Feature Descriptions

Local Mode:  Site Survey, wIPS, MSE Monitor Mode: wIPS, MSE Rogue Detector Mode: VLAN Trunk Access, Wired IDS Bridge Mode: AWPP, Local Bridging H-REAP Mode: Local Bridging, wIPS, OEAP, VLAN Trunk SE-Connect Mode: Layer 1 Forwarding for Remote Analysis Sniffer Mode: Layer 2 forwarding for remote analysis

WLC Port roles

AP Manager InternetUsed for Layer 3 communications between WLC and lightweught AP after the access points have joined the controller.Used as the tunnel source/destination for communication between WLC and AP.Management InterfaceIn-band management of the controller.  Use for access to the controller GUI.Used by AP's to discover the controller.  Acts like an AP manager interface by … Continue reading WLC Port roles

Rogue Access Points

Rogue access point is one that is not recognised by our controllers. Containment stops clients connecting to AP's designated as rogue by bombarding connected clients with deauth messages.RRM - Radio Resource Management (dynamic channels)Clean Air and AQI (air quality index). Runs between 1 and 100. 100 being best quality.Interference severity rating rules between 1 and … Continue reading Rogue Access Points

WLAN Troubleshooting

Useful CLI commandsshow run-config commandsshow arp switcheping x.x.x.x - validates mobility control plane to other WLC's in the mobility groupmping x.x.x.x - validates mobility data plane to other WLC's in the mobility groupshow ap summary - shows licenseshow ap join stats summary alldebug xdebug disable-alldebug capwap events enableconfig ap tftp-downgrade - force AP software downgradeshow … Continue reading WLAN Troubleshooting

Wireless Control System (WCS)

Superseded by Cisco Prime InfrastructureBase LicensePlus License - HA, Mobility Services EngineEnterprise Plus - Navigator (manage multiple WCS instances (around 30,000 AP's!)Requirements:Windows 2003 Server or Enterprise LinuxAdding a Controller to WCSBrowse to Configure > Controllers > Add ControllersEnter IP address and Subnet MaskMake sure that account used to connect to the WLC has sufficient privileges … Continue reading Wireless Control System (WCS)

Web Authentication

Used for environments like guest networks.  DHCP and DNS must be functional along with a working Internet connection.  Once the client has associated, its first request to the Internet is hijacked by the WLC and an HTTP redirect is issued pointing the client to the WLC's virtual address (normally where a login form is … Continue reading Web Authentication

WPA and AAA servers

Security mechanisms: WEP (old and weak) Pre-shared key. WPA (TKIP - Temporal Key Integrity Protocol and optionally AES) 802.11i (IEEE WIFI security standard / WPA2) - Both are almost identical. WPA2 uses AES and CCMP (Counter Cypher Mode Protocol).  WPA Personal usually means preshared key.  Enterprise uses RADIUS. Once a client has been authenticated by … Continue reading WPA and AAA servers