This chapter covers the following subjects: Controller Terminology: A discussion of the terminology used with Cisco controllers. Connecting to the Controller: How to connect to a Cisco controller via the CLI and web interfaces. Configuring the Controller Using the Web Inter- face: How to build a simple guest network, allow connections, and control where access is permitted. Monitoring with the Controller: A look at the Monitor interface and how to perform various moni- toring tasks. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 222 CHAPTER 13 Simple Network Configuration and Monitoring with the Cisco Controller Table 13-1 “Do I Know This Already?” Section-to-Question Mapping Foundation Topics Section Questions Controller Terminology 1–4 Connecting to the Controller 5–9 Configuring the Controller Using the Web Interface 10–13 Monitoring with the Controller 14–19 One essential task of a CCNA Wireless certification candidate is being able to create a ba- sic configuration. This involves tasks such as accessing the controller interface, creating a WLAN, and making sure that the WLAN is active on the access points (AP). The ultimate goal is to be able to send traffic from a client on that WLAN to some destination on the wired side of the network. To do this, you need to understand some terminology used with the controllers, how to connect to a controller, how to configure the WLAN from the GUI utility of the controller, and how to perform basic monitoring of the controller. These topics are discussed in this chapter. You should do the “Do I Know This Already?” quiz first. If you score 80 percent or higher, you might want to skip to the section “Exam Preparation Tasks.” If you score below 80 percent, you should spend the time reviewing the entire chapter. Refer to Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes,” to confirm your answers. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 13-1 details the major topics discussed in this chapter and their corresponding quiz questions. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 223 224 CCNA Wireless Official Exam Certification Guide 1. Which of the following describes a port as related to the controller terminology? a. It is a logical interface. b. It is a physical interface. c. It is not an interface; it is a slot. d. A port is a connection to an application; for example, port 23 would connect to Tel ne t. 2. What command configures a static route on the controller? a. route add b. ip route c. default route d. config route 3. Which port is active during the boot process? a. Service b. Management c. AP-Manager d. Virtual 4. Which of the following best defines a mobility group? a. A group of APs that allow roaming b. A group of controllers that communicate c. A group of traveling clients d. A group of mobile AP configurations 5. How was the following menu accessed? Please choose an option from below: 1. Run primary image (version 4.1.192.17) (active) 2. Run backup image (version 4.2.99.0) 3. Manually update images 4. Change active boot image 5. Clear Configuration Please enter your choice: a. During bootup, this menu automatically shows. b. A break sequence was entered from the CLI. c. The Controllers menu command was used. d. The Esc key was pressed during bootup. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 224 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 225 6. What is the default password for the Cisco controller CLI? a. Cisco b. cisco c. admin d. San-Fran 7. Which command is used to save the configuration from the Cisco controller CLI? a. wr em b. copy run start c. save config d. save 8. What is the default IP address of the Cisco controller? a. 10.1.1.1 b. 10.1.209.1 c. 172.16.1.1 d. 192.168.1.1 9. Which is not a top-level menu of the Cisco controller? a. MONITOR b. COMMANDS c. SECURITY d. PING 10. Which is the correct path to create an interface? a. CONTROLLER > Interfaces > New b. CONTROLLER > Inventory > New Interface c. INTERFACES > New d. CONTROLLER > Ports > New 11. When creating the WLAN profile, what two pieces of information do you need? (Choose two.) a. Name b. SSID c. Port d. Interface 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 225 226 CCNA Wireless Official Exam Certification Guide 12. What does it mean if the Radio Policy is set to All in the Configuration tab of the WLAN? a. All WLANs are on. b. The WLAN supports all radio types. c. The WLAN has all radios in it. d. Users must have all radios. 13. You have selected WIRELESS > Access Points > Radios > 802.11a/n. From there, you select the Configure option for one of the listed APs. What does the WLAN Override drop-down control? a. The WLAN mode of the radio b. Whether the WLAN SSID is broadcast via the radio c. Whether a WLAN is accessible via the radio d. Whether you can change the settings on this radio 14. Which management area provides information about APs that are not authorized in your network? a. Access Point Summary b. Client Summary c. Top WL ANs d. Rogue Summary 15. Which three pieces of information can you find on the controller Summary page? (Choose all that apply.) a. Software version b. Internal temperature c. Port speeds d. System name 16. A radio power level of 3 indicates what? a. Three times the power b. The third level of power c. 25% of the maximum power d. 1/3 power 17. What criteria defined a wireless client, thus adding it to the Clients list? a. A probe is seen. b. It is associated. c. It is authenticated. d. It is statically defined. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 226 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 227 18. How many rogue APs can one AP contain? a. 1 b. 2 c. 3 d. 4 19. What would cause a client to be excluded? a. The client has passed 802.11 authentication five times. b. The client has passed 802.11 association five times. c. The client has failed 802.11 authentication five times. d. The client has attempted 802.11 association five times. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 227 228 CCNA Wireless Official Exam Certification Guide Foundation Topics Controller Terminology Now that you have some understanding about the different types of controllers that are available, it is helpful to understand some of the terminology that goes along with them. The term interface, when related to a Cisco controller, is not the same as you would expe- rience on a router. With Cisco routers, an interface can be a physical or logical (loopback) entity. With Cisco controllers, an interface is logical. It can include VLANs, which in turn have a port association. Some interfaces are static, because your controller must always have them. The next term to understand is port. A port is a physical interface on your controller. It is something that you can touch. The second term that you need to understand is interface. An interface can be logical and dynamic. Another term to understand is WLAN. A WLAN consists of a service set identifier (SSID) and all the parameters that go along with it. A WLAN ties to a port. A port ties together a VLAN and SSIDs. A 4404 has four ports, and a 4402 has two. The Cisco Wireless Service Manager (WiSM) has eight virtual ports. Some interfaces are static, and others are virtual. Some static interfaces cannot be removed because they serve a specific purpose. The static interfaces include these: ■ Management interface ■ AP-Manager ■ Service port ■ Virtual The dynamic interfaces include a user-defined list. These interfaces are similar to subinter- faces and use 802.1 Q headers. If you allow users to roam, you are going to have a mobility group. A mobility group is numerous APs configured with common interfaces. These interfaces must be defined on all the controllers within the mobility group. If one controller does not have an interface configured, a user cannot roam to that controller. So far, you seen that both static and dynamic interfaces exist. Further discussion of these interfaces might help to clarify how to use them. Dynamic Interfaces Administrators define dynamic interfaces, and the system defines static interfaces. Static interfaces have specific system roles and are required. Key Topi c 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 228 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 229 Static Interfaces The management interface is one that controls communications in your network for all the physical ports. It can be untagged, which means that the VLAN identifier is set to 0. By leaving the VLAN identifier set to 0, the controller does not include an 802.1Q tag with the frame; rather, the frame is sent untagged. This means that if the traffic for the manage- ment interface travels across a trunk port on the switch where the controller is connected, the traffic is on the native VLAN of that trunk. Your APs use the management interfaces to discover the controller. Mobility groups also exchange information using the manage- ment interface. The AP manager interface is another static interface. The address that is assigned to this interface is used as the source for communications between the wireless controller and the Cisco access point. That means that this address has to be unique, but it can be in the same subnet as the management interfaces. Another static interface is what is known as a virtual interface. The virtual interface con- trols the Layer 3 security and mobility manager communications for all of the physical ports of the controller. The virtual interface also has the DNS gateway hostname used by the Layer 3 security and mobility managers so they can verify the source of the certifi- cates. When Layer 3 web authorization is enabled, the virtual interface will be used on the wireless side to force an authorization. For example, a user associates to an AP that is con- figured for web authorization. Next, the user opens a web browser, which attempts to ac- cess the default home page. With web authorization enabled, the web browser is redirected to the virtual interface IP address, which is commonly set to 1.1.1.1. At this point, the user needs to enter credentials for the web authorization. After the user is authorized, he is redirected to his home page. Alternatively, he could be redirected to a Terms of Use page instead of his home page. Another static interface is the service port. The service port of the 4400 series controller is a 10/100 copper Ethernet interface. This service port is designed for out-of-band man- agement and can also be used for system recovery and maintenance purposes. This is the only port that will be active when the controller is in its boot mode. Note that the service port is not autosensing—you must use the right type of cable with it. Therefore, if you were going to plug in between a switch and a service port, you would have to use the right cable, because it does not autosense. Also, no VLAN tag is assigned to the port, so the port should not be a configured as a trunk port on the switch. Another interesting feature of the service port is that you cannot configure a default gate- way for the port via the web interface, but you can go into the CLI and define a static route. To define a static route, use the config route command. This new terminology might seem a little overwhelming at first, but after you get into the controller interface and start to create wireless LANs, much of your understanding will fall into place. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 229 230 CCNA Wireless Official Exam Certification Guide Connecting to the Controller To begin configuring the controller, you need a connection to it. You can access the con- troller in more than one way; however, this section focuses on creating a command-line in- terface (CLI) connection. After you have CLI access, you can observe the boot sequence and run though a basic configuration. Doing so provides an IP address that you can use later to browse to the HTML interface. You will be connecting to the serial interface, so you will use a DB9 serial cable. You will also need a laptop with a serial connection. Many new laptops do not have serial connec- tions, although you can purchase an adapter that connects to a USB port. After you set up the connection from the laptop to the serial port, you need to use a ter- minal emulation application such as HyperTerminal, SecureCRT, or ZTerm (for Mac OSX). Using the terminal emulation application, you can boot the controller to view the boot process. Controller Boot Sequence As you boot the controller, you are given an option to press Esc for boot options, along with other information regarding the device, as seen in Example 13-1. Example 13-1 Controller Bootup Sequence as Seen from the CLI Bootloader 4.1.171.0 (Apr 27 2007 - 05:19:36) Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020 CPU: 833 MHz CCB: 333 MHz DDR: 166 MHz LBC: 41 MHz L1 D-cache 32KB, L1 I-cache 32KB enabled. I2C: ready DTT: 1 is 20 C DRAM: DDR module detected, total size:512MB. 512 MB 8540 in PCI Host Mode. 8540 is the PCI Arbiter. Memory Test PASS FLASH: Flash Bank 0: portsize = 2, size = 8 MB in 142 Sectors 8 MB L2 cache enabled: 256KB Card Id: 1540 Card Revision Id: 1 Card CPU Id: 1287 Number of MAC Addresses: 32 Number of Slots Supported: 4 Serial Number: FOC1206F03A Unknown command Id: 0xa5 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 230 Chapter 13: Simple Network Configuration and Monitoring with the Cisco Controller 231 Unknown command Id: 0xa4 Unknown command Id: 0xa3 Manufacturers ID: 30464 Board Maintenance Level: 00 Number of supported APs: 12 In: serial Out: serial Err: serial .o88b. d888888b .d8888. .o88b. .d88b. d8P Y8 `88’ 88’ YP d8P Y8 .8P Y8. 8P 88 `8bo. 8P 88 88 8b 88 `Y8b. 8b 88 88 Y8b d8 .88. db 8D Y8b d8 `8b d8’ `Y88P’ Y888888P `8888Y’ `Y88P’ `Y88P’ Model AIR-WLC4402-12-K9 S/N: FOC1206F03A Net: PHY DEVICE : Found Intel LXT971A PHY at 0x01 FEC ETHERNET IDE: Bus 0: OK Device 0: Model: STI Flash 8.0.0 Firm: 01/17/07 Ser#: STI1M75607342054704 Type: Removable Hard Disk Capacity: 245.0 MB = 0.2 GB (501760 x 512) Device 1: not available Booting Primary Image Press <ESC> now for additional boot options ***** External Console Active ***** Boot Options Please choose an option from below: 1. Run primary image (version 4.1.192.17) (active) 2. Run backup image (version 4.2.99.0) 3. Manually update images 4. Change active boot image 5. Clear Configuration Please enter your choice: The Esc key was issued in Example 13-1. From the highlighted output, you can do the fol- lowing: Step 1. Run the primary image. Step 2. Run the backup image. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 231 . SSID c. Port d. Interface 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 225 226 CCNA Wireless Official Exam Certification Guide 12. What does it mean if the Radio Policy is set to All in the Configuration. start to create wireless LANs, much of your understanding will fall into place. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 229 230 CCNA Wireless Official Exam Certification Guide Connecting. association five times. 15_1587202115_ch13.qxp 9/29/08 2:41 PM Page 227 228 CCNA Wireless Official Exam Certification Guide Foundation Topics Controller Terminology Now that you have some understanding