Web Authentication

Used for environments like guest networks.  DHCP and DNS must be functional along with a working Internet connection.  Once the client has associated, its first request to the Internet is hijacked by the WLC and an HTTP redirect is issued pointing the client to the WLC's virtual address (normally where a login form is … Continue reading Web Authentication

WPA and AAA servers

Security mechanisms: WEP (old and weak) Pre-shared key. WPA (TKIP - Temporal Key Integrity Protocol and optionally AES) 802.11i (IEEE WIFI security standard / WPA2) - Both are almost identical. WPA2 uses AES and CCMP (Counter Cypher Mode Protocol).  WPA Personal usually means preshared key.  Enterprise uses RADIUS. Once a client has been authenticated by … Continue reading WPA and AAA servers

Wireless Security

Open authentication - no security or encryption. With WEP (PSK): Client tries to authenticate. AP replies with challenge text. Client replies with auth string Authentication is approved or rejected by AP. 802.1x - default state of being is NO. Client PC providing credentials to be authenticated is the supplicant The AP asking for credentials is the … Continue reading Wireless Security

Converting AP’s

Bootstrap an Access PointRequires software image and TFTP server. Software image naming: platform-k9wX-tar.defaultLightweight (split MAC/WLC) = k9w8Autonomous = k9w7So valid autonomous image name would be c1130-k9w7-tar.default.Remove power from access point and then hold down the mode button.  Reapply power while holding down the mode button and after around 20 seconds, the status light will turn red.   … Continue reading Converting AP’s

WLAN Roaming

Mobility Group (Domain) WLC's must agree on encapsulation to enabled roaming i.e. LWAPP or CAPWAP WLC's must agree on Mobility Group Name Must have IP reachability Must agree on virtual IP address ( - must be configured the same on all WLC's in the group Software on WLC's needs to be compatible with each other … Continue reading WLAN Roaming

Access Point Modes

Local (Data and Monitoring)Monitor (Monitoring only)Sniffer (Redirects Frames*)Rogue Detector (Wired Only)Bridge (Mesh AP Network)SE-Connect (Spectrum Expert**)OEAP (Office Extend AP***)H-REAP aka FlexConnect*****When using an AP as a sniffer, intercepted packets can be dissected (decoded) as PEEKREMOTE which will give Wireshark a better understanding of what the packets are.**Spectrum Expert - collects RF information that can be … Continue reading Access Point Modes

How an AP joins a Wireless LAN Controller

In summary:BootDiscoveryJoinCode Current? No? Get new code and rebootGet ConfigurationRunWLC DiscoveryMethods of WLC discovery including:Broadcast if WLC is on same VLAN as APFlash memory i.e. the AP remembers the last WLC it connected toDHCP specifically option 43 - IP address of WLCDNS looks for hostname CISCO-CAPWAP-CONTROLLERExample configuration for Option 43 on a router:ip dhcp pool … Continue reading How an AP joins a Wireless LAN Controller