:07:36,470 You can connect several different types of controller ports to your network. 66 00:07:36,490 --> 00:07:42,340 As you can see in the screen so you can see here we have service part. 67 00:07:42,490 --> 00:07:51,380 This port is used for out of pain management system recovery and initial built functions always come 68 00:07:51,380 --> 00:08:01,090 next to a switch port in Access mode and we have also distribution ports in here then these ports are 69 00:08:01,090 --> 00:08:10,600 used for all normal access point and management traffic and usually connect to a switch port in trying 70 00:08:11,710 --> 00:08:14,190 so here is mostly trying. 71 00:08:14,320 --> 00:08:17,290 And here is the access parts. 72 00:08:18,040 --> 00:08:22,130 And we have also console port in here you can see that. 73 00:08:22,240 --> 00:08:31,240 And this port is used for out bands of management system recovery and initial boot functions. 74 00:08:31,240 --> 00:08:40,360 And we also have the redundancy port and that is used to connect to a pier controller for high availability 75 00:08:43,420 --> 00:08:52,270 so let's go ahead with connecting to Cisco wireless controller through its distribution system ports. 76 00:08:52,320 --> 00:08:58,960 A controller can connect to multiple villains on the switch network. 77 00:08:58,960 --> 00:09:09,190 Internally the controller must somehow map those wide valence to actual and logical wireless networks 78 00:09:09,940 --> 00:09:10,840 for example. 79 00:09:10,850 --> 00:09:11,300 Guys. 80 00:09:11,330 --> 00:09:22,780 So let's suppose that we land 10 is set aside for wireless users in the engineering division of the 81 00:09:22,780 --> 00:09:33,070 company that we land must be connected to a unique wireless local area network that exists on air controller 82 00:09:33,100 --> 00:09:42,040 and its associated access point the wireless local area network must then be extended to every client 83 00:09:42,340 --> 00:09:50,890 that associates with the service set identifier and SS I.D. engineering. 84 00:09:50,980 --> 00:10:00,580 So Cisco wireless controllers provide the necessary connectivity through internal logical interfaces 85 00:10:00,880 --> 00:10:08,750 which must be configured with an IP address subnet mask default gateway and AD D. 86 00:10:08,750 --> 00:10:19,000 Hey the HBP server each interface is then assigned to a physical port and we land I.D. You can't think 87 00:10:19,000 --> 00:10:25,150 of an interface as Layer three termination of real long guys. 88 00:10:25,150 --> 00:10:32,600 So Cisco controller support following interface types that you can see in screen also. 89 00:10:32,620 --> 00:10:42,250 And the first one is the dynamic interface dynamic interface is used to connect to a villain to a violence 90 00:10:42,250 --> 00:10:43,800 local area network. 91 00:10:43,900 --> 00:10:45,730 You can see in here. 92 00:10:45,790 --> 00:10:49,330 We also have the management interface. 93 00:10:49,420 --> 00:10:56,680 You can see also in here and management the interface is used for normal management traffic such as 94 00:10:56,680 --> 00:11:02,940 ready as user authentication web based and SSA sessions as an MP. 95 00:11:02,940 --> 00:11:11,830 A.P. and so on the management the interface is also used to terminate kep tunnels between the controller 96 00:11:11,860 --> 00:11:14,670 and it has access point. 97 00:11:14,710 --> 00:11:22,120 And also we have the redundancy management interface and this is the management the IP address of a 98 00:11:22,120 --> 00:11:24,070 redundant wireless controller. 99 00:11:24,070 --> 00:11:32,270 That is part of our high availability pair of controllers the active wireless controller uses the management 100 00:11:32,270 --> 00:11:40,540 the interface address while this thing by wireless controller uses the redundancy management address. 101 00:11:40,540 --> 00:11:50,200 And we have also in here the service part interface and this interface is bound to the service port 102 00:11:50,230 --> 00:11:53,270 and the used for out of bond management. 103 00:11:53,290 --> 00:12:01,420 Also we also have the virtual interface and IP address facing wireless clients. 104 00:12:01,420 --> 00:12:09,280 When controller is relaying climbed the H.S. peer requests performing client work authentication and 105 00:12:09,430 --> 00:12:17,350 supporting client mobility and we also have the virtual interface which is the IP address facing wireless 106 00:12:17,350 --> 00:12:25,300 clients when the controller is relaying client ACP requests performing client web authentication and 107 00:12:25,570 --> 00:12:27,550 supporting client mobility 108 00:12:31,370 --> 00:12:40,030 so let's talk about the configuring our wireless local area network and wireless local area network 109 00:12:40,060 --> 00:12:49,660 controller and an access point work in concert to provide network connectivity to wireless clients from 110 00:12:49,860 --> 00:12:51,580 a wireless perspective. 111 00:12:51,580 --> 00:13:03,080 The AP advertises a service said identifier which is known as SSI I.D. for declined to join from a wide 112 00:13:03,100 --> 00:13:12,670 perspective the controller connects to a virtual lan villain through one of its dynamic interfaces and 113 00:13:12,670 --> 00:13:19,990 to complete the path between the SS I.D. and the villain as illustrated in the screen. 114 00:13:19,990 --> 00:13:25,720 You must first define a wireless local area network on the controller 115 00:13:28,740 --> 00:13:39,480 so let's go step by step how we can call for your local wireless local area network if your need wireless 116 00:13:39,480 --> 00:13:50,040 local area network will use a security scheme that requires a radio server such as WPA WPA to enterprise 117 00:13:50,070 --> 00:13:58,640 or WPA 3 enterprise you will need to define the server first guys and a unit to select. 118 00:13:58,670 --> 00:14:07,440 You can see in here security triple A and the authentication and you need to click new 119 00:14:10,040 --> 00:14:15,920 once you click the name you will go to the screen that you can create a new server. 120 00:14:16,430 --> 00:14:20,970 And next you need to enter servers IP address firstly. 121 00:14:21,510 --> 00:14:22,680 OK. 122 00:14:23,000 --> 00:14:35,130 And shared scripts key and the port number if you already had two other radio servers configured the 123 00:14:35,160 --> 00:14:37,880 server at two. 124 00:14:37,910 --> 00:14:44,060 That 30 will be index number three as you can see in here. 125 00:14:44,060 --> 00:14:53,120 Be sure to set these server status to enabled so that the controller can begin using it at the bottom 126 00:14:53,120 --> 00:14:53,880 of the page. 127 00:14:53,880 --> 00:15:02,410 Also guys you can see the type of user that will be authenticated with the server you can check the 128 00:15:02,410 --> 00:15:11,020 network user to authenticate wireless clients or management to authenticate wireless administrators 129 00:15:11,290 --> 00:15:15,100 that will access the controls management functions. 130 00:15:15,100 --> 00:15:22,680 Then you need to click apply button in here to save your configuration. 131 00:15:22,860 --> 00:15:33,060 The next step is creating a dynamic interface a dynamic interface is used to connect the controller 132 00:15:33,090 --> 00:15:36,300 to every LAN on the wired network. 133 00:15:36,300 --> 00:15:44,930 As I explained you before when you create a wireless LAN you will bind the dynamic interface to our 134 00:15:44,940 --> 00:15:49,590 wireless network to create a new dynamic interface. 135 00:15:49,590 --> 00:15:58,440 You navigate the controller and the interfaces and you just click the new button to define the new interface. 136 00:15:58,440 --> 00:16:06,690 Then you enter and name as you can see in here the name is engineering and you just defined the villain 137 00:16:06,720 --> 00:16:10,620 idea which is defined one hundred four days. 138 00:16:10,650 --> 00:16:11,340 Example 139 00:16:14,480 --> 00:16:22,300 next you need to enter the IP address subnet mask and Gateway address for the interface. 140 00:16:22,340 --> 00:16:22,700 Okay. 141 00:16:22,700 --> 00:16:32,690 You can see in here and they are all defined and also you should define primary and secondary DCP server 142 00:16:32,780 --> 00:16:41,000 addresses that the controller will use when it relays the ACP requests from clients that are bound to 143 00:16:41,030 --> 00:16:42,200 that interface. 144 00:16:42,200 --> 00:16:46,810 And here is the DCP information defined as you can see in here. 145 00:16:47,020 --> 00:16:47,330 Okay. 146 00:16:47,330 --> 00:16:56,030 As a summary it is defined as an IP address with one hundred and ten and with a net mask with 255 255 147 00:16:56,060 --> 00:16:59,660 255 that zero and Gateway is one hundred. 148 00:16:59,670 --> 00:17:07,670 That that that that one and we have to DTP service and they are one that 17 and one that 18 once we 149 00:17:08,420 --> 00:17:14,000 accomplish here we just can click apply to save our configuration. 150 00:17:14,060 --> 00:17:14,390 Okay. 151 00:17:14,390 --> 00:17:21,890 After creating the dynamic interface then step three is creating a new wireless local area network. 152 00:17:22,220 --> 00:17:29,780 You can display a list of the currently defined wireless local area networks by selecting wireless local 153 00:17:29,780 --> 00:17:34,610 area networks from the top menu bar in feed your abode. 154 00:17:34,610 --> 00:17:40,650 The controller does not have any wireless local area networks defined already. 155 00:17:40,790 --> 00:17:49,040 You can't create a new wireless local area network by selecting create new from the drop down menu and 156 00:17:49,040 --> 00:17:51,450 then clicking the Go button. 157 00:17:51,840 --> 00:18:01,420 OK next enter a descriptive name as the profile name and the SSA I.D. text string. 158 00:18:01,700 --> 00:18:09,860 You can see all these definitions on the figure below and the profile name and SS I.D. are identical 159 00:18:09,890 --> 00:18:16,830 and they are both set the engineering as you can see in here and this is just to keep things straight 160 00:18:16,830 --> 00:18:18,170 forward. 161 00:18:18,230 --> 00:18:26,600 The idea number is used as an index into the list of wireless local area networks that are defined on 162 00:18:26,600 --> 00:18:35,780 the controller didn't next page will allow you to edit for categories of parameters corresponding to 163 00:18:35,780 --> 00:18:37,970 the tops across the top. 164 00:18:37,970 --> 00:18:46,820 As shown in the figure you can control whether the wireless local area network is enabled or disabled 165 00:18:46,850 --> 00:18:53,250 with the status check box in here you can see the checkbox regarding the status. 166 00:18:53,390 --> 00:19:00,080 And even though the general page shows a specific security policy word for the wireless local area network 167 00:19:00,530 --> 00:19:09,440 you can make changes in a later step through these security tap and under read your policy you can see 168 00:19:09,440 --> 00:19:18,450 that one here select the type of the radio that will offer the wireless local area network and by default 169 00:19:18,540 --> 00:19:28,100 the wireless local area network will be offered on all radios that are joint with the controller and 170 00:19:28,110 --> 00:19:35,390 next unit to select which of the controllers dynamic interfaces will be bumped to the wireless local 171 00:19:35,390 --> 00:19:40,450 area network you can see in here we are binding the engineering right. 172 00:19:40,940 --> 00:19:41,770 Okay. 173 00:19:41,930 --> 00:19:52,550 The drop down list contains all the interfaces names that are available and a new engineering violence 174 00:19:52,550 --> 00:19:59,990 local network will be bound to the engineering interface that we already created on our previous step 175 00:20:00,650 --> 00:20:05,100 and finally use the broadcast to access ideas. 176 00:20:05,110 --> 00:20:13,980 There is a box in here that you can check so I use the broadcast SSI the checkbox to select whether 177 00:20:14,470 --> 00:20:23,600 a piece should broadcast the SSI Dean name in beacons they transmit broadcasting SSI I.D. is usually 178 00:20:23,600 --> 00:20:33,620 more convenient for users because their devices can learn and displayed the SSI I.D. names automatically. 179 00:20:33,620 --> 00:20:43,820 In fact most devices actually need the SS I.D. in the big beacons to understand and that the AP is still 180 00:20:43,820 --> 00:20:51,410 available for that SS I.D. hiding the SS I.D. name by not broadcasting it. 181 00:20:51,470 --> 00:20:56,540 I mean does not really provide any worthwhile security. 182 00:20:56,540 --> 00:21:05,030 Instead it just prevents user devices from discovering an SS I.D. and trying to use it as a default 183 00:21:05,150 --> 00:21:05,710 network. 184 00:21:07,070 --> 00:21:10,110 And also lets go ahead with the security tab. 185 00:21:10,130 --> 00:21:18,350 That is the 2nd tab and this is the place that you can configure the security sector settings as you 186 00:21:18,350 --> 00:21:20,640 select a security type. 187 00:21:20,660 --> 00:21:29,240 Be sure to remember which choices are types that have been deprecated or proven to be weak and avoid 188 00:21:29,450 --> 00:21:40,310 them if possible further down the screen you can select which specific WPA wpa 2 and WPA 3 methods to 189 00:21:40,310 --> 00:21:44,990 support on the wireless local area network. 190 00:21:45,350 --> 00:21:52,220 You can select more than one if you need to support different types of wireless clients that require 191 00:21:52,250 --> 00:21:57,430 several security methods and also in the screen. 192 00:21:57,490 --> 00:22:08,680 WPA plus wpa 2 has been selected from the pull down menu then only wpa 2 and i e s and corruption have 193 00:22:08,680 --> 00:22:18,700 been selected WPA and tiki T.K. IP have been avoided because they are legacy and deprecated methods 194 00:22:19,270 --> 00:22:22,720 under the authentication key management section. 195 00:22:22,720 --> 00:22:30,470 You can select the authentication methods the villain wireless local area network will use only appreciate. 196 00:22:30,470 --> 00:22:39,490 Key has been selected in the figure so the wireless local area network will only WPA to personal with 197 00:22:39,490 --> 00:22:47,570 the appreciate key authentication and the venue switch to the true police service tap. 198 00:22:47,590 --> 00:22:57,430 You will have an option to define different radio servers for authentication will be used for W lan 199 00:22:57,430 --> 00:22:58,350 authentication. 200 00:22:58,360 --> 00:23:07,960 And here you can see that a 3 different ready servers are defined already and by default a controller 201 00:23:07,960 --> 00:23:15,940 will contact a radio server from its management interface and you can overwrite this behavior by checking 202 00:23:15,940 --> 00:23:26,040 the box next to radius so overwrite interface so that the controller sources reduce requests from the. 203 00:23:26,080 --> 00:23:34,330 Dynamic interface that is associated with the W LAN and here is that option you can see. 204 00:23:35,350 --> 00:23:38,030 The option in here OK. 205 00:23:41,420 --> 00:23:41,730 OK. 206 00:23:41,740 --> 00:23:52,300 Once you add change to the a curious a we can define some cure as parameters for our wireless local 207 00:23:52,300 --> 00:24:01,540 area networks so you can simply select the cures tab to configure quality of service settings for the 208 00:24:01,570 --> 00:24:09,040 wireless local area network as shown in the figure by default the controller will consider all frames 209 00:24:09,070 --> 00:24:16,540 in the wireless local area network to be normal data to be handled in a best effort manner. 210 00:24:16,540 --> 00:24:25,780 I mean you can't set the cure as drew up the menu to classify a classify all frames in one of the following 211 00:24:25,780 --> 00:24:37,050 ways and they are platinum was gold video silver best effort and the bronze background finally you can 212 00:24:37,050 --> 00:24:44,880 select the advanced tab to configure a variety of advanced wireless local area network settings as you 213 00:24:44,880 --> 00:24:51,510 can see in the figure you can enable functions such as coverage hole detection peer to peer blocking 214 00:24:51,510 --> 00:24:56,790 client exclusion client load limits and so on and so on. 215 00:24:57,240 --> 00:25:04,470 Although most of the advanced settings are beyond the scope of the CCMA objectives you should be aware 216 00:25:04,470 --> 00:25:14,710 of a few defaults that might affect your wireless clients so the first thing is here by default client 217 00:25:14,710 --> 00:25:21,760 sessions with the wireless local area network are limited to one thousand and eight hundred seconds 218 00:25:21,790 --> 00:25:24,580 which equals to 30 minutes. 219 00:25:24,730 --> 00:25:33,250 Once the session time expires a client will be required to re authenticate this setting is controlled 220 00:25:33,310 --> 00:25:38,750 by the enabled session time out checkbox and the timeout failed. 221 00:25:38,900 --> 00:25:47,260 The controller maintains a set of security policies that are used to detect potentially malicious violence 222 00:25:47,260 --> 00:25:49,270 clients as well. 223 00:25:49,270 --> 00:25:57,100 If a client exhibits as certain behavior the controller can exclude it from the wireless local area 224 00:25:57,100 --> 00:26:01,710 network for a period of time by default. 225 00:26:01,710 --> 00:26:10,060 Again all clients are subject to the policies configured on their security wireless protection policies 226 00:26:10,330 --> 00:26:13,450 and client exclusion block policies. 227 00:26:13,450 --> 00:26:22,990 These policies include the excessive 810 to that eleven association failures eight hundred and two that 228 00:26:22,990 --> 00:26:31,810 eleven authentication failures and 800 words and two that one ex authentication failures web authentication 229 00:26:31,810 --> 00:26:42,220 failures and sorry and IP addresses theft or reuse or offending clients will be automatically excluded 230 00:26:42,340 --> 00:26:53,250 or blocked for six seconds as a deterrent to attacks on the wireless network and finally when you are 231 00:26:53,250 --> 00:27:01,200 satisfied with the settings in each of the wireless local area network configuration taps you can click 232 00:27:01,200 --> 00:27:08,670 the play button in the upper right corner of the wireless local area network edit screen the wireless 233 00:27:08,670 --> 00:27:15,870 local area network will be created and edit the controller configuration and in here you can see we 234 00:27:15,870 --> 00:27:26,070 created any wireless local network and will an I.D. is w lan I.D. one type is wireless local area network 235 00:27:26,430 --> 00:27:36,150 our profile name and they w lan SSI is set to engineering and admits that this is already enabled and 236 00:27:36,150 --> 00:27:38,520 here is the security policies. 27367